'Slack has started to strip uploaded photos of their metadata. What may seem like an inconsequential change to how the tech giant handles storing files on its servers, it will make it far more difficult to trace photos back to their original owners. From a report: Almost every digital file -- from documents on your computer to photos taken on your phone -- contains metadata. That's data about the file itself, such as how big the file is, when it was created, and by whom. Photos and videos often include the precise coordinates of where they were taken. But that can be a problem for higher-risk Slack users, like journalists and activists, who have to take greater security precautions to keep their sources safe. The metadata inside photos can out sources, deanonymize whistleblowers, or otherwise make it easier for unfriendly governments to target individuals. Even if a journalist removes the metadata from a photo before publishing, a copy of the photo -- with its metadata -- may remain on Slack's servers. Whether a hacker breaks in or a government demands the data, it can put sources at risk' -- source: https://yro.slashdot.org/story/20/05/11/2051209 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
On Tue, 12 May 2020 13:39:21 +1200, Peter Reutemann quoted:
'Almost every digital file -- from documents on your computer to photos taken on your phone -- contains metadata.'
I use the “iinfo -v” command (part of the openimageio-tools package) to check my images before uploading them. Sometimes you also learn things about images downloaded from elsewhere ...
'Almost every digital file -- from documents on your computer to photos taken on your phone -- contains metadata.'
I use the “iinfo -v” command (part of the openimageio-tools package) to check my images before uploading them. Sometimes you also learn things about images downloaded from elsewhere ...
+1 That's a handy tool to know! On Debian, you can install it with: sudo apt install openimageio-tools Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
On Tue, 12 May 2020 14:10:47 +1200, Peter Reutemann wrote:
I use the “iinfo -v” command (part of the openimageio-tools package) to check my images before uploading them.
That's a handy tool to know!
The same package includes the oiiotool command, which you can use to delete metadata as follows: oiiotool «infile» --eraseattrib '.*' --nosoftwareattrib -o «outfile» You can use idiff afterwards: idiff «infile» «outfile» to confirm that the pixels match. The PDF manual for all these tools (and the OpenImageIO library) is in the libopenimageio-doc package.
I wrote:
The same package includes the oiiotool command, which you can use to delete metadata as follows ...
Nah, forget it. It’s OK on a lossless format like PNG, but for JPEG, it decompresses it and recompresses it again, leading to lots of differences as reported by idiff. The exiv2 tool (from the package of the same name) can directly alter EXIF metadata in a file without decoding/reencoding pixels. The command exiv2 rm «file» will remove all EXIF metadata from «file». It can also display metadata with exiv2 pr «file» (If you don’t want to alter your original files, make sure to copy them first.)
On Tue, 12 May 2020 16:32:01 +1200, I wrote:
The exiv2 tool (from the package of the same name) can directly alter EXIF metadata in a file without decoding/reencoding pixels.
However, PNG files can have additional non-EXIF metadata, in the form of various kinds of “text” information records, and exiv2 will not recognize these. On the other hand, exiftool (part of the libimage-exiftool-perl) package, can process them. The command exiftool -all= «file» will strip all metadata from «file», backing up the unchanged original as «file»_original.
participants (2)
-
Lawrence D'Oliveiro -
Peter Reutemann