File Metadata Information - You could be putting yourself at risk!

[Knutshack]

I've never really uploaded any vids or images because of this, but recently I've uploaded a file in another thread, went onto a site to erase all the metadata of the video and downloaded the erased one. But wouldn't that contain new metadata from being downloaded?

 

[pes]

exiftool -all:all= <image file> and you are done

 

[humananimal]

I have an an app called ‘EXIF viewer’ on my iPad. It works locally on my iPad, removes EXIF or all metadata.
I use it on all photos and videos before saving or uploading.

 

[iwanttobeabottom]

I've never really uploaded any vids or images because of this, but recently I've uploaded a file in another thread, went onto a site to erase all the metadata of the video and downloaded the erased one. But wouldn't that contain new metadata from being downloaded?

The main data you want to get rid of is any GPS location that could get embedded in it. It doesn't happen to every picture or video; it depends on your phone settings.

However if you use a website or tool to strip the GPS location and it also replaces the "date created" and stuff, those aren't a big deal.

 

[pes]

And other metadata:
phone model, serial number, lens serial number, camera model, settings...

This is all the metadata iphone saves to your jpeg photos (anonymized)

File Name : IMG_2811.jpeg
Directory : .
File Size : 3.6 MB
File Modification Date/Time : 2024:05:07 16:39:21+02:00
File Access Date/Time : 2024:05:07 15:39:18+02:00
File Inode Change Date/Time : 2024:05:07 11:39:21+02:00
File Permissions : -rw-r-----
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.01
Exif Byte Order : Big-endian (Motorola, MM)
Make : Apple
Camera Model Name : iPhone 15
Orientation : Rotate 90 CW
X Resolution : 72
Y Resolution : 72
Resolution Unit : inches
Software : 17.6.1
Modify Date : 2024:08:07 16:36:45
Host Computer : iPhone 15
Y Cb Cr Positioning : Centered
Exposure Time : 1/39
F Number : 1.6
Exposure Program : Program AE
ISO : 640
Exif Version : 0232
Date/Time Original : 2024:07:07 14:36:45
Create Date : 2024:07:07 18:36:45
Offset Time : +02:00
Offset Time Original : +02:00
Offset Time Digitized : +02:00
Components Configuration : Y, Cb, Cr, -
Shutter Speed Value : 1/39
Aperture Value : 1.6
Brightness Value : -0.5508705079
Exposure Compensation : 0
Metering Mode : Multi-segment
Flash : Off, Did not fire
Focal Length : 6.0 mm
Subject Area : 2846 2130 3129 1880
Maker Note Version : 14
Run Time Flags : Valid
Run Time Value : 38202481218666
Run Time Scale : 1000000000
Run Time Epoch : 0
AE Stable : Yes
AE Target : 172
AE Average : 172
AF Stable : Yes
Acceleration Vector : 0.06388715654 -0.9583759311 -0.2942395212
Focus Distance Range : 0.74 - 4.20 m
Content Identifier : 785345F6-9TT4-43E8-FFG4-5D7EF2FFA7B8
Image Capture Type : Unknown (12)
Live Photo Video Index : 8595885700
HDR Headroom : 1.00999999
Signal To Noise Ratio : 30.84223176
Photo Identifier : 28983483-8847-4A86-80AH-0845C6B8B6DA
Focus Position : 213
HDR Gain : 1.854869366
Semantic Style : {_0=1,_1=0,_2=0,_3=0}
Front Facing Camera : No
Sub Sec Time Original : 780
Sub Sec Time Digitized : 780
Flashpix Version : 0100
Color Space : Uncalibrated
Exif Image Width : 5712
Exif Image Height : 4284
Sensing Method : One-chip color area
Scene Type : Directly photographed
Exposure Mode : Auto
White Balance : Auto
Focal Length In 35mm Format : 26 mm
Scene Capture Type : Standard
Lens Info : 1.529889962-5.960000038mm f/1.6-2.4
Lens Make : Apple
Lens Model : iPhone 15 back dual wide camera 5.96mm f/1.6
Composite Image : General Composite Image
Compression : JPEG (old-style)
Thumbnail Offset : 2730
Thumbnail Length : 6325
MPF Version : 0100
Number Of Images : 2
MP Image Flags : (none)
MP Image Format : JPEG
MP Image Type : Undefined
MP Image Length : 670864
MP Image Start : 2914808
Dependent Image 1 Entry Number : 0
Dependent Image 2 Entry Number : 0
Profile CMM Type : Apple Computer Inc.
Profile Version : 4.0.0
Profile Class : Display Device Profile
Color Space Data : RGB
Profile Connection Space : XYZ
Profile Date Time : 2022:01:01 00:00:00
Profile File Signature : acsp
Primary Platform : Apple Computer Inc.
CMM Flags : Not Embedded, Independent
Device Manufacturer : Apple Computer Inc.
Device Model :
Device Attributes : Reflective, Glossy, Positive, Color
Rendering Intent : Perceptual
Connection Space Illuminant : 0.9642 1 0.82491
Profile Creator : Apple Computer Inc.
Profile ID : ecfda38e388547c96db4bd4f7ada182d
Profile Description : Display P3
Profile Copyright : Copyright Apple Inc., 2022
Media White Point : 0.96419 1 0.82489
Red Matrix Column : 0.51512 0.2412 -0.00105
Green Matrix Column : 0.29198 0.69225 0.04189
Blue Matrix Column : 0.1571 0.06657 0.78407
Red Tone Reproduction Curve : (Binary data 32 bytes, use -b option to extract)
Chromatic Adaptation : 1.04788 0.02292 -0.0502 0.02959 0.99048 -0.01706 -0.00923 0.01508 0.75168
Blue Tone Reproduction Curve : (Binary data 32 bytes, use -b option to extract)
Green Tone Reproduction Curve : (Binary data 32 bytes, use -b option to extract)
Image Width : 5712
Image Height : 4284
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)
Run Time Since Power Up : 10:36:42
Aperture : 1.6
Image Size : 5712x4284
Megapixels : 24.5
Scale Factor To 35 mm Equivalent: 4.4
Shutter Speed : 1/39
Create Date : 2024:09:07 14:36:45.780+02:00
Date/Time Original : 2024:09:07 14:36:45.780+02:00
Modify Date : 2024:09:07 14:36:45+02:00
Thumbnail Image : (Binary data 6325 bytes, use -b option to extract)
MP Image 2 : (Binary data 670864 bytes, use -b option to extract)
Circle Of Confusion : 0.007 mm
Field Of View : 69.4 deg
Focal Length : 6.0 mm (35 mm equivalent: 26.0 mm)
Hyperfocal Distance : 3.22 m
Light Value : 4.0
Lens ID : iPhone 15 back dual wide camera 5.96mm f/1.6

