[HN Gopher] ExifLooter - finds geolocation info on all URLs and ...
___________________________________________________________________
ExifLooter - finds geolocation info on all URLs and directories
Author : socketpuppets
Score : 56 points
Date : 2022-07-30 13:39 UTC (9 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| 2OEH8eoCRo0 wrote:
| Could be useful for revenge porn dumps and AnonIB, newchan, etc.
| Lots of leaked nude photos still contain Lat Lon data.
| socketpuppets wrote:
| How it is useful ? If victim takes the photo of
| herself/himself. This tool get the victim's location or
| metadata.
| popcalc wrote:
| He forgot this wasn't /g/
| nibbleshifter wrote:
| Capture all images from your browsing using mitmproxy and auto
| pass to this could be fun. Have it log the source url, etc?
| socketpuppets wrote:
| There is an extension on Burp Suite do exactly your idea.
|
| https://portswigger.net/bappstore/3996aa01e0474b1a990db586a7...
| tppiotrowski wrote:
| So if I take a photo with my iPhone and upload the photo using a
| web form, does the website get the exif data (GPS coordinates) or
| does Safari strip that prior to upload?
| Kye wrote:
| Failing to strip exif is traditionally one of the first
| mistakes most new sites with photo sharing make. Browsers
| wouldn't strip it since it is useful information that's used by
| many sites. Sites that keep it on purpose just have the good
| sense to make revealing it optional or selective.
| socketpuppets wrote:
| Browser's does not strip the exif data but websites should
| remove the exif data. According to Bugcrowd's Vulnerability
| Rating Taxonomy, severity of the vulnerability P3-P4 (medium-
| low) because the vulnerability leak GPS data of anybody.
| snoopy_telex wrote:
| I believe the website gets it all.
| freedomben wrote:
| The website gets it. Safari does not strip it.
|
| IMHO that's the correct thing to do. Maintaining GPS coords is
| highly desirable when uploading photos to your photo storage
| solution. It would be very sad if they were all lost.
|
| Most web apps (such as facebook, slack) will strip the exif
| data though, so you don't always need to worry about it.
| semicolon_storm wrote:
| Depends who you're worried about having the EXIF data. Sure
| Facebook strips the EXIF before rehosting the image for
| others to consume, but given Facebook's nature I'm certain
| they use the EXIF data to track you.
|
| If you don't want Facebook knowing exactly where you were at
| a given datetime, you'll still want to manually strip the
| EXIF before uploading.
| account-5 wrote:
| Or don't upload pictures to Facebook.
| aendruk wrote:
| Seems like a nice feature of the browser would be to tell you
| when you're uploading location data and offer to strip it.
| blooalien wrote:
| That *does* seem like it'd be a nice feature, and maybe
| even not that hard to implement. Mebbe some crafty
| developer could build a feature like that as a browser
| "add-on" / plugin.
| gondo wrote:
| Looking through the code, this is mostly wrapper around exiftool.
| socketpuppets wrote:
| I added remove metadata from images on exifLooter
| https://github.com/aydinnyunus/exifLooter
| socketpuppets wrote:
| Yes. Added on READ.me
|
| Thanks to fahrradflucht for contribution
| socketpuppets wrote:
| I added remove metadata from images on exifLooter
| https://github.com/aydinnyunus/exifLooter
| liberia wrote:
| I religiously strip metadata with ExifCleaner[0]. Thankfully old
| cameras don't have GPS sensors, but with the new ones you have to
| be careful, including smartphone cameras. Metadata in images
| serves no other purpose than invading privacy. That and being
| able to sort media by location, time, etc
|
| [0] https://exifcleaner.com/
| willcipriano wrote:
| > Metadata in images serves no other purpose than invading
| privacy
|
| I don't upload my photos anywhere public. I keep metadata on so
| I can sort them by location. Uploading photos to the public web
| is really what is invading your privacy.
