Don't Forget To Hide The Metadata When Protecting Your Sources
from the finding-deep.throat dept
Yesterday, we pointed to a Washington Post article about botnets. The article was definitely a fascinating read, helped along by the story, weaved throughout the article, of one young botnet herder, who remained nameless (other than an online handle). Part of the agreement he apparently made with the Washington Post was that his small town not be identified either. The article contains a few random details which could apply to just any number of small towns throughout the country — so they seemed safe enough. However, there was also a tightly cropped photo designed to not really give away any info in the image. Unfortunately, as many people have learned, there’s more than meets the eye when it comes to data associated with digital files, and it didn’t take long for some Slashdot readers to take a gander at the photo’s metadata, and work out the probable location of the young man. Some are wondering if the Washington Post (who famously kept Deep Throat’s identity secret for three decades) may now face some sort of liability should the individual actually be revealed through this bit of metadata sleuthing.
Comments on “Don't Forget To Hide The Metadata When Protecting Your Sources”
Little or no effort, huh?
From an article at washingtonpost.com: “He and his hacker friends are part of a generation raised on the Internet, where everything from software to digital music to a reliable income can be had at little cost or effort”
That’s pretty offensive, I think. Little or no effort for a reliable income. Perhaps this writer should spend a day developing web applications for technophobic clients who take their time with check writing.
Then tell me it’s no effort. Bah.
🙂
My two bits. 01
Digital image redaction is so easy
Take the picture in lossless mode. Export the image (RAW, TIFF, DNG, whatever) to BMP. All metadata is thus stripped away, as BMP doesn’t support any. Now save as JPEG. Before that, you can add any metadata you like–but this time it’s all yours, nothing unwanted.
I can’t understand why people of the trade (reporters, such as the one from Washington Post who bungled the whole thing, and others where secrecy is needed) don’t know this stuff.
Re: Digital image redaction is so easy
Congratulations, Coward. You’re an arrogant prick with a desperate need for affirmation and acceptance.
What do you want us to say? Ooooh, you know what the reporter didn’t. You even spelled it out step by step to make sure that we’re adequately impressed. You even took extra special care to make sure that we all know you regard anyone who doesn’t know as an idiot, because anyone who doesn’t live up to your level of expertise is an ignorant fool not worthy of employment, let alone a position in the ranks of humanity.
I apologize if I was excessive. I don’t want to misconstrue your words… I know I should be able to exactly discern your mental state and berate you properly, but sometimes we inferior can’t see things with the same clarity and insight as you.
Post useful comments and leave the mental-masturbation to your diary.
Re: Re: Digital image redaction is so easy
Troll
An electronic mail message, Usenet posting or other (electronic) communication which is intentionally incorrect, but not overtly controversial (compare flame bait), or the act of sending such a message. Trolling aims to elicit an emotional reaction from those with a hair-trigger on the reply key. A really subtle troll makes some people lose their minds.
Taken from dictionary.com and remember, don’t feed the Troll.
While this particular post is not incorrect, I believe it still fits the definition of a troll in that it aimed to elicit an emotional response (and succeeded).
Re: Re: Re: Digital image redaction is so easy
I didn’t take him as a troll at all.
Re: Re: Digital image redaction is so easy
Being a bit harsh are we? Just be sure when you call someone else an “arrogant prick” you don’t come off as one yourself. 😉
Back on topic. OK, sure the average person doesn’t know (or care) about image metadata. However, reporters are responsible for maintaning their contacts anonymity. They really should be better informed to remove this kind of potentially damaging information from their files.
Re: Re: Re: Digital image redaction is so easy
y’all have never worked at a paper, have you? the reporter, while responsible for keeping his/her source secure, doesn’t drop the images on the page — that’s the work of the editors and photo guys who do the actual page layout. so why would the reporter be responsible for that? hell, most of them are doing good to use a computer, much less understand one.
sheesh, people. think.
Re: Re: Digital image redaction is so easy
What the heck, man? He’s just giving advice on how to remove the metadata. His post isn’t intended as flamebait. He’s noting something that I found quite interesting, and I’m appalled that you would attack him for writing it. You need to calm down for a bit before posting next time. Besides, everyone knows that the average reporter is about as bright as a broken light bulb when it comes to any sort of technology. Let alone the idea that they should strip out metadata. Not everyone knows about metadata.
Re: Re: Digital image redaction is so easy
Michael there was no need for that kind of response. I did not know how to strip the meta data, and now I do from reading his comment. Why you felt compelled to assault his comment as nothing more than a selfish ego boost is beyond me. You claim he should only post “useful comments and leave the metal-masturbation to your diary” when infact HE posted useful information for me, and YOU posted a full thought out piece of useless complaining that was a complete waste of MY time to read.
