Wednesday, June 14, 2006

Beware of hidden digital camera metadata

I've posted on a number of times about something called metadata. It is hidden information in different kinds of digital files that may reveal information about the document, its author or information that the distributor did not want to disclose. For example, Microsft Word is notorious for the metadata that can be hidden in documents but we've also seen information leakage through Adobe Acrobat files (See: The Canadian Privacy Law Blog: More on metadata, The Canadian Privacy Law Blog: Document meta-data FAQ and risk information, The Canadian Privacy Law Blog: Security problems with hidden data in Acrobat PDF files).

I've known for some time that most digital cameras generate metadata (in the EXIF format), such as information about when the photo was taken, whether a flash was used, the exposure, lens focal length, etc. Flickr shows most metadata associated with photos. Check this out for an example: Flickr: More detail about leave.

What I did not know until today is that digital cameras will often embed a small thumbnail image of the photo as originally taken. In many cases, if you subsequently edit the photo, the original thumbnail remains. If the image is edited to cut out someone who didn't want to be photographed or if you blur the face of someone to protect their privacy, that information may still be available to anyone who gets the image.

There is no better illustration of the problem than the website created by Tonu Samuel. His site pulls images off the 'net then shows the original thumbnail and the modified image. One image generated by Samuel's site is a very vivid demonstration of why this is an issue: Hidden EXIF thumbnail security problem (may not be safe for work - it shows a young woman in a bikini whose face was obscured but is clearly identifiable in the thumbnail).

In short: Be very careful when you distribute modified digital images.

Thanks to michaelzimmer.org - The Hidden Photos Within Photos for the link.

UPDATE: I was browsing some of the photos that hav been put through Tonu Samuel's EXIF extractor and came upon this great demonstration of why this can be a risk. The photos on this page are from the US Federal Bureau of Investigation (http://www.fbi.gov/wanted/seekinfo/erienote1.jpg). The published version shows a letter with significant portions blacked out. The embedded thumbnail is missing all the blacked out portions.

1 comment:

nickets said...

Those hidden cameras are threat to public and even individual privacy.