Introduce new geoprivacy option "hide EXIF geolocation"

Feature Requests
,
1

Platform(s): mobile, website, API

URLs (aka web addresses) of any pages, if relevant: https://www.inaturalist.org/photos/…, https://www.inaturalist.org/observations/… and others

Description of need:
I encountered the following scenario both with my own observations and others: Sometimes one collects a specimen in the field and takes it home to photograph and identify it.
Of course, the geolocation of the observation should then be set to the location where the specimen was found in the field.
The geolocation stored in the images’ EXIF data, however will be set to the location where the photo was taken - in this case private property.
Now, I both want the exact location, where the specimen was found to be public (geoprivacy “open”) AND the location of my home to be private (geoprivacy “obscured” or “private”).
But, when I set the observation to “open”, my private home location will be visible by looking at the EXIF coordinates under https://www.inaturalist.org/photos/…, and when I set it to “obscured” the precise location in the field is no longer public.

The only workaround right now, is to manually strip the EXIF geolocation data from the images.
This is annoying and takes time. Stripping all EXIF data would be easier, but I want the settings used for the pictures still available.
Also, for the observer and trusted users/projects, it might be interesting to see which pictures are “freshly” taken in the field and which were taken later at home. (I know there is no UI to render the location of the individual pictures on a map right now.)

Feature request details:
A simple solution would be to introduce a fourth geoprivacy option “hide geolocation in EXIF” that is slightly more restrictive than “open” but less restrictive than “obscured”.
All this option does, would be to prevent GPS-related EXIF fields to be rendered under https://www.inaturalist.org/photos/…, while the observation geolocation is still open.
The dropdown could look something like

  1. open
  2. private (EXIF only)
  3. obscured
  4. private

This is probably not too difficult, though it requires changes both to all frontends and the backend.

2

although i’m not against the general intent of the request, i’m not sure that introducing a new geoprivacy option is the best way to handle this. but i’m not sure what the best way is to handle it either. i think a better option would be to add a separate observation-level – or better, photo-level – option to hide most photo metadata (not just location). but that doesn’t strike me as the best way to address the issue.

3

Wow, I never realized all my camera metadata is public on iNat. Why is it public? Shouldn’t iNat just hide the camera metadata from everyone except me and curators? What’s the purpose of it being public? Seems like a pretty big and unnecessary privacy problem to me.

4

out of curiosity, why do you see the publication of your camera model, settings, etc as a privacy problem? (genuine question) Is it just due to the scenario described by OP re taking a photo at home of something collected in the field? Or for other reasons?

others will have more answers, but for me it’s useful for at least two things among several:

  1. Can help to assess whether an image may have been stolen or doctored (not foolproof of course, but one piece of potential evidence)
  2. When I see a photographer whose work I’m really impressed by, or an individual photograph which I think looks amazing, I will often check the metadata to see what camera (esp. when I was looking to purchase a new setup recently and was trying to decide what body and lens to buy) and what settings they used
5

out of curiosity, why do you see the publication of your camera model, settings, etc as a privacy problem? (genuine question)

Good question. Besides the scenario described by the OP (which is definitely a concern), there’s also the issue of camera fingerprinting. If you’ve dealt with persistent stalking or harassment on the internet (as many people have), a common solution is to use a different username on every platform. However, if your camera EXIF data is posted to each of those platforms (e.g. iNaturalist, Flickr, Facebook, etc.) a stalker can use camera fingerprinting to connect the accounts and continue to harass you across the different platforms. Camera fingerprinting is basically just using the EXIF data as a sort of fingerprint since there is a lot of data in the EXIF layer and each person’s combination of data is relatively unique (camera + lens + settings + sometimes serial numbers).

6

Just for the record: If you pick obscured or private, of course also all GPS related metadata in the photos will be hidden, not just the location of the observation.

So apart from the special case I described in my post, EXIF data usually does not pose an additional geoprivacy threat.

Otherwise, the biggest privacy concern related to EXIF that comes to mind, is that you can make some guess about a users wealth by their very expensive camera gear.

But you can always strip the metadata from your pictures if you want. There is a myriad of tools. And if you do it for all photos in bulk it doesn’t take long.

