Strip metadata from images by default

https://www.phpbb.com/ideas/
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Strip metadata from images by default

Post by 2600 »

In the GPS capable smartphone and devices world we live in now where we take lots of photos and then upload them to the Internet for all to see, little do most people know is that buried in the image are your GPS coordinates. Since this is a fact of life, I know Twitter and Facebook and perhaps other social media websites strip the metadata from images to safe guard one's privacy and security. Since this is a major privacy/security concern, I propose that the core of phpBB strip metadata or at least the GPS coordinates from uploaded images. I have already asked about an extension for this issue here and it's been an interesting topic thus far.

Your thumbs up would be greatly appreciated in an effort to keep your users safe and secure. :ugeek:
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
david63
Registered User
Posts: 19867
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Strip metadata from images by default

Post by david63 »

This would either need to be an option or done as an extension.

Whilst I understand, and to some extent I agree, with your concerns there are some boards where this could be a requirement - for example a board that was dedicated to photography.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Strip metadata from images by default

Post by 2600 »

david63 wrote:
Fri Nov 01, 2019 6:50 pm
there are some boards where this could be a requirement - for example a board that was dedicated to photography.
That I thought of and it's why I said the following:
I propose that the core of phpBB strip metadata or at least the GPS coordinates from uploaded images.
Perhaps a switch in the ACP could be used to turn it off and on at a user's will instead of allowing metadata by default which in of its self is a major privacy/security concern. Especially with online stalking, etc. Not very good.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Random American
Registered User
Posts: 212
Joined: Sat Aug 10, 2019 4:45 am
Location: Somewhere in the Southern USA.

Re: Strip metadata from images by default

Post by Random American »

This would be useful to any board that allows the uploading of images, and it would be more convinient than installing an extention.

I voted yes.
Last edited by Random American on Sun Nov 03, 2019 8:15 pm, edited 1 time in total.
I'm just a regular member of the phpBB Community. I do NOT represent phpBB.com in any capacity and my opinions are solely my own.
User avatar
</Solidjeuh>
Registered User
Posts: 1788
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Strip metadata from images by default

Post by </Solidjeuh> »

Yes I totally agree with this. And it's a good idea to make an ACP option to disable/enable it.
User avatar
warmweer
Jr. Extension Validator
Posts: 7653
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium
Contact:

Re: Strip metadata from images by default

Post by warmweer »

Voted YES (because of the privacy issue).
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
User avatar
3Di
Former Team Member
Posts: 16947
Joined: Mon Apr 04, 2005 11:09 pm
Location: Have a guess... 🇮🇹
Name: Marco
Contact:

Re: Strip metadata from images by default

Post by 3Di »

AFAIR, if you set in ACP/board configuration/attachments settings
the Maximum image dimensions to something greater than 0 (both height and width)
then those Exif metadata will be automatically stripped by the plupload resize's option and the quality reduced to 85%.

2019-11-04 04_13_14-Attachment settings.png
2019-11-04 04_13_14-Attachment settings.png (3.3 KiB) Viewed 8404 times

Code: Select all

	/**
	* Generates a string that is used to tell plupload to automatically resize
	* files before uploading them.
	*
	* @return string
	*/
	public function generate_resize_string()
	{
		$resize = '';
		if ($this->config['img_max_height'] > 0 && $this->config['img_max_width'] > 0)
		{
			$resize = sprintf(
				'resize: {width: %d, height: %d, quality: 85},',
				(int) $this->config['img_max_width'],
				(int) $this->config['img_max_height']
			);
		}

		return $resize;
	}

Also means that images greater than the allowed max. dimensions can't be uploaded I guess.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
EA117
Registered User
Posts: 2143
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Strip metadata from images by default

Post by EA117 »

3Di wrote:
Mon Nov 04, 2019 3:24 am
AFAIR, if you set in ACP/board configuration/attachments settings
the Maximum image dimensions to something greater than 0 (both height and width)
then those Exif metadata will be automatically stripped by the plupload resize's option and the quality reduced to 85%.
That's not the testing result I saw just earlier today, for what it's worth, when researching this related response.

