Removing meta data from images

Discussion in 'privacy problems' started by The Count, Sep 18, 2016.

  1. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    38
    Location:
    France
    Hi
    1. I would like to know how to remove my computer's name (meta data) from an image sitting in MS Paint.
    I have used Microsoft's inbuilt meta data removal tool called 'Remove Properties and Personal Information'

    To access 'Remove Properties and Personal Information':
    I right-clicked the image>properties>details>Remove Properties and Personal Information.
    Computer name still there though.

    2. Also wondering if its safe to 'right click copy images' from the web? in this case it was from Wikipedia.

    3. Suggestions for free 3rd party meta data removal tools welcome; needs to work with windows 8.1.

    Thanks in advance.
     
    Last edited: Sep 18, 2016
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    The go-to utility to start with is the fantastic, open source ExifTool by Phil Harvey.

    https://en.wikipedia.org/wiki/ExifTool

    There's a command line and GUI add-ons. Cross platform and runs on Windows. There are loads of examples on the site, including stripping metadata.

    Many image metadata manipulation programs are based on it, given that exif (and other metadata like IPTC, ICC, Lightroom/Photoshop and so on are such a dreadful mishmash).

    Regarding your question of whether it's "safe" to right click copy images from the web is concerned, the answer is no, not necessarily/completely. Depending on the program you use to view it or preview the image, there have been exploits for some of the popular ones e.g. Outlook. Depending on how much control you want, you can use Sandboxing (e.g. Sandboxie), or virtual machines.
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    Last edited: Sep 18, 2016
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Also, XnView will remove Metadata, & is free.

    Instead of downloading www images, just use a screen capture utility & save what you need. Then you can use for eg XnView to trim/crop & save only what you want.

    If you save in .PNG format, NO Metadata is recorded Anyway !
     
  5. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    38
    Location:
    France
    Download for this says up to windows 7 only, no mention of windows 8
     
    Last edited: Sep 18, 2016
  6. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    665
    Run it compatibility mode for 7.
     
  7. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    38
    Location:
    France
    Can I trust their site to download a virus free product from?
    I'm referring to:
    http://owl.phy.queensu.ca/~phil/exiftool/TagNames/MIE.html

    1. Well too late, as I downloaded it before I made the thread, however, yes, I would
    like to use SBIE to do it in the future. How would you recommend doing it with SBIE?

    2. Will deleting the image from my desktop after the fact ease my burden? I haven't uploaded it
    yet to the site insisted on my profile.

    3.Can anyone recommend a way to upload copied images from the web to use as your profile on sites, without
    having to download it to your computer first? i.e copy from website, download to your desktop,
    upload to other website that insisted on your picture profile. (Not referring to this site).

    Thanks in advance.
     
    Last edited: Sep 19, 2016
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    It is probably not something that has bearing on what OP wants to do, but: images can be "watermarked" in ways which are not easy to detect. None of the standard tools for metadata stripping would reliably remove this type of embedded information. If someone is interested they can search for "hidden watermark", "invisible watermark", etc. Similar techniques can be applied to audio, video, prints/copies, so forth.
     
  9. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    38
    Location:
    France
    What do you use to strip the watermark? Thanks.
     
  10. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I haven't had the need to apply and/or strip such watermarks. I've only read some articles, papers, etc because the subject relates to privacy. If you want to explore the subject, here is another way to start: https://en.wikipedia.org/wiki/Digital_watermarking.
     
  11. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    38
    Location:
    France
    is it safe to download from that German site?
     
  12. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    @The Count - You're using "safe" rather freely... If we could stick with practical precautions to reduce risk. I'm also a bit concerned that you are possibly - if I've understood at all - talking about multiple objectives here, one is protecting your system from incoming malware (good idea), the other is how to copy content indetectably (which may be illegal anyway). It always helps to be clear about the threats you are trying to protect against, and prioritise your response according to what matters to you.

    Downloads are always potentially suspect, the download site can be subverted, and it is easy for some actors to subvert with MiTM if not https.

    But the normal response to that is to verify the executable checksum/or check your download against services like virustotal. Any competent A/V product should also be trapping common malware. The good news with open source is that you are also free to compile it from source (provided of course your compiler hasn't been subverted!) - perhaps you see the rabbit hole problem.

    It is possible to run, and sometimes install and run, within an isolated Sandbox. Some Sandboxie features are only available in the paid-for version. It would be possible to run the exiftool within a sandbox, but the bigger application of the program is that you can run most applications in a Sandbox, so that web-pages (for browsers), documents (for editors), and image manipulation/viewing programs all run inside a sandbox. Therefore if there are exploits of these programs by content that you view or download, their effects are contained, they do not then contaminate the system. So for example, all my browsing, Office, Outlook, pdf viewer, Photoshop etc. are all sandboxed and restricted in various ways.

