This Just In: Most photos uploaded to the internet are not stripped of their metadata, and one of the common things kept in metadata is… (drumroll please)… your GPS coordinates.
This is a lot less interesting than it seems to be at first glance, imho.
Yes, this is a privacy thing, we strip the EXIF data. As long as you’re not also adding location to your Tweet (which is optional) then there’s no location data associated with the Tweet or the media.
People replying to a Twitter thread with photos are automatically having the location data stripped.
God, I can’t wait for LLMs to automate calling out well intentioned total BS in every single comment on social media eventually. It’s increasing at a worrying pace.
Right? And also, that gps data is often not stripped does not vitiate the legitimate concerns that models like these can and will be used to dox people like this. It’s an interesting and novel attack. We can hold multiple things in our heads at once.
Yeah, I have it for personal photos that will never be shared. If I am traveling, I want a record of where a given photo was. But those aren’t photos I am sharing, and the ones I do share get their metadata stripped.
I think I have read that on some versions it can store the app’s package name in the metadata. Not sure if that counts private but if and when it does so, it’s good to be aware of
Some digital cameras and phone cameras can also embed the GPS coordinates in the pixel data so that even if you delete the EXIF metadata the GPS location and device serial number are still present in the image. Many document printers also embed device serial number and other data on printed documents by using nearly invisible dot encodings.
Back in like 2006 or 7 steganography was used in obscure corners of the internet ( like insurgen.cc, an early anonymous holdout that got broken up by the feds) to pass around hacking tools. You’d unzip the dangerous kitten photo with winrar and extract a set of hacking tools. One I remember passed around widely was the low orbiting ion cannon the /b used to ddos scientologists.
No easy way at all. The specs would be in-house manufacturer docs. Recall that digital cameras used to embed date and time visibly in images in a corner. The logical progression was to embed other data such as device serial number, geotag data, etc.
Regarding the schemes for steganographic identification in devices such as cameras and printers, this information is usually kept a trade secret. The Secret Service would probably already have the spec docs for data hiding. Many manufacturers already have working agreements to provide back door assistance and documentation for the hardware surveillance economy. Ink chemistry profiles are registered with the Secret Service. The subterfuge is to ‘investigate counterfeiting’ but it is also used to identify whistleblowers and objective targets by their printer serial number or ink chemistry, or the data embedded in any images they are naive enough to publish.
If you are a undercover reporter secretly video recording, unbeknownst to you the video could have metadata encoded using a secret scheme. If you registered that product for a warranty, or bought it online and had it shipped, or paid with a credit card or check, or walked beneath the electronics store cameras without a hat and sunglasses to pay cash, it is easy for the state organs to then follow the breadcrumbs and identify the videographer.
Almost all ‘free’ wifi hotspots offered by chain restaurants and hotels are logged with the data being stored indefinitely, showing your mac address. It takes only a little bit of investigation and process of elimination to find the user on a camera feed history, to see who was connected when a certain message or leak was sent. If you use a wifi hotspot in a McDonalds, Wendy’s, Starbucks, etc. smile for the surveillance camera which will also have your device’s unique MAC address in the wifi history. This MAC address data is automatically sent to a central station, for example at the Wandering Wifi company, and God only knows how long they store it.
None of this nonsense makes anyone safer. These people hate us.
I’m sure most people who would put this to test would strip that data or screen grab the image to do the same thing…. If you know about meta data, so does a large amount of other people mate…
The people would be labeled as a fraud very fast if this wasn’t actually a real thing dude.
This Just In: Most photos uploaded to the internet are not stripped of their metadata, and one of the common things kept in metadata is… (drumroll please)… your GPS coordinates.
This is a lot less interesting than it seems to be at first glance, imho.
Literally just after talking about how people are spouting confident misinformation on another thread I see this one.
People replying to a Twitter thread with photos are automatically having the location data stripped.
God, I can’t wait for LLMs to automate calling out well intentioned total BS in every single comment on social media eventually. It’s increasing at a worrying pace.
Right? And also, that gps data is often not stripped does not vitiate the legitimate concerns that models like these can and will be used to dox people like this. It’s an interesting and novel attack. We can hold multiple things in our heads at once.
