Page MenuHomePhabricator
Create Task
Maniphest T218057

Determine workflow to selectively purge potentially privacy-sensitive EXIF fields, such as geocoordinates, from a Wikimedia Commons file
Open, Needs TriagePublic
Actions

Description

On another forum, a user reported the following chain of events:

  • Freely-license photo is found online
  • Photo includes EXIF data with GPS coordinates
  • User uploads it to Wikimedia Commons
  • A bot (presumably DschwenBot) extract the GPS from EXIF data and adds a {{Location}} tempalte
  • Such information allows to trace back the original author
  • Uploader removes {{Location}} template
  • Bot adds {{Location}} again
  • Uploader strips EXIF location data, using a third-party tool (“an app”) − unclear whether mobile, desktop, or web-based − and (presumably) reuploads
  • (Unclear whether the older version of the file was revision deleted by a sysop afterwards)

Reactions from other users on that forum seem to indicate that some tooling should solve this issue.

It is unclear to me whether the better workflow would be:

  • preventive − offering at upload time (presumably in UploadWizard − although it is unconfirmed whether this was the upload tool used in this particular case). The drawback of this is that UW is not the only upload method out there.
  • corrective − on an already uploaded file, a one-click "purge geoloc from EXIF" + reupload new version. This could easily be implemented as a web-based Toolforge tool.

As EXIF data is generally appreciated on Wikimedia Commons, it is likely that such a workflow would be considered as potentially open to abuse, this should be factored in the solution (eg access restrictions)

This task should be to determine which of these two workflows (or others I did not think of) is preferable. As this issue is not specific to Wikimedia Commons, it could be helpful to know how other popular image-uploading platforms (Flickr, Unsplash, 500px, etc.) tackle this issue (if at all).

Related Objects
Search...

Event Timeline

JeanFred created this task.Mar 11 2019, 7:45 PM
Restricted Application added a project: Multimedia. · View Herald TranscriptMar 11 2019, 7:45 PM
Restricted Application added subscribers: Liuxinyu970226, Aklapper. · View Herald Transcript
Gamaliel awarded a token.Mar 11 2019, 8:09 PM
Krenair subscribed.Mar 11 2019, 10:37 PM
Tgr subscribed.Mar 12 2019, 4:37 AM

See also T58612: Add map widget for coordinate selection.

Peachey88 subscribed.Mar 12 2019, 4:41 AM
JeanFred added a comment.Mar 12 2019, 8:17 AM

See also previous discussions in T60770: Expand location fields by default if EXIF metadata is present.

Ramsey-WMF added a subscriber: Keegan.Mar 14 2019, 6:50 PM
Ramsey-WMF added a subtask: T222675: Explore possibilities for users to remove/exclude geo data from EXIF on images.May 15 2019, 5:57 PM
Ramsey-WMF moved this task from Untriaged to Desired epics on the Multimedia board.
JeanFred mentioned this in T222675: Explore possibilities for users to remove/exclude geo data from EXIF on images.May 16 2019, 9:34 AM
Clpo13 subscribed.Jun 11 2019, 4:48 PM
Nemo_bis mentioned this in T223051: EXIF location data of image file not imported to MediaWiki File information (Upload with UploadWizard).Feb 6 2020, 10:56 AM
JFishback_WMF added a project: Privacy Engineering.Mar 9 2020, 11:22 PM
JFishback_WMF moved this task from Intake to Backlog on the Privacy board.
JFishback_WMF moved this task from Incoming to Backlog on the Privacy Engineering board.Mar 10 2020, 1:12 AM
JFishback_WMF moved this task from Backlog to Watching on the Privacy Engineering board.Apr 26 2021, 3:41 PM
JeanFred added a comment.Oct 27 2021, 8:05 AM

Cross-linking T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.

JeanFred mentioned this in T284941: [S] Add note explaining that EXIF geolocation metadata may be uploaded with Commons images.Oct 27 2021, 8:06 AM
Ahecht subscribed.Jan 31 2022, 6:32 PM
Peachey88 moved this task from Backlog to Metadata parsing on the MediaWiki-File-management board.Dec 31 2023, 8:17 AM
Don-vip awarded a token.Jan 29 2024, 9:07 PM
simon04 subscribed.Mon, Jun 24, 7:40 PM

Some preliminary notes regarding an implementation:

  • includes/media/JpegHandler.php swapICCProfile already implements invoking exiftool
  • exiftool supports removing all GPS tags via -gps:all= -- https://www.exiftool.org/geotag.html
  • to be figured out: how to invoke JpegHandler from UploadBase (there's also TransformationalImageHandler.doTransform, but it seems to be related to thumbnail generation)
simon04 awarded a token.Mon, Jun 24, 7:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL