Welcome, Guest!

Here are some links you may find helpful

Minor (fixed) security issue

It was brought to our attention by @SmilingMango that EXIF info wasn't being stripped as we assumed it was by Xenforo.

For people that leave GPS enabled, this could be a major issue i.e it exposes your location/address.

For this reason we've stripped EXIF from all 15657 images containing info. We've added a tool that can auto strip EXIF from new JPG/JPEG uploads but it doesn't work on PNG from what we can see, this means future JPG/JPEG will be stripped if you have EXIF info enabled, but not PNG. If you have GPS enabled on your device please disable this i.e when using PNG.

All existing files have been stripped of EXIF from our CDN as a precation, meaning this can no longer be abused. Backups of older CDN files have been deleted for privacy reasons.

Thank you again to SmilingMango for spotting this issue!

EDIT: The issue is fully sorted, we setup a cron to run a few times each day to remove any info.
 
Look into exiftool to remove metadata from both PNG and JPG.

Something like
Code:
exiftool -All= -overwrite_original -m *.jpg
exiftool -All= -overwrite_original -m *.png
should do it.
 
  • Like
Reactions: WD
Look into exiftool to remove metadata from both PNG and JPG.

Something like
Code:
exiftool -All= -overwrite_original -m *.jpg
exiftool -All= -overwrite_original -m *.png
should do it.
Funny enough this is exactly what we've setup on our CDN via a cron. Only issue is it eats the CPU badly so we maybe forced to upgrade dedi's in the future.
 
Funny enough this is exactly what we've setup on our CDN via a cron. Only issue is it eats the CPU badly so we maybe forced to upgrade dedi's in the future.
It's also possible to do with imagemagick, but I'm not sure of the command. It might be worth comparing.

Is your script applying the command to all files, even those that were previously stripped of their exif, or is it only modifying new files? Because that's an optimization that should save much CPU time.