I used to manually remove for example the GPS location when using Reddit since I don’t trust them. Does Lemmy or any Android client remove it by default?

  • Salamander@mander.xyz
    link
    fedilink
    English
    arrow-up
    21
    ·
    edit-2
    1 year ago

    I have just tested by uploading/re-downloading an image, and the EXIF data is removed.

    I then looked through the Lemmy issues and found this issue related to the image-uploading back-end (pict-rs) removing the EXIF data. In response to this issue, the developer of pict-res (asonix) comments that striping the EXIF data was one of the original motivations for building the uploader.

    I am not sure about how to search through the source code of pict-rs, and it seems like this step is not properly documented in the readme file, so I have not been able to find exactly where the metadata removal operation takes place. I think that this is done by invoking ‘exiftool’.

  • Ultrawipf
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    Uploaded this test image in the comment with modified metadata (no gps tag but added software, date, vendor info as exif tags) and after downloading it does not contain any metadata anymore. So seems like at least that server does remove it?

    • SalzkrebsOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Thanks for your effort :) So it seems like you have to trust your instance?

      • Ultrawipf
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Yeah probably. Seems like the image is not stored in its original form in this case but might depend on server settings and the image file. So as always private data like geo tags should be removed before uploading.

        • SalzkrebsOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Would be much easier if clients like Jerboa would remove them by default. Maybe it’s already implemented but if not I will probably write a feature request or implement it by myself.

      • TedvdB@feddit.nl
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Yes, but that’s something anyway;

        • DM’s are unencrypted and stored in the database.
        • If the instance owner decides to pull the plug it’s all gone.

        So by joining an instance you’re putting trust in the owner of the instance either way.

        • SalzkrebsOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          But there is still a difference between the owner being able to take my public content offline and them knowing my private location. However, since my instance is non commercial and doesn’t make any money by tracking it shouldn’t be that bad to trust them on that.

  • magmaus3@szmer.info
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    Most likely no.

    It’s better to remove such metadata manually if you care about it.

  • Toribor@corndog.uk
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I believe this has more to do with pict-rs than Lemmy (the image handling back end that Lemmy uses). I’m struggling to find specifics on this from my phone right now though.