On many photography sites, such as Flickr, all or parts of the EXIF gets published alongside the photo. Here an excerpt of the FAQs:

How is EXIF data used for photos uploaded to Flickr?
Showing your EXIF data will allow those admiring your photos to learn about the camera, lens, aperture, and other settings that were used. Your EXIF data also contains date of capture information that is used to organize your content by date taken.

Apart from photography reasons, I use the EXIF data for

  • knowing if a photo was taken using flash (relevant e.g. for bugs, where you want to know if they are naturally that shiny or just under flash) → possibly ID relevant
  • photo order and timely separation: With EXIF, you can see the exact second a photo was taken and determine e.g. if one picture in an observation was taken 30min later then the others. This ofc has many usecases.
  • estimating the distance to a subject based on size of subject in the frame and the focal length. Often with bird photos, I look at the focal length to see if somebody just has an insane tele or managed to get really close.
  • seeing if a photo was edited e.g. using photoshop via the Software Tag: It’s not bad to upload color enhanced photos to iNat but sometimes it’s good to know that the colors dont look that vibrant IRL.
  • When I got into birds in flight, I looked at some observations’ EXIF to see what settings they use in different conditions for BiF, to learn from it

Also in EXIF you can store custom tags and when you write descriptions to your photos, I think iNat automatically imports those as the observation description by default, which can be useful. (Ofc you can delete than before uploading.)

Right now, metadata is only viewable using the little “i” on a picture and there is no API endpoint. I actually made a small web extension to show parts of the metadata right below its respective image for convenience. It also automatically computes the offset of the photo to the observation time (“+1”, “+30min” etc) so you can easily see the order.

I think iNat should continue to store and show EXIF data. I would even love a “camera survey” where they show the top 100 cameras used for birds, insects etc. Would be very interesting also for people looking to buy a new camera.

7

AFAIK iNat does not store such EXIF data.

In general, I think only a small subset of metadata is stored.

But sure you have a valid point. In such a case you would just strip the EXIF data. I know quite some users who do that.

But anyways, this is a whole different topic distinct from my request. Maybe open a new thread for it? :)

8

Yes, iNaturalist started hiding serial numbers several years ago, for the privacy issues already mentioned.

I tend to agree. I think a more general solution already exists:

Since this functionality is already in place, why not just implement it for all photos regardless of geoprivacy setting? That way any other special cases that come to light in the future would already be handled.

iNaturalist already stores the GPS data and makes it available if the applicable geoprivacy and trust levels of an observation allow. I don’t see any reason that it also needs to be made visible on photo metadata pages for observations with open geoprivacy or trusted users. It’s one less potential unwanted exposure of location data to worry about as the platform becomes more complex over time.

9

I’m not sure if I get you suggestion: You mean make the observation-level geoprivacy setting a per-photo setting? That would solve my issue, but introduce the annoyence of having to obscure all photos individually if you just want to obscure the entire observation.
But I guess this could be solved by having both

10

I think jdmore is just suggesting that GPS data always be stripped from EXIF data, like camera serial numbers already are. This seems like a good idea.

11

Is it possible to delete the uploaded metadata from still uploaded pictures?

Is it possible to turn off the collection of metadata in the app? Or do I need to delete them manually from each picture before I upload it to the app?

Thanks for your answers.

12

I agree with jdmore’s suggestion. I have a few observations exactly like the ones described by OP. I didn’t realize that the original location data was still shown even though the position had been updated. Maybe there are some edge cases where the location data from the camera could be useful separate from the location entered for the observation. But I don’t think whatever edge cases might be imagined could outweigh the privacy concern of keeping the location EXIF data visible. I would be in favor of never showing that, regardless of geoprivacy on the observation.

13

as far as i know, this is not possible. currently, the only way to prevent others from viewing it is to set the geoprivacy of the associated observations to obscured or private.

i don’t think the iNaturalist website or apps offer an optional way to do this, although i did notice that observations loaded via the “classic” iOS app often are missing metadata. i’m not sure if that’s from the app stripping the metadata on the fly or if it’s because iOS or some Apple app is stripping it, or if the app just never captures metadata on the image itself.

i know that there are certain setups where images from the cloud or sent via some bridge will strip metadata on the fly, but usually i want to avoid that. so i haven’t purposely tried to set that up and don’t have any recommendations for how to do that. i’m sure there are ways to automate that process though.

