Slack has began to strip uploaded pictures of their metadata.
What could look like an inconsequential change to how the tech big handles storing recordsdata on its servers, it’ll make it far harder to hint pictures again to their authentic homeowners.
Almost each digital file — from paperwork in your laptop to pictures taken in your cellphone — accommodates metadata. That’s information concerning the file itself, resembling how massive the file is, when it was created, and by whom. Photos and movies typically embody the exact coordinates of the place they have been taken.
But that may be an issue for higher-risk Slack customers, like journalists and activists, who should take better safety precautions to maintain their sources protected. The metadata inside pictures can out sources, deanonymize whistleblowers, or in any other case make it simpler for unfriendly governments to focus on people. Even if a journalist removes the metadata from a photograph earlier than publishing, a duplicate of the photograph — with its metadata — could stay on Slack’s servers. Whether a hacker breaks in or a authorities calls for the info, it could put sources in danger.
Slack confirmed to TechCrunch that it’s now began to strip photograph metadata, together with areas.
“We can affirm that we just lately started stripping EXIF (exchangeable picture file) metadata from pictures uploaded to Slack, together with GPS coordinates,” mentioned a Slack spokesperson.
TechCrunch examined this by importing a photograph containing location information to Slack, then pulling a duplicate of that uploaded picture from the server. The copy from the server, when checked once more, not had location information embedded within the doc. Some metadata stays, just like the make and mannequin of the machine that took the photograph.
Slack didn’t say what prompted the change.
The Slack origin story