Goattobeloved
Esteemed Citizen of ZV
Oookay... I see what you think I did and... it *is* funny
Cause I am clever like that sometimes...
*cough* Not really it is actually spelled SiXtine in Spanish *mumble* So I was just stupid *cough*
File Metadata Information - You could be putting yourself at risk!
- Thread starter FloofyNewfie
- Start date
Cause I am clever like that sometimes...
*cough* Not really it is actually spelled SiXtine in Spanish *mumble* So I was just stupid *cough*
Dogdaddy69
Esteemed Citizen of ZV
I mean, unless you just casually speak latin..............Oookay... I see what you think I did and... it *is* funny
Cause I am clever like that sometimes...
*cough* Not really it is actually spelled SiXtine in Spanish *mumble* So I was just stupid *cough*
Chances are above zero, lol
omniscientfluffer
Citizen of Zooville
You should do that on your computer. That website you uploaded to can save your file and identify you.
humananimal
Esteemed Citizen of ZV
I have an an app called ‘EXIF viewer’ on my iPad. It works locally on my iPad, removes EXIF or all metadata.
I use it on all photos and videos before saving or uploading.
I use it on all photos and videos before saving or uploading.
iwanttobeabottom
Esteemed Citizen of ZV
The main data you want to get rid of is any GPS location that could get embedded in it. It doesn't happen to every picture or video; it depends on your phone settings.
However if you use a website or tool to strip the GPS location and it also replaces the "date created" and stuff, those aren't a big deal.
And other metadata:
phone model, serial number, lens serial number, camera model, settings...
This is all the metadata iphone saves to your jpeg photos (anonymized)
Look at the IDs, I bet at least one stays the same for all photos.
So if you upload that here and you get in trouble, all anyone needs to 100% tell it is you, is your phone.
phone model, serial number, lens serial number, camera model, settings...
This is all the metadata iphone saves to your jpeg photos (anonymized)
Look at the IDs, I bet at least one stays the same for all photos.
So if you upload that here and you get in trouble, all anyone needs to 100% tell it is you, is your phone.
dartel
Prized Citizen of ZV
On Windows, right click > properties > details
On Mac, right click > get info
On phone, you'd probably need a specific metadata reader app
I have linux and this is from terminal using the exiftool command.
iwanttobeabottom
Esteemed Citizen of ZV
If you download a picture and open it in Google photos, it will show you the location and such right in it.
In fact different file formats can contain different metadata.
docx for example contains your windows user account and full name.
png can contain metadata in places where usual software can not see it.
So always convert your images to jpg first and then remove metadata.
Antics3309
Tourist
I feel like steps should be taken by moderation to pre-emptively scan and scrub metadata from files on their own. Beyond what is done now.
I know that this would be time consuming, expensive, and could cause problems with hashing/update times/deduplication efforts, but it would be worth it.
Even a mere scanning tool that could DM users and warn them about metadata in their media once could save a lot of people some trouble.
I would look into it myself (I write software professionally), but media downloads here are so slow, and I don't want to DoS the forum.
Just an idea of what that warning could look like:
It's just an idea - I know forums are slow, and generating the potentially thousands of warning messages - scanning files, determining what a 'reasonable risk' is, and getting it all to work would not be trivial. But it would however maintain user's abilities to manage their own media without forcibly scrubbing metadata (and potentially damaging media in the process).
I'm also unsure of all the ways EXIF data could be reasonably used to put users at risk...
Does Snapchat embed any EXIF data that could tie me back? What about ShareX, or other screenshot tools? Could filenames contain anything relevant? Honestly, if I ever post a video here, I was planning on recoding/muxing it to throw off any potential links to my phone model.
What do you all think? Could moderation implement this in any form? Or is just scrubbing files as they are 'good enough'? I don't know how XenForo functions or manages files, but I can only assume some sort of hash (e.g. SHA1, xxHash) is used to work with files.
I know that this would be time consuming, expensive, and could cause problems with hashing/update times/deduplication efforts, but it would be worth it.
Even a mere scanning tool that could DM users and warn them about metadata in their media once could save a lot of people some trouble.
I would look into it myself (I write software professionally), but media downloads here are so slow, and I don't want to DoS the forum.
Just an idea of what that warning could look like:
It's just an idea - I know forums are slow, and generating the potentially thousands of warning messages - scanning files, determining what a 'reasonable risk' is, and getting it all to work would not be trivial. But it would however maintain user's abilities to manage their own media without forcibly scrubbing metadata (and potentially damaging media in the process).
I'm also unsure of all the ways EXIF data could be reasonably used to put users at risk...
Does Snapchat embed any EXIF data that could tie me back? What about ShareX, or other screenshot tools? Could filenames contain anything relevant? Honestly, if I ever post a video here, I was planning on recoding/muxing it to throw off any potential links to my phone model.
What do you all think? Could moderation implement this in any form? Or is just scrubbing files as they are 'good enough'? I don't know how XenForo functions or manages files, but I can only assume some sort of hash (e.g. SHA1, xxHash) is used to work with files.
omniscientfluffer
Citizen of Zooville
I suggest you do it yourself. That is the only way it might get done. I would be very thankful and so should the community.
Antics3309
Tourist
To make sure I understand this specifically, are you suggesting
- Always checking metadata for my own media and not uploading anything traceable on my own time (which is the unanimous suggestion of all parties, including my idea's, but doesn't particularly benefit anyone besides myself)
- Or building a tool for downloading, scanning and inspecting media for EXIF and any other potential metadata, to... I guess build a database capable of assisting the doxing of many users.
I don't think this is something I can reasonably do without trouble.
