1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 EXIF Jpg Image Info Geo Privacy - Remove jpg geographic data

Discussion in 'XenForo Questions and Support' started by ProCom, Aug 18, 2013.

  1. ProCom

    ProCom Active Member

    As more and more phones w/cameras and cameras have GPS data added into images, the more privacy concerns arise.

    A lot of people have no idea that the specific location of the picture is stored inside the image (as well as camera information, etc.)

    I believe Facebook and many other services automatically strip out this info to protect users from themselves.

    Is there a way to have xF automatically strip out the information, especially geographic data, on upload?
    melbo and Digital Doctor like this.
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    You'll need an add-on, I do not believe its done.
  3. ProCom

    ProCom Active Member

  4. Jeremy

    Jeremy XenForo Moderator Staff Member

  5. Tracy Perry

    Tracy Perry Well-Known Member

    If so, it needs to be end user selectable. I have some plans on a photography forum I am setting up to have a gallery - and eventually work so that the photos will map to a Google Maps that will be user viewable.
  6. sonnb

    sonnb Well-Known Member

    They did not remove it actually (or we are not sure). You cannot see it because they serve you resized images which do not contains EXIF. You could check out Flickr, resized images do not contain EXIF but original images do.
  7. HWS

    HWS Well-Known Member

    We do this for a long tome now with jhead, since we see this as a serious privacy issue. We auto-orientate the image and strip the location data at the time of uploading automatically.

    You can just (for example) put that line of code to the correct location into the file library/XenForo/Upload.php:
    exec("/usr/bin/jhead -purejpg -di -autorot -q $this->_tempFile");
    Of course you need jhead installed at your server, so a VPS is minimum to allow you to do that.

    It is hard to make an add-on for that because it depends too much on what you have installed at your server and if "exec" is allowed in your php config.

    Autorotation for uploaded pictures should definitely be in the core. That can also be done with core php commands only, if ImageMagick PHP extension is installed. For this someone could make an add-on. But useres would have to switch Xenforo to "ImageMagick" to be able to use it.
    Last edited: Sep 25, 2013
    ProCom likes this.
  8. Tracy Perry

    Tracy Perry Well-Known Member

    OK.. any hint on where the command line needs to go in the PHP? I'm a neophyte (I know just enough to break something) to PHP.
  9. ProCom

    ProCom Active Member

    Wow, I totally agree that both auto-rotate and exif strip should be in the core.

    You mentioned the "correct location" in upload.php... where would that location be?
  10. ProCom

    ProCom Active Member

    BTW, until these are added to the core, I'd love to see an addon that would work with jhead, imagemagick, or whatever other options might be installed on a server.
  11. Tracy Perry

    Tracy Perry Well-Known Member

    @RobCom Try line 204 of the Upload.php. It worked there for me and did auto-rotation (just tested it). About to roll it out to my other 3 forums.
  12. HWS

    HWS Well-Known Member

    After some thinking, it is rather easy to strip location data out of an uploaded image and auto-orientate it.

    Just call this function and you are set. It will work with GD and ImageMagick, you just need to have the php exif extension in your php.

    function autoImageOrientation($file) {
      if (
    function_exists('exif_read_data')) {      // if exif read function exists (PHP was compiled with exif support)
    $exif exif_read_data($file);
    $exif && isset($exif['Orientation'])) {  // if file includes the exif orientation info
    $ori $exif['Orientation'];
    $img imagecreatefromjpeg($file);
    $ori != 1){                    // if there is any rotation necessary
    $d 0;
            switch (
    $ori) {
    $d 180;
    $d 270;
    $d 90;
            if (
    $d) {
    $img imagerotate($img$d0);   
    // then rewrite the rotated and exifless image back to the disk
    This function checks if your php has exif extension activated, if your image has exif data available and if the location data shows a need for rotation.

    After that it auto-rotates the image and because a new image gets written with imagecreatefromjpeg the exif location data will automatically get stripped out too.

    Just call this function with

    in a suitable location in the file library/XenForo/Upload.php

    I will add this code to suggestions also, maybe it can be adapted and included into XenForo core.
    Last edited: Sep 25, 2013
    cclaerhout likes this.
  13. Tracy Perry

    Tracy Perry Well-Known Member

    Only with options if they implement it. All I need it to do is auto-rotate (which I have jhead doing now). Need to keep the EXIF data for geo-location (probably will be useful in both the camera and astronomy forums I am starting) and I'm pretty sure that @Chris Deeming's gallery is going to support EXIF data for camera info (I think @sonnb's already does).
    Chris D likes this.
  14. HWS

    HWS Well-Known Member

    Both of them store the exif data in a database table at the time of upload (it does not make sense to read it from the file each time someone accesses it). You just have to make sure that this function will be called after that. But they need to handle the rebuilds differently since the stored images won't have any exif data available any more.

    However this is just a suggestion. If and how it gets implemented and how add-on developers will deal with it is out of my scope. ;-)

    But I still think that both auto-orientation and (with an admin switch to disable) exif location data strip should be in core.
    Tracy Perry likes this.
  15. Tracy Perry

    Tracy Perry Well-Known Member

    Exactly... I know that CopperMine Gallery has the ability to rebuild the EXIF data - and if it's stripped from the image then you have nothing to rebuild from. About the only time I could see that happening would be if for some weird reason the DB table got corrupted.
  16. sonnb

    sonnb Well-Known Member

    There are several cases EXIF in images could be used:
    - You do not have EXIF extension then later you want to install it, you might want to rebuild gallery to fetch exif data.
    - You import from a gallery to another, you might want to rebuild to read exif as each gallery has different way to work with exif.

    It only can be a risk if everyone can download your files with exif (like XenForo attachment system). It probably not if users have control who can download your files which contains EXIF data (like XenGallery offers with privacy for Original images).
  17. HWS

    HWS Well-Known Member

    We use sonnb's highly recommendable XenGallery together with the jhead solution above since some time now and it works perfectly. However the "rebuild with exif data" feature won't be working for us. If we ever switch to another gallery we'll find a custom solution to ex- and import the exif data from the database or any old photos won't have exif data in the new gallery.

    But speaking about the Xenforo core attachment system it is true that it currently does not auto-rotate images taken in portrait mode (and even worse has no feature that allows the user to rotate it afterwards). And it also let each user with access to the attachment read the included exif data with the location and date. With both of those informations you can really stalk any (otherwise anonymous) forum user.
  18. ProCom

    ProCom Active Member

    Great discussion everyone!

    My biggest worry is that the vast majority of my members don't know that their mobile phones are attaching their coordinates into the image they are uploading for public view. I cringe when I think of a case where:
    1. A member signs up with an obscure userID, free gmail account, etc. and is very cautious about their private info.
    2. They take a picture of a flower in their backyard with their iPhone and post it to my xF based site
    3. A year later they get into a big fight with another member who happens to be a crazy nut-job. We ban the nut-job, but that just makes them more crazy.
    4. The nut-job finds the picture and the geo-coordinates of the person's house and starts sending them threats to their address... or worse.
    It might be a 1 in 1,000,000 chance of happening, but if you multiply average members per forum and all the xF forums and users (which total more than millions of users), that means it will happen.

    I know some sites may want exif data, but we've never used it and never plan to use it, so the option in the admin panel to "Automatically strip exif on upload" option would be great!
    Digital Doctor likes this.
  19. Digital Doctor

    Digital Doctor Well-Known Member

    It's probably happened alot already.
    It's bound to happen again.
  20. AndyB

    AndyB Well-Known Member

Share This Page