• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

P: Content Credentials leaks EXIF data compromising user privacy

Community Beginner ,
Nov 01, 2024 Nov 01, 2024

Copy link to clipboard

Copied

I export a photo, enabling Content Credentials attached to the export. If I then extract the thumbnail, it turns out to have hundreds of lines of EXIF data including at least the camera and time/date.  First of all, there's an issue as to whether that EXIF actually adds value, but more important, it's not hard to think of occasions where I might want to attach provenance to a photo but not disclose further details.  I regard this as a serious privacy vulnerability.

 

[moved from bugs to discussions according to the community rules - Mod.]

TOPICS
macOS , Windows

Views

203

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 02, 2024 Nov 02, 2024

Copy link to clipboard

Copied

First, AFAIK Content Credentials does not control whether or not camera EXIF etc are included - for that, one would look to the Metadata section of the export settings. 

 

richardplondon_0-1730537800046.png

Second, are you saying that when certain EXIF has been  set to not be included, extracting the thumbnail from the exported file is still showing that EXIF nonetheless? If so, what file format are you exporting to?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Nov 02, 2024 Nov 02, 2024

Copy link to clipboard

Copied

Well, that was the right question. I exported twice, once with all metadata and once with copyright-only, and indeed the EXIF on the C2PA thumbnail is much reduced and omits the camera ID (but retains the date).  

 

But I still have a couple of questions:

 

1. Does Lr need separate EXIF-export-control options for the main picture and the C2PA thumbnail?  

 

2. Is there a case for dramatically reducing the thumbnail EXIF in principle, to slim down C2PA overhead and generally be conservative on the privacy front?  This needs some thought about what the purpose of the thumbnail is in Content Credentials, and does it need hundreds of EXIF fields to achieve that purpose?

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Nov 03, 2024 Nov 03, 2024

Copy link to clipboard

Copied

So I wondered "what is the intended purpose of the thumbnail claim?"  Basic Web searching doesn't turn up that much. 

 

In https://c2pa.org/specifications/specifications/1.0/guidance/Guidance.html the references to the thumbnail refer to only use for visual reinforcement by humans. 

 

In the official spec there's  https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#thumbnail_assertion...which says "The data in a thumbnail assertion shall be the bits of a file (such as a raster image) in whatever format is desired by the claim generator." Hmm.

 

Then in https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#thumbnail_assertion there's "it may be useful to also include a thumbnail of the ingredient to help establish the state of the ingredient at the time of import." Well, the EXIF data is part of the state. But I'm having a really hard time seeing how most of the hundreds of EXIF fields would be of any use. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 03, 2024 Nov 03, 2024

Copy link to clipboard

Copied

I just skimmed the current C2PA spec for the first time:

https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html

 

and searching for "thumbnail", it doesn't appear to provide any requirements or guidance on thumbnail metadata. It appears to be entirely up to the application that's attaching the credentials, that is, up to Adobe to decide what they're trying to accomplish, as you clearly explained in your questions.

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 11, 2024 Nov 11, 2024

Copy link to clipboard

Copied

LATEST

Hi Tim, your research on the spec and purpose of the thumbnail assertion is spot on. I don't believe there is a compelling case for preserving EXIF in thumnails except that it's generally good practice to _not_ remove metadata that a user may have included by design. That said, the thumbnail assertion is for visual reference.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines