JTM1051
Premium,MVM
join:2000-07-08
Moorpark, CA
| reply to Bob1234
Re: Digital camera a security risk?
Remember this topic awhile back?
»Invasion of the Computer Snatchers
Start here (page 3 of topic): »Re: Invasion of the Computer Snatchers
Ends (page 5 of topic): »Re: Invasion of the Computer Snatchers
|
|
nfixit2004
Premium
join:2004-01-06
Brooklyn, NY
| reply to NetFixer
said by NetFixer  :said by nfixit2004 :Wow this is something I did not know! so when you think you have blocked something out it still can be seen? is there a way to get rid of the thumbnails If you are really troubled about publishing the EXIF information (including the EXIF thumbnails), an excellent free program can be downloaded from » www.exifer.friedemann.info/ which can save, delete, and restore EXIF information (including the EXIF thumbnails) from JPEG and TIFF images. thanks for your reply also thanks to Sentinel for the link also, my concern was what about when you post a pic and use a photo app to block out potentially private info(and everyone does this alot) it can still be seen through thumbnails, this is something that needs to be known. most people think(my self included(well until now)) once you use the paint brush tool you have lost the risk involved with posting certain pics.(not that everyone saves and opens up the thumbnails of every pic they see in an online forum). but it is something to know. also I think the makers of certain software apps( ex snagit) should pay attention to matters like this, and explain this to buyers
thanks again |
|
Sentinel
Premium
join:2001-02-07
Florida
| Due to this topic I have been checking EXIF data using various apps for fun to see what I can find. Most is just useless camera info and I have not been able to find one thumbnail. Perhaps you have to have the program that was used to edit the pic in the first place?
I have been checking with Irfanview, default Windows picture viewer, Jasc PSP, and Nero image viewer. So far I haven't seen anything odd.
Until today. Today I found a pic that had a weird series of characters in an "artist comment" field. I could not decipher it. Irfanview would not show it, neither would PSP. But Nero showed a very long (35K) series of numbers. I don't know what it is but it is a very long series of numbers that are in pairs. Is that hex?
Anyways, I am going to keep trying to find an app that can decipher it. |
|
AmeritecTech
Change we can believe in, 1922
Premium
join:2002-09-06
Houston, TX | If you want to post it, we can try various things.
35K?? Jesus. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·AT&T Southeast
 ·Vonage
 ·Cingular Wireless
·AT&T CallVantage
3 edits | reply to Sentinel
said by Sentinel :Due to this topic I have been checking EXIF data using various apps for fun to see what I can find. Most is just useless camera info and I have not been able to find one thumbnail. Perhaps you have to have the program that was used to edit the pic in the first place? Try using Exifer, many image display/manipulation programs do not display the EXIF ID information properly and they create their own preview thumbnails rather than using the EXIF thumbnail.
The screen capture images below show Exifer displaying JPEG images both without and with EXIF information.
Exifer displaying image with no EXIF
Exifer displaying image with EXIF
EDIT: I may have to retract my support for the Exifer program. I just discovered a serious bug. The upper image in this post actually does contain valid EXIF data (including an EXIF thumbnail). It and and 45 other images from the same camera and flash card in that folder all have valid EXIF data, but Exifer does not display it. 
I guess I am going to have to start looking for another EXIF editing program (which was primarily my purpose for using Exifer). 
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
Sentinel
Premium
join:2001-02-07
Florida
| Yeah, I tried that program with a few of my own pics to see if it displayed the thumbnail properly and it did not. It is an old program though (2002?) so maybe something newer might be better.
If you find anything let me know. I'd like to see it. |
|
JTM1051
Premium,MVM
join:2000-07-08
Moorpark, CA
1 edit | reply to NetFixer
said by NetFixer :... I guess I am going to have to start looking for another EXIF editing program (which was primarily my purpose for using Exifer). Have you looked at Opanda?
Have a free Opanda IEXIF Viewer and PowerExif, "a professional EXIF Editor".
Edit: Noticed that the way I wrote the post it may be misunderstood that both Opanda IEXIF Viewer and PowerExif are free--sorry the PowerExif is not free.
(Comma should have been after Opanda IEXIF Viewer, not PowerExif) |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
| said by JTM1051 :Have you looked at Opanda? Have a free Opanda IEXIF Viewer and PowerExif, "a professional EXIF Editor".
