The Insecurity of Photo Cropping

The Intercept has a long article on the insecurity of photo cropping:

One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the file’s creators or editors. Official instruction manuals, help pages, and promotional materials may mention that cropping is reversible, but this documentation at times fails to note that these operations are reversible by any viewers of a given image or document.

[…]

Uncropped versions of images can be preserved not just in Office apps, but also in a file’s own metadata. A photograph taken with a modern digital camera contains all types of metadata. Many image files record text-based metadata such as the camera make and model or the GPS coordinates at which the image was captured. Some photos also include binary data such as a thumbnail version of the original photo that may persist in the file’s metadata even after the photo has been edited in an image editor.

Tags: , , ,

Posted on February 21, 2023 at 7:14 AM23 Comments

Comments

Winter February 21, 2023 7:48 AM

I try to solve these problems by converting (exporting) “cropped” photographs to .PNG. But I must admit that I do not know how, or even if, this would affect the metadata.

Peter A. February 21, 2023 7:55 AM

It’s not the insecurity of photo cropping per se, it’s the insecurity of photo cropping apps – and the fact that the version of the image before cropping may make its way to unintended audience. One needs to be careful when erasing Mr. Jezhov from a photo…

Uthor February 21, 2023 8:28 AM

I was wondering if exporting a Word document to PDF gets rid of this data. But I also assume that it would add some metadata that you wouldn’t want in there.

David Rudling February 21, 2023 8:51 AM

There are products such as exiferaser which claim to strip this unwanted data from a digital camera image but I don’t know how effective they are.

JonKnowsNothing February 21, 2023 11:43 AM

@ALL

iirc(badly) iPhone edits also create a shadow file. When you DL to Windows you can see them and delete them. They contain the sequence of edits.

iirc(badly) There was some info that Screen Shot tools also contain some traceable elements of the original besides the selected image. It was not safe to rely on Screen Shots to remove the EXIF data information.

iirc(badly) Marcy Wheeler (emptywheel. net) has had some experience deciphering pdfs of legal documents. That is not a safe conversion either.

Even if you manage to crop the image and remove the tracks, there is the subject of the image. There are now more reports of using the image itself to determine the original.

The NSA+Google have a massive full web scrap project to replace Exif data and add geotags on any image that does not have them.

Canadian Wild Life Rangers used terrain ID and GPS extrapolation to determine the precise spot where a US Hunter poached a trophy animal inside Canada shooting across the US-Canadian border. The US Hunter tried to hide his poaching by doing a tight crop of the Trophy Pose image. (1)

A curious aspect:

  • The US hunter shooting across the border and killing a trophy animal was fined and given a No Hunt In Canada sentence.
  • The USA Border Patrol gets no penalties at all for shooting across the border into Mexico and killing people there. The US Border Patrol doesn’t hide anything at all. It’s on video and celebrated by the department.

===

1) There are specialty field cameras called Trail Cameras. Very popular with wild life scientists as well as hunters. The cameras can be placed anywhere and record still or video both in Daylight and Nighttime, No Flash (red eye). They run on batteries and can last in the field a long time. The upper end models have built in uploading to the cloud, on demand, RT. Some of the apps analyze the hundreds of images pulling out specified ones of interest: deer, wolf, bear, bumblebee etc. They use the data to ID time of day, path of travel, seasonal migration. Lots more.

You do not have to upload the data, it can be stored on a SD card and you can parse the data yourself. The main difficulty in self parsing is: you get thousands of images of waving leaves, grass and branches and a few snaps of something worth looking at like a skunk.

It’s like a RING camera in concept except portable.

april February 21, 2023 11:50 AM

Winter,

I try to solve these problems by converting (exporting) “cropped” photographs to .PNG. But I must admit that I do not know how, or even if, this would affect the metadata.

It depends on the program. PNG supports metadata, and a program may try to be “helpful” and copy it from the original image. Be sure to review the available settings of the export process. Or just take a screenshot of the original image (preferably with the viewer and “saver” being separate programs) and export that; it’s unlikely many programmers would go to the trouble of writing code to grab metadata from the program(s) being screenshotted.

If you’re really concerned, make a specific effort to clean the metadata. Programs including pngcrush, jpegtran, and exiftran can do it, but there are also dedicated programs such as “Metadata anonymisation toolkit v2” (packaged as “mat2” in Debian and pre-installed in TAILS) that don’t require you to know anything about the format.

(And when removing metadata from JPEGs, make sure the final image opens with correct orientation. It might not if you’ve stripped the rotation metadata; but then again, an unprocessed direct-from-camera JPEG will effectively reveal an image-sensor fingerprint, so you should be scaling down at least and can rotate it in the process. If paranoid, don’t use a camera whose pictures have ever been linked to you.)

John February 21, 2023 12:06 PM

Oh my, you mean that this Red Dwarf Scene is approaching reality? Of course, I’m speaking tongue in cheek, but I find it funny that at least one aspect of this spoof is becoming true due to the incompetence of some people.

lurker February 21, 2023 1:01 PM

Subhead to article:

Cropping tools like those in Google Docs allow viewers to see the full, original images.

End of article’s first para:

Among the suites that include the ability are Google Workspace, Microsoft Office, and Adobe Acrobat.

Oh dear. Usual suspects. And those who edit pictures on online/cloud apps get more than they asked for.

Find in page: gimp : 0 results

Find in page: exif : 1 result:

… tools such as ExifTool and Dangerzone.

The gimp has in its Preferences > Export > Export the image’s [color profile | Exif | XMP | IPTC ] metadata.
The gimp saves in its own file format complete with edit history. To get a JPG|PNG|BMP|&c. requires Export as … which brings up a box with options, including the metadata options. If clicking Export with the same file name you will be asked “Overwrite original?” One day I must check what remains after this “overwriting”.