Look at the IDs, I bet at least one stays the same for all photos.
So if you upload that here and you get in trouble, all anyone needs to 100% tell it is you, is your phone.

 

[Knutshack]

And other metadata:
phone model, serial number, lens serial number, camera model, settings...

This is all the metadata iphone saves to your jpeg photos (anonymized)


Look at the IDs, I bet at least one stays the same for all photos.
So if you upload that here and you get in trouble, all anyone needs to 100% tell it is you, is your phone.

I will definitely keep this in mind, can I ask how you access all that information or have I overlooked that in the thread?

 

[dartel]

I will definitely keep this in mind, can I ask how you access all that information or have I overlooked that in the thread?

On Windows, right click > properties > details
On Mac, right click > get info

On phone, you'd probably need a specific metadata reader app

 

[pes]

I will definitely keep this in mind, can I ask how you access all that information or have I overlooked that in the thread?

I have linux and this is from terminal using the exiftool command.

 

[iwanttobeabottom]

On Windows, right click > properties > details
On Mac, right click > get info

On phone, you'd probably need a specific metadata reader app

If you download a picture and open it in Google photos, it will show you the location and such right in it.

 

[pes]

If you download a picture and open it in Google photos, it will show you the location and such right in it.

In fact different file formats can contain different metadata.
docx for example contains your windows user account and full name.
png can contain metadata in places where usual software can not see it.
So always convert your images to jpg first and then remove metadata.