- The amount of files on this forum must be reaching terabytes, if not dozens of terabytes. Lots of it is uncompressed. Downloading all of that wouldn't be troublesome for me - it'd be troublesome for Zooville. I don't wanna get banned, I don't want to cause anyone trouble. Me trying to view/download stuff from this forum is already pretty hacky/slow at times; it's not like CDNs are lining up to service this forum's needs.
- The admins don't know me, can't trust me to actually use the data for good. Yeah, there's nothing stopping activists from doing this and doxing on their own - perhaps some already have tried - but it's not like the admins are gonna volunteer this up or provide easy access.
- Acting on the data still requires DMing users, and my account is so new I can't even do that yet (and yet here I am, lecturing
).- I'd have to do a lot of research on XenForo, likely using scraping techniques instead of a proper (much cleaner and safer) API. I'm somewhat aware that XenForo probably has anti-scraping techniques in it's design that would slow me down, but nothing is unbeatable. At least there's no Cloudflare to deal with.
- It's not a small task. Most of the effort here is due to the fact that I wouldn't have assistance from the webmaster or operators behind this site. Which is why I implore them to do so - they can get much, much farther than I could with much less effort.
omniscientfluffer
Citizen of Zooville
Scanning for files that have metadata and activating the report button without saving anything between checks. Throttling to reasonable levels. I did consider the security implications and weighed them against the fact that these files are already easy to access and the the mods have limited abilities to secure these files. Basically, if it was a choice of opening a backdoor for you to do this then I would object, but I think you could do it without asking even and they probably don't have the tools to stop you. So nothing is lost by you doing it with permission.To make sure I understand this specifically, are you suggesting
- Always checking metadata for my own media and not uploading anything traceable on my own time (which is the unanimous suggestion of all parties, including my idea's, but doesn't particularly benefit anyone besides myself)
- Or building a tool for downloading, scanning and inspecting media for EXIF and any other potential metadata, to... I guess build a database capable of assisting the doxing of many users.
I don't think this is something I can reasonably do without trouble.
- The amount of files on this forum must be reaching terabytes, if not dozens of terabytes. Lots of it is uncompressed. Downloading all of that wouldn't be troublesome for me - it'd be troublesome for Zooville. I don't wanna get banned, I don't want to cause anyone trouble. Me trying to view/download stuff from this forum is already pretty hacky/slow at times; it's not like CDNs are lining up to service this forum's needs.
- The admins don't know me, can't trust me to actually use the data for good. Yeah, there's nothing stopping activists from doing this and doxing on their own - perhaps some already have tried - but it's not like the admins are gonna volunteer this up or provide easy access.
- Acting on the data still requires DMing users, and my account is so new I can't even do that yet (and yet here I am, lecturing
- I'd have to do a lot of research on XenForo, likely using scraping techniques instead of a proper (much cleaner and safer) API. I'm somewhat aware that XenForo probably has anti-scraping techniques in it's design that would slow me down, but nothing is unbeatable. At least there's no Cloudflare to deal with.
- It's not a small task. Most of the effort here is due to the fact that I wouldn't have assistance from the webmaster or operators behind this site. Which is why I implore them to do so - they can get much, much farther than I could with much less effort.
omniscientfluffer
Citizen of Zooville
omniscientfluffer
Citizen of Zooville
@Antics3309 You should be able to PM very soon. You get the ability 1 day after you reach 10 or 11 posts.
iwanttobeabottom
Esteemed Citizen of ZV
omniscientfluffer
Citizen of Zooville
Thank you for entrusting me with all user data. I will be a benevolent omniscientfluffer.
Goattobeloved
Esteemed Citizen of ZV
No. That is a terrible idea as people will feel just move the responsability of their safety to other people. Some people might even *blame* others for not removing the sensible info (yes, has happened)
Everyone should be aware and responsible for their actiions and be careful ofcthe consequences.
Thst said, the site *already* has such system implemented, BUT it might take some time from posting tobscan and delete. Also attachements are not scanned.
Report button should be fine, just add the explanation "gps info in image" so they know what to look for.
Pes will not get the PM if he went on vacations to Jurassic Park, and a report will reach any available mod
I am not going to save, strip metadata and reupload massive amounts of files. You can do that yourself, the tools are available.
The forum does that for some filetypes automatically. It is not perfect, because the plugin is not perfect.
So learn how to do that before you upload.
omniscientfluffer
Citizen of Zooville
I don't have the permissions to do that, I'm not a moderator. If I PM you links to files with gps on them you won't take them down?
We do take down files with gps, but not every file with any ids and other metadata.
omniscientfluffer
Citizen of Zooville
That's a good output for the program then.
humananimal
Esteemed Citizen of ZV
What is meant is that you remove the GPS and other metadata before you upload !
On my iPad I use the App ‘EXIF viewer’, and it runs locally.
saintlover8
Lurker
I don't think he was talking about uploading content with gps coordinates and then messaging a mod to fix it. He was saying that because other people mistakenly upload files with GPS and the forum doesn't scrub all of that, then a program can be made to find images like that and pm'ed to pes for moderation / user safety.
Antics3309
Tourist
It'd be way more powerful to run this EXIF stripping process directly on the forum's filesystem rather than using any of XenForo's attachment functions. Or, as @pes mentioned, a plugin for XenForo itself.
It would take months of hard work to manually fix all files on this forum, but a tool operating directly on the file system? Between a few dozen minutes and a few hours, maybe a day at most. And it'd be more thorough and proper than anything moderation could do themselves. But only the server's operator, whoever is likely paying for it and managing the domain DNS itself - they're the only one capable of committing this.
It would take months of hard work to manually fix all files on this forum, but a tool operating directly on the file system? Between a few dozen minutes and a few hours, maybe a day at most. And it'd be more thorough and proper than anything moderation could do themselves. But only the server's operator, whoever is likely paying for it and managing the domain DNS itself - they're the only one capable of committing this.