Hi guys,
Just found out the hard way that uploaded photos will retain any location (ie. GPS Lat/Lon) data stored in the image’s EXIF (in fact, the whole EXIF is retained, including device, f-stop, white balance, ISO etc data). While I understand there’d be a bit of work involved in stripping any EXIF data out, the removal of at least the location data would be a privacy concern of many users (both current and potential), especially if it’s expected they may be uploading from a mobile device (which they more than likely took said photo on) - while someone might feel comfortable having their home town in their profile, having the GPS coordinates of their house publicly available is likely another story.
That’s a sensible idea, but at the same time I think Discourse shouldn’t be modifying users’ uploaded files unless the user explicitly told it to do so.
This could be an option in the “Add image or file” dialog, however; a “strip private metadata” checkbox, for instance. When images are uploaded via drag&drop and contain problematic EXIF headers, a warning message in the composer should be enough.
I know twitter strips the EXIF headers. And I’m not totally sure how Wordpress does it, but I think if the image is resized the EXIF headers are stripped. I doubt 500px strips any of the headers, but they are more of a photo centric application.
I personally think the private information should be removed but I think we should also look and see what other apps are doing and learn from them.
Would definitely accept a community PR in this area!
Add a checkbox, checked by default, labelled “remove EXIF data”.
You mean you’d put this in as a standard option? I think this is definately plugin territory. Or at least have the ability to turn it off.
Safe by default is what we try to deliver and I think stripping exif data is safer by default. Helps with rotated by metadata images as well, which @zogstrip already completed, right @zogstrip?
Since EXIF data also contains copyright information which can be used to help fight copyright violations, I think it’s a really, really bad idea to strip it - regardless of the fact that Twitter and Pinterest do it.
Removing copyright information might even be illegal in some countries.
(b) Removal or Alteration of Copyright Management Information. — No person shall, without the authority of the copyright owner or the law —
(1) intentionally remove or alter any copyright management information,
I don’t see anything bad about stripping EXIF location, you don’t need to touch copyright
Looks like the action is here?
def self.fix_image_orientation(path)
`convert #{path} -auto-orient #{path}`
end
Maybe someone can extend that into a PR to remove EXIF location information.
Unfortunately, after a quick lookup, Image Magick only support stripping all the EXIF information. We’ll need either a new gem or a new tool to deal with that issue properly.
Personally I think that’s fine. If it’s good enough for Pinterest and Twitter, it’s certainly good enough for us.
I don’t think discourse should remove any exif data, at least not by default, and in any case give the options to remove it as a global option or user option (may be a plugin?)
Users who do not want some exif data to any social net should remove their exif data when they export it to jpeg.
As admin of a photography forum, exif data of images is important for our users.
Maybe the answer for you would be to link to Flickr photos instead of uploading them?
Not at all… we want the photos uploaded to our site to be respectfull with license agreement and because we have created the forum because we don’t like Flickr or Facebook were you don’t receive comments, just likes.
We created the community to get opinions about our photos, and the photos should be kept in the community.
If you care about your privacy or sensible data in your photos, just don’t save them in your image when you export it.
Interesting. I thought Flickr was the most respectful online place for photo storage and sharing, not at all akin to Facebook. But I haven’t used either for a while. Personally I store my photos offline and on a nextcloud server, and only share the occasional photo on a discourse forum.
Sounds like what you need is a plugin to make the removal of exif data optional. You could request one in marketplace.
Most respectful may be is 1x , 500 pixels too, and Flickr is respectful too, but it is not free and we cannot depend on what Flickr or 500 px or others think about what are our needs.
You are missing our point (may be I have not explained well, sorry for my english): we ara a community of photographers that share their photos to get opinions from the others.
We don’t use discourse as a place to put all or most of our photos.
EXIF info is useful to give a opinion, sometimes.
NO I don’t need a plugin, the one who needs it is who is asking to change the behavior of discourse.
Discourse currently serves EXIF data and does not strip it from the file.
Having an option to select if you want to strip it globally or as a user preference is a good solution.
That can be implemented as a plugin, of course.
You could expand that with a simple check box at the time of uploading too, that would be an amazing feature.
Often I take photographs of parts or items for sale, using my phone, and upload them to our forum which then reveals my home location
Our forum is also very picture heavy so agree that keeping the EXIF in tact is really useful for us.
Most of the time
Yes adding the possibility of deleting some exifs would be great.
But you need to add full exif management to the system to do that.
I think the best option would be:
Stablish a global parameter with three options:
- Keep all EXIFs (on by default so it won’t break the functionality of current installs).
- Strip EXIFs from uploaded images.
- Let user select whether to strip EXIFs.
I the third is choosen at a global level, users should have a user preference to choose:
- Keep all EXIFs (on by default so it won’t break the functionality of current installs).
- Strip EXIFs from uploaded images.
When you upload an image the system may yet give the option to strip image data on a per image basis (even if you have selected to keep them).
You may add that option in the dialog to upload images.
Ideally, if someone select to strip data, he should be able to select:
- Strip just GPS and Ubication data.
- Keep only basic data (camera ande lens model and shot parameters).
- Strip all image data.