Nameless Cow February 21, 2023 6:06 PM

@Ess

Photos can be uncropped even without all these metadata tricks and application bugs.

That is not uncropping. That’s more like a form of non-deterministic extrapolation. Imagine you have a cropped picture where, just outside the cropping window, there was a poster with text on it. Your outpainting algorithm is not going to recover the text, even though it can fill the space with something that doesn’t look out of place to a human.

lurker February 21, 2023 6:15 PM

@Ess

Ouch, that would be worse. An AI guessing what might have been in the cropped area. It won’t stand up in court.

Ted February 21, 2023 6:17 PM

Nikita Mazurov, the author of the article, gave a 2017 Black Hat talk on Digital Image Counter-Forensics.

I don’t recall him talking about photo cropping in this talk, but he does review many elements of image security, including tools for viewing and deleting a photo’s metadata. For In-browser: Exif Viewer and Stand-alone: ExifTool.

There are links to both tools in his slides. I really think I’d have fun playing around with those.

Rj February 21, 2023 11:15 PM

I would think that if you display the image on your screen, and then do a screen capture, such as a grab with xv, then you would be only capturing a rectangle of pixels. That should get rid of an attached metadate, but … what about steganographic watermarking? If done holographically, you would not be able to get rid of the incriminating watermark! You would need to know the encoding technique to defeat it, since it would be redundantly dispersed throughout the raster in an otherwise impercievable manner.

Matt February 22, 2023 3:00 AM

I don’t know about Google docs, but in LibreOffice the Crop UI makes it pretty obvious that you are specifying a window into the image. At no point did I ever think this was a destructive operation. In fact it’s extremely common that I crop an image, then look at the page view and then adjust the crop window again. The security issue here has nothing to do with cropping but with stupid users assuming that you can safely share a document if you just check a box that says “read only”. This issue is ancient. People have been passing on “read only” Office documents forever and were surprised that recipients could edit them. This is the same issue as when redactions are performed by overlaying black boxes over text before passing on a document. Back in the days when white correction fluid was used to cover up typos on typewritten texts, I don’t think anyone would have considered it worth mentioning that the recipient can scratch off the white stuff and see what’s underneath. There were probably stupid people back then who used this for redactions and got bitten but everyone else realized that was just a case of a stupid user.

FLOWRI~1 February 22, 2023 6:40 AM

This behaviour is intentional and works as it should, since forever. Layout programs do this all the time. These pictures/texts are then transferred to printing plates (or directly to paper nowadays) and only then does the real cropping take place.

Acrobat was intended to view this data. Therefore, it looks cropped, as it would on the final print. But of course the data is there.

Microsoft and Google just implement this. For once even correctly.

april February 22, 2023 9:33 AM

FLOWRI~1,

and works as it should, since forever

Shouldn’t user expectations have some bearing on how software “should” work? If they’re surprised, it’s at least a sign that user interfaces need improvement. I’m not sure what you mean by “since forever” or what bearing that would have on it; bad design is bad design, whether it’s new or not.

There’s good reason to want some tools to be capable of preserving cropped parts of images. Doing it by default, with no indication to users (in cropping or viewing tools), is the problem. Many of the programs being talked about are not meant, by their developers or users, to be used with printing presses anyway.

c1ue February 22, 2023 10:04 AM

The Intercept article is very poorly written and sourced.
The only impact of following the Intercept articles’ recommendations is to keep the most dumb and technologically incapable of finding the source.
This is because the article focuses on metadata and/or full image access despite only a “crop” being desired; this is a very narrow and ultimately stupid emphasis.
If you are a whistleblower, it doesn’t actually matter that you display only a “crop” of a full image. Even if all metadata were removed – the image portion itself is easily discoverable via all manner of security tools reviewing an image database or OCR pulling text out of a crop and comparing against the text of a file set.
Then the result is a matching of all people who accessed/possessed said original data file followed by straightforward investigation.

fib February 23, 2023 3:24 PM

but this documentation at times fails to note that these operations are reversible by any viewers of a given image or document.

It’s a little surreal that people handling sensitive information have to be reminded of that [when using a smartphone!] :O)

Living and learning…

Oshner February 23, 2023 7:21 PM

As many others have said, there are numerous robust tools for stripping metadata from files. One thing that I didn’t see mentioned is that when raw files are edited in lightroom or Camera Raw, the edits are non-destructive. Your edits including crops are shown on screen but those edits are stored in a sidecar .xmp file. If you were to send a, for instance, DNG file, to keep it easy, without the .xmp it would open with none of your edits. Even if you did include the sidecar the recipient could easily view the image in its unedited form.

K February 24, 2023 4:00 PM

Lots of talk of metadata and extrapolation here.
Some applications actually keep a full copy of the original resolution in the file.

A certain “Geek goddess” (who I won’t name) on one of the Revision3 shows (IIRC) back around 2001 or so posted a cropped headshot pic without realizing that her posted image included a full topless image of her leaning back in a lounge chair (the rest of the shot). I think it was PNG, but I’m not positive. Whatever the format, it allowed for multiple resolutions of an image in the same file, but the editor only edited the selected one and left the rest as originals.

Even someone with heavy tech experience was shocked to learn this lesson (the hard way).

Oshner February 25, 2023 6:59 PM

@jonknows…

Good point on the trail cams. I believe that some models are now equipped with cellular, so if there is coverage, it will send you pictures very much like a ring cam.

https://www.out doorlife.com/gear/best-cellular-trail-cameras/

Adlai March 16, 2023 1:07 PM

saddening, and maddening, that folks still rely on visuals for life-threatening tooling. the windage knob does not crop.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.