Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
2 edits | Re: Digital camera a security risk? said by NetFixer  :Unless you have privacy issues with someone knowing the brand/model of the digital camera you use and/or the timestamp information, the EXIF information is in no way a privacy or security issue. Oh yah? 
EXIF can contain a thumbnail of the image, and it's often maintained even after the full image has been mucked with in photoshop.
I recall a headshot that a pretty girl posted of herself on Craigslist, and though it had been cropped, the original uncropped thumbnail was still in the EXIF. Let's just say we got to see a bit more of the pretty girl than she intended. Woot!
Likewise, that racy picture that you pixellated or added black bars to? The thumbnail didn't get those edits. Surprise! See the above sample taken from this site (examples are easy to find, but it's harder to find a "good" one that's nevertheless suitable for posting in a public forum).
It's fun to investigate pictures with my brother's online EXIF viewer, which will show thumbnails if the EXIF contains them.
This is a classic example of hidden metadata, and photographs are not immune; this makes it a security issue.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site | |
|
 |
|
|
|
rosco
Premium
join:2003-11-10
USA
 ·Verizon Online DSL
| I remember when Cat Schwartz from techtv had a problem where she cropped a topless photo of herself and didnt realize the whole photo was viewable in the exif thumbnail...Kevin Rose had a funny post on his site about how to not be like her and remove the EXIF info. | |
|
nfixit2004
Premium
join:2004-01-06
Brooklyn, NY
| said by Steve :said by NetFixer :Unless you have privacy issues with someone knowing the brand/model of the digital camera you use and/or the timestamp information, the EXIF information is in no way a privacy or security issue. Oh yah? EXIF can contain a thumbnail of the image, and it's often maintained even after the full image has been mucked with in photoshop. I recall a headshot that a pretty girl posted of herself on Craigslist, and though it had been cropped, the original uncropped thumbnail was still in the EXIF. Let's just say we got to see a bit more of the pretty girl than she intended. Woot! Likewise, that racy picture that you pixellated or added black bars to? The thumbnail didn't get those edits. Surprise! See the above sample taken from this site (examples are easy to find, but it's harder to find a "good" one that's nevertheless suitable for posting in a public forum). It's fun to investigate pictures with my brother's online EXIF viewer, which will show thumbnails if the EXIF contains them. This is a classic example of hidden metadata, and photographs are not immune; this makes it a security issue. Steve Wow this is something I did not know! so when you think you have blocked something out it still can be seen? is there a way to get rid of the thumbnails | |
|
 | |
| |
nfixit2004
Premium
join:2004-01-06
Brooklyn, NY
| Re: Digital camera a security risk? said by NetFixer :said by nfixit2004 :Wow this is something I did not know! so when you think you have blocked something out it still can be seen? is there a way to get rid of the thumbnails If you are really troubled about publishing the EXIF information (including the EXIF thumbnails), an excellent free program can be downloaded from » www.exifer.friedemann.info/ which can save, delete, and restore EXIF information (including the EXIF thumbnails) from JPEG and TIFF images. thanks for your reply also thanks to Sentinel for the link also, my concern was what about when you post a pic and use a photo app to block out potentially private info(and everyone does this alot) it can still be seen through thumbnails, this is something that needs to be known. most people think(my self included(well until now)) once you use the paint brush tool you have lost the risk involved with posting certain pics.(not that everyone saves and opens up the thumbnails of every pic they see in an online forum). but it is something to know. also I think the makers of certain software apps( ex snagit) should pay attention to matters like this, and explain this to buyers
thanks again | |
|
| | | 
Sentinel
Premium
join:2001-02-07
Florida
| Re: Digital camera a security risk? Due to this topic I have been checking EXIF data using various apps for fun to see what I can find. Most is just useless camera info and I have not been able to find one thumbnail. Perhaps you have to have the program that was used to edit the pic in the first place?
I have been checking with Irfanview, default Windows picture viewer, Jasc PSP, and Nero image viewer. So far I haven't seen anything odd.
Until today. Today I found a pic that had a weird series of characters in an "artist comment" field. I could not decipher it. Irfanview would not show it, neither would PSP. But Nero showed a very long (35K) series of numbers. I don't know what it is but it is a very long series of numbers that are in pairs. Is that hex?
