Slack Now Strips Location Data From Images

Slack has started to strip uploaded photos of their metadata. What may seem like an inconsequential change to how the tech giant handles storing files on its servers, it will make it far more difficult to trace photos back to their original owners. From a report: Almost every digital file -- from documents on your computer to photos taken on your phone -- contains metadata. That's data about the file itself, such as how big the file is, when it was created, and by whom. Photos and videos often include the precise coordinates of where they were taken. But that can be a problem for higher-risk Slack users, like journalists and activists, who have to take greater security precautions to keep their sources safe. The metadata inside photos can out sources, deanonymize whistleblowers, or otherwise make it easier for unfriendly governments to target individuals. Even if a journalist removes the metadata from a photo before publishing, a copy of the photo -- with its metadata -- may remain on Slack's servers. Whether a hacker breaks in or a government demands the data, it can put sources at risk.

Probably a good idea

[SuperKendall]

A lot of photos may have location metadata embedded people may not realize they are sharing, plus hey that's an attack vector also that is now removed... if you want to send an image and preserve metadata, you can always link to it somewhere or compress it.

Re:

[dgatwood]

A lot of photos may have location metadata embedded people may not realize they are sharing, plus hey that's an attack vector also that is now removed... if you want to send an image and preserve metadata, you can always link to it somewhere or compress it.

YOU can do that. The average user's eyes glazed over at by the time you said "link to it".

The problem is, although this feature serves a useful purpose, it should absolutely not be the default behavior, both from a "bad people slipping up and getting caught is useful for a free society" perspective and from a "Why can't I open this photo and see where it was taken" perspective. This should be a client-side feature, yes, but it should be user-switchable, and the default should be to send the metadata throu

Re:

[AleRunner]

YOU can do that. The average user's eyes glazed over at by the time you said "link to it".

The problem is, although this feature serves a useful purpose, it should absolutely not be the default behavior, both from a "bad people slipping up and getting caught is useful for a free society" perspective and from a "Why can't I open this photo and see where it was taken" perspective. This should be a client-side feature, yes, but it should be user-switchable, and the default should be to send the metadata through. Anything short of that, is, to be blunt, data corruption.

That might be reasonable if you could rely on the original user to have consented and opted in to metadata storage. All the Googles and even Apples of the world basically trick their users into switching on all the data storing features and keep requesting again and again if you don't accept until one day you slip up and accept the storage. Since that's true there's no way to expect informed consent so the moral thing to do is to delete this data unless you get information otherwise.

The eye glazers have no need.

[SuperKendall]

YOU can do that. The average user's eyes glazed over at by the time you said "link to it".

And how many of the people whose eyes glazed over have NEED to send metadata in a photo exactly?

It's exactly the eye-glazers this protects, as the glaze would be equal or greater should you try to tell them how to remove location meta-data from a photo or even why they might want to.

it should absolutely not be the default behavior,

Here you are going to have to explain just why you thin the vast majority of photos send

Re:

[dfghjk]

"If anyone wanted or needed to know wouldn't that simply be in text alongside the photo, since you know it is a communications platform?"

How about "why can't I open this photo to verify if it's my stolen intellectual property?" You think that would "simply be in text alongside the photo"?

"Someone on Slashdot of all places should be aware of how much bandwidth this saves in aggregate and appreciate at least that if nothing else."

You're someone on Slashdot, regrettably, and you are painfully unaware of virtu

Re:

[tlhIngan]

"If anyone wanted or needed to know wouldn't that simply be in text alongside the photo, since you know it is a communications platform?"

How about "why can't I open this photo to verify if it's my stolen intellectual property?" You think that would "simply be in text alongside the photo"?

Wow, you're telling me professional photographers who care about their photos use Slack to talk with customers and blithely send photos only protected by copyright to them through it?

Slack is not an image sharing site. They

I like metadata.

[Jeremy Erwin]

As a photographer, I find metadata about ISO, fstop, exposure time, and lens to be educational. More paranoid photographers may regard those secrets to be an attack vector on their expertise.

Re:

[0100010001010011]

As a photographer that has my full name and sometimes GPS coordinates to my house it's nice that they're doing this now.

Re: I like metadata.

[NagrothAgain]

If you consider yourself a Professional photographer or journalist then you damn well ought to know what metadata is, how to edit it, or strip it completely. If you're distributing your raw, unedited images then you're doing it wrong on multiple levels.

And if you're using Slack for anything which needs to be secure then you have some serious OpSec issues regardless.

Re:

[dfghjk]

Yes, no doubt, but this poster is a notorious troll and most likely a paid one.

Re:

[0100010001010011]

You geniuses might want to check the username. I'm not him, he's not me. Check our post histories.

Unless you want me blaming you for something user dgfhji says.

Re:

[dfghjk]

LOL look who it is.

If you were a photographer, you would know that managing metadata in your "product" is your responsibility and you would be FAR more concerned that the metadata you've carefully managed in your content is being deliberate corrupted by a third party for reasons that are likely directly against your interests.

You are a troll, however, so there's no reason to believe anything you say.

Re:

[0100010001010011]

You are a troll, however, so there's no reason to believe anything you say.

[Citation Needed.]

Optional?

[sizzlinkitty]

Slack should make it optional, allow people to click a button to save the metadata vs trashing it.

Smart move...

[VeryFluffyBunny]

Their main competitors are Microsoft & Google, who are well known for providing APIs to search their databases for the NSA, CIA, FBI, & DEA. Automatically stripping out such metadata makes them immediately more attractive to a wide range of potential & existing clients. Bear in mind that the vast majority of government espionage is commercial at the political level, e.g. big oil deals, trade agreements, & buying high-value intel from insiders. Slack wants to be the one that's more difficult to inadvertently give away intel or for governments & corporations to force to stitch up its clients. It also lets big clients manage their own encryption keys. Same reason they have no plans to incorporate e2e encryption: https://www.vice.com/en_us/art... [vice.com] So, if I were an investigative journalist, human rights lawyer, etc., I'd still go with TOR & https://signal.org/ [signal.org] because the NSA apparently hate it: https://www.spiegel.de/interna... [spiegel.de]