Log Off. They Are Already Looking.

^{Social media has become the most consistent source of operational intelligence on high-net-worth principals afloat. The camera is not the threat. The crew member who forgets to turn off location services is.}

There is a standard assumption in the superyacht industry that the principal’s privacy begins and ends with the NDA signed at the start of the season. In practice, the more consequential document is the camera roll on a crew member’s phone. Most crew understand they should not photograph guests. Fewer understand that a photo of a cocktail arrangement, a sunset off the stern, or a uniform lay-flat posted to Instagram from an anchorage in the Ionian can provide, within seconds, the vessel’s precise GPS coordinates, its name, the identity of its owner, and confirmation that the charter party is currently aboard.

This is not conjecture. It is the threat landscape as it exists in 2026. Open-source intelligence gathering has matured to the point where analysts, journalists, and adversaries with basic capability can reconstruct a vessel’s position, schedule, and passenger profile from nothing more than publicly available social media content and freely accessible maritime databases. The crew member posting in good faith is, without any intention, the most reliable intelligence source on the boat.

The Exposure Landscape

Modern smartphones embed Exchangeable Image File Format (EXIF) data into every photograph taken. This metadata includes the precise GPS coordinates of the location where the image was captured, the device make and model, and a timestamp accurate to the second. Even where a platform strips visible location tags on upload, the EXIF data may be preserved in files shared directly via messaging applications, WhatsApp, or cloud transfer services. A crew member who photographs a dessert plating and forwards it to a friend has shared the yacht’s anchorage coordinates, whether they intended to or not.

The position disclosure problem is compounded by platform-level tagging. Instagram’s location feature, Story stickers, and the geolocation fields on TikTok and Facebook allow users to attach a named place to a post. In a marina or port, this function is specific enough to identify the berth. In open water, a tagged location resolves to coordinates. Even without any tag applied manually, background visual details in photographs – the profile of a coastline, the colour of a harbour wall, a recognisable anchorage – are sufficient for a skilled OSINT practitioner to geolocate the vessel through image analysis alone.

24 sec. Estimated time to extract GPS coordinates from an image using freely available tools
AIS. Vessel position broadcast, publicly searchable via platforms in near real-time
80–90%. Proportion of Western law enforcement intelligence activity derived from open-source data

The vessel’s Automatic Identification System (AIS) broadcast adds a further layer of involuntary exposure. Platforms including MarineTraffic and VesselFinder publish vessel positions in near real-time for any registered craft. A social media post confirming which guests are aboard, combined with an AIS track confirming the vessel’s current position, provides a threat actor with actionable targeting intelligence without any covert capability whatsoever. The convergence of these two data streams is a routine OSINT technique, not an advanced one.

Where the Obligation Sits

Seafarers’ Employment Agreements (SEAs) in the UHNW sector routinely include confidentiality clauses covering the vessel’s itinerary, the identity and activities of guests, and onboard operations. Many owners supplement these with standalone NDAs which apply both during and after the period of employment. Under the Maritime Labour Convention, 2006 (MLC), these provisions sit alongside flag state requirements and are generally enforceable under the governing land-based law specified in the agreement. Critically, disclosure does not need to be deliberate to constitute a breach. A crew member who posts a photograph that incidentally reveals guest identity, vessel position, or itinerary detail may be in breach regardless of intent.

The interior and deck crew occupy a specific position of exposure in this context. Stewardesses manage guest spaces, arrange personal effects, and move through the vessel’s most private areas. Deckhands work on platforms and open spaces where photography is habitual and where the vessel’s name, flag, and profile are frequently visible. Both departments have natural reasons to document their work. Neither is typically given formal briefing on the intelligence value of what they are producing when they do so.

Who Looks, and Why It Matters

The range of actors with an interest in a UHNW principal’s location and movements is broader than most crew appreciate. It includes paparazzi and media organisations operating in charter hotspots including Antibes, Porto Cervo, and Mykonos, where commercial drone activity targeting superyachts at anchor is now routine. It includes opportunistic criminals who monitor social content for confirmation that a principal is aboard and at a specific location. In more elevated risk environments, it includes adversaries who conduct systematic OSINT profiling of high-net-worth individuals as a precursor to financial fraud, social engineering, or kidnap and ransom planning.

