Security concerns over EXIF data
This is a small security concern which I'd only thought about over night and was worried to check.
When you upload images, the EXIF tag data contains info from the camera including if your camera is enabled with GPS, a spot on location.
This is only worrying if you're going to post something specifically expensive which will remain in location. Last week I published an instructable for a recipe using expensive rare ingredients - it's not past the wit of man to take the EXIF GPS data from the image and visit that location.
Because instructables are a how-to to do it yourself at home, I don't think there's any need to hold this information. I know the burden could be left with the author to scrub his images but this could be automated within the image upload system when you process 'original' images. If it's a specific location that is required in an instructable you could just add it to the text.
So my question is, can you look into implementing it and if possible scrubbing the hundreds of thousands of images currently on your servers. If not, I may need to go through a few of my more recent ones and do a bit of scrubbing myself which may delay things a little and there's always a danger I'll accidently forget one time.
Cheers,
Tim
When you upload images, the EXIF tag data contains info from the camera including if your camera is enabled with GPS, a spot on location.
This is only worrying if you're going to post something specifically expensive which will remain in location. Last week I published an instructable for a recipe using expensive rare ingredients - it's not past the wit of man to take the EXIF GPS data from the image and visit that location.
Because instructables are a how-to to do it yourself at home, I don't think there's any need to hold this information. I know the burden could be left with the author to scrub his images but this could be automated within the image upload system when you process 'original' images. If it's a specific location that is required in an instructable you could just add it to the text.
So my question is, can you look into implementing it and if possible scrubbing the hundreds of thousands of images currently on your servers. If not, I may need to go through a few of my more recent ones and do a bit of scrubbing myself which may delay things a little and there's always a danger I'll accidently forget one time.
Cheers,
Tim
7
comments
|
Add Comment
|
sort by:
active |
newest |
oldest
Has this been done? I've just downloaded a photo (in an attempt to start stripping EXIF data from my instructables and I can't see any anymore?
Apple iPhone, 13:26 April 9th?
If you're uploading this information to a 3rd party site I'd say it is the author's responsibility to remove it beforehand.
L
Quite true, but I doubt most people are technically literate enough to know/realise.
Yes, but to be worthwhile the site would have to advertise that it strips XFIF data, then we'd get questions from the less technically literate asking what it means...
You could equally ask Apple for a "don't save (information)" option so no one had to strip it later.
L
I disagree. You could add a simple tick box which strips exif data by default unless unticked.
As GPS is being worked into more and more cameras (camera phones being the front of the forthcoming wave) this site should take that into account. It's quite possible you'd upload photos of stuff you've done, equipment you've got at work etc with a location and anyone who browses the site could pop by and break in out of hours. Just because the person is ignorant doesn't mean this kind of concern shouldn't be taken into account.
We're not looking at anominity, just making it less easy for this sort of thing to happen.
My next project I want to publish has details on the security on a building. It also shows all the equipment I'm using which is $3-4,000. I've written 50% of the 'ible, but I'm going to have to scrap it along with several others.
There is a turn off location on your phone for photos, but I actually like to use the function as my library groups photos by location as well as date etc. I just don't want it published on this particular site.
As GPS is being worked into more and more cameras (camera phones being the front of the forthcoming wave) this site should take that into account. It's quite possible you'd upload photos of stuff you've done, equipment you've got at work etc with a location and anyone who browses the site could pop by and break in out of hours. Just because the person is ignorant doesn't mean this kind of concern shouldn't be taken into account.
We're not looking at anominity, just making it less easy for this sort of thing to happen.
My next project I want to publish has details on the security on a building. It also shows all the equipment I'm using which is $3-4,000. I've written 50% of the 'ible, but I'm going to have to scrap it along with several others.
There is a turn off location on your phone for photos, but I actually like to use the function as my library groups photos by location as well as date etc. I just don't want it published on this particular site.
Apr 19, 2011. 6:58 AMGeekin
says:
Tim,
Yes, it would be great if this site had an option of removing photographic metadata. And for now, I suggest to use utilities such as this EXIF stripper, to get rid of sensitive information before uploading images.
Yes, it would be great if this site had an option of removing photographic metadata. And for now, I suggest to use utilities such as this EXIF stripper, to get rid of sensitive information before uploading images.
Thanks Geekin
I can remove it in various ways, but it does mean for a number of my projects, I'll have to basically rewrite them.
It's a pain to keep turning on and off the GPS.
It may infact just be easier to just remove the affected instructables completely and not publish further - which I'd rather not do.
Another way round it would be to remove the option to download the 'original' photo as it looks like the modified photo doesn't retain the Exif data - unfortunately I don't seem to be able to see any exif data at work, I assume it's still there however.
I can remove it in various ways, but it does mean for a number of my projects, I'll have to basically rewrite them.
It's a pain to keep turning on and off the GPS.
It may infact just be easier to just remove the affected instructables completely and not publish further - which I'd rather not do.
Another way round it would be to remove the option to download the 'original' photo as it looks like the modified photo doesn't retain the Exif data - unfortunately I don't seem to be able to see any exif data at work, I assume it's still there however.
 |
Vancouver Mini Maker Faire 2012
Rebuilding NordicTrack ski machine drive rollers
Looking for New Zealand-based Instructables authors for conference on August 27 in Wellington
Call to makers - Brighton Mini Maker Faire
Milk Crates - not as green as you think
TEDxBaghdad - Iraq - violence, dust storms and open sourced manufacturing
UK Mini Maker Faire - The Derby Silk Mill - New Poster to Share!
