Skip to:

Removing private EXIF metadata from photos

  • flimm


    Users upload photos of themselves. I would like BuddyPress to remove private EXIF metadata from these photos, in particular, GPS locations. I believe this matches the expectation of the users, as many other websites do this:

    • Facebook
    • Twitter
    • Imgur
    • Instagram
    • Slack
    • etc.

    The one exception to this is that the orientation EXIF metadata needs to be preserved, in order to display photos the right way up.

    WordPress does not strip EXIF metadata. Even in the strip_meta function in the file class-wp-image-editor-imagick.php , it has code that deliberately keeps the EXIF metadata in the file.

    The fact that BuddyPress and/or WordPress leaks the location of the user at the time that the photo was taken could be considered a security vulnerability.

  • You must be logged in to reply to this topic.
Skip to toolbar