Welcome to Opt Out, a semi-regular column in which we help you navigate your online privacy and show you how to say no to surveillance. If you’d like to skip to a section about a particular risk you’re trying to protect your child against, click the “Jump to” menu at the top of this article. Last week’s column covered how to opt yourself out of tech companies using your posts to train artificial intelligence.
You’ve got the cutest baby ever, and you want the world to know it. But you’re also worried about what might happen to your baby’s picture once you release it into the nebulous world of the internet. Should you post it?
“Everyone has had parents share embarrassing baby photos with friends. It’s a cringe-inducing rite of passage, but it’s different when that cringe is felt around the world and can never be deleted,” said Albert Fox Cahn, director of the Surveillance Technology Oversight Project.
I’ve described my own concerns about my newborn’s privacy in the past. Tech companies are not transparent about what they do with our data and our pictures. They might use the photos to train their latest AI models. That’s enough for me to try to err on the safe side of the do-I-post-pictures-of-my-child spectrum. I only share pictures of him via text or with his face turned away. Other parents might be more concerned with, for example, online predators.
The solutions parents have come up with to address their digital fears can vary. Some post their children’s photos but block the faces with emojis. Some keep the photos locked in the photo library, never to be shared. Still others feel fine with faces shared to a private social account. Not all solutions are created equal. The right answer to protecting your baby’s photos will depend on what you’re trying to shield them from.
I reached out to a few experts to help you figure out what the best move might be for you, depending on what you’re most concerned about. They all said that the most powerful protection is, of course, abstinence. Just don’t post or digitally store your kids’ pictures, and you’re golden. Is that realistic on a day-to-day basis? The experts agreed: no. We all have to reach a happy medium. Below, you’ll find options and tips to help you balance the convenience of the technology with your anxieties about privacy.
If you’re among the parents who’ve decided not to share your baby’s photos or only to share redacted photos, we’ve also polled some folks for advice on how to talk to your family and friends about it. In-laws’ entreaties can be challenging. We’ll talk more about that in our next column.
There are some important caveats. The main one: it’s important not to overreact. While parents are right to be vigilant about children’s privacy, several experts I spoke to agree that some concerns are not as severe as they seem at first. For instance, for those who fear their children’s photos might be exposed in a hack or a data leak: it’s not impossible, but there’s no real evidence that hackers are looking for photos of children. Simply apply the same best cybersecurity practices that apply to your own life to protect your children, says Fox Cahn.
“To parents, baby photos feel so different from any other data, but to hackers, it’s just another bundle of bytes,” he added.
Honoring kids’ consent
This is probably the motivation I’ve heard most often from millennial parents choosing not to share their children’s photos on the internet. The last thing these parents want is for their kids to grow up and realize every moment of their young life has not only been captured but memorialized for the whole world to see without their permission.
It’s not just about avoiding any future embarrassment. Some parents want to give their kids the ability to decide how much of their likeness and information has been harvested by data-hungry tech companies. I, for one, would like to give my son as close to a privacy clean slate as possible.
Short of posting zero pictures of your kids, there are some solutions that might get you as close to the best of both worlds as you’re probably going to get.
First is the tried-and-true solution (with some adjustments): covering your child’s face with an emoji.
There have been some rumors that this is not effective because a motivated person could easily take the emoji off the picture using some photo-editing software. However, multiple privacy experts and a Guardian photo editor say that’s not true. Once you post a picture with an emoji to a social network, that is as good as redacting your child’s photo because all of the layers of the photo are merged and can’t be separated.
That said, experts recommend editing your child’s photo on your device rather than using the editing tools of Instagram, Snapchat or another social network. Next step: screenshot the edited photo and post the screenshot instead. This will protect the unedited picture from being scraped or otherwise processed by the social network.
The second option, and the one I opt for if I do post a picture of my son, is to take and share pictures with their faces turned away. This is straightforward enough but it basically does the same thing as putting an emoji on their faces without you having to edit anything. I also try to avoid posting pictures of private moments that are not intended for public consumption – think baths, snuggles or anytime they’re not fully clothed.
The third option specific to consent is sending photos to friends and family directly over text or email or using a shared iCloud or Google Photos album. Ideally, you’d use an encrypted messaging service such as iMessage, WhatsApp or Signal. This is a variation of the just don’t post the picture publicly solution, but this way you’re still able to share the photos with a close group of people.
Avoiding tech surveillance
If you, like me, are concerned with what tech companies will do with your child’s photos as they share, sell or otherwise monetize your data, there are a few additional things to consider.
Whenever possible, limit the access apps have to your photos. Many social media and messaging apps give you the option to curate the photos they are able to access. Yes, it is less convenient to go into your camera roll and select photos you want the app to have access to every time you post something. However, experts say there’s always a risk the apps might keep or otherwise scrape that image.
Covering your child’s photo with an emoji is still a viable solution so long as you’re editing the picture on your own device and not in the app. If this is the route you’re taking, be sure you are only giving the platform access to the edited photo. If you, like me, use Apple’s Live Photos, experts recommended taking a screenshot and then giving the social network access to it. This will keep frames that are in the video version of the Live Photo, which may accidentally contain your child’s face, away from the tech company.
