Remove location EXIF data from uploaded photos


(Spencer) #1

Hi guys,
Just found out the hard way that uploaded photos will retain any location (ie. GPS Lat/Lon) data stored in the image’s EXIF (in fact, the whole EXIF is retained, including device, f-stop, white balance, ISO etc data). While I understand there’d be a bit of work involved in stripping any EXIF data out, the removal of at least the location data would be a privacy concern of many users (both current and potential), especially if it’s expected they may be uploading from a mobile device (which they more than likely took said photo on) - while someone might feel comfortable having their home town in their profile, having the GPS coordinates of their house publicly available is likely another story.


Mobile image upload turns sideways
(Jens Maier) #2

That’s a sensible idea, but at the same time I think Discourse shouldn’t be modifying users’ uploaded files unless the user explicitly told it to do so.

This could be an option in the “Add image or file” dialog, however; a “strip private metadata” checkbox, for instance. When images are uploaded via drag&drop and contain problematic EXIF headers, a warning message in the composer should be enough.


(Blake Erickson) #3

I know twitter strips the EXIF headers. And I’m not totally sure how Wordpress does it, but I think if the image is resized the EXIF headers are stripped. I doubt 500px strips any of the headers, but they are more of a photo centric application.

I personally think the private information should be removed but I think we should also look and see what other apps are doing and learn from them.


(Jeff Atwood) #4

Would definitely accept a community PR in this area!


#5

[quote=“elberet, post:2, topic:19226, full:true”]
That’s a sensible idea, but at the same time I think Discourse shouldn’t be modifying users’ uploaded files unless the user explicitly told it to do so.[/quote]
Add a checkbox, checked by default, labelled “remove EXIF data”.


(Sander Datema) #6

You mean you’d put this in as a standard option? I think this is definately plugin territory. Or at least have the ability to turn it off.


(Jeff Atwood) #7

Safe by default is what we try to deliver and I think stripping exif data is safer by default. Helps with rotated by metadata images as well, which @zogstrip already completed, right @zogstrip?


(Michael - DiscourseHosting.com) #8

Since EXIF data also contains copyright information which can be used to help fight copyright violations, I think it’s a really, really bad idea to strip it - regardless of the fact that Twitter and Pinterest do it.

Removing copyright information might even be illegal in some countries.

http://www.copyright.gov/title17/92chap12.html#1202

(b) Removal or Alteration of Copyright Management Information. — No person shall, without the authority of the copyright owner or the law —

(1) intentionally remove or alter any copyright management information,


(Sam Saffron) #9

I don’t see anything bad about stripping EXIF location, you don’t need to touch copyright


(Régis Hanol) #10

Yes I did.

https://github.com/discourse/discourse/commit/a52c80e2a8130b770a57c11b76dbdcd21f51ae28


(Jeff Atwood) #11

Looks like the action is here?

def self.fix_image_orientation(path)
  `convert #{path} -auto-orient #{path}`
end

Maybe someone can extend that into a PR to remove EXIF location information.


(Régis Hanol) #12

Unfortunately, after a quick lookup, Image Magick only support stripping all the EXIF information. We’ll need either a new gem or a new tool to deal with that issue properly.


(Jeff Atwood) #13

Personally I think that’s fine. If it’s good enough for Pinterest and Twitter, it’s certainly good enough for us.