Image Location and Privacy Scanner

Type: Passive Scan

Description

The image was found to contain embedded location information, such as GPS coordinates, or another privacy exposure, such as camera serial number. Depending on the context of the image in the website, this information may expose private details of the users of a site. For example, a site that allows users to upload profile pictures taken in the home may expose the home's address.

Solution

Before allowing images to be stored on the server and/or transmitted to the browser, strip out the embedded location information from image. This could mean removing all Exif data or just the GPS component. Other data, like serial numbers, should also be removed.

References

Code

Last updated: 2020-04-30 16:12:39.623Z