2010-08-24:

How NOT to hide your face

jpeg:easy
Yesterday I've received a photo from a friend, in JPEG format. The face of the person on the photo was concealed by a black rectangle. And that would be the end of the story, if my friend didn't notice that explorer on a preview of the photo shows the unconcealed face of the person in question :)

For obvious reasons I won't publish the photo in question. Rather than that, I'll use another one, with similar "parameters".

OK, so here the photo:
an exemplary photo with concealed face

As you can see, the photo owner, probably the person on the photo itself, wanted to hide his face, due to random reasons.

But, if we look (RMB, Save as...) on the photo preview, e.g. from Windows Explorer, we won't find the black rectangle anywhere - the face is clearly visible:
explorer


Why's that? What was the mistake of the person that published the photo?

It's all related to the EXIF metadata, which might (but doesn't necessarily have to) be included in a JPEG file. Mainly, the EXIF standard says that it's possible to embed a thumbnail of the image into the metadata - actually it's quite a usable feature, especially if the image in question is quite large. In this example the thumbnail has been indeed generated, and included in the metadata, probably by the camera used to make the photo.

Next thing the person did, was to open the photo in some graphical editor, overpaint the face with a black rectangle, and save the photo. This is the place where the actual magic has happened - not all applications deal well with the EXIF metadata. Why? Maybe because the newest EXIF standard has 182 pages (and e.g. the application didn't support compressed RGB thumbnails). Or maybe the application in question assumed, that if a photo has some existing metadata, than it's more important then what the application itself had to offer. Regardless of the reason, the application did in fact copy the existing EXIF thumbnail into the saved image file, so the old thumbnail (with the face visible) was never overwritten by the new, proper (i.e. with the face being concealed), one.

Since not many people actually check the metadata before publishing anything, the EXIF metadata, with the visible face, was published in the end.
The miniature thumbnail can be quite not-small :)


Ooookeeey. So, how do we force the thumbnails to regenerate? Or how do we remove the EXIF?
Well, there is probably 1000 and 1 ways to do it. Personally, I use a console app called jhead (it requires the ImageMagick packet to actually regenerate the thumbnail). Also, most lite image re-encoders and viewers like IrfanView can be told to remove the EXIF data (in case of the aforementioned IrfanView you just have to uncheck the 'Keep original EXIF data' in the advance options while saving to a JPEG file).

The EXIF privacy problems is nothing new. If you're interested in this, take a look on some cases from the past, e.g. the two mentioned below (the funny thing is that they both had something to do with "naked" pictures... guess we don't talk much about privacy if no naked people are involved... "Have you heard about the PRIVACY DISCLOSURE in the recently published naked photos of a movie star? Let's google for it to check it out!"):

* TechTV's Cat Schwartz Exposed: Is Photoshop To Blame? - In short: a TV presented has published a few cropped photos, showing mostly her face. Well, it occurred that the EXIF thumbnails were generated from the full photo, on which the women in question wasn't actually fully dressed.

* EXIF, iPhone, GPS ...i nagie fotki (this article is actually in Polish, but there are more photos than actual text, so you can manage, or you can google the story out) - In short: some girl took a photo of herself partly dressed with her iPhone, which included GPS data of the location where the photo was taken, being the place where she lived.

Of course, the metadata problem isn't only related to EXIF. Be sure to check out e.g. this site.

And that's it :)

UPDATE:
P.S. OK, since I'm already describing metadata cases, I'll describe another one :)
A few years ago a friend of mine has send me a JPEG photo (with an enigmatic (hash/unique id) name 36bdf1ed00011b8e.jpg) of a dark-haired girl, which he got from a certain person on a certain webchat. That person claimed that it's her photo, but for some reason my friend had doubts, what resulted in me getting the photo "for checking if it's read".
The mystery was much easier than I've expected. However, the hero of the day was not EXIF this time, but IPTC, another kind of metadata embedded sometimes into JPEG images. To be more accurate it was the Adobe XMP metadata, and the field:
crs:RawFileName="7477135.jpg"
After entering the raw file name (it's the name of the original photo, 7477135.jpg in this case) into google, I was presented with the original photo, showing a horizontally flipped image of the same girl, but with blonde hair. It turned that the culprit took the photo of a model from a gallery, flipped it and "photoshoped" the hair color.

Looks like my friend had a good hunch, and the joker was given away once again by the infamous metadata :)

Comments:

2010-08-24 14:07:03 = Archangel-Amael
{
Nice post. Seems that a lot of people forget about the EXIF data.
The guys from pauldot.com have put up a website showing, location information from random tweets http://icanstalku.com/
I wrote up a way to use exiftools to help extract the meta data from photos.
http://archangelamael.blogspot.com/ Shows just how easy it is for people's information or privacy to be invaded.

Cheers
}
2010-08-24 18:55:28 = Xion
{
Ah, the elusive EXIF tags. Yet another reason to avoid prolonged contact with photogallery of any social networking site ;-)
}
2010-08-25 09:17:58 = Gynvael Coldwind
{
@Archangel-Amael
Maybe "forget" is not the right word. I would opt for "don't know about" instead or "underestimate" :)
Ad icanstalku - woah, thats ehm, pretty scary actually :)
Ad extracting metadata - yeah, your right, it has always been a pretty strong forensics vector :)

@Xion
Or... you can always send photos in BMP! BMP doesn't have a standard way to include metadata! :)
}
2010-09-07 14:43:04 = Manu
{
Hi, Gynvael!

I enjoyed searching the hidden kittens on your website, it kind of reminded me the searches that +F used to propose. And last but not least, you seem to be a highly skilled and thoughtful person, which is rare to see nowadays.

Best regards, dude!
}
2011-02-26 06:47:48 = Love4Boobies
{
Hi,

I remember impressing a chick with my 1337 h4x0r skillz when I told her what was behind one of these rectangles in a photo of hers :) Btw, in case anyone's wondering, "the photo owner, probably the person on the photo itself" is none other than Gyvanel himself.

I initially began to rant about IPTC and XMP but luckly I scrolled up for a bit and I noticed you already covered it so this comment is much shorter than it was going to. A small note, however: XMP is not IPTC, but a replacement for it (I found the post a bit ambiguous on this).

Cheers,
Bogdan
}

Add a comment:

Nick:
URL (optional):
Math captcha: 8 ∗ 1 + 9 =