https://bugzilla.wikimedia.org/show_bug.cgi?id=35514
Web browser: ---
Bug #: 35514
Summary: [MW] EXIF data needs to be possible to remove
automatically or optionally
Product: MediaWiki
Version: 1.18
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Unprioritized
Component: Images and files
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected], [email protected]
Classification: Unclassified
Mobile Platform: ---
EXIF data can be used to discover the owner of valuables photographed and
uploaded to a MediaWiki site. From there, kidnappings and other tragedies are a
serious risk that cannot be ignored. Most people believe kidnappings are rare,
but in fact, they are just not reported for the obvious reason that the anxious
parents want their kids back, and they will not report the kidnapping if that
puts their children at risk (it does). Kidnappings are common enough that the
insurance industry is involved in paying ransoms:
https://www.google.com/search?q=kidnap+insurance
Kidnappings are the worst case scenario, but anything that attracts criminal
attention should be carefully evaluated and dealt with like any other security
risk, and not dismissed as unlikely or "not my problem" - just ask Kevin
Mitnick, who exploited "unimportant" underlings to reach larger criminal
objectives, in much the same way a kidnapper exploits children to reach the
parents, and the parents' bank.
GPS data is the most potent risk in EXIF data, but the other data may provide
enough information to cause the identification of a criminal target. The
ability remove GPS data, and/or most other EXIF data, is critical for
protecting both the ignorant and the innocent, who can be indirectly harmed by
EXIF data that they may not even be aware of.
Simply hiding the EXIF metadata display is worse than displaying it, because
not displaying it still leaves the ignorant unaware that it exists. That is one
of the well-known pitfalls of security through obscurity.
So, there needs to be at least something like a checkbox that an uploader can
use to indicate they want MediaWiki to remove EXIF data. The ability for a wiki
to be configured to always automatically remove EXIF data is also required to
achieve "fail safe", in some circumstances.
The stakes are potentially very high, so until this is implemented, the bare
minimum would be some sort of link to a page like this one, with information on
how to remove the EXIF data:
http://commons.wikimedia.org/wiki/Commons:EXIF
Of course, informing the uploader of the risks would also be helpful in dealing
with the ignorance part of the problem, which that page currently does not
have. There has been media attention to the problems that EXIF data can cause
for people:
http://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html
That causes people to be hesitant in uploading their images. Addressing this
issue can eliminate some of the objections potential contributers might have
that prevents them from sharing their images.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
