Automatically remove metadata from images (EXIF) before upload

We should enhance Tor Browser to wipe dangerous (EXIF or other) metadata from any images the user decides to upload (both on desktop and mobile). But keep the landscape/portrait tags. Bonus points for video/audio, or other common file formats.

added component::applications/tor browser gsoc-proposed owner::tbb-team priority::medium severity::normal status::new tbb-fingerprinting type::defect labels

Trac:
Cc: N/A to richard@torproject.org

This seems like a good idea and something Firefox and other browsers should have as well. I did find this: https://bugzilla.mozilla.org/show_bug.cgi?id=1067211

Trac:
Cc: richard@torproject.org to richard@torproject.org, brade, mcs

Replying to mcs:

This seems like a good idea and something Firefox and other browsers should have as well. I did find this: https://bugzilla.mozilla.org/show_bug.cgi?id=1067211

Oh, nice. That's surprisingly appropriate. We can also look at MAT as an example, as well as the alternatives.

https://mat.boum.org/

By default, seems really great to protect users (would such a benefit apply to GlobaLeaks as well?). What if I want to have EXIF data uploaded? There should be some pref for that I can flip in such cases.

PS: What about PDFs as well?

Replying to cypherpunks:

By default, seems really great to protect users (would such a benefit apply to GlobaLeaks as well?). What if I want to have EXIF data uploaded? There should be some pref for that I can flip in such cases.

Yes, I can imagine a checkbox in the upload dialog or a pref might be a possibility. I think it's important that metadata is stripped by default, though.

PS: What about PDFs as well?

Yes! There's a list on https://mat.boum.org that could serve as inspiration:

Portable Network Graphics (.png)
JPEG (.jpg, .jpeg, …)
TIFF (.tif, tiff, …)
Open Documents (.odt, .odx, .ods, …)
Office OpenXml (.docx, .pptx, .xlsx, …)
Portable Document Fileformat (.pdf)
Tape ARchives (.tar, .tar.bz2, …)
MPEG AUdio (.mp3, .mp2, .mp1, …)
Ogg Vorbis (.ogg, …)
Free Lossless Audio Codec (.flac)
Torrent (.torrent)

I spoke to a person in Facebook legal who said that Facebook strips metadata from uploaded media (yay), but that they quietly store it separately in case somebody asks them for it (boo).

So, yes, having Tor Browser do it on the user side would be yet another good case of having the user enforce their own safety through technical means, rather than hoping (policy means) that some third party does the right thing.

This project has been proposed for the Tor Summer of Privacy program for 2018 and we are currently receiving applicants.

moved to tpo/applications/tor-browser#24965