If you are looking at your camera roll and realizing some apps have access to more pictures than you’re comfortable with, you can either manually unselect some photos or start fresh. On an iPhone, you can go into your Settings, scroll down to the app in question, then select “Photos”. From there, you can choose “Edit Selected Photos” to see which photos an app has access to and deselect the ones you no longer want it to be able to see. If that is too cumbersome, and you’d rather just deselect all of them, click on “Show Selected” at the bottom of the screen and then click “Deselect All” on the next page.
On Android, it’s a similar process. Go to Settings and then Apps, and find the app you’re looking to adjust the level of access on. Tap “Permissions” and then “Photos and Videos” and you can choose how much access you want that app to have to your photos. If you want to start fresh, click the pencil icon next to “Allow Limited Access” and tap the “Allow None” button in the bottom right corner.
The other option that protects your photos from potential tech surveillance is to send photos over encrypted messaging services like Signal. The Google Messages app and Apple iMessage are also end-to-end encrypted if you’re messaging someone with the same operating system.
With Apple’s messaging service, experts recommend taking an extra step and turning on the Advanced Data Protection feature. This will ensure that all texts and other data stored on iCloud are end-to-end encrypted so not even Apple can access it. That will also protect the photos you’re backing up to iCloud. The risk with Advanced Data Protection is that if you lose access to your account for any reason, Apple will not be able to help you get your photos back.
WhatsApp is also end-to-end encrypted, but some experts advise caution when it comes to using the Meta-owned messaging app. While the content of the messages is encrypted, the service still can scrape information from your account including who you’re talking to, how often, your profile information, your address book and more. The company will not have access to the photos themselves.
At least one expert discouraged sending the picture over email because there are few assurances that free email services won’t scrape the content of your emails.
“If you’re using a Google product, I would assume that some aspect of every message is being scanned and scraped, but if you’re paying for a highly encrypted service, it probably is secure from that threat,” Fox Cahn said.
Online predators
When it comes to sharing their children’s photos, one of the top concerns from parents is online sexual predators, according to Stephen Balkam, the founder and CEO of the Family Online Safety Institute. It’s a terrifying prospect for many parents who worry about their child’s photos being potentially misused or falling into the hands of an online predator.
He and other experts we spoke to agreed that, though it’s important to be vigilant, it’s exceedingly rare for children to come across sexual predators who are unknown to the parents. If you plan to post your children’s pictures, the most powerful measure you can take against predators online is setting your accounts to private, Balkam said.
The solutions mentioned above – sending photos over encrypted messaging or email and sharing an iCloud or Google Photos album with a select group of people – may also help protect your children’s photos from potentially unsafe people online.
Other solutions to guard against predators include sharing photos in a closed group chat or Facebook group with just people that you know, 10 to 20 people maximum. These options are convenient and moderately private, so long as everyone in the group knows what your expectations are when it comes to sharing your family’s photos outside of the group. They will not, however, protect against tech surveillance, and they could open these photos up to being used to train companies’ AI systems.
Artificial intelligence
If you are worried about getting your children’s (or even your own) photos swept up in the AI machine, we have a deep dive on how to stop platforms you have accounts with from using your data to train their AI models. With the exception of Meta, which doesn’t give US users any way to stop the firm from using content to train its AI, following the steps we’ve listed out will protect your posts from being used to train their AI models.
Turning off AI-training features does not protect your posts and information from being scraped by third-party companies. That’s especially true if your profile is public or you post in a public forum – including those handful of parenting Facebook groups you might be a part of. Experts say there’s not a great way to stop companies from scraping your photos for their AI models aside from not posting anything.
“Sadly, until lawmakers catch up with the wholesale theft of our images, the only way to keep your images completely safe from AI training is by keeping them offline,” Fox Cahn said. “Even non-public apps may be quietly scraping this data on the back end. The rule is simple: the less you store, the less you have to fear.”
The next-best solutions include some of what we’ve mentioned above, such as editing out your child’s face (eg with an emoji) and only giving platforms access to a screenshot of the edited photo, limiting the platforms’ access to your kid’s photos, or sending the photos over an encrypted messaging app. Creating a separate private account with just a select group of friends for the purpose of sharing pictures of your kids might also be a solution, at least for now, according to Thorin Klosowski, a security and privacy activist at Electronic Frontier Foundation.
“Most social networks do not use private accounts to train their AI models, and by their nature they wouldn’t be easily accessible to third-party AI companies,” Klosowski said. “But there’s nothing preventing companies from changing their AI-training policies in the future.”
But experts say some of the other solutions we’ve mentioned, such as using a shared iCloud album or Google photos albums or emailing these photos, could still open people up to the risk that their children’s photos will be used to train the AI models of various companies.
Hacking
Last but not least, as parents, you may have concerns about your children’s photos being targeted by hackers or just exposed in a data leak. While it is a risk, everyone I spoke to said it is a remote one. There’s not really any evidence that indicates hackers are interested in getting hold of your baby’s photos. They would be more interested in a social security number, for example.
That’s not to say that it’s impossible. The photos could be a part of a package of data that is being held for ransom in a ransomware attack, for instance.
You should take protective measures. They are the same ones you should be taking for all of your data: two-factor authentication, strong passwords, keeping up with software and going through privacy check ups on any app you’re storing or sharing your photos on.
“If you’re using online photo backups, it’s worth double-checking your sharing settings to ensure you’re not accidentally sharing more than you mean to or sharing with someone you do not want to anymore,” Klosowski said.