The crew member posting an innocent image is not the last line of defence against any of these actors. They are, however, a direct enabler of the targeting process if the image contains exploitable data. The mitigation is not complex. It requires awareness, process, and a clear vessel policy that is briefed at the start of the season rather than communicated after an incident.

What a Robust Digital Discretion Policy Looks Like

A vessel-level Digital Discretion Policy is the appropriate vehicle for managing crew social media behaviour. It should be integrated into the captain’s standing orders, referenced in the SEA or crew handbook, and briefed formally at the start of each charter season or on joining. The policy is not a blanket prohibition on crew social media use. It is a set of bounded, intelligible rules that crew can follow without being placed in an unreasonable personal position.

The policy should address five specific areas: geotagging controls, posting delay requirements, designated no-photograph zones, guest photography prohibition, and personal device protocols when on duty. Each of these is operationally distinct and should be communicated as such, rather than as a vague instruction to “be careful on social media.”

Five Controls for the Digital Discretion Policy

1. Geotagging disabled by default. Location services on crew personal devices should be disabled for the camera application as a standing instruction, not a preference. On iOS, this is managed under Settings → Privacy → Location Services → Camera, set to Never. On Android, the equivalent control sits within the camera application settings. This eliminates EXIF coordinate embedding at source.
   
2. Mandatory posting delay. No content depicting the vessel, its surroundings, or any guest-adjacent space should be published in real time. A minimum 24-hour delay between capture and publication removes the operational intelligence value of position disclosure. Some owners operate a 48-hour or end-of-charter rule. The specific interval should be documented in the policy and applied consistently.
   
3. Designated no-photograph zones. Guest cabins, saloons, the dining area, the bridge, and any space where personal effects are visible should be designated as no-photograph zones. This designation should be marked in the vessel’s operational plan and briefed to all joining crew. Interior crew in particular should understand that a photograph of a table setting, a floral arrangement, or a garment layout may inadvertently capture identifying information about the guest it belongs to.
   
4. Absolute guest photography prohibition. No crew member should photograph, film, or record any guest in any circumstances without explicit written authorisation from the captain. This prohibition extends to images where guests are identifiable in the background. The standard is identification, not intent. If the individual can be recognised in the image, the image should not be posted.
   
5. Personal device protocol on duty. Crew on active watch or duty rotation should operate on the basis that personal devices are not used for social media activity during that period. This is a matter of operational focus as much as security hygiene. Where owners require a stricter protocol — including offline mode during charter — this should be communicated clearly and the rationale explained, rather than imposed without context.

Passengers as a Parallel Exposure

Interior crew in particular are frequently placed in the position of managing guest social media behaviour, or at least observing it. A charter guest who posts in real time, tags the vessel by name, or photographs fellow passengers without their knowledge creates the same exposure profile as a crew member who does so. The captain holds primary authority over vessel policy in this area, and the briefing of guests on digital discretion expectations is properly the captain’s responsibility. Interior crew should, however, be aware of the dynamic and prepared to escalate to the captain if a guest’s social media activity is creating a visible security exposure.

The framing of this conversation matters. The ask should not be presented as a restriction but as a standard of service. Guests who understand that discretion is part of the experience they are paying for are, in the main, willing to comply. The request lands differently when it comes from a vessel known to have a consistent and considered policy than when it is improvised in the moment.

Closing Position

The superyacht industry has invested significantly in physical security, crew vetting, and cyber resilience over the past decade. The digital discretion gap remains the most accessible and most exploited vulnerability in the close-access environment. It does not require a sophisticated adversary to exploit. It requires a crew member who does not know the rules, or who has not been told why the rules exist.

Closing that gap is a matter of briefing, policy, and consistent expectation. The tools are already in place. What is frequently absent is the conversation.

Intelligence-led. Vetted. Proportionate.
_{To discuss Digital Discretion Policy development or crew security briefings for your vessel, contact the Priavo Maritime team at enquiries@priavosecurity.com}