Thanks for the tip, I will check it out.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
Bob1234
@secureserver.net
| reply to Bob1234
I am amazed at the amount of replies and the depth of this discussion. I can't even begin to say how how helpful all your inputs were. There was one thing in particular that I did notice. The posts all seem to center around one part of the picture: the EXIF data. However, I am not sure this is the case for "Just Bob" 's post, which is the second one in the thread. What exactly are the "quantization tables" in a JPEG file? |
|
Khaine
join:2003-03-03
Australia
| said by Bob1234 :
What exactly are the "quantization tables" in a JPEG file?
From Wikipedia:
Color quantization reduces the number of colors used in an image; this is important for displaying images on devices that support a limited number of colors and for efficiently compressing certain kinds of images. Most bitmap editors and many operating systems have built-in support for color quantization. Popular modern color quantization algorithms include the nearest color algorithm (for fixed palettes), the median cut algorithm, and an algorithm based on octrees.
It is common to combine color quantization with dithering to create an impression of a larger number of colors and eliminate banding artifacts.
Frequency quantization for image compression
The human eye is fairly good at seeing small differences in brightness over a relatively large area, but not so good at distinguishing the exact strength of a high frequency brightness variation. This fact allows one to get away with a greatly reduced amount of information in the high frequency components. This is done by simply dividing each component in the frequency domain by a constant for that component, and then rounding to the nearest integer. This is the main lossy operation in the whole process. As a result of this, it is typically the case that many of the higher frequency components are rounded to zero, and many of the rest become small positive or negative numbers.
Quantization matrices
A quantization matrix is used in combination with a DCT coefficient matrix to carry out the previously mentioned transform. Quantization matrices are often specifically designed to keep certain frequencies in the source to avoid losing image quality. Many video compression algorithms, such as Xvid and H.264/AVC allow custom matrices to be used. |
|
Sentinel
Premium
join:2001-02-07
Florida
| reply to Steve
OK, hate to keep bringing this up but ... it interested me so I kept playing around with it to try to see for real what kind of a threat this really could be be. Here it what I have come up with.
After playing around with numerous pics (my own and some from the web) I have found that yeah, there are sometimes thumbnails saved with the pic depending on camera and imaging software used. However, these images are usually very very small in size and *IF* there are there at all they are very very hard to enlarge. They get pixilated very quickly and practically unviewable.
So therefore they are of minimal value. I mean if someone crops a picture and crops out a hotel in the background or something then, yeah you would see that there is a building in the background, but if you try to enlarge it to see what building you won't be able to. If they black out the eyes with a black bar then yes, you *might* be able to see the thumbnail without the bar *BUT* it will be so small and pixilated that you will not be able to make out the face.
That said I found the aforementioned pics of the lady from TV that posted the pics that had thumbnails of her topless and I have no idea how whoever got those was able to make full size reproductions of the originals. Most programs will show the full pic in the thumbnail but it will be tiny and any attempt to enlarge it will result in a useless heavily pixilated image of a glob. I don't know how they were able to make such a large size unmasked pic *unless* she eventually posted the originals herself.
Am I missing something? |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
3 edits | The size and quality of the EXIF thumbnail can depend on the source and size of the original image. Some high resolution cameras will produce rather large thumbnails. The 1.2 megapixel (1280x960) image below is an EXIF thumbnail extracted from one of my slide duplication images. You may find it interesting that this thumbnail image also contains its own EXIF data including a 160x120 thumbnail image (also displayed below).
1280x960 thumbnail image
160x120 thumbnail image
EDIT: Here is the "original"* image from which the 1280x960 thumbnail was extracted.
* Actually this image was converted to JPEG format from a much larger TIFF image which was converted from the native RAF image format from which the 1280x960 thumbnail was extracted. I converted it to JPEG for easier (and more compatible) web page viewing.
2816x2120 "original" image
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
·Speakeasy
| reply to Bob1234
While being moderately interesting, I still find this topic going waaaaaaay too far for security for me. At this rate, I should stay in my house, lock all my doors, cover my windows, take shallow breathes, etc. while wearing my newest tin foil number covering me from top to bottom. There is nothing so secure today that will allow someone to go about daily things without being spied upon in some way, camera or otherwise. Might the question for this whole topic be just how paranoid does one want to be in daily practice?
--
JKK
Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!
»www.pbase.com/jaykaykay
|
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
2 edits | said by jaykaykay :While being moderately interesting, I still find this topic going waaaaaaay too far for security for me... ...Might the question for this whole topic be just how paranoid does one want to be in daily practice? I tend to agree with that assessment. I think the subject of EXIF thumbnails being a security risk should more likely be categorized as a privacy risk.
