14 DAY TRIAL // Last week, we learned that Getty Images started offering tens of millions of photographs for free with the condition that users inserted them into websites as an iframe that was based on code provided by the company. The Electronic Frontier Foundation warns that there are some privacy implications associated with such practices.
Getty has taken the decision to offer images for free after determining that many of them are already freely available and it’s too difficult to keep track and file legal action against those who illegally utilize content.
For the time being, Getty says it doesn’t store any information collected via the code planted on the sites that want to use the free images. However, the company is considering monetizing usage data at some point.
Similarly to Google Analytics and YouTube videos, the Getty Images iframe collects data on the users who visit the page in which the code is inserted.
It could log IP addresses, the time of the request, information about the user’s web browser and his/her computer, and the URL of the website the request is coming from. In addition, tracking cookies can also be obtained.
“This problem is, unfortunately, a fundamental property of the web as we know it. But a few facts about Getty make this situation especially troubling. For one thing, given its scale and popularity, Getty Images embeds may appear on a significant number of different sites that a single user visits,” explained the EFF’s Parker Higgins.
“That would allow Getty to correlate more information about a user's browsing history than any single site could. That information, in turn, is subject to government requests, sales to data brokers, or even breaches or leaks.”
Getty representatives have told the EFF that currently they’re not collecting information “beyond what’s necessary to store aggregate viewing numbers for individual images.” However, the situation could change at any time.
Furthermore, all the information is transmitted via an unencrypted HTTP connection, allowing others to eavesdrop on the communication.
In addition to starting to use HTTPS for communications, the EFF also believes that Getty should “explain clearly and publicly what its practices are for minimizing the amount of data it collects and stores on users.”
The EFF added, “And even if the company adheres to its current minimal data collection standards, it should commit to setting a high bar on following the Do Not Track spec: if users are sending a signal that they do not wish to be tracked, Getty Images should honor it fully.”