 

[Antics3309]

I feel like steps should be taken by moderation to pre-emptively scan and scrub metadata from files on their own. Beyond what is done now.
I know that this would be time consuming, expensive, and could cause problems with hashing/update times/deduplication efforts, but it would be worth it.

Even a mere scanning tool that could DM users and warn them about metadata in their media once could save a lot of people some trouble.
I would look into it myself (I write software professionally), but media downloads here are so slow, and I don't want to DoS the forum.

Just an idea of what that warning could look like:

Hello! Zooville.org has ran a routine scan for metadata on media you uploaded, and we believe it may put your anonymity at risk.
The following potential issues were identified on the following files:

- Geolocation (1, 2, 3, 4)
- Phone Model (2, 5, 8)
- Social Media Tags (2, 3, 6, 7)
- Camera Settings (3, 4)

This is a once-monthly, once-per-file warning that will not be sent again. Reuploading a file with the same metadata will regenerate the warning the next time the scan is invoked for your profile. This warning may be a false flag, may trigger on metadata that does not damage your anonymity, or may be a product of de-anonymization efforts. If you are aware of this and would like to stop receiving alerts, click here.

It's just an idea - I know forums are slow, and generating the potentially thousands of warning messages - scanning files, determining what a 'reasonable risk' is, and getting it all to work would not be trivial. But it would however maintain user's abilities to manage their own media without forcibly scrubbing metadata (and potentially damaging media in the process).

I'm also unsure of all the ways EXIF data could be reasonably used to put users at risk...

Does Snapchat embed any EXIF data that could tie me back? What about ShareX, or other screenshot tools? Could filenames contain anything relevant? Honestly, if I ever post a video here, I was planning on recoding/muxing it to throw off any potential links to my phone model.

What do you all think? Could moderation implement this in any form? Or is just scrubbing files as they are 'good enough'? I don't know how XenForo functions or manages files, but I can only assume some sort of hash (e.g. SHA1, xxHash) is used to work with files.

 

[Antics3309]

I suggest you do it yourself. That is the only way it might get done. I would be very thankful and so should the community.

To make sure I understand this specifically, are you suggesting
- Always checking metadata for my own media and not uploading anything traceable on my own time (which is the unanimous suggestion of all parties, including my idea's, but doesn't particularly benefit anyone besides myself)
- Or building a tool for downloading, scanning and inspecting media for EXIF and any other potential metadata, to... I guess build a database capable of assisting the doxing of many users.

I don't think this is something I can reasonably do without trouble.
- The amount of files on this forum must be reaching terabytes, if not dozens of terabytes. Lots of it is uncompressed. Downloading all of that wouldn't be troublesome for me - it'd be troublesome for Zooville. I don't wanna get banned, I don't want to cause anyone trouble. Me trying to view/download stuff from this forum is already pretty hacky/slow at times; it's not like CDNs are lining up to service this forum's needs.
- The admins don't know me, can't trust me to actually use the data for good. Yeah, there's nothing stopping activists from doing this and doxing on their own - perhaps some already have tried - but it's not like the admins are gonna volunteer this up or provide easy access.
- Acting on the data still requires DMing users, and my account is so new I can't even do that yet (and yet here I am, lecturing ).
- I'd have to do a lot of research on XenForo, likely using scraping techniques instead of a proper (much cleaner and safer) API. I'm somewhat aware that XenForo probably has anti-scraping techniques in it's design that would slow me down, but nothing is unbeatable. At least there's no Cloudflare to deal with.
- It's not a small task. Most of the effort here is due to the fact that I wouldn't have assistance from the webmaster or operators behind this site. Which is why I implore them to do so - they can get much, much farther than I could with much less effort.

 

[iwanttobeabottom]

Scanning for files that have metadata and activating the report button without saving anything between checks. Throttling to reasonable levels. I did consider the security implications and weighed them against the fact that these files are already easy to access and the the mods have limited abilities to secure these files. Basically, if it was a choice of opening a backdoor for you to do this then I would object, but I think you could do it without asking even and they probably don't have the tools to stop you. So nothing is lost by you doing it with permission.