Indeed, if the height and width limits are non-zero, then phpBB passes a hard-coded 85% quality parameter. Which causes plupload to always process the image during upload to down-sample to 85% quality, even if the image was already within the height and width limit that was set. i.e. Resizing isn't performed "only if resizing was necessary", and simply the quality assertion will cause "resize" processing too. This was news to me, and I didn't think the re-size processing occurred except when height or width was exceeded.

But exactly as KYPREO asserted, this plupload processing actually preserves the EXIF headers by default, unless you also add preserve_headers: false to the plupload resize: {} parameters.

I can vouch for that first hand, when testing it both ways against an EXIF-bearing JPG that was otherwise within the configured height, width and file size limits. plupload down-sampled the image to 85% quality in both cases; but the camera-generated EXIF information remained intact unless I also added preserve_headers: false.


So bottom line: Yes, the existing plupload code that phpBB is already using could be employed to strip "all extra header information." By adding an additional optional configuration that would add the preserve_headers: false parameter to phpBB's existing resize: {} parameters being passed to plupload. But no, it's not already doing that, with or without setting the image height and width limits.

3Di wrote:
Mon Nov 04, 2019 3:24 am
Also means that images greater than the allowed max. dimensions can't be uploaded I guess.
It means images greater than the allowed maximum dimensions will be resized -- at the client side, via plupload/moxie image processing code -- to the maximum dimensions that were specified. Prior to then being uploaded to phpBB.

In comparison, the file size limit is the one which "prevents you from even being able to upload the file." Meaning if the original image file size exceeds the file size limit set in phpBB, plupload presents an error without even starting any upload processing. None of the height, width, quality or preserve_header settings have a chance to come into play in that case, because plupload never lets the upload attempt get that far.
User avatar
3Di
Former Team Member
Posts: 16947
Joined: Mon Apr 04, 2005 11:09 pm
Location: Have a guess... 🇮🇹
Name: Marco
Contact:

Re: Strip metadata from images by default

Post by 3Di »

That's what I experencied, instead, with my extension [3.2][ALPHA] EXIR - Exif Image Rotation - I haven't had the opportunity to continue its development since phpBB 3.2.2 though.

Edit: but I see now in the 2.3.6 documentation something I can use to accomplish my mission with a new approach: https://www.plupload.com/docs/v2/Image- ... ip-headers - And could be also I will open a PR related to this idea.

Which will require quite a bit of changes here and there, in the core code.

Anybody willing to open a ticket at the tracker?
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
AmigoJack
Registered User
Posts: 5937
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Strip metadata from images by default

Post by AmigoJack »

John connor wrote:
Fri Nov 01, 2019 4:51 pm
strip metadata or at least the GPS coordinates
No for metadata in general: EXIF isn't the only thing, there's also IPTC, XMP, ICC and even more for each specific file format. Stripping metadata in whole would also mean to strip JPEG comments or TIFF/PNG descriptions... even the filename must be considered considered if privacy is the issue.

Stripping only GPS data is difficult to impossible: rearranging EXIF might damage its potential internal pointers. Modifying XMP is easy, but finding relevant GPS data in all permutations that XML allows is also a difficult task. Replacing GPS data with zeroes/blanks however at least would let the EXIF stay intact.

Up to today phpBB cannot even properly parse a JFIF to find its dimensions, so I wouldn't trust it to ever properly strip or modify metadata. Leave that task to a separate software.
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
  • "My reaction is not to everyone, especially to you." Raptiye, 2021-02-28
KYPREO
Registered User
Posts: 392
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: Strip metadata from images by default

Post by KYPREO »

Thanks for picking up my post EA117. 8-) Glad my input was helpful.

