johnozbay
commented
3 years ago Hi there! 👋🏻 Thanks a lot for filing this!
There are a few very specific technical reasons why we don't have an info panel for other EXIF metadata like camera make / lens info / GPS meta etc alongside photos. It has to do with both the lack of detailed EXIF metadata standardization among camera makers, and complexities of on-device encryption.
I wouldn't go so far to say it's impossible, but it's near-impossible to do this in a privacy-preserving way without taking a huge performance & usability hit. I'll write down all the reasons why I think it's not possible [yet] here for posterity, so that perhaps if any of these change in the future, we can revisit this idea again.
1) About EXIF
EXIF data from DSLR cameras can be anywhere up to 64kb each. And while there is some standardization / guidelines for camera makers, every year, camera makers add new tags / different meta info, and deviate from the standards. i.e. EXIF is a 26+yr old standard, so it didn't account for things like what happens if your phone's camera has AI and can tag people's faces and add this into the EXIF metadata etc. OR some phones have dual/triple sensor cameras, and use both lenses to take computational photos. So their EXIF data for lens details get all weird and interesting. Consequently, EXIF standards get extended every year and things do improve, but the speed of improvement and reality is still far from perfect. Depending on your camera make/model/device etc, you still find lots of surprises.
Why is all this important?
2) EXIF & Privacy
All these extra pieces of meta-information has to be stored encrypted for each photo individually. Otherwise things like location data from photos could reveal so much about a user / their home address / work, copyright details = real names of users, and some new phones' AI cameras even tag people in photos automatically into EXIF metadata nowadays, so tons of privacy issues. And according to documents leaked by Edward Snowden, the NSA is targeting Exif information under the XKeyscore program.
So due to all this, as a privacy-first service, we can't store EXIF unencrypted. And if we do encrypt EXIF metadata, it would need to be performant enough that this won't slow the app down. More on this below.
Un-encrypted services do all the fancy metadata extraction / search operations on the server-side, since their servers can see the contents of your photos & their metadata, and can selectively store only the relevant parts. Whereas with Cryptee because your data is encrypted and the servers don't know your encryption key, the extraction / search can only be done on your device, so it's incredibly critical and difficult to decide what to encrypt, what to extract, make searchable, and what not to extract, and each of these tiny decisions could have either massive privacy ramifications or performance hits on your experience. (Since all this computation have to take place on your device, we have to account for the fact that you may be using a 5 year old slow-ish Android phone etc)
3) About on-device encryption
Since Cryptee encrypts everything client-side, on your device, all photos' thumbnails & preview sizes are generated in your browser / on your device before getting encrypted & uploaded. (unlike un-encrypted services – they do all this on the server-side, since they can see the contents of your photos, they can scale down/crop your photos on the server)
So when you upload a new photo, Cryptee first reads your original sized (O) photo then, in your browser creates : – a cropped, small square thumbnail for the gallery (SM), (the small square ones in gallery) – a medium sized preview image for the lightbox preview image (M). (the one you screen-shotted for example) Then encrypts SM, M, and the original image (O), and uploads all three.
Our converter & optimizer tries its best to keep the thumbnail file-sizes as low as possible, so that when you scroll through a gallery of 10,000 photos, you don't have to download & decrypt hundreds of megabytes of thumbnails and take a huge performance hit. So the converter tries its best to make the thumbnails as small as 50 - 100kb if possible.
Same for preview images. We try to keep their footprint as small as possible, so even if you're rage-swiping left/right on your phone quickly, you can cruise through photos in the lightbox / previewer quickly without waiting for things to download & decrypt. So we try to keep their file sizes ~350kb or less.
It would be impractical and silly of us to show the originals in the previewer, since your original can be on average ~25mb each, and in order to swipe through 10 photos you'd have to download and decrypt 250mb of photos.
Here comes the problem. Your EXIF metadata exists only in the original sized photo. Not in the optimized / shrunk thumbnail / preview sizes. And it makes sense if you think of it – the preview images are ~300kb, and adding another 64kb EXIF onto that would increase the file size by ~20%. (and in case of gallery thumbnails by +100% if not more) And since we don't load the original size, the EXIF meta isn't available in the lightbox basically.
And since our servers can't see your photos, they can't extract the EXIF metadata either. Leaving us two choices :
a) We could extract the EXIF metadata during photo uploads, encrypt and upload it separately, then decrypt and display it while you're looking at the photos.
