Don't Forget To Hide The Metadata When Protecting Your Sources

from the finding-deep.throat dept

Yesterday, we pointed to a Washington Post article about botnets. The article was definitely a fascinating read, helped along by the story, weaved throughout the article, of one young botnet herder, who remained nameless (other than an online handle). Part of the agreement he apparently made with the Washington Post was that his small town not be identified either. The article contains a few random details which could apply to just any number of small towns throughout the country — so they seemed safe enough. However, there was also a tightly cropped photo designed to not really give away any info in the image. Unfortunately, as many people have learned, there’s more than meets the eye when it comes to data associated with digital files, and it didn’t take long for some Slashdot readers to take a gander at the photo’s metadata, and work out the probable location of the young man. Some are wondering if the Washington Post (who famously kept Deep Throat’s identity secret for three decades) may now face some sort of liability should the individual actually be revealed through this bit of metadata sleuthing.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Don't Forget To Hide The Metadata When Protecting Your Sources”

Subscribe: RSS Leave a comment
Kenny says:

Little or no effort, huh?

From an article at “He and his hacker friends are part of a generation raised on the Internet, where everything from software to digital music to a reliable income can be had at little cost or effort”

That’s pretty offensive, I think. Little or no effort for a reliable income. Perhaps this writer should spend a day developing web applications for technophobic clients who take their time with check writing.

Then tell me it’s no effort. Bah.

My two bits. 01

Anonymous Coward says:

Digital image redaction is so easy

Take the picture in lossless mode. Export the image (RAW, TIFF, DNG, whatever) to BMP. All metadata is thus stripped away, as BMP doesn’t support any. Now save as JPEG. Before that, you can add any metadata you like–but this time it’s all yours, nothing unwanted.

I can’t understand why people of the trade (reporters, such as the one from Washington Post who bungled the whole thing, and others where secrecy is needed) don’t know this stuff.

Michael says:

Re: Digital image redaction is so easy

Congratulations, Coward. You’re an arrogant prick with a desperate need for affirmation and acceptance.

What do you want us to say? Ooooh, you know what the reporter didn’t. You even spelled it out step by step to make sure that we’re adequately impressed. You even took extra special care to make sure that we all know you regard anyone who doesn’t know as an idiot, because anyone who doesn’t live up to your level of expertise is an ignorant fool not worthy of employment, let alone a position in the ranks of humanity.

I apologize if I was excessive. I don’t want to misconstrue your words… I know I should be able to exactly discern your mental state and berate you properly, but sometimes we inferior can’t see things with the same clarity and insight as you.

Post useful comments and leave the mental-masturbation to your diary.

Mike says:

Re: Re: Digital image redaction is so easy


An electronic mail message, Usenet posting or other (electronic) communication which is intentionally incorrect, but not overtly controversial (compare flame bait), or the act of sending such a message. Trolling aims to elicit an emotional reaction from those with a hair-trigger on the reply key. A really subtle troll makes some people lose their minds.

Taken from and remember, don’t feed the Troll.
While this particular post is not incorrect, I believe it still fits the definition of a troll in that it aimed to elicit an emotional response (and succeeded).

JJ says:

Re: Re: Digital image redaction is so easy

Being a bit harsh are we? Just be sure when you call someone else an “arrogant prick” you don’t come off as one yourself. 😉
Back on topic. OK, sure the average person doesn’t know (or care) about image metadata. However, reporters are responsible for maintaning their contacts anonymity. They really should be better informed to remove this kind of potentially damaging information from their files.

paperchick says:

Re: Re: Re: Digital image redaction is so easy

y’all have never worked at a paper, have you? the reporter, while responsible for keeping his/her source secure, doesn’t drop the images on the page — that’s the work of the editors and photo guys who do the actual page layout. so why would the reporter be responsible for that? hell, most of them are doing good to use a computer, much less understand one.
sheesh, people. think.