I mean… that’s pre-musk information
Yeah, disable gps metadata in your camera settings. Wondering why it often is default on?
Because people that don’t care about privacy find this to be a nice feature.
There are gallery apps that let’s you sort by location and it’s nice if you want to search for the cool thing you saw once again.
Yeah, I have it for personal photos that will never be shared. If I am traveling, I want a record of where a given photo was. But those aren’t photos I am sharing, and the ones I do share get their metadata stripped.
So it has nothing to do with the trees?
I think Lemmy strips it, right? That’s why pictures were uploading sideways for a while?
Software that doesnt store private metadata
I think I have read that on some versions it can store the app’s package name in the metadata. Not sure if that counts private but if and when it does so, it’s good to be aware of
@SnotFlickerman@lemmy.blahaj.zone @CoderSupreme@programming.dev
Some digital cameras and phone cameras can also embed the GPS coordinates in the pixel data so that even if you delete the EXIF metadata the GPS location and device serial number are still present in the image. Many document printers also embed device serial number and other data on printed documents by using nearly invisible dot encodings.
Don’t use propritary camera software then, got it.
That’s crazy. Just read this and I’m just mystified
Back in like 2006 or 7 steganography was used in obscure corners of the internet ( like insurgen.cc, an early anonymous holdout that got broken up by the feds) to pass around hacking tools. You’d unzip the dangerous kitten photo with winrar and extract a set of hacking tools. One I remember passed around widely was the low orbiting ion cannon the /b used to ddos scientologists.
Wasn’t there some online service to hide documents in your images?
i’m sure there are an endless amount, and there are certainly client-side software that makes it easy as well.
https://en.wikipedia.org/wiki/Steganography
No idea, but I found this wikihow https://www.wikihow.com/Hide-a-File-in-an-Image-File
Ah shit. Any easy way to determine if your camera’s doing that? Would that normally be in manufacterer specs?
No easy way at all. The specs would be in-house manufacturer docs. Recall that digital cameras used to embed date and time visibly in images in a corner. The logical progression was to embed other data such as device serial number, geotag data, etc.
Regarding the schemes for steganographic identification in devices such as cameras and printers, this information is usually kept a trade secret. The Secret Service would probably already have the spec docs for data hiding. Many manufacturers already have working agreements to provide back door assistance and documentation for the hardware surveillance economy. Ink chemistry profiles are registered with the Secret Service. The subterfuge is to ‘investigate counterfeiting’ but it is also used to identify whistleblowers and objective targets by their printer serial number or ink chemistry, or the data embedded in any images they are naive enough to publish.
If you are a undercover reporter secretly video recording, unbeknownst to you the video could have metadata encoded using a secret scheme. If you registered that product for a warranty, or bought it online and had it shipped, or paid with a credit card or check, or walked beneath the electronics store cameras without a hat and sunglasses to pay cash, it is easy for the state organs to then follow the breadcrumbs and identify the videographer.
Almost all ‘free’ wifi hotspots offered by chain restaurants and hotels are logged with the data being stored indefinitely, showing your mac address. It takes only a little bit of investigation and process of elimination to find the user on a camera feed history, to see who was connected when a certain message or leak was sent. If you use a wifi hotspot in a McDonalds, Wendy’s, Starbucks, etc. smile for the surveillance camera which will also have your device’s unique MAC address in the wifi history. This MAC address data is automatically sent to a central station, for example at the Wandering Wifi company, and God only knows how long they store it.
None of this nonsense makes anyone safer. These people hate us.
Using something like open camera avoids the risc tho right ?
Try Polaroid.
GPS coordinates in metadata isn’t common
I mean, yes, but that’s not what they’re doing.
https://arxiv.org/abs/2307.05845 https://github.com/LukasHaas/PIGEON
It’s a Stanford project that does what it looks like is happening in the screenshot.
Pretty sure Twitter strips it out by default.
What about X?
I’m sure most people who would put this to test would strip that data or screen grab the image to do the same thing…. If you know about meta data, so does a large amount of other people mate…
The people would be labeled as a fraud very fast if this wasn’t actually a real thing dude.