The problem with this approach is that at 64kb/photo, if you have 10,000 photos this means encrypting & uploading another 640mb worth of metadata alongside the photos. And if you want to search it all, you'd have to download and decrypt 640mb of metadata, which simply wouldn't work.
b) We could download & decrypt a 40mb original photo when you press a hypothetical "show exif" button, extract its EXIF, and display it on the fly. But this means, to show you a few lines of camera / lens info from 64kb of EXIF, we had to download a 40mb photo. Which is impractical, yet ironically, still might be the best option.
And since there's no clear standardization, (or even a clear documentation online – most EXIF documentation online is crowd-sourced like this) we can't even confidently strip unnecessary pieces of EXIF data, and keep only the necessary pieces. (i.e. we can't even confidently say "oh yeah we strip GPS data so don't worry" – since some manufacturers put duplicate GPS data into another EXIF slot, or use a whole different slot for GPS coordinates etc.
Otherwise, you're spot on, our photos uploader already extracts EXIF date data during uploads to be able to securely sort & search your photos based on date.
So the long term, ultimate solution to all this is either :
a) extract EXIF during upload on your device, encrypt and store it separately, then while viewing your photos, you could press a "show exif" button, and it would display some basic EXIF data.
b) when you press the "show exif" button, we download and decrypt the original, extract & display the EXIF whenever you want to look at EXIF data.
Finally, to summarize all this, and answer some hypothetical questions about the topic directly:
Can we store metadata and display it? Yes, but it will impact performance & storage significantly.
Can we at least store SOME metadata and display it? Like date, camera make/model etc? Yes, but who gets to decide which piece of meta is more important? Let's say you and I need date, camera model, John Doe needs lens information, Jane Doe needs GPS etc... So we shouldn't be the ones picking what matters and what doesn't
Can we make EXIF metadata searchable on Cryptee? No. Because at 64kb/photo, even with 10,000 photos, that would require downloading & decrypting 640mb of metadata to be able to search for it. Let's say a JPG photo is ~5mb per shot. A mid-level 400gb Cryptee account can theoretically fit ~80,000 photos. So that would be 5gb of EXIF data alone that would need to be downloaded & decrypted to enable search.
But tags? What kind of black magic sorcery did you guys do to make tags searchable? Cool thing about tags is that you can give them really short unique IDs. If you choose 10,000 photos, and tag all 10,000 of them, we don't need to copy paste the whole tag info into all of them. We just need to store something like "tag-id-123" on the photos, and that's it. Then all we have to do is, when you type "#paris" into the search box, Cryptee searches the list of your encrypted tags, checks if there's a matching tag id, then find all photos matching that tag id. This way we don't ever need to know your tags, and it's super fast, and takes up little or no space 🎉 But with EXIF, we'd have to store 64kb for each photo separately, since their EXIF meta will be unique for every photo, we can't assign IDs to them like we do with tags
For now, we can add a little info button next to the download button in the screenshot for example. Once pressed, it can show the name & date info (since we already have the name & date) – for all other things like camera make / model / lens / gps etc, we could add a "show more" button, and it could download the original photo, decrypt, extract EXIF and display more info. But I think we'll still need to do a lot of thinking for this, I'm still not convinced this is the best way, and don't want to commit to saying yes to this yet without proper thinking.
Hoping all this technical stuff makes sense, and sorry about this super long message! 😅
Figured I'll write it all out here, and that way I can reference this answer when others ask the same question in the future.
For now I'll keep this thread open and keep it up to date as we work towards adding a little info button, even though it won't necessarily satisfy your feature-request directly per-se.
Best,
John
frejaya
hirako2000
Is your feature request related to a problem? Please describe. Although Crypt.ee allows me to set the exact date of an album, and to see the month and year in the scroll bar to the right, I actually can't see the exact date a specific photo was taken anywhere, such as by clicking on the photo itself or opening an info panel of some kind. The date is one part of the metadata that is useful, but also the metadata about the camera that took the photo. I am always wanting to see which camera was used to take the photo so I can compare camera photo quality.
It would also be really great if this metadata was searchable. (The date is already searchable so that isn't an issue). Right now if I want to be able to search by which camera I used, because I know I took a certain picture on one camera vs. another, I would have to tag the photos I took using that camera, because I can't search the metadata.
Describe the solution you'd like It would be really great if any photo file metadata could be visible somewhere and searchable. For example, if the metadata says that the camera used to take the photo was OLYMPUS IMAGING CORP. E-M5, then I would like to be able to search for "Olympus" and find the photo, and when I click on the photo to view it full screen, have the option to open a side panel to see the exact date and time it was taken, camera details, etc.
The metadata is still with the file as far as I know, it doesn't get lost/stripped away when uploaded to Crypt.ee, so it would be great if we can see that data within Crypt.ee either when we open up the big view of the photo or in a side panel of some kind.
Additional context The info panel would fit well off to the right of the photo for example