this post was submitted on 28 Jun 2023
12 points (100.0% liked)

Lemmy

12524 readers
11 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

I used to manually remove for example the GPS location when using Reddit since I don't trust them. Does Lemmy or any Android client remove it by default?

top 8 comments
sorted by: hot top controversial new old
[–] Sal@mander.xyz 13 points 1 year ago* (last edited 1 year ago)

I have just tested by uploading/re-downloading an image, and the EXIF data is removed.

I then looked through the Lemmy issues and found this issue related to the image-uploading back-end (pict-rs) removing the EXIF data. In response to this issue, the developer of pict-res (asonix) comments that striping the EXIF data was one of the original motivations for building the uploader.

I am not sure about how to search through the source code of pict-rs, and it seems like this step is not properly documented in the readme file, so I have not been able to find exactly where the metadata removal operation takes place. I think that this is done by invoking 'exiftool'.

[–] Ultrawipf@discuss.tchncs.de 6 points 1 year ago (1 children)

Uploaded this test image in the comment with modified metadata (no gps tag but added software, date, vendor info as exif tags) and after downloading it does not contain any metadata anymore. So seems like at least that server does remove it?

[–] Salzkrebs@discuss.tchncs.de 3 points 1 year ago (2 children)

Thanks for your effort :) So it seems like you have to trust your instance?

[–] Ultrawipf@discuss.tchncs.de 4 points 1 year ago

Yeah probably. Seems like the image is not stored in its original form in this case but might depend on server settings and the image file. So as always private data like geo tags should be removed before uploading.

[–] tedvdb@feddit.nl 3 points 1 year ago (1 children)

Yes, but that's something anyway;

  • DM's are unencrypted and stored in the database.
  • If the instance owner decides to pull the plug it's all gone.

So by joining an instance you're putting trust in the owner of the instance either way.

[–] Salzkrebs@discuss.tchncs.de 1 points 1 year ago

But there is still a difference between the owner being able to take my public content offline and them knowing my private location. However, since my instance is non commercial and doesn't make any money by tracking it shouldn't be that bad to trust them on that.

[–] magmaus3@szmer.info 3 points 1 year ago

Most likely no.

It's better to remove such metadata manually if you care about it.

[–] Toribor@corndog.uk 1 points 1 year ago

I believe this has more to do with pict-rs than Lemmy (the image handling back end that Lemmy uses). I'm struggling to find specifics on this from my phone right now though.

load more comments
view more: next ›