Facebook adds a tracking code to the photos to be able to track them also outside the social network

If an image has been uploaded to Facebook and subsequently downloaded, it will no longer be the same. As soon as you enter the social network, different Facebook tracking metadata is added. In this way, even if you download it and remove it from the platform, it will continue to maintain “part of Facebook” inside to be found and identified in the future.

As Edin Jusupovic has discovered, Facebook automatically add a series of metadata to images downloaded from the platform. These metadata are IPTC instructions that allow an image or file to be identified thanks to a unique code.

The reason why the photos downloaded from Facebook contain their own metadata is not entirely clear. But of course, it would serve for example so that if the image is uploaded to Facebook by another person Facebook can associate the possible relationship between both people. From SamaGame we have contacted Facebook to see what their official position is in this regard, we will update the article in case of getting a response.

How is the tracking code that Facebook adds to the photos

Actually the insertion of metadata by Facebook is not something new. As detailed in The Hacker Factor Blog, the social network has been adding over the years different ways of identifying images that are or are obtained from their servers. For example, even before 2012, the images were automatically renamed with a series of numbers and letters that represented the user and the image’s album.

They also point out from The Hacker Factor Blog that it was in 2014 when Facebook started inserting an IPTC block in the image metadata. At first glance it is a long and hidden code for the user that only appears if the image is examined with a metadata inspector. The sequence of numbers and letters seems random, the only thing that always repeats is the start “FBMD” which probably corresponds to “Facebook Member Data”. The rest of the numbers and letters are hexadecimal characters that are transformed into bytes of information.

Some users have done different tests to check where and since when this metadata is added. As indicated by the user @ 17haval on Twitter, this identification code does not appear in images from 2014, but it does appear in later ones. On the other hand, it also applies to photos on Facebook Messenger, Facebook’s messaging app. Not on transferred and downloaded images from WhatsApp conversations. The tests that we have carried out in Engadget coincide in this.

What can you do to avoid it? Something as simple as clear image metadata. In Windows it is done by right-clicking on an image and then ‘Properties’. There we will see the metadata in the ‘Details’ tab. By clicking on ‘Remove properties and personal information’ we can delete the data you select, the Facebook identifier for example. In Engadget Basics there is a complete tutorial with more details on how to do it. More entertaining than deleting this metadata is modifying it to confuse Facebook On GitHub they have already created a tool for this that automatically modifies the tracking code to “confuse” Facebook if the images are uploaded to the platform.

As a curiosity, Facebook is not the only one adding this type of metadata for tracking images. In 2015, it was discovered that RedStar OS, North Korea’s Linux-based operating system, contained a similar tool to automatically add a tracking code to images that passed through a computer running this operating system.