image – How can people be expected to know about security/privacy issues that are actively silenced or never talked about?

I grew up with computers. I had no life as a kid, and none today. In many ways, I’m a stereotype. I’m now eerily rapidly approaching 40.

Yet it was only in the last 5-7 years or so that I started to understand that all kinds of image and video files, which any sane (or naive?) person would never suspect contains any additional data besides what you can see and hear, actually contain a wealth of personal information.

I’m not “just” talking about the GPS coordinates stuff (which is still so insane to me that I barely believe it), or the tons of unnecessary information that the digicams bake into the file about the camera and its settings, which are not in any way required to display the image file (and could be used to “fingerprint” and thus identify your other photos uploaded anywhere on the Internet, with nothing else connecting them).

There’s also additional layers of madness. I’ve seen Photoshop and other Adobe and non-Adobe applications bake in my PROJECT FILE OBJECT NAMES, LAYER LABELS, FULL LOCAL FILE PATHS, OS USERNAME, etc.

Once I realized this, which was a sheer coincidence, I literally fell back in my chair, thinking about all the times I have uploaded some “quick screenshot” or “doodle” to link people to in public, on IRC and elsewhere. And all those MP4 videos “exported” by Premiere Pro. Yeah… Whoever opened those and studied them could just read my full real name and inspect what I named my layers and objects and tracks and files, and where they were located on my machine. For example, I found this string in the metadata for an MP4 video which I had distributed:

J:video editingMy Full Real NameInternal Project NameFurther Personally Revealing Stringsoriginal file name which was not the same as the one I wanted to distribute.mp4

It’s not an exaggeration to say that I feel violated. No matter how “stupid” I was for not knowing about this, the fact remains that I did not. And I was supposed to be some kind of “computer nerd”. “Normal” people definitely have no idea about this. And I find it exhausting to even try to educate them about it; they just call me “tinfoil hat” or “proper mental” or similar.

And then I read some smug commentator saying things like:

Can you believe it? They didn’t even scrub their user-uploaded images from metadata! What amateurs! Hahahaha!

Of course, if I were making a service now where people could upload images, I would naturally be using some kind of command-line tool to automate the “scrubbing” of their files to protect them, most likely ExifTool (which is still far from perfect). But that’s only because I know about this. My past self, and most people, just do not. How would they?

I seriously ask you: How would they know? I’m suffocated by “noise” constantly, with 99.99% of it being utter nonsense. Finding that 0.01% of actual “real info” is a massive challenge, and you will never hear this being casually brought up. Not even among geeks. They seem to be in denial, or not want to hear about it, except for a very small number of “hackers” (lacking a better term).