Skip to main content
T
timbray
Participating Frequently
November 2, 2024
Question

P: Content Credentials leaks EXIF data compromising user privacy

  • November 2, 2024
  • 1 reply
  • 485 views

I export a photo, enabling Content Credentials attached to the export. If I then extract the thumbnail, it turns out to have hundreds of lines of EXIF data including at least the camera and time/date.  First of all, there's an issue as to whether that EXIF actually adds value, but more important, it's not hard to think of occasions where I might want to attach provenance to a photo but not disclose further details.  I regard this as a serious privacy vulnerability.

 

[moved from bugs to discussions according to the community rules - Mod.]

This topic has been closed for replies.

1 reply

R
Community Expert
richardplondonCommunity Expert
Community Expert
November 2, 2024

First, AFAIK Content Credentials does not control whether or not camera EXIF etc are included - for that, one would look to the Metadata section of the export settings. 

 

Second, are you saying that when certain EXIF has been  set to not be included, extracting the thumbnail from the exported file is still showing that EXIF nonetheless? If so, what file format are you exporting to?

    T
    timbrayAuthor
    Participating Frequently
    November 2, 2024

    Well, that was the right question. I exported twice, once with all metadata and once with copyright-only, and indeed the EXIF on the C2PA thumbnail is much reduced and omits the camera ID (but retains the date).  

     

    But I still have a couple of questions:

     

    1. Does Lr need separate EXIF-export-control options for the main picture and the C2PA thumbnail?  

     

    2. Is there a case for dramatically reducing the thumbnail EXIF in principle, to slim down C2PA overhead and generally be conservative on the privacy front?  This needs some thought about what the purpose of the thumbnail is in Content Credentials, and does it need hundreds of EXIF fields to achieve that purpose?

     

      T
      timbrayAuthor
      Participating Frequently
      November 3, 2024

      So I wondered "what is the intended purpose of the thumbnail claim?"  Basic Web searching doesn't turn up that much. 

       

      In https://c2pa.org/specifications/specifications/1.0/guidance/Guidance.html the references to the thumbnail refer to only use for visual reinforcement by humans. 

       

      In the official spec there's  https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#thumbnail_assertion which says "The data in a thumbnail assertion shall be the bits of a file (such as a raster image) in whatever format is desired by the claim generator." Hmm.

       

      Then in https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#thumbnail_assertion there's "it may be useful to also include a thumbnail of the ingredient to help establish the state of the ingredient at the time of import." Well, the EXIF data is part of the state. But I'm having a really hard time seeing how most of the hundreds of EXIF fields would be of any use. 

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices