Ancestry.com: Helping you trace your roots and share your exact address
There's an old lady somewhere in Brazil. She's not dying, but she's probably close, and she lives in a nursing home within sight of both Christ the Redeemer and the Atlantic Ocean. Let's call her Alice.
Alice doesn't have any close relatives, but according to ancestry.com, she shares some common ancestry with my wife's sister. In April 2015, when she took a photograph of herself, she was using an iPhone 6 Plus - a handset that had been released only six months previously. It wasn't a cheap handset, and the facility in which she's living isn't cheap either. Looking at Alice's photo (not her real name, BTW), you can see a resemblance. Despite the two centuries since they had a relative in common, and the ocean between them, they could pass for first cousins.
Does Alice sound like a target to you?
Ancestry sites are sketchy to begin with
Your DNA is intensely personal to you, and unless you're an identical twin, it's the one thing that can pin you down and identify you as an individual.
It defines the traits that make up your personality, and contains the code that will, at least partly, dictate your physical attributes: your height, you dietary requirements, your earlobes, your finger length, and how hard puberty kicks in.
The urge to find out more about yourself, and what makes you you is inbuilt - which is why the sister-in-law was happy to shell out 78 nicker for insights.
For less than the cost of a couple of vinyl records, she can find out that she's not a fussy eater, it's genetic, and her tendency to nap at odd hours is dictated by her genes.
She can also find out who she's related to, and where in the world, the diaspora of her grandparents, great-grandparents, and so on, are living now.
If you're using a geneology service, you obviously want to share your data, but how much do you want to share?
Ancestry.com doesn't show a user's location by default - although if they have an uncommon name, unusual appearance, or have made the news for some reason, you might be able to find them with a Google search (other search engines are available). This is how we know that one of her fourth or fifth cousin is a Utah meth dealer who was convicted for selling to an undercover cop within 1,000 feet of a school.
Giving your genetic material to a private company can cause you all kinds of trouble. How do you know that they're not selling it for profit. I'm sure that marketing companies would love to know that you have a genetic predisposition to craving chocolate at certain times of the month. Likewise, the ability to tailor a virus that could kill or incapacitate an individual or group of people is an ability we're sure the governments of the world would love to have.
One of the bigger players in the ancestry arena - 23andMe - has a history of selling customers' genetic data to whoever wants it: pharmaceutical companies, silicon valley startups, and more.
Data submitted to geneaology websites was used to catch Joseph James DeAngelo - also known as the Golden State Killer - who murdered at least 12 victims and raped over 50 others over a 12 year span. Cops were able to pin the murders on him despite his never having submitted a sample. They zoomed in on his relatives.
That's cool and all, but there are unanswered questions of consent here - and why stop at serial killers? Local authorities could use the same methods to track down people who drop cigarette butts in public.
There's a reason you don't tell internet strangers where you live
Every piece of information you give out can be used to harm you. You don't tell people your bank details, and you sure as shit don't let randos know where you live.
Aside from marketing scams, there's the possibility of setting yourself up for a robbery, especially if you have a nice new phone, with a gigantic plasma TV in the background. This is stuff they teach in primary school these days.
Every online platform you use gives you the option of disclosing your location, but even then, you're unlikely to give out your actual home address.
Most photos taken in the last two decades have been digital pics snapped on smartphones, and smartphones are more than just a telecoms device with a camera built-in.
Even the most basic unit will have a huge array of sensors, including a positioning system of some sort. This can be based off anything from satellite data to what WiFi networks you're close to, and they can be scary accurate.
Unless you have the option turned off, this is embedded in the metadata of your photo, and you can extract t with utilities such as Exiftool.
There are good reasons you might want your location data embedded in a photo. We use Immich as an excellent replacement for Google photos and have it running, alongside a plethora of other self-hosted software on a Raspberry Pi.
With Immich, you can see a map of where all your photos were taken and zoom in on them - or if you're not sure where you snapped an image, it's easy to find out. It's a nice feature.
But if you upload a photo a social media site such as Xitter or Facebook, that location metadata is stripped out without the user having to do it themselves. The companies are aware that if kids get kidnapped, people get murdered or other crimes occur as a result of location data gained through their platform, they'll be in trouble.
Ancestry.com doesn't bother, and you can use the metadata from the photos on the site to pin down someone's bedroom. You can use their submitted family tree to find out that there's no-one closer to them than second cousins.
Did we mention that you don't need to even be related to someone in order to see their profile and look at their family and images?
In short, ancestry.com is an almost perfect victim location and targetting platform - if that's your bag. Someone looking for long-lost distant relatives is always going to be something of an easy target, and someone who believes in the fatuous DNA insights is more likely that average to be a mug (according to their DNA).
This is, of course, leaving aside "Kind Hearts and Coronets" scenarios where a distant relative picks off everyone who stands between him an a large inheritance.
You don't even need to be logged in in order to view or download the images. wget will do the job just fine.
Is there location data in all the ancestry.com images?
From our random sampling, we'd say that around a third of profile pictures have GPS latitude and longitude embedded in the metadata. This is largely from people who take a quick snap with a selfie cam or mirror shot and upload directly.
If you've edited a picture or used on-device tools to rotate or crop the image, a large part of the metadata is stripped out, and you should be fine.
For everyone else who uses ancestry.com, you're at risk of being scammed in more ways than one.
What does ancestry.com say?
There's no obvious way to contact ancestry.com without creating an account, and no email address we could find on the main site, so I used Leif - the company's' virtual assistant' chatbot, and asked:
Are you aware that GPS location metadata remains intact in profile pics uploaded to your site? You can literally pinpoint a user's bedroom.
After exhausting the bot's stock answers, I asked to be put through to a real person, and had to supply my full name, email address and postcode. For those outside the UK, a postcode is almost as accurate as the GPS coordinates we found embedded in profile pics on the site.
Eventually we landed a support person called Maya Here's the exchange:
Maya: Hi, my name is Maya and I will be assisting you today.
Me: Hi Maya
Maya: Hello, are you referring to the location where the photo was taken or where it was uploaded from?
Me: where it's taken
Maya: Having photo metadata allows member to share their uploaded photos to other members searching for particular records.
Me: You don't think being able to pinpoint someone's house is a security risk?
The support chat was transferred to another assistant called Yoni Rose.
Yoni Rose: Thank you for contacting Ancestry Support. Please allow me a moment to review your question and respond.
Chat ended due to timeout. There was no email follow up.