| freedomben wrote:
| Exactly. It serves great purpose to me. I _love_ being able
| to see exactly where a photo was taken. I have cherished
| vacation photos from many years ago and I don 't remember
| where we were. When location data is there, I can pinpoint
| the exact trail or campsite, even when it was very remote.
| There are also photos of my kids where I'm not sure which
| house/area we were living in at the time. Location data
| solves this.
|
| Since the location information can easily be removed but is
| extremely difficult to add, the clear solution to me seems to
| be to strip it when not wanted, and only upload your photo to
| trusted services. Most legit services will strip the info
| anyway (facebook, slack for example).
| willcipriano wrote:
| If you followed the story of Shia LaBeouf's "He Will Not
| Divide Us" where they used things like aircraft flight
| paths to find the location of a flagpole that moved
| multiple times, it isn't clear that stripping metadata will
| save you anyway. I assume anything that I post will leak
| the location for a dedicated enough person.
| cronix wrote:
| > Metadata in images serves no other purpose than invading
| privacy.
|
| That's not true as a blanket statement. If it weren't for gps
| metadata, photogrammetry[1] would be very difficult. I am able
| to make my own "google earth" type maps with a much higher
| degree of detail because I can fly my drone 100 feet over the
| land and take thousands of gps-stamped pics vs outdated google
| maps satellite imagery and then get them all stitched together
| to make a large GeoTIFF. All the processing is done on my PC
| using opensource WebODM[2], which can then be imported into
| opensource QGIS where accurate elevation data can be added. It
| also creates textured 3d models of the land and buildings which
| can then be imported into opensource 3d apps like Blender. It's
| been a huge boost.
|
| I also like being able to show all of my various images on a
| map to see where they were taken.
|
| [1] https://en.wikipedia.org/wiki/Photogrammetry
|
| [2] WebODM quick 3D demo:
| https://www.youtube.com/watch?v=G3pMJR-L0Gk
| socketpuppets wrote:
| I added remove metadata from images on exifLooter
|
| https://github.com/aydinnyunus/exifLooter
| socketpuppets wrote:
| Thank you for your idea. I can add new parameter like "exiftool
| --image image.jpeg --remove" to remove all metadata from the
| image.
| b5n wrote:
| How does this differ from `exiftool -all= image.jpeg`? Would
| it actually _remove_ the data rather than overwriting it? The
| difference isn't apparent to me from the parent comment or
| skimming the exifcleaner site/readme.
| socketpuppets wrote:
| Why `exiftool -all= image.jpeg` is not enough ? or I think
| overwrite the metadata with the empty ones will be okay
| b5n wrote:
| What is the difference between `exiftool --image
| image.jpeg --remove` and `exiftool -all= image.jpeg`? It
| sounds like there is a benefit in adding the `--remove`
| flag but it's not clear to me what it is. Thanks!
| socketpuppets wrote:
| I added remove metadata from images on exifLooter
| https://github.com/aydinnyunus/exifLooter
| socketpuppets wrote:
| Oh I type wrong. I mean adding remove parameter on my CLI
| tool like `exifLooter --remove --image=image.jpeg`
| mistrial9 wrote:
| why is spying on others "valuable" ? how is it not just
| obsession-material at the individual level and security-state
| building at the social level?
|
| one existential answer to this is -- "security" must be constant
| by its nature. Over time, budgets, training and attention settle
| to a lowest-common-denominator of "security" while authorship,
| initiative, marks of individuality and evolution fall by the
| wayside in the murk of "responding to threats" .. while
| insecurity and overwhelm in an individual push towards addiction
| and obsession.
|
| Basically, viewed one way, this hack tool feeds a public movement
| towards funding constant security while there are provable
| deficits of resources and attention in many directions.
|
| As an American I heard stories of the "awful" East German
| communist state with Stazi informants, yet similar reinforcing
| dynamics seem to be in play now in the "free world" ..
___________________________________________________________________
(page generated 2022-07-30 23:01 UTC)