← Back to context

Comment by sitkack

2 days ago

With location services on, I would think that a screenshot on a phone would record the location of the phone during a screenshot.

It would be best to use a tool to strip exif.

I could also see a screenshot tool on an OS adding extra exif data, both from the original and additional, like the URL, OS and logged in user. Just like print to pdf does when you print, the author contains the logged in user, amongst other things.

It is fine for a test, but if someone is using it for opsec, it is lemon juice.

3 comments

sitkack

Reply
simonw  2 days ago

I built a tool for testing that a while ago - try opening a screenshot from an iPhone in it, you won't see any EXIF location data: https://tools.simonwillison.net/exif

Here's the output for the Buenos Aires screenshot image from my post: https://gist.github.com/simonw/1055f2198edd87de1b023bb09691e...

  • sitkack  2 hours ago

    That is cool, but we cant be guaranteed that will always be the case, nor could we make a statement about all phones, it would be a phone by phone basis. Esp on Android where someone could have an alternative screenshot application.

    Depending on your threat model, I'd argue that it would be impossible to prove that metadata is not included within the image itself (alpha channel, noise, pushed pixels, colorspace skew, etc).

    I'd be interested in stego techniques that can survive image reduction and denoising.

    • simonw  1 hour ago

      Take a photo of the image displayed on your laptop screen with your phone. Ultimate EXIF removal!