I think the main reason that this subject was brought up was because some semi celebrity person posted a cropped image of herself on a blog, but the EXIF thumbnail showed the original nude image. In this particular case, since the person in question is supposed to be a tech guru, I would have to question whether or not this "slip up" was in fact not simply an intentional cheap publicity stunt.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
Sentinel
Premium
join:2001-02-07
Florida
| reply to NetFixer
Wow. That's very interesting. I had no idea that different cameras could produce different size thumbnails. I will have to check that out. Thanks for that info NetFixer.
jaykaykay,
Obviously security has levels and this may rate low in most respects but higher in others depending on what kind of person you are, what you do for a living and what you use your pictures for.
This *could* be a problem for some depending on circumstances as has been already pointed out about the lady who worked at the TV station. More examples could obviously be shown. Imagine you crop a picture to cut someone out and then tell your spouse that that other person was not there? EXIF thumbnail could show you to be liar and could be admissible in court at your divorce hearing 
We could go on with hundreds of such examples. If you were sending an email and it had some code in it that was potentially descriptive you would want a way to clean it. I see this as similar. Just depends on situation and circumstances whether this is just aparlor trick or potentially harmful. |
|
BandHeight
join:2004-08-30
Portland, TX
| reply to NetFixer
said by NetFixer :said by JTM1051 :Have you looked at Opanda? Have a free Opanda IEXIF Viewer and PowerExif, "a professional EXIF Editor". Thanks for the tip, I will check it out. You might want to check into ExifTool (command line tool):
»www.sno.phy.queensu.ca/~phil/exiftool/
I consider it the ultimate ... so I'd be interested in whether the thumbnail metadata that slipped by Exifer also gets by ExifTool (I doubt it ).
It will require some reading of the docs to get the most out of it, but it can be simple to use as well. Works great for me on Linux and Windows, and works on Mac as well, though I haven't tried the Mac version. |
|
Bob1234
@secureserver.net
| reply to Bob1234
ok, i've gone back over the thread to make sure i didn't miss anything. after looking at the link that "Just Bob" provided, i'm starting to wonder if there's any way to prevent using the quantization tables and metadata embedded in the photo to find out whether the image has been edited or, especially "the make and model of the camera if the image is original or the version of Photoshop that was used to alter and re-save the image." would taking a screenshot do the job? that would create a whole new picture out of the existing picture, would it not? but i still can't help but think that this will do nothing against an error level analysis. what bothers me is that the article mentions being able to determine the make and model of the camera without EXIF data.
though i could be wrong, i'm assuming that error analysis of some kind will be possible even if i take a screenshot or use another camera to take a picture of my screen, because the colors of the picture are preserved. this might of course open the door to more advanced analysis techniques too. i'm thinking just from the lighting, contrast or other factors an expert would still be able to determine at least what camera took the picture. this is, of course going a little beyond what swhx7 mentioned, but probably wouldn't be so far fetched in light of the article JTM1051 posted.
by the way, how was arglebargle able to tell so much about dolphins merely by watching his video?
in any case, i guess i should pose a more specific question now. let's assume i take a picture or more than one picture with a digital camera. assume that i am not worried about personal information that could be revealed about me based on what was in the picture. i'm also not concerned about my credit card number being in the picture or something, and i am not concerned that people would be able to tell my geographical location based on what is in the background of the picture. so essentially, what is shown in the picture is not of concern.
given this, what other information should i try to strip out before posting a picture publicly? please also mention if there is information that is unable to be removed, such as for example factors that could allow for an error level analysis. is it just the metadata (e.g. Exif, IPTC headers, XMP, etc)? or is there more to the picture besides what is shown and the metadata? |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
| I sounds to me as if you are looking for a way to take someone else's intellectual property and modifying its fingerprints in such a way as to mask its true origin.
You might want to lookup the definitions for forgery, fraud, and copyright infringement as well as investigating the legal ramifications of being caught engaging in such activity.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
rosco
Premium
join:2003-11-10
USA | What makes you think that from Bob1234's post? |
|
caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
·WebBand
| reply to Bob1234
I'd wondered if cell phone cameras leave EXIF information and/or thumbnails as well, and they do.
Here's a pic taken from a mate's cell camera. (he's from the UK)
-CaFF |
|
