Motion JPEG is hazardous

I just thought I should point this out. Sorry if it’s already been discussed, but I can’t seem to find anything on it in this forum.

One of the most insidious “features” of recent smart phones is motion JPEG. As I understand it, this means that when you take a “photo”, you’re actually taking a video with a single sync frame masquerading as that photo, with animation data (compressed motion differences, essentially) appended beyond it. Users unaware of this may end up posting the motion JPEG to a photo website, unaware that compromising video is visible after the end of the sync frame. Perhaps there will be some social media need to support this as an “essential” feature in the future, but in any event, it would be a catastrophic mistake to enable such behavior by default. (This isn’t a comment on L5. It’s merely intended as a warning.)

Related: I love this old idea of field-granular opt-in EXIF headers for JPEG images, which looks as though it might have been forgotten:

https://forums.puri.sm/t/feature-request-can-we-have-a-disable-geotagging-exif-data-setting-for-the-camera

I guess pixel dimensions are mandatory, but everything else (other than maybe gravitational orientation) should be disabled by default, or at least capable of being disabled.

2 Likes

It’s indeed good to have it opt in. MAT (Metadata Anonymizing Toolkit) is the second option (but not the better one).

1 Like

I’m with you that such a “feature” is superfluous and wasting of space. But, how posting a short movie of 1-2 secs is more dangerous as a still photo? Can you please construct an “use case” of such danger? Thanks

For the sake of technical correctness, in MJPEG there are no motion differences stored anywhere. It’s essentially a new JPEG file for each frame. Did you use the wrong name?

1 Like

I have no problem with opt in or opt out - Linux is all about choice - but I would prefer that this gets solved at the upload stage i.e. your browser could be configured regarding its behavior when uploading a JPEG to a web site and choices could include

  • exceptional behavior for specified web sites (e.g. in case you have private web sites where you want unmodified JPEG files but you otherwise want to strip metadata by default)
  • always strip metadata (in the spirit of Purism this should be the default)
  • leave metadata ‘as is’

In the meantime, take a copy of the JPEG and

exiv2 delete copy-of-your-image.jpeg

1 Like

in PureOS exiv2 is not installed by default but after sudo apt install exiv2 the man command reveals that no EXR (for 32bit depth) format is supported (luckily TIFF is there)… the examples at the end are highly appreciated

2 Likes

Random scary thought: I wonder how many video formats out there suffer from the same gratuitous use of metadata.

I learned this the hard way. Imagine that you’re taking a photo of your laptop screen, but unbeknownst to you, you’re actually taking a video a few seconds long. You think nothing of panning away from the laptop after you snap the shot. Then you post it to social media. Later, someone finds the view from your apartment encoded after you panned away. A few landmarks would be sufficient to geolocate you (even if we assume that GPS tagging has been disabled). More realistically, perhaps there’s a serial number or name visible just slightly off frame, which you inadvertently pan across after you take the “photo”.

Thanks for catching that. I stand corrected. My advice is unchanged.

Thanks! I had no idea this was so easy. At least the experts among us now know how to strip the metadata. (We just need to make sure it’s absent by default.) The following command should work from the current folder all the way down (but maybe back up first in case something goes wrong):

find . -name “*.jpg” | xargs -I % exiv2 delete %

(Repeat for “JPG”, “jpeg”, and “JPEG”.)

I wish my browser did this! It ensures that even your old JPEGs from other cameras get stripped upon upload. We still need to control the source, though, so that no metadata is encoded by default (in case someone uploads a bunch of JPEGs in a compressed archive that would bypass your upload filter).

The “pan away” hazard mentioned above will only grow with time. There are vast databases which map interior photos to street addresses. (There’s this top secret project called “Zillow” :rofl:.) Same goes for hotel rooms with unique wall paper, plaster patterns, and paintings. Within 10 years, the data coverage might be sufficiently extensive in China that 1000 pixels of interior wall could leak a photo’s location. It’s just too easy to do with convolutional neural networks and a little perspective correction. The hard part is sending the photographers to every address in the country, so more productive facilities like hotels will likely be digitized first.

I would assume: basically all of them.

I would strongly advise caution - since the metadata is removed from the file in situ i.e. if you are working on a whole folder then that folder needs to be a copy of the real folder unless it is actually your intention to lose all metadata.

