It was brought to our attention by @SmilingMango that EXIF info wasn't being stripped as we assumed it was by Xenforo.
For people that leave GPS enabled, this could be a major issue i.e it exposes your location/address.
For this reason we've stripped EXIF from all 15657 images containing info. We've added a tool that can auto strip EXIF from new JPG/JPEG uploads but it doesn't work on PNG from what we can see, this means future JPG/JPEG will be stripped if you have EXIF info enabled, but not PNG. If you have GPS enabled on your device please disable this i.e when using PNG.
All existing files have been stripped of EXIF from our CDN as a precation, meaning this can no longer be abused. Backups of older CDN files have been deleted for privacy reasons.
Thank you again to SmilingMango for spotting this issue!
EDIT: The issue is fully sorted, we setup a cron to run a few times each day to remove any info.
For people that leave GPS enabled, this could be a major issue i.e it exposes your location/address.
For this reason we've stripped EXIF from all 15657 images containing info. We've added a tool that can auto strip EXIF from new JPG/JPEG uploads but it doesn't work on PNG from what we can see, this means future JPG/JPEG will be stripped if you have EXIF info enabled, but not PNG. If you have GPS enabled on your device please disable this i.e when using PNG.
All existing files have been stripped of EXIF from our CDN as a precation, meaning this can no longer be abused. Backups of older CDN files have been deleted for privacy reasons.
Thank you again to SmilingMango for spotting this issue!
EDIT: The issue is fully sorted, we setup a cron to run a few times each day to remove any info.