I vote yes as many users are unaware of GPS metadata being retained in images and this information could be potentially dangerous in the wrong hands. Think also, for example, car forums where a would-be thief could identify where a car was being garaged. Stripping this GPS metadata should be default behaviour and it should be easy to implement as it simply involves the following changes to /phpbb/plupload/plupload.php:

From

Code: Select all

'resize: {width: %d, height: %d, quality: 85},',
to

Code: Select all

'resize: {width: %d, height: %d, quality: 85,preserve_headers: false},',
I can't think of any good reasons why EXIF data should be retained, but the ACP could allow the board administrator to disable the feature in the attachments settings just like the image dimension parameters for plupload already are. I agree however that by default EXIF data should be stripped.
phpBB user since 2002
www.AusRotary.com
KYPREO
Registered User
Posts: 392
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: Strip metadata from images by default

Post by KYPREO »

Turning back to this idea after recent posts on the subject.

Those users voting this topic down need to consider the ethical and legal ramifications for board administrators by allowing EXIF data to remain by default.

EXIF data contains personally identifying information, in particular the GPS coordinates of where a photo was taken. Any viewer of the forum able to download the attached image can inspect the EXIF data and extract the GPS coordinates. This information could be used for malicious purposes, including tracking a person or a person's property (for example a car).

This information is being stored on the phpBB board's server without user consent or notification. There is no default privacy policy for phpBB saying that these details are collected, how they are stored or how the information is managed or disclosed.

I dare say that this would contravene privacy laws in many countries, not just strict jurisdictions like the EU. At the very least, it is unethical and unfair to users who would have absolutely no idea this is happening.

Equally, most board administrators would be completely unaware that their user's EXIF data is being uploaded and stored by them by default. They would therefore unlikely to be aware of their potential exposure to compliance risk and have no way knowing they might need to come up with some kind of custom notice or privacy policy for their users.

phpBB should adopt a risk averse position. The most neutral approach here would be to strip EXIF data by default. I have never seen a single post on this board asking how to ensure EXIF is retained. I therefore think we can safely assume retaining EXIF would be an exceptional requirement. Those special use cases can be dealt with by a custom code change - just as we are required to custom change code to strip EXIF now.

There should then be a note in the attachment settings page in the ACP to notify administrators that setting maximum image dimensions to something other than zero will ensure EXIF metadata including GPS coordinates are stripped.

At most, there might be a radio button options on that ACP page to retain EXIF data when image dimensions are set to something other than zero.
phpBB user since 2002
www.AusRotary.com
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Strip metadata from images by default

Post by 2600 »

This really should have a hell of a lot more thumbs up. The usual suspects gave it a thumbs down. I have proposed some good ideas only to get shot down. At least I can modify the core myself and get rid of this. I think a switch in the ACP or something should allow you to keep or delete metadata. Since one of my forums is primarily an image sharing website, I wouldn't want people to know where they live.

I'm sure a lot of websites already strip the metadata already. I know Twitter and Facebook do, and I'm sure eBay does as well. I was able to go to Flickr and see where many people took a picture or where they live. This is not something you want. You might as well add your home address to your user profile.

Edit-

Over 4,000 views, 9 thumbs up. Granted a lot of those could be guests, but still. At least 10% of that have to be users here and that would be 400 users.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Lumpy Burgertushie
Registered User
Posts: 68607
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Strip metadata from images by default

Post by Lumpy Burgertushie »

curious, does every phone/tablet record the gps info in every image? if so, why? why would anyone even want that to be a feature of the phone?


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
david63
Registered User
Posts: 19867
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Strip metadata from images by default

Post by david63 »

Lumpy Burgertushie wrote:
Mon Jan 13, 2020 6:41 am
curious, does every phone/tablet record the gps info in every image? if so, why? why would anyone even want that to be a feature of the phone?
If I am not mistaken it is, or at one time was, a default setting on most smartphones which users were unaware of and never turned off.

I know that I am a Luddite but as I use a camera for taking photos and a phone for making calls I do not have these problems.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
Post Reply

Return to “phpBB Ideas”