Anyways, I am going to keep trying to find an app that can decipher it. | |
|
| | | | 
AmeritecTech
Change we can believe in, 1922
Premium
join:2002-09-06
Houston, TX | Re: Digital camera a security risk? If you want to post it, we can try various things.
35K?? Jesus. | |
|
| | | | |
| | | | |
Sentinel
Premium
join:2001-02-07
Florida
| Re: Digital camera a security risk? Yeah, I tried that program with a few of my own pics to see if it displayed the thumbnail properly and it did not. It is an old program though (2002?) so maybe something newer might be better.
If you find anything let me know. I'd like to see it. | |
|
| | | | | 
JTM1051
Premium,MVM
join:2000-07-08
Moorpark, CA
1 edit | said by NetFixer :... I guess I am going to have to start looking for another EXIF editing program (which was primarily my purpose for using Exifer). Have you looked at Opanda?
Have a free Opanda IEXIF Viewer and PowerExif, "a professional EXIF Editor".
Edit: Noticed that the way I wrote the post it may be misunderstood that both Opanda IEXIF Viewer and PowerExif are free--sorry the PowerExif is not free.
(Comma should have been after Opanda IEXIF Viewer, not PowerExif) | |
|
| | | | | | |
| | | | | | | BandHeight
join:2004-08-30
Portland, TX
| Re: Digital camera a security risk? said by NetFixer :said by JTM1051 :Have you looked at Opanda? Have a free Opanda IEXIF Viewer and PowerExif, "a professional EXIF Editor". Thanks for the tip, I will check it out. You might want to check into ExifTool (command line tool):
»www.sno.phy.queensu.ca/~phil/exiftool/
I consider it the ultimate ... so I'd be interested in whether the thumbnail metadata that slipped by Exifer also gets by ExifTool (I doubt it ).
It will require some reading of the docs to get the most out of it, but it can be simple to use as well. Works great for me on Linux and Windows, and works on Mac as well, though I haven't tried the Mac version. | |
|
| |
Sentinel
Premium
join:2001-02-07
Florida
| OK, hate to keep bringing this up but ... it interested me so I kept playing around with it to try to see for real what kind of a threat this really could be be. Here it what I have come up with.
After playing around with numerous pics (my own and some from the web) I have found that yeah, there are sometimes thumbnails saved with the pic depending on camera and imaging software used. However, these images are usually very very small in size and *IF* there are there at all they are very very hard to enlarge. They get pixilated very quickly and practically unviewable.
So therefore they are of minimal value. I mean if someone crops a picture and crops out a hotel in the background or something then, yeah you would see that there is a building in the background, but if you try to enlarge it to see what building you won't be able to. If they black out the eyes with a black bar then yes, you *might* be able to see the thumbnail without the bar *BUT* it will be so small and pixilated that you will not be able to make out the face.
That said I found the aforementioned pics of the lady from TV that posted the pics that had thumbnails of her topless and I have no idea how whoever got those was able to make full size reproductions of the originals. Most programs will show the full pic in the thumbnail but it will be tiny and any attempt to enlarge it will result in a useless heavily pixilated image of a glob. I don't know how they were able to make such a large size unmasked pic *unless* she eventually posted the originals herself.
Am I missing something? | |
|
| |
| |
Sentinel
Premium
join:2001-02-07
Florida
| Re: Digital camera a security risk? Wow. That's very interesting. I had no idea that different cameras could produce different size thumbnails. I will have to check that out. Thanks for that info NetFixer.
jaykaykay,
Obviously security has levels and this may rate low in most respects but higher in others depending on what kind of person you are, what you do for a living and what you use your pictures for.
This *could* be a problem for some depending on circumstances as has been already pointed out about the lady who worked at the TV station. More examples could obviously be shown. Imagine you crop a picture to cut someone out and then tell your spouse that that other person was not there? EXIF thumbnail could show you to be liar and could be admissible in court at your divorce hearing 
We could go on with hundreds of such examples. If you were sending an email and it had some code in it that was potentially descriptive you would want a way to clean it. I see this as similar. Just depends on situation and circumstances whether this is just aparlor trick or potentially harmful. | |
|
|
|
|
·
·
·