Perhaps you should re-read what you wrote then look at the nearest mirror instead.
Re: Re: Digital image redaction is so easy
Jez, little harsh eh? Coward pointed out that they were not very carefull in posting there “secure” picture.Maybe his point is none of us are as smart as we think, or perhaps its, even reporters should do there home work before claiming someone will remain anonymous by using a bit of fuzz on a photo… either way, I dont think starting a flame war on tech dirt will solve much.
Re: Re: Digital image redaction is so easy
“You’re an arrogant prick with a desperate need for affirmation and acceptance.”
For a moment I thought of telling you were on the right track, there’s plenty money to be made from pop-psych. But then I thought to myself, “oh wait, no, the pop-psych field is now fully saturated.” You’ll have to find another way to get rich, matchstickdick.
“Post useful comments and leave the mental-masturbation to your diary.”
Which of the comments offers the useful knowledge of how to defend your anonymity, and which of them merely tells people about the emotional insecurity of a frustrated web addict, which they don’t give a flying rat’s ass about?
Back atcha your entire post. 😀
Re: Re: Re: Digital image redaction is so easy
Guys, stop feeding the trolls.
The guy’s sitting back in his chair laughing at you right now.
Re: Digital image redaction is so easy
Actually – the fle format itself is not responsible for including or excluding the metadata. Applications embed it. Almost every format has a construct similar to a which allows vendors to embed metadata without affecting the rendering of the original file. For an example of this, open any PDF document made with Acrobat 6.0 or higher in a text editor and do a global search for “rdf”. most of the file will be giberish however you will see a metadata chunk within it.
The trick of not having metadata in your image file is to understand implicitly what the application vendor is doign when writing out the file. With digital photos, this also inlcuded cameras raw formats sometimes.
To illustrate this, here is an example:
http://www.adobe.com/products/xmp/main.html
Re: Re: Digital image redaction is so easy
So where did this metadata come from? Certainly not the digital camera used to take the picture since I don’t know of any cameras that capture this data to embed it. Is the implication here that the Post put this metadata in the picture when they captured it into their system?
Re: Re: Re: Digital image redaction is so easy
Moreover, where did the picture come from? If the guy who wants to remain anonymous gave it to the reporter, why did he not remove the metadata? And what sort of metadata? His name? Address? I have tons of digital camera JPGs and photoshop projects, but I didn’t put my name or any other personal info into the metadata generated by my camera. It’s not that I’m trying to remain anonymous, it’s just that I’m not that arrogant! This guy just wanted (more) attention. He intentionally added the metadata so there would be a story about it.
Re: Digital image redaction is so easy
If you’re using a recent version of Adobe Photoshop, when you save that jpeg you’ll find metadata (xml) added. MS does this to most office documents too the last time I checked.
Re: Digital image redaction is so easy
Cause it’s not point and click.
Guess he has the chance to do more before 9am than
Maybe he’ll get his dreams of the Army will come true now.
No Subject Given
Blaming the reporter for the image file is pointing the finger at the wrong department don’t you think?
Shouldn’t making sure that everything posted on the site is pristine and clean be the responsibility of the web / IT department?
nice one.
Worked out pretty nicely I think.
Leaving the metadata in and revealing an “anonymous source” had to happen to someone the first time. Fortunately it wasnt anyone that actually matters! So its win win.
One intenet scumbag (basically) identified, hopefully caught, in the very least pretty sh!t scared.
Reporters everywhere should be now wised up to the fact that you should remove the metadata.
Sweet.
No Subject Given
Right….
That first guy is clearing $7-10K/month and still lives with his parents in some hick nowhere town. This is a gullible reporter and a script kiddie with dillusions of grandeur.
Funny. All this talk about metadata and stuff… studied photography for the past 5 years, and not one word about it… interesting at a rate of $12000 a semester.
Neverming, I’m still trying to get rid of this metacrap, cuz I dont want anyone knowing anything, and saving as bmp then jpg or tif don’t work.
Metadata, et al,...
Hey there Nacho, the saving as an alternate file format DOES work. I just used it to post pics and them photos were clean of the stuff that appears in the photo headers from the memory stick, when removed from the camera, and placed directly into the card reader, and examined with ACDSee… Here one minute and gone the next.
…and Michael, the coward is right. If youre gonna be in the trade, you WILL need the knowledge and understanding to do your job PROPERLY.