    Similarly, you can run all these applications on suspect content (anything from the internet!) from a virtual machine, which, even if compromised, can limit the damage, and normally allow reversion to a clean image.

    Sandboxing and virtualisation discussions are in a section below this privacy one, and many of the techniques are not privacy related, they're more about security and integrity. There are of course uses of them in compartmentalisation and privacy.

    The watermarking that thewindbringeth raises is a classic privacy problem, and depending on the watermarking, can be very difficult to remove - and may indicate copyright violation in any case. I'm sure you don't want to be doing this, after all there are many CC non-commercial sites, and affordable paid-for content.
     
  13. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    38
    Location:
    France
    How do you actually check to see if the site has been subverted before you download anything from them? How do you do that?

    Checksums have to do with the transmission process; am I right?

    Me? no way, ~ Off Topic Remarks Removed ~
     
    Last edited by a moderator: Sep 19, 2016
  14. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    38
    Location:
    France
  15. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,916
    Location:
    U.S.A.
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    First up, the focus on the exiftool site or downloads from this particular site (which by many standards I'd not consider to be high risk!) - seems somewhat misguided on its own. The checks and controls you would be doing for this site and downloads from it have to be a way of life for everything in order for them to be coherently protecting you. If you have not been adopting precautionary practices to date for things that run in your environment, the horse may well have already bolted.

    Ultimately, you cannot verify if something is subverted, what you might choose to do is "defence in depth" protecting you even if a download is undetected and dodgy; which means things like sandboxie and virtual machines, for example, which radically restrict the likelihood and damage of any malware. After all, you already have to do this (or bear the risk if you do not) because nominally "trustworthy" applications are often riddled with bugs which can be exploited by attackers anyway. IOW, trust no application is a reasonable motto!

    To check a particular download, your a/v will presumably already have scanned it. You can upload the file to virustotal.com, which checks it against a range of a/v engines, and provides an SHA256 hash which identifies the download unambiguously, and allows comparison with what other people have received as a download. You will also see MD5 and SHA1 hashes. A hash is a cryptographic calculation providing a restricted length result from an arbitrarily long input, which is deterministic in one-direction (you can calculate the hash from the original but not vice versa). The chances of two non-identical files producing the same hash are minute (SHA256 is stronger). You can also use local tools to calculate the hashes.

    https://en.wikipedia.org/wiki/Cryptographic_hash_function

    Virus total reports one a/v as failing the test for exiftool-10.26.zip, bkav, whereas all the other a/v engines pass it as OK. Funnily enough, the uncompressed content Exiftool(-k).exe passes (SHA-256081a587ec3e2287d221f75672951e541c16857e338e1a940821c8e7d680ec5da). You then have to decide what to do with that information. Personally, I run all kinds of things - including this - in sandboxie or a virtual machine with snapshot. The other aspect that assists is that, because this is open source software, you can choose to download (and check) the source manually, and compile it yourself.

    Copyright violation is actually remarkably hard to avoid if you "publish" in any sense, someone else's content (and sometimes even if it IS your own!). Whether you intend to do so or not is not material. Fair use can be a defence but is under constant assault (which favours the big gorillas). The presence of watermarking may reflect the producer's intent to assert copyright or detect breaches thereof. The other use of watermarking, is of course, relevant to privacy, that is to say, that it may be used to identify otherwise anonymous users. So, for example, if a user who has taken the trouble to go through Tor and VPNs downloads an image which has been specifically individually watermarked for that session, then any subsequent possession or publication of that image can de-anonomise the anonymous session. Of course, there are many other fingerprinting techniques that are being used.
     
  17. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    I'd never do this anyway, but wow. Interesting. Would this watermark be of some obfuscated means such as slight color variations of a few pixels?
     
  18. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    My understanding is that the watermarking uses very similar algorithms to steganography, implying that it is robust against local modifications (because the "message" is distributed throughout the bandwidth of the image). So no, local variations wouldn't damage the watermark because its error/noise correction would be robust up to a point. And the changes the watermark/steganography would make would be distributed throughout the spatial, brightness and color space of the image to maximise bandwidth and robustness. I guess if you were able to compare against the original image, what you'd see is the slight variation in color and brightness, but it would be anywhere in the image. Ideally, you'd be mimicking the natural sensor noise for example, and as long as you're not too greedy in terms of bits, there wouldn't be a significant deviation from random/normal scene variability.

    I also read that when directly applied to compressed media (such as jpg and mpg), steganography was detectable because it generated artefacts or characteristics of the image that were clearly not the product of the relevant codec. I don't know therefore it is possible to detect whether or not watermarking has been applied to an image (I'll read this up). Clearly, if the watermark is done prior to compression, then that will not result in the artefacts I mention, but the codec is effectively introducing more noise. But watermarking probably needs less bandwidth than steganography.
     
  19. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Thanks for your explanation, as I said, interesting. If you do come across anything else I'd look forward to reading it.
     
Loading...