Page MenuHomePhabricator
Create Task
Maniphest T37514

[MW] EXIF data needs to be possible to remove automatically or optionally
Closed, DuplicatePublic
Actions

Description

EXIF data can be used to discover the owner of valuables photographed and uploaded to a MediaWiki site. From there, kidnappings and other tragedies are a serious risk that cannot be ignored. Most people believe kidnappings are rare, but in fact, they are just not reported for the obvious reason that the anxious parents want their kids back, and they will not report the kidnapping if that puts their children at risk (it does). Kidnappings are common enough that the insurance industry is involved in paying ransoms:

https://www.google.com/search?q=kidnap+insurance

Kidnappings are the worst case scenario, but anything that attracts criminal attention should be carefully evaluated and dealt with like any other security risk, and not dismissed as unlikely or "not my problem" - just ask Kevin Mitnick, who exploited "unimportant" underlings to reach larger criminal objectives, in much the same way a kidnapper exploits children to reach the parents, and the parents' bank.

GPS data is the most potent risk in EXIF data, but the other data may provide enough information to cause the identification of a criminal target. The ability remove GPS data, and/or most other EXIF data, is critical for protecting both the ignorant and the innocent, who can be indirectly harmed by EXIF data that they may not even be aware of.

Simply hiding the EXIF metadata display is worse than displaying it, because not displaying it still leaves the ignorant unaware that it exists. That is one of the well-known pitfalls of security through obscurity.

So, there needs to be at least something like a checkbox that an uploader can use to indicate they want MediaWiki to remove EXIF data. The ability for a wiki to be configured to always automatically remove EXIF data is also required to achieve "fail safe", in some circumstances.

The stakes are potentially very high, so until this is implemented, the bare minimum would be some sort of link to a page like this one, with information on how to remove the EXIF data:

http://commons.wikimedia.org/wiki/Commons:EXIF

Of course, informing the uploader of the risks would also be helpful in dealing with the ignorance part of the problem, which that page currently does not have. There has been media attention to the problems that EXIF data can cause for people:

http://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html

That causes people to be hesitant in uploading their images. Addressing this issue can eliminate some of the objections potential contributers might have that prevents them from sharing their images.

Version: 1.18.x
Severity: enhancement

Details

Reference
bz35514

Related Objects

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:18 AM
bzimport added a project: MediaWiki-File-management.
bzimport set Reference to bz35514.
bzimport added a subscriber: Unknown Object (MLST).
Badon created this task.Mar 27 2012, 6:00 AM
Bawolff added a comment.Mar 27 2012, 1:14 PM

Dupe of bug 20326 (Although you give a much more in depth explanation for the why we need to do this then the other bug does)

  • This bug has been marked as a duplicate of bug 20326 ***
Badon added a comment.Mar 27 2012, 7:15 PM

I thought I had thoroughly searched for dupes, but the main keyword I used was "EXIF", so that previous report didn't show up for me. Thanks for finding it for me.

Gilles added a project: Multimedia.Dec 4 2014, 9:33 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.
Aklapper closed this task as a duplicate of T22326: Option to strip some metadata on upload (GPS/geolocation privacy).Nov 1 2020, 4:27 PM
Restricted Application added a project: Commons. · View Herald TranscriptNov 1 2020, 4:27 PM
Aklapper mentioned this in T22326: Option to strip some metadata on upload (GPS/geolocation privacy).Nov 1 2020, 4:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL