Strip metadata from images by default

https://www.phpbb.com/ideas/
Post Reply
User avatar
John connor
Registered User
Posts: 2312
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Strip metadata from images by default

Post by John connor » Fri Nov 01, 2019 4:51 pm

In the GPS capable smartphone and devices world we live in now where we take lots of photos and then upload them to the Internet for all to see, little do most people know is that buried in the image are your GPS coordinates. Since this is a fact of life, I know Twitter and Facebook and perhaps other social media websites strip the metadata from images to safe guard one's privacy and security. Since this is a major privacy/security concern, I propose that the core of phpBB strip metadata or at least the GPS coordinates from uploaded images. I have already asked about an extension for this issue here and it's been an interesting topic thus far.

Your thumbs up would be greatly appreciated in an effort to keep your users safe and secure. :ugeek:

User avatar
david63
Registered User
Posts: 16718
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Strip metadata from images by default

Post by david63 » Fri Nov 01, 2019 6:50 pm

This would either need to be an option or done as an extension.

Whilst I understand, and to some extent I agree, with your concerns there are some boards where this could be a requirement - for example a board that was dedicated to photography.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
John connor
Registered User
Posts: 2312
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: Strip metadata from images by default

Post by John connor » Sat Nov 02, 2019 7:29 am

david63 wrote:
Fri Nov 01, 2019 6:50 pm
there are some boards where this could be a requirement - for example a board that was dedicated to photography.
That I thought of and it's why I said the following:
I propose that the core of phpBB strip metadata or at least the GPS coordinates from uploaded images.
Perhaps a switch in the ACP could be used to turn it off and on at a user's will instead of allowing metadata by default which in of its self is a major privacy/security concern. Especially with online stalking, etc. Not very good.

User avatar
Random American
Registered User
Posts: 7
Joined: Sat Aug 10, 2019 4:45 am
Location: USA

Re: Strip metadata from images by default

Post by Random American » Sun Nov 03, 2019 5:40 pm

This would be useful to any board that allows the uploading of images, and it would be more convinient than installing an extention.

I voted yes.
Last edited by Random American on Sun Nov 03, 2019 8:15 pm, edited 1 time in total.

User avatar
</Solidjeuh>
Registered User
Posts: 1732
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Strip metadata from images by default

Post by </Solidjeuh> » Sun Nov 03, 2019 5:45 pm

Yes I totally agree with this. And it's a good idea to make an ACP option to disable/enable it.

User avatar
warmweer
Registered User
Posts: 3055
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: Strip metadata from images by default

Post by warmweer » Sun Nov 03, 2019 5:59 pm

Voted YES (because of the privacy issue).
The year is 2192. The British Prime Minister visits Brussels to ask for an extension of the Brexit deadline. No one remembers where this tradition originated, but every year it attracts many tourists from all over the world.

User avatar
3Di
Former Team Member
Posts: 14389
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Strip metadata from images by default

Post by 3Di » Mon Nov 04, 2019 3:24 am

AFAIR, if you set in ACP/board configuration/attachments settings
the Maximum image dimensions to something greater than 0 (both height and width)
then those Exif metadata will be automatically stripped by the plupload resize's option and the quality reduced to 85%.

2019-11-04 04_13_14-Attachment settings.png
2019-11-04 04_13_14-Attachment settings.png (3.3 KiB) Viewed 966 times

Code: Select all

	/**
	* Generates a string that is used to tell plupload to automatically resize
	* files before uploading them.
	*
	* @return string
	*/
	public function generate_resize_string()
	{
		$resize = '';
		if ($this->config['img_max_height'] > 0 && $this->config['img_max_width'] > 0)
		{
			$resize = sprintf(
				'resize: {width: %d, height: %d, quality: 85},',
				(int) $this->config['img_max_width'],
				(int) $this->config['img_max_height']
			);
		}

		return $resize;
	}

Also means that images greater than the allowed max. dimensions can't be uploaded I guess.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
✒️ Black Friday 2019 @ The Studio ▪️◾️

User avatar
EA117
Registered User
Posts: 1081
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Strip metadata from images by default

Post by EA117 » Mon Nov 04, 2019 5:45 am

3Di wrote:
Mon Nov 04, 2019 3:24 am
AFAIR, if you set in ACP/board configuration/attachments settings
the Maximum image dimensions to something greater than 0 (both height and width)
then those Exif metadata will be automatically stripped by the plupload resize's option and the quality reduced to 85%.
That's not the testing result I saw just earlier today, for what it's worth, when researching this related response.

