Comment by quitit

They would seem to contain identifiers as law enforcement have been able to follow up on instances where there has been airdropping of perverse images, but as noted by others the files don't include names.

The problem with airdrop (and likely why the 10 minute setting now exists) is that it includes a preview image as part of the notification request.

So other than being able to subject someone to perverse images, preview images have also been used in state-sponsored zero-click attacks to infect the phones of their targets. While that vector seems to be muted for now, the 10 minute setting provides a layer of defence against both potential future zero-clicks and receiving unsolicited previews images.