Security Issues With Pictures Meta Data Editor Links

Jump to latest Follow Reply
GigEm

GigEm

Member
Oct 20, 2020
49
2
Tejas
 

Guys, I'd like to tell you something about uploading pictures.

There is meta data called "EXIF data" in the pictures you take with your phone and most digital cameras. This web site strips it before it gets delivered to the customer but when it goes up to the site, unless you have removed that data, it is available to anyone who has access to the original upload.

There is software you can get which will strip that data and you really should do it because the information contains the GPS coordinates of the location where the picture was taken as well as a LOT of other information.

Some sites do not strip it... this one does.

So a word to the wise...
 
Use a hex editor like 010 Editor to view and remove any metadata that you don't want transferred elsewhere. That's the only sure fire way to send clean files. A good second choice is to (re)save your pic as a .BMP file and transfer it that way (resave it as a .JPG file if necessary due to file format requirements). Bitmaps (.BMP files) by their design do not have any headers that can store metadata, so it is all stripped out.
 
Upvote 0
Hex Editors are for programmers, not lay people, generally... but

Here is a place you can get a program to purge that information from your picture files. Point and click. It will clean a directory of a thousand files very quickly. Now I always recommend you scan a download such as this before you open it. The one I got from the site was clean. You should still check anything you download.

http://www.exifpurge.com/
 
Upvote 0
Hex Editors are for programmers, not lay people, generally... but

Here is a place you can get a program to purge that information from your picture files. Mind you I have NOT scanned the file for viruses or malware SOOOO DO THAT BEFORE YOU USE IT. The one I got was clean. That does not mean the one you get will be clean.

http://www.exifpurge.com/
Click to expand...


There are a couple of big problems when relying on third party software to strip your metadata.

1. Assuming they are a trustworthy provider with your best interest in mind, third party developers must rely on very specific locations in the file headers in which they can read and then write in order to identify and remove certain portions of the header and metadata. The problem here is that the headers and file structure for the most common file types are always changing, and there is currently no standard for how each file type (.jpg, .tif, .png, etc.) must store their metadata. So an assumption has to be made here that the software provider will always be able to identify exactly where the pertinent metadata is stored in the file in order for them to read and write to those locations. Unfortunately, this is far from reality since the file structures are ever changing. There is no magic bullet here. The software is only as good as the code was written at the time. When a Lat/Lon are written into the header in a spot they weren't expecting, the software won't be able to identify it, and the result will be that the software tells you the file is now clean when it actually isn't.

2. Third party software developers may not be trustworthy or have your best interest in mind. In this scenario they could easily make someone think that their files were cleaned when they were not. They could even add more identifying info, and the user would of course have no way of knowing.

So I standby my advice to use a hex editor so everyone can check the files themselves. There are free versions of hex editors available (though I do highly recommend paying the relatively small fee for 010 Editor). There are also many YouTube tutorial videos on how to use them. You don't need to be a programmer to use it, but you will need to invest a few hours into learning how to use them.
 
Upvote 0
You must log in or register to reply here.
Top Bottom
Back
Home
Forums
Resources
Menu