Spot the Difference: Leaking Metadata Awareness

JULY 5, 2020

I took a picture of a pretty flower on my walk. When I got home, I logged on to my email via a web browser and sent the picture (original_flower.heic) to a privacy-focused friend along with a poem that I hoped they would enjoy. They responded with a puzzle:

Your photo (original_flower.heic) is attached along with another photo (updated_flower.heic) that’s nearly identical.

Spot the difference! :)

Visually the photos looked identical. I confirmed their visual similarity via a perceptual hashing tool. It wasn’t just my eyes! However, the hashes of the files themselves were different so I suspected photo metadata must be different. I ran the photos through exiftool and discovered the original photo I sent (original_flower.heic) contained 145 different metadata attributes1 including privacy-sensitive info like the time I took the photo and the exact location I took the photos (i.e. GPS Coordinates) while the updated version (updated_flower.heic) had most of these fields removed except for essential fields.

Most phones automatically record and embed sensitive time and location information in photos and users unkowingly share this info with third-parties while only intending to share the visual content of the photo. It would be helpful if the built-in photo apps warn you when you are sharing a photo that this information will be sent and allow you to quickly remove it before sharing. Additionally, browsers themselves should consider scanning files on upload for sensitive metadata content and warn the user before completing the upload or provide a quick way for the sensitive info to be stripped right there in the upload dialog. (This would never be exhasutive, but doing it for photos probably covers a lot of the cases where users accidentally share more than they intended.)

If you are comfortable with the commandline, you can view photo metadata via:

$ exiftool /path/to/photo.png

and remove non-essential fields via:

$ exiftool -all= /path/to/photo.png

However, it would be neat to see OSes and browsers automatically provide this option before data changes hands from the user to a third-party.

  1. Here’s the full list of the metadata fields in the original original_flower.heic:

      ExifTool Version Number
      File Name
      File Size
      File Modification Date/Time
      File Access Date/Time
      File Inode Change Date/Time
      File Permissions
      File Type
      File Type Extension
      MIME Type
      Major Brand
      Minor Version
      Compatible Brands
      Handler Type
      Primary Item Reference
      Exif Byte Order
      Camera Model Name
      X Resolution
      Y Resolution
      Resolution Unit
      Modify Date
      Y Cb Cr Positioning
      Exposure Time
      F Number
      Exposure Program
      Exif Version
      Date/Time Original
      Create Date
      Offset Time
      Offset Time Original
      Offset Time Digitized
      Components Configuration
      Shutter Speed Value
      Aperture Value
      Brightness Value
      Exposure Compensation
      Metering Mode
      Focal Length
      Subject Area
      Run Time Flags
      Run Time Value
      Run Time Scale
      Run Time Epoch
      Acceleration Vector
      Content Identifier
      Sub Sec Time Original
      Sub Sec Time Digitized
      Flashpix Version
      Color Space
      Exif Image Width
      Exif Image Height
      Sensing Method
      Scene Type
      Exposure Mode
      White Balance
      Focal Length In 35mm Format
      Scene Capture Type
      Lens Info
      Lens Make
      Lens Model
      Composite Image
      GPS Latitude Ref
      GPS Longitude Ref
      GPS Altitude Ref
      GPS Speed Ref
      GPS Speed
      GPS Img Direction Ref
      GPS Img Direction
      GPS Dest Bearing Ref
      GPS Dest Bearing
      GPS Date Stamp
      GPS Horizontal Positioning Error
      Profile CMM Type
      Profile Version
      Profile Class
      Color Space Data
      Profile Connection Space
      Profile Date Time
      Profile File Signature
      Primary Platform
      CMM Flags
      Device Manufacturer
      Device Model
      Device Attributes
      Rendering Intent
      Connection Space Illuminant
      Profile Creator
      Profile ID
      Profile Description
      Profile Copyright
      Media White Point
      Red Matrix Column
      Green Matrix Column
      Blue Matrix Column
      Red Tone Reproduction Curve
      Chromatic Adaptation
      Blue Tone Reproduction Curve
      Green Tone Reproduction Curve
      HEVC Configuration Version
      General Profile Space
      General Tier Flag
      General Profile IDC
      Gen Profile Compatibility Flags
      Constraint Indicator Flags
      General Level IDC
      Min Spatial Segmentation IDC
      Parallelism Type
      Chroma Format
      Bit Depth Luma
      Bit Depth Chroma
      Average Frame Rate
      Constant Frame Rate
      Num Temporal Layers
      Temporal ID Nested
      Image Width
      Image Height
      Image Spatial Extent
      Image Pixel Depth
      Media Data Size
      Media Data Offset
      Run Time Since Power Up
      Image Size
      Scale Factor To 35 mm Equivalent
      Shutter Speed
      Create Date
      Date/Time Original
      Modify Date
      GPS Altitude
      GPS Latitude
      GPS Longitude
      Circle Of Confusion
      Field Of View
      Focal Length
      GPS Position
      Hyperfocal Distance
      Light Value