Jason says:

Re: Re: Digital image redaction is so easy

What the heck, man? He’s just giving advice on how to remove the metadata. His post isn’t intended as flamebait. He’s noting something that I found quite interesting, and I’m appalled that you would attack him for writing it. You need to calm down for a bit before posting next time. Besides, everyone knows that the average reporter is about as bright as a broken light bulb when it comes to any sort of technology. Let alone the idea that they should strip out metadata. Not everyone knows about metadata.

Adam says:

Re: Re: Digital image redaction is so easy

Michael there was no need for that kind of response. I did not know how to strip the meta data, and now I do from reading his comment. Why you felt compelled to assault his comment as nothing more than a selfish ego boost is beyond me. You claim he should only post “useful comments and leave the metal-masturbation to your diary” when infact HE posted useful information for me, and YOU posted a full thought out piece of useless complaining that was a complete waste of MY time to read.

Perhaps you should re-read what you wrote then look at the nearest mirror instead.

Doesn't sound Like He's the prick here. says:

Re: Re: Digital image redaction is so easy

Jez, little harsh eh? Coward pointed out that they were not very carefull in posting there “secure” picture.Maybe his point is none of us are as smart as we think, or perhaps its, even reporters should do there home work before claiming someone will remain anonymous by using a bit of fuzz on a photo… either way, I dont think starting a flame war on tech dirt will solve much.

Anonymous Coward says:

Re: Re: Digital image redaction is so easy

“You’re an arrogant prick with a desperate need for affirmation and acceptance.”

For a moment I thought of telling you were on the right track, there’s plenty money to be made from pop-psych. But then I thought to myself, “oh wait, no, the pop-psych field is now fully saturated.” You’ll have to find another way to get rich, matchstickdick.

“Post useful comments and leave the mental-masturbation to your diary.”

Which of the comments offers the useful knowledge of how to defend your anonymity, and which of them merely tells people about the emotional insecurity of a frustrated web addict, which they don’t give a flying rat’s ass about?

Back atcha your entire post. 😀

Duane Nickull (user link) says:

Re: Digital image redaction is so easy

Actually – the fle format itself is not responsible for including or excluding the metadata. Applications embed it. Almost every format has a construct similar to a which allows vendors to embed metadata without affecting the rendering of the original file. For an example of this, open any PDF document made with Acrobat 6.0 or higher in a text editor and do a global search for “rdf”. most of the file will be giberish however you will see a metadata chunk within it.

The trick of not having metadata in your image file is to understand implicitly what the application vendor is doign when writing out the file. With digital photos, this also inlcuded cameras raw formats sometimes.

To illustrate this, here is an example:

Russ says:

Re: Re: Digital image redaction is so easy

So where did this metadata come from? Certainly not the digital camera used to take the picture since I don’t know of any cameras that capture this data to embed it. Is the implication here that the Post put this metadata in the picture when they captured it into their system?

dfg says:

Re: Re: Re: Digital image redaction is so easy

Moreover, where did the picture come from? If the guy who wants to remain anonymous gave it to the reporter, why did he not remove the metadata? And what sort of metadata? His name? Address? I have tons of digital camera JPGs and photoshop projects, but I didn’t put my name or any other personal info into the metadata generated by my camera. It’s not that I’m trying to remain anonymous, it’s just that I’m not that arrogant! This guy just wanted (more) attention. He intentionally added the metadata so there would be a story about it.

z0idberg says:

nice one.

Worked out pretty nicely I think.

Leaving the metadata in and revealing an “anonymous source” had to happen to someone the first time. Fortunately it wasnt anyone that actually matters! So its win win.

One intenet scumbag (basically) identified, hopefully caught, in the very least pretty sh!t scared.

Reporters everywhere should be now wised up to the fact that you should remove the metadata.


Betageek says:

Metadata, et al,...

Hey there Nacho, the saving as an alternate file format DOES work. I just used it to post pics and them photos were clean of the stuff that appears in the photo headers from the memory stick, when removed from the camera, and placed directly into the card reader, and examined with ACDSee… Here one minute and gone the next.

…and Michael, the coward is right. If youre gonna be in the trade, you WILL need the knowledge and understanding to do your job PROPERLY.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...