Better info on privacy during registration

I suggest that during the registration phase there should be much better information on the privacy concerns around the media (picture and video) you submit. Please keep in mind this is from my impression of how the system works, and please do correct me if I am wrong.

There are a lot of rules to follow to make sure that you successfully register without being challenged. What I found no mention of is how the media you submit is submitted directly, without any processing, onto IPFS (this is where you correct me if I am wrong).

Now, you might say the user got what he wanted. Sure. But was he aware that he might have submitted lat/lng essentially pinning him to his address? I feel that either metadata should be stripped, OR, perhaps more likely, it should be a point of the description that alerts people to the dangers that might lie in the metadata. Also the filename remains unmodified and can be viewed by anyone.

I’ll just list some info:

  • Image and photo filenames (custom renames might reveal personal info)
  • Geographic location (probably the biggest no-no. Might pin you to your home address)
  • Date and time (exact time of shooting the media)
  • Phone model (likely to be included, but probably not that much of an issue)

Looking forward to your feedback.

3 Likes

Hey Struck,

We are well aware of this as a community. We haven’t had much activity on the UI lately, mainly critical bugs in regards to the functionality of the protocol are fixed, and there’s an issue on github for the issue you mentioned: https://github.com/Proof-Of-Humanity/proof-of-humanity-web/issues/295

I agree that a disclaimer on the UI about the video metadata is a good idea, until removing the metadata is figured out.

I’m not a dev, so I ask you and the community if you think it’s trivial to implement a safe metadata scrubber. It’s critical that it do not alter the file in any other way, not to make a previously fine video become broken - for example, it should not alter anything regards orientation.

If it is trivial, who would like to volunteer to code it?

1 Like

Hi, I glad someone else noticed the possible pitfalls of having this issue around. I downloaded 1/3 of the whole registry’s profile pictures, and I was very easily able to construct a map of some of the locations on where the pictures were taken. I am not mentioning the extension of this issue but it is big and it deserves a huge attention. I jittered the exact location of the images just not to fully reveal precise location.

@clesaege do you still consider the GitHub issue as “Low Priority”?

Here are some libraries that could be useful for removing exif info client-side:

Edit: One important detail. I did not cross-reference the picture information with the corresponding profiles, so I do not actually know to which profile each picture belongs.

2 Likes