August 11, 2010

EXIF information from digital cameras

Digital cameras are a huge boon to consumers and professionals alike, not least because of the privacy they offer. Photographers no longer have to choose between chemically developing the film themselves, or outsourcing it to some minimum-wage type who might call the police about photos of your grandchild. But there are still a few secrets to digital photography that the privacy-aware should know.

Digital cameras usually store extra, "hidden" text metainformation in the digital pictures they take. The metadata specification for JPEG and TIFF files is EXIF. This isn't inherently nefarious: this information is kept as a record of the camera settings at the time of the photo, and is used by some image-manipulation programs like Photoshop. However, a photograph of your family members, home, current location, or assets could leak sensitive information without your knowledge.

For example, here is the EXIF information from a potentially sensitive JPG file, obtained with jhead:

File name : pchsat1.jpg
File size : 3168150 bytes
File date : 2010:04:26 09:52:36
Camera make : SONY
Camera model : DSC-V3
Date/Time : 2010:04:24 15:30:51
Resolution : 3072 x 2304
Flash used : No
Focal length : 7.0mm
Exposure time: 0.0025 s (1/400)
Aperture : f/8.0
ISO equiv. : 100
Whitebalance : Auto
Metering Mode: matrix
Exposure : program (auto)

Note the time, 3:30:51 p.m. on April 24th, 2010, and the camera model: Sony DSC-V3. This is just an example of the most basic EXIF metadata found in digital photos. jhead is public domain software and works on Windows command line, MacOS X, Linux, FreeBSD and other versions of Unix.

I originally came across the EXIF specification when I noticed that Wikipedia was automatically reading and storing photo metadata from uploaded photographs.

Some of the most sensitive data revealed is the DateTime of the exposure, the camera model used, and especially any embedded GPS location recorded by the camera at the time of the photograph, if present. Some professional-grade cameras may even include the camera serial number in the EXIF metadata. The biggest potential privacy threat is that Google and other web organizations will data mine time and location data from EXIF fields of photos published on social networking sites.

The shareware-licensed Windows program JPEG Japery can strip and modify EXIF information from JPeg files.