Make

Actually instead of reporting, you should send them as a PM to @pes . He is tech savvy and would respond to them all appropriately.

One

@Antics3309 You should be able to PM very soon. You get the ability 1 day after you reach 10 or 11 posts.

Post

 

[Goattobeloved]

I feel like steps should be taken by moderation to pre-emptively scan and scrub metadata from files on their own. Beyond what is done now.

No. That is a terrible idea as people will feel just move the responsability of their safety to other people. Some people might even *blame* others for not removing the sensible info (yes, has happened)

Everyone should be aware and responsible for their actiions and be careful ofcthe consequences.

Thst said, the site *already* has such system implemented, BUT it might take some time from posting tobscan and delete. Also attachements are not scanned.

Actually instead of reporting, you should send them as a PM to @pes . He is tech savvy and would respond to them all appropriately.

Report button should be fine, just add the explanation "gps info in image" so they know what to look for.
Pes will not get the PM if he went on vacations to Jurassic Park, and a report will reach any available mod ?

 

[pes]

Actually instead of reporting, you should send them as a PM to @pes . He is tech savvy and would respond to them all appropriately.

I am not going to save, strip metadata and reupload massive amounts of files. You can do that yourself, the tools are available.
The forum does that for some filetypes automatically. It is not perfect, because the plugin is not perfect.
So learn how to do that before you upload.

 

[pes]

I don't have the permissions to do that, I'm not a moderator. If I PM you links to files with gps on them you won't take them down?

We do take down files with gps, but not every file with any ids and other metadata.

 

[humananimal]

I don't have the permissions to do that, I'm not a moderator. If I PM you links to files with gps on them you won't take them down?

What is meant is that you remove the GPS and other metadata before you upload !
On my iPad I use the App ‘EXIF viewer’, and it runs locally.

 

[pes]

There is a plugin on the forum that removes metadata. But things like this have to be implemented on admin or software level and mods can not do that.

 

[Antics3309]

It'd be way more powerful to run this EXIF stripping process directly on the forum's filesystem rather than using any of XenForo's attachment functions. Or, as @pes mentioned, a plugin for XenForo itself.

It would take months of hard work to manually fix all files on this forum, but a tool operating directly on the file system? Between a few dozen minutes and a few hours, maybe a day at most. And it'd be more thorough and proper than anything moderation could do themselves. But only the server's operator, whoever is likely paying for it and managing the domain DNS itself - they're the only one capable of committing this.

 

[Antics3309]

That's cool if it happens, but looking at omni's history I think this is what he meant by it'll only happen if done apart from the site: https://www.zoovilleforum.net/threads/pin-a-thread-to-this-forum-explaining.110143/

Then my idea holds better than a plugin or mod, as the piece of software I envision does not require permanent modification to the forum software. It's akin to running a python script - only requires installing Python if such is not already available.

 

[pes]

Then my idea holds better than a plugin or mod, as the piece of software I envision does not require permanent modification to the forum software. It's akin to running a python script - only requires installing Python if such is not already available.

I do not know how the forum software is structured, but the files are probably in a database and may not be accessible easily in the filesystem.

 

[humananimal]

I don't think he was talking about uploading content with gps coordinates and then messaging a mod to fix it. He was saying that because other people mistakenly upload files with GPS and the forum doesn't scrub all of that, then a program can be made to find images like that and pm'ed to pes for moderation / user safety.

I really don’t want to burden the moderators with such extra work. It is a strange detour to let a program find the files and then the moderator should take action to scrub the file ?
If such a program could be made, then it should of course PM the user, who then takes action.

 

[humananimal]

Not a bad idea but some users are really inactive or don't plan on returning.

True, but it is their own problem if they don’t react in spite of being warned.

 

[pes]

Warning photo metadata

your picture can be used to track you every picture has "meta data" which includes the location of images and videos when they were taken do some research and scrub the meta data before you post good luck and stay safe :)

www.zoovilleforum.net

Uploaded Pic / Vid metadata

Hi Guys Just wondering if the metadata gets scrubbed on upload, I know most forums do this automatically these days I have search but cannot really find an exact answer

www.zoovilleforum.net

EXIF and metadata in photos.

