Open dngray opened 4 years ago
I can think of ImagePipe but it also changes the size of your image so it is not so nice, and I don't think there's any application for iOS.
ViewExif and iVerify work well on iOS. iVerify is also cool as it has a lot of security tips and will can your device for exploits/jailbreaks, but that may be out of scope for this issue.
Unsure about whether they can be considered within the scope of this issue, but two more things to consider...
Given that there is recent / active research into most forms of hardware fingerprinting (uniquely identifying a device through acoustic properties, cameras, motion sensors etc. ) I wonder if it is appropriate to look into some form of obfuscation or filtering of image and audio content. Facebook, for example, has an active patent for associating cameras with users and objects in a social networking system - using camera fingerprinting as context for linkability, identification and social interest. Controlling this, in combination with metadata removal or editing- means you're in reasonable control of identifying information with any given piece of media you put out.
There was an interesting (IMO) recent reddit thread about steganography which makes a very good case for security practice when compelled to give images out online or elsewhere for any particular reason. After stripping metadata and filtering out uniquely identifying data, it makes sense to then watermark your images so you have a good idea of how (if) they propagate/migrate through the internet.
I think these are related directly enough to metadata manipulation to be in the same section of the guides.
Unsure about whether they can be considered within the scope of this issue, but two more things to consider...
I think we could have a warning about this.
If the threat model is simply to stop a passer-by from seeing sensitive information about GPS coordinates then this isn't required. If the threat model requires that the photo not be tracked to the original owner then simply removing EXIF data is not sufficient.
Removing that kind of fingerprint usually requires a gaussian blur or something alike which redacts the photo, and of course nothing in the photo that identifies the owner.
Agreed. Ppl. nowadays tends to take pics and vids on their own handsets and share them directly on social media, so a metadata removal software that only works on personal computers just won't work. Privacy-friendly platforms like Signal added functions like removing metadata in shared media automatically, but most platform won't go through that length to protect its users (in most cases they only want more), so a standalone metadata removal tools is in need. This remind me of an application called Scrambled Exif (Fdroid) on Android which process image shared to itself to remove exif information. Maybe I shall make an software suggestion?
I also know of (and use) Metapho for iOS.
Not only can you remove and edit Metadata, but they also have a share sheet feature to share a photo without Metadata. Perhaps you want the GPS, etc. still on the original, but when uploading/sharing you want to strip it. There, you can use the share sheet functionality.
So far I only know of Scrambled Exif available in both Android and F-Droid.
We should consider some options for mobile platforms as suggested in this category.