Apple Aperture Places and Privacy
Aperture has a useful feature called “Places”. Places lets you access GPS metadata stored in your photos or assign location metadata to your photos. With this location metadata, you are able to browse, catalog and re-contextualize your photos using a map-driven interface. It’s very cool.
Aperture will automatically look up the location of an image and drop a pin on a map for you if your camera supports GPS metadata  (iPhone for example but many other cameras do this or support optional accessories to automate it.). You can also, if you choose to, use the map UI to assign location meta data to your photos. This allows you to browse your photos by location. Want to see every picture you took at<insert politically incorrect location here>? You need only locate that place with a handy dandy pushpin on the map. Want to see the path you took cross country stopping at each cool looking diner along the way for a black and white milkshake while hauling <insert politically incorrect cargo here>? Want to know where exactly took that photo of that bald eagle you accidentally shot while duck hunting? All these things are easy and convenient with Aperture’s ‘Places’.
The two options for using places are “Never” and “Automatically”. If “Automatically” is not enabled, Places is entirely disabled. The preference isn’t labeled “Look up places online from Apple and Google”. Hell, it doesn’t even say “Look Up Places Online” it just says “Look Up Places”.
All well and good. Handy. The problem is:Â Places, if you allow it to will connect to, at least, these severs:
- ssl.apple.com,
- www.google.com
- place.apple.pushpin.com
- mt1.google.com
Clearly, there is enormous value to the vast amount of GIS data and services available online but a simple GPS to rudimentary map functionality could and should be available using only local map and coordinate data installed with Aperture.
There is no option to look up places in an ‘on demand’ and per-image basis. No option to hide the UI elements that refer to places. No readily available documentation of exactly what information is sent to Google or Apple when you use the feature. No warning about what information you are licensing implicitly to Apple or Google when you choose to use this feature.
Now, there are a lot of good reasons you may not want to allow even the when and where of your photos to be stored by Apple or Google  no matter how legal, upright and upstanding a person you are. Let’s say you have a gmail address you use anonymously, for example, to post in a political discussion forum when you are the editor of a news program. It’s part of your private life. You don’t use your position with this news program to back up the opinions you discuss. You simply prefer not to have your personal political opinions be fodder for evaluating the validity and objectivity of your reporting. You write about Google or Apple, they look up your records, it leaks, your career is over. This is just one example. If you use Aperture on your laptop, expose your home in Manhattan to burglary while the time stamps and GPS data in the photos shows your in Bora Bora. Leaks of this data could compromise a woman fleeing an abuser. Leaks of this data could eroneously expose you as a person of interest in a data-mining fishing expedition. “Yes, Inspector Gadget, slap the old Patriot Act notice on Google. I want to know the names of everybody at 5th and Main between noon and one on the 25th.”
It is, simply, too easy to potentially give Apple and Google a a record of every place you have ever taken a photograph. It’s simply none of their damned business unless I choose to make it their business and I should damned well be informed about what data is sent and stored on their servers.
Apple should:
- Clearly document precisely what data is sent to Apple and Google. (Apple now owns Pushpin)
- Ensure all data sent to Apple/Google is anonymized and contains no image data.
- Enable more granular control of online lookups.
- Allow you to hide the UI for the feature if you choose not to use it.
- Offer rudimentary location functionality using locally stored map data installed with the program.
You should, think a little more about how convenience and your use of ‘The Cloud’ may compromise your privacy and be a more informed and deliberate consumer of those services.