The Security-Team recently completed an audit of the configuration file maintain-views.yaml, in order to explore whether wiki-replicas pose some privacy risks for the contributors supporting Wikimedia projects. As part of the conclusions, it is recommended that latitude and longitude of Commons images be redacted from replicas.
Some of the image files uploaded to commons include longitude and latitude coordinates in the metada, as per the result of the query below. This practice is well established among the Wikimedia commons community and has various applications. However, this may pose privacy risks for authors of images that are geolocated, as malign actors may deduce their likely location, if they happen to take a certain number of images from a specific area. While this may seem an edge case, the risks associated with that eventuality warrant some measures. Below is a SQL query disclosing the latitude and longitude of places volunteers have been, based on the geolocation information associated with an image they uploaded to Commons.
SELECT img_name, img_metadata, actor_name FROM image LEFT JOIN actor ON img_actor = actor_id LIMIT 100;