14

Ah thanks. Yes this makes sense for 99% of the cases. Maybe one could add a global setting option of how much of the EXIF to redact, like

  • only serial numbers
  • serial numbers + GPS (sensible default)
  • all

This would also solve @zygy’s issue over never wanting any EXIF visible.

15

I agree with other users who noted reasons the EXIF data is useful - I wouldn’t want to lose that by default. It is very useful during the CNC to find observations that have some data which is faked/fraudulent. Having the EXIF geolocation helps here too, as there are users who upload photos from elsewhere and then move the location manually to get into a specific CNC region, etc. Having the EXIF really helps in these scenarios.

For users concerned about privacy, removing EXIF data isn’t too hard. There are good tools like exifcleaner that do batch processing and can be set to essentially remove whichever fields someone wishes. Once you get the tool setup, you can save the settings and process any number of photos.

I would also note that this issue occurs across other online platforms. For users concerned about privacy in their EXIF metadata, they should be implementing their own solutions before upload essentially anywhere.

I think the use case here (photos taken at home/some other location where privacy is desired later but assigned to the capture location on observation) is pretty limited in terms of how many observations it applies to and the solution for users who both do this and are concerned already exists and is pretty simple (deleting EXIF location). I don’t think the benefits of the proposed feature outweigh the costs (potential loss of other metadata, increased complexity on iNat, staff time to develop and implement the feature).

16

i don’t think there should be a user-level option for redacting information, just like there is not a user-level option to set all observations to private or obscured. generally, openness seems to be part of the ethos of iNaturalist. so hiding information – at least via the system – should apply only at an observation or photo level, for special cases.

17

This use case is one I’ve applied quite a few times to determine whether all the photos in an observation are actually of the same organism. Quite a few times, the EXIF data shows that images were taken 10 minutes, an hour, or days apart. This has almost always been caused by people selecting similar-looking photos from their camera roll, even though they actually reflect different species.

18

This is actually harder than it sounds. For iNat photos I would not want to remove the GPS or datetime metadata as these are essential for creating the observation. So I wouldn’t just run something like:

for f in "$@"; do
    exiftool -P -overwrite_original -filename=%f_CLEAN.%e -All= "$f"
done

(or run exifcleaner, which I believe strips everything.) Instead, I would want to strip everything except for GPS and datetime, but EXIF data is quite complicated and gets added to by every step in post-processing, so the list of specific things to remove is actually quite long and variable and depends on the camera and applications used. The best approach would actually be to first read the GPS and datetime metadata, store those in variables, strip all the EXIF data, and then write the GPS and datetime data back to the files. And that still doesn’t solve the issue presented by the OP. I think having some slightly more conservative defaults (like jdmore’s proposal) would go a long way to addressing privacy concerns without sacrificing the usefulness of the EXIF data. My preference would be to at least limit visibility of the GPS, serial numbers, and camera model in the EXIF data (regardless of whether the observation is obscured).

19

As far as i know, it is already hiding Exif geolocation if you obscure the observation.

20

Correction to my previous post. It looks like exiftool has a whitelist feature, so I could do:

for f in "$@"; do
    exiftool -P -overwrite_original \
        -all= \
        -tagsFromFile @ \
        -GPSLatitude -GPSLatitudeRef \
        -GPSLongitude -GPSLongitudeRef \
        -GPSAltitude -GPSAltitudeRef \
        -GPSDateStamp -GPSTimeStamp \
        -DateTimeOriginal \
        -OffsetTimeOriginal \
        -CreateDate \
        -OffsetTimeDigitized \
        -ModifyDate \
        -OffsetTime \
        -ICC_Profile \
        -Orientation \
        -filename=%f_CLEAN.%e \
        "$f"
done

Posting this shell script in case it’s useful for others. (Also retains ICC color profile and orientation since these don’t have any privacy implications and are important.) If you want to strip the GPS data as well and enter that manually into iNat, remove all the lines that start with -GPS.