I took a picture of a pretty flower on my walk. When I got home, I logged on to
my email via a web browser and sent the picture (
original_flower.heic) to a
privacy-focused friend along with a poem that I hoped they would enjoy.
They responded with a puzzle:
Your photo (
original_flower.heic) is attached along with another photo (
updated_flower.heic) that’s nearly identical.
Spot the difference! :)
Visually the photos looked identical. I confirmed their visual similarity via
a perceptual hashing tool.
It wasn’t just my eyes! However, the hashes of the files themselves were different so
I suspected photo metadata must be different.
I ran the photos through
exiftool and discovered the original photo I sent
original_flower.heic) contained 145 different metadata attributes1 including
privacy-sensitive info like the time I took the photo and the exact location I took
the photos (i.e. GPS Coordinates) while the updated version (
had most of these fields removed except for essential fields.
Most phones automatically record and embed sensitive time and location information in photos and users unkowingly share this info with third-parties while only intending to share the visual content of the photo. It would be helpful if the built-in photo apps warn you when you are sharing a photo that this information will be sent and allow you to quickly remove it before sharing. Additionally, browsers themselves should consider scanning files on upload for sensitive metadata content and warn the user before completing the upload or provide a quick way for the sensitive info to be stripped right there in the upload dialog. (This would never be exhasutive, but doing it for photos probably covers a lot of the cases where users accidentally share more than they intended.)
If you are comfortable with the commandline, you can view photo metadata via:
$ exiftool /path/to/photo.png
and remove non-essential fields via:
$ exiftool -all= /path/to/photo.png
However, it would be neat to see OSes and browsers automatically provide this option before data changes hands from the user to a third-party.
Here’s the full list of the metadata fields in the original
ExifTool Version Number File Name Directory File Size File Modification Date/Time File Access Date/Time File Inode Change Date/Time File Permissions File Type File Type Extension MIME Type Major Brand Minor Version Compatible Brands Handler Type Primary Item Reference Exif Byte Order Make Camera Model Name Orientation X Resolution Y Resolution Resolution Unit Software Modify Date Y Cb Cr Positioning Exposure Time F Number Exposure Program ISO Exif Version Date/Time Original Create Date Offset Time Offset Time Original Offset Time Digitized Components Configuration Shutter Speed Value Aperture Value Brightness Value Exposure Compensation Metering Mode Flash Focal Length Subject Area Run Time Flags Run Time Value Run Time Scale Run Time Epoch Acceleration Vector Content Identifier Sub Sec Time Original Sub Sec Time Digitized Flashpix Version Color Space Exif Image Width Exif Image Height Sensing Method Scene Type Exposure Mode White Balance Focal Length In 35mm Format Scene Capture Type Lens Info Lens Make Lens Model Composite Image GPS Latitude Ref GPS Longitude Ref GPS Altitude Ref GPS Speed Ref GPS Speed GPS Img Direction Ref GPS Img Direction GPS Dest Bearing Ref GPS Dest Bearing GPS Date Stamp GPS Horizontal Positioning Error Profile CMM Type Profile Version Profile Class Color Space Data Profile Connection Space Profile Date Time Profile File Signature Primary Platform CMM Flags Device Manufacturer Device Model Device Attributes Rendering Intent Connection Space Illuminant Profile Creator Profile ID Profile Description Profile Copyright Media White Point Red Matrix Column Green Matrix Column Blue Matrix Column Red Tone Reproduction Curve Chromatic Adaptation Blue Tone Reproduction Curve Green Tone Reproduction Curve HEVC Configuration Version General Profile Space General Tier Flag General Profile IDC Gen Profile Compatibility Flags Constraint Indicator Flags General Level IDC Min Spatial Segmentation IDC Parallelism Type Chroma Format Bit Depth Luma Bit Depth Chroma Average Frame Rate Constant Frame Rate Num Temporal Layers Temporal ID Nested Image Width Image Height Image Spatial Extent Rotation Image Pixel Depth Media Data Size Media Data Offset Run Time Since Power Up Aperture Image Size Megapixels Scale Factor To 35 mm Equivalent Shutter Speed Create Date Date/Time Original Modify Date GPS Altitude GPS Latitude GPS Longitude Circle Of Confusion Field Of View Focal Length GPS Position Hyperfocal Distance Light Value