this post was submitted on 02 Sep 2024
31 points (100.0% liked)

Technology

37707 readers
398 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 
all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 16 points 2 months ago (2 children)

Is that cursed? Seems like the right privacy-focused default behavior and good design to me

[–] [email protected] 8 points 2 months ago (1 children)

Imo the cursed part is that only some do that and not all.

[–] [email protected] 8 points 2 months ago (1 children)

It's cursed because it happens silently, such that you might accidentally be deleting gps data you wanted to keep without noticing, for a reason that you probably wouldn't think to check, probably instead erroneously filing a bug on the app for doing it.

[–] [email protected] 3 points 2 months ago (1 children)

Unless I'm uploading pictures to cloud storage I want GPS data filed off. I'd rather have some unnecessary bug reports targeting the wrong things then stalkers showing up at my door.

[–] [email protected] 5 points 2 months ago (1 children)

Immich is a self-hosted photo hosting service. They're listing this in their docs because people are trying to upload photos with GPS data, hitting this cursed behavior because they didn't give immich Location access (because why would you?), and then filing unnecessary bug reports on them about their disappearing data.

To be clear, no one is against stripping GPS data, that's not what anyone takes issue with, it's the silently part that is unexpected behavior.

[–] [email protected] 1 points 2 months ago (1 children)

I think all apps should have those explanation screens of what's not going to work if you deny X permission and why, especially in the case of an issue like this

It should request location access, and if it's denied tell the user that it won't be able to get the location data from images and give them a button to have it ask permission again

[–] [email protected] 1 points 2 months ago (1 children)

I find it to be a bit sketchy in general, because it means the OS is actually parsing and editing the actual bytes of the file contextually when an app tries to access it. Probably making a shadow copy somewhere without the GPS exif data.

But yeah, I agree, at a minimum the OS should pop up a notification that "By default, GPS data will be stripped from the file due to inadequate location permissions" until the user either changes their preference or says "that's fine, don't remind me for this app". Having it happen silently just isn't good.

[–] [email protected] 1 points 2 months ago (1 children)

You're probably right but it wouldn't be a clean implementation for the os to do it. If it was more universal and better documented app devs could just put notices in themselves

[–] [email protected] 1 points 2 months ago (1 children)

I assume it's part of the security for the app to not even know whether the GPS data was ever there.

[–] [email protected] 1 points 2 months ago (1 children)

The app knows if location permission has been denied though

[–] [email protected] 1 points 2 months ago

Yeah that's true. Not always ideal, though. I'd prefer the option to spoof a location to the app, just to avoid dealing with apps that unnecessarily block features when you deny them location permissions.

[–] [email protected] 4 points 2 months ago

It's the silently part that is the problem. If you want your personal pictures to be stored on your personal cloud, you're a lot more likely to want location tags attached. If it just told you that it was stripping the tags, then you could disable it for certain apps, Rather than not noticing until you already deleted the original images from the phone.

[–] [email protected] 6 points 2 months ago (1 children)

That Javascript date indexing one is almost as cursed as fucking tire sizes.

[–] [email protected] 7 points 2 months ago

This included that as well. 1000048717

[–] [email protected] 6 points 2 months ago (1 children)

So if I download an image from the web with GPS data, and then open it in an app that just reads images (so it doesn't need location permissions)... That app (on some phones) gets a modified version of the file?

Which could make me think that the image doesn't have location information.

Which could result in me uploading that file using a browser (that does have location permission turned on) to a website, and I think it's safe to share because there's no private information in the image, but my phone has conspired to mislead me.

Yes, that is cursed.

[–] [email protected] 3 points 2 months ago (1 children)

I'm also worried that this is why gallery apps would require GPS location just for viewing photos (and their Metadata). Once gallery app has the permission, it can track your location in real time. It's like this should be a separate permission rather than bundled together.

[–] [email protected] 3 points 2 months ago

I agree completely.

I understand the motivation here — apps that lack location permission shouldn't be able to get backdoor access to your location via your camera roll. That makes sense, because you know damn well every ~~spyware~~ social media company would be doing that if they could.

But the reverse is also true: apps that legitimately need to read photos and access all their metadata shouldn't need to be granted full location access.

[–] [email protected] 3 points 2 months ago (1 children)

Where can I find this library?

[–] [email protected] 2 points 2 months ago (1 children)
[–] [email protected] 4 points 2 months ago (1 children)

that bcrypt one (ignoring everything past the first 72 bytes) is concerning

[–] [email protected] 4 points 2 months ago

Yep, that's why mastodon only allows for 72 characters maximum in passwords, I assume.