In other words, there may be a fundamental difference between what you want and what I want. What I want is that metadata is collected and preserved and is available for my use, and even available to someone else if I choose to share the metadata with that other person - but I don’t ever want to share the metadata on social media.

For the record, use find -iname ... to match without regard to case.

Also, for fun, you can use find “directly”, as in something like

find . -iname '*.jpg' -exec exiv2 delete {} \;

Finally, you can use -o to pick up multiple file name patterns e.g. (untested)

find . \( -iname '*.jpg' -o -iname '*.jpeg' \) -exec exiv2 delete {} \;

Yes, there would be other reasonable and less cumbersome ways of picking up both file extensions e.g. being consistent in the first place. :slight_smile:

3 Likes

Can it be flattened with GIMP 2.10?

as far as i know flattening is a LAYER based operation in software such as GIMP but maybe it’s a similar terminology for other operations that i can’t think of right now …

Somehow I’d think you’d lose the extra video frames whereof this topic speaks. Or at least they would overlay each other. And maybe exporting to another format would also do it. (Or just use GIMP to dick with the file in general and do a Save As …)

That’s beyond my GIMP-fu. You can definitely flatten multiple layers into a single layer and thereby export to JPEG.

Rather than flattening multiple images in motion JPEG, you probably want to discard all images except one.

Unless you are doing more serious work like using HDR (which is specifically intended not to be in motion but like motion JPEG involves the capturing and storing of multiple images). I suspect we won’t get HDR at all in the early days of the Librem 5.

1 Like

you can obtain an HDR image out of multiple LDR images that you just shoot at different EVs (from the darkest to the one that captures the most light information then you merge them together with darkroom-software … there are some really good ones in the PureOS (Debian repo).

GIMP can probably do the job too but there are better alternatives around … look for Luminance HDR to start with …

There isn’t. You just explained the modularity better than I did. Thanks for the handy batch processing syntaxes, as well.

Sounds scary. Is there a meaningful threat model here, akin to motion JPEG?

Yep. You can definitely do that, provided that either the target format or the tool in question is motion-unaware. (PNG is a lossless single-frame format which should fit the bill. Then save again to the final format.) You might also be able to kill the metadata this way.

There shouldn’t be - but there are a lot of clever / evil people out there trying to find the holes.

The intention of HDR is that 3(?) frames are taken in quick succession of the same scene, with shorter, normal and longer exposure - so you would have to “pan away” very quickly - otherwise the risk is no greater than the usual risk of taking a photo and being unaware that you captured something in the photo or in a reflection etc. that you didn’t intend to.

Like that woman in the early days of the pandemic who is on a Zoom call and her husband walks into the room semi-naked. LOL.

Due to the CNN analyst suspended last week, here is a new verb out there for that, called the “toobin”.

naked i have entered into this world and naked shall i leave it …

Thanks for the details on HDR. I always thought that it was just about greater color depth – not more images. I guess I should have read the fine print. So what do you end up with? 3 JPEGs, 3 frames in one MJPEG, or something else entirely? (I realize I could read Wikipedia, but I’m looking for the “reality in the field” answer.)

Reflections are a bitch. Not that there’s anything that we can reasonably do in software to remove them, but anyone paranoid enough to read this thread would be well advised to consider this basic and often-ignored threat. I fully expect reconstructive AI to emerge which mines all the reflections in a video in order to reconstruct off-camera solid forms. It’s just mind-boggling what a decent neural net can pull from a small number of noisy pixels spread across a few frames. Eyeglasses and windows are just so rich with image information. It’s scary!

No wonder they call it the “boob toob” :rofl: Seriously, clueless TV anchors make me cringe. They’re information security pariahs. Like, “Look at the bookshelf behind me, where you can see all my family photos and the books I read, while I browse my personal Facebook on camera – hey, why does it keep suggesting articles on male enhancement?!”

I actually need this forum just to cope, sometimes…

stands for High-Dynamic-Range so i believe it was really aptly named wouldn’t you say ?
what Range though, that is the million dollah’ question ? all the more so if it’s ‘Dynamic’ as well (as in video ‘dynamic’)

why can’t you guys just leave it alone and not worry so much … it’s not like it’s the end of the world, is it ?