Interesting point at The Intercept: Don’t trust cropping tools for security.

If you crop an image for security reasons, make sure you know whether the tool you’re using crops the data (like most image editors) or just the displayed image (like embedding an image into a PDF/Word doc/etc.) If it’s only cropping the display, people can still get at the full image!

Also, make sure the EXIF doesn’t include a thumbnail of the original!

My advice: if opsec is an issue,

  1. Use an actual image editor.
  2. Save the file without any metadata.

(via Schneier on Security)

Update: Interesting that this article came out just before news of some actually broken tools for Android and Windows that do save over the data…but don’t properly truncate the file, so if the interesting bits happen to have been in the extra space left over, they can still be recovered!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.