Indeed, if the height and width limits are non-zero, then phpBB passes a hard-coded 85% quality parameter. Which causes plupload to always process the image during upload to down-sample to 85% quality, even if the image was already within the height and width limit that was set. i.e. Resizing isn't performed "only if resizing was necessary", and simply the quality assertion will cause "resize" processing too. This was news to me, and I didn't think the re-size processing occurred except when height or width was exceeded.

But exactly as KYPREO asserted, this plupload processing actually preserves the EXIF headers by default, unless you also add preserve_headers: false to the plupload resize: {} parameters.

I can vouch for that first hand, when testing it both ways against an EXIF-bearing JPG that was otherwise within the configured height, width and file size limits. plupload down-sampled the image to 85% quality in both cases; but the camera-generated EXIF information remained intact unless I also added preserve_headers: false.


So bottom line: Yes, the existing plupload code that phpBB is already using could be employed to strip "all extra header information." By adding an additional optional configuration that would add the preserve_headers: false parameter to phpBB's existing resize: {} parameters being passed to plupload. But no, it's not already doing that, with or without setting the image height and width limits.

3Di wrote:
Mon Nov 04, 2019 3:24 am
Also means that images greater than the allowed max. dimensions can't be uploaded I guess.
It means images greater than the allowed maximum dimensions will be resized -- at the client side, via plupload/moxie image processing code -- to the maximum dimensions that were specified. Prior to then being uploaded to phpBB.

In comparison, the file size limit is the one which "prevents you from even being able to upload the file." Meaning if the original image file size exceeds the file size limit set in phpBB, plupload presents an error without even starting any upload processing. None of the height, width, quality or preserve_header settings have a chance to come into play in that case, because plupload never lets the upload attempt get that far.

User avatar
3Di
Former Team Member
Posts: 14389
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Strip metadata from images by default

Post by 3Di » Mon Nov 04, 2019 5:51 am

That's what I experencied, instead, with my extension [3.2][ALPHA] EXIR - Exif Image Rotation - I haven't had the opportunity to continue its development since phpBB 3.2.2 though.

Edit: but I see now in the 2.3.6 documentation something I can use to accomplish my mission with a new approach: https://www.plupload.com/docs/v2/Image- ... ip-headers - And could be also I will open a PR related to this idea.

Which will require quite a bit of changes here and there, in the core code.

Anybody willing to open a ticket at the tracker?
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
✒️ Black Friday 2019 @ The Studio ▪️◾️

User avatar
AmigoJack
Registered User
Posts: 5642
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Strip metadata from images by default

Post by AmigoJack » Mon Nov 04, 2019 6:51 am

John connor wrote:
Fri Nov 01, 2019 4:51 pm
strip metadata or at least the GPS coordinates
No for metadata in general: EXIF isn't the only thing, there's also IPTC, XMP, ICC and even more for each specific file format. Stripping metadata in whole would also mean to strip JPEG comments or TIFF/PNG descriptions... even the filename must be considered considered if privacy is the issue.

Stripping only GPS data is difficult to impossible: rearranging EXIF might damage its potential internal pointers. Modifying XMP is easy, but finding relevant GPS data in all permutations that XML allows is also a difficult task. Replacing GPS data with zeroes/blanks however at least would let the EXIF stay intact.

Up to today phpBB cannot even properly parse a JFIF to find its dimensions, so I wouldn't trust it to ever properly strip or modify metadata. Leave that task to a separate software.
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

KYPREO
Registered User
Posts: 123
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: Strip metadata from images by default

Post by KYPREO » Mon Nov 04, 2019 7:01 am

Thanks for picking up my post EA117. 8-) Glad my input was helpful.

I vote yes as many users are unaware of GPS metadata being retained in images and this information could be potentially dangerous in the wrong hands. Think also, for example, car forums where a would-be thief could identify where a car was being garaged. Stripping this GPS metadata should be default behaviour and it should be easy to implement as it simply involves the following changes to /phpbb/plupload/plupload.php:

From

Code: Select all

'resize: {width: %d, height: %d, quality: 85},',
to

Code: Select all

'resize: {width: %d, height: %d, quality: 85,preserve_headers: false},',
I can't think of any good reasons why EXIF data should be retained, but the ACP could allow the board administrator to disable the feature in the attachments settings just like the image dimension parameters for plupload already are. I agree however that by default EXIF data should be stripped.
phpBB user since 2002
www.AusRotary.com

Post Reply

Return to “phpBB Ideas”