I have read a suggestion to remove the all EXIF from the photos before uploading. Because EXIF contains information, not only about how the picture is taken. But the location of the photo is also in the metadata ! My suggestion : add a function to ZooVille that automatically removes all...

www.zoovilleforum.net

From what I understand it gets stripped from photos. However, it's not something that happens immediately. Basically a scan is performed on the servers every 15-20 minutes to strip the metadata from what I've been told.

It's supposed to strip it from videos as well, but, from what I've seen it doesn't do a very good job and it pretty much always skips .MOV files. I've seen .MOV files hang around for months with metadata intact.

Like the others have mentioned, it's best to just strip the metadata yourself before uploading content so that you'll have some peace of mind before uploading, instead of just hoping the forum will do the work for you. There are plenty of free software for both mobile and PC that'll strip the files of metadata.

 

[iwanttobeabottom]

*Guy's entire life gets ruined* - whelp, the warning waaaaas posted. Welcome message for new users? No. Upload form? No. Sticky at least?!? No. Just, you know, somewhere. Wait, the site found the GPS in the image and did what instead of remove it?!?

While I get what you're going for, there's only so much a team of unpaid volunteers can really do.

Plus, people don't read shit anyway. Even if you flashed a big warning in front of them that took up the entire screen and they couldn't click accept for 30 seconds, they still wouldn't read it.

 

[humananimal]

While I get what you're going for, there's only so much a team of unpaid volunteers can really do.

Plus, people don't read shit anyway. Even if you flashed a big warning in front of them that took up the entire screen and they couldn't click accept for 30 seconds, they still wouldn't read it.

I have several times written a PM to members because their Avatar or other uploaded photos / videos contained metadata showing cameratype, settings and so on. And GPS, so the exact filming location was visible.

 

[Goattobeloved]

I have several times written a PM to members because their Avatar or other uploaded photos / videos contained metadata showing cameratype, settings and so on. And GPS, so the exact filming location was visible.

Same.
Usually when you decide to download an image on a phone. Then I look at the gallery. It says today I was in some obscure town in Illinois... wtf??
Then you see the downloaded image is among them.
Ugh. Lets see where I got that image from, send a report or DM asap.

 

[iwanttobeabottom]

I have several times written a PM to members because their Avatar or other uploaded photos / videos contained metadata showing cameratype, settings and so on. And GPS, so the exact filming location was visible.

Missing the forest for the trees.

 

[humananimal]

Missing the forest for the trees.

You think it is a waste of time. Perhaps, but it feels good to me.
Most of them replied with a thank. And that they didn’t know they could be revealed.
I am also amazed on how often people uses no form of password on their phone, and also wear it fully visible for any pickpockets.

 

[iwanttobeabottom]

You think it is a waste of time. Perhaps, but it feels good to me.
Most of them replied with a thank. And that they didn’t know they could be revealed.
I am also amazed on how often people uses no form of password on their phone, and also wear it fully visible for any pickpockets.

I had to message someone once because their video had a geolocation embedded in it that showed exactly where they recorded it. Thankfully I'm not a bad actor and just told them to remove it for their own safety, as well as to disable their location embedding.

Truth be told, geotagging should always remain off in your camera. GPS should stay off too, unless actively in use at that point in time. When it's done being used, turn it off.

Quadruple check everything you want to post before you post it. Wait some time in between checking, even going do far as to sleep on it a few times. Always try to look with a different set of eyes and scrutinize the shit out of every detail of your pictures and videos.

People are insanely crafty and piece together a little from here and a little from there to figure out more than might be expected.

Doubt nothing and distrust everyone.

The average person is also exceedingly dumb and of below-average intelligence.


And a lot of people DON'T use it, for any number of reasons. Don't think to, don't want to, don't know how, don't want to learn how, etc.

Why don't you be helpful to them and use it and copy and paste the links here to provide it for those that can't/won't find it for themselves?

Do I think it's a waste of time?