EXIF is a kind of standard information, which can help users classify photos in the process of finding, managing and using them. More importantly, the key to the difference between digital photos and films lies in the later digital editing. It is EXIF that records some professional data during the shooting process, which can assist photographers to do some professional debugging. Recently, the topic of "sending original pictures or exposing privacy" has been hotly searched on Weibo. For a time, the protection of personal privacy information once again received widespread attention. In the report, the reporter sent an original photo to the expert, and the expert quickly read out a large amount of information contained in the photo. This information not only includes the shooting time, shooting equipment and the specific location of shooting, but also if the longitude and latitude information is input into the map software, the building where the photo was taken can be found immediately and accurately. This made netizens exclaim: God, I dare not send the original picture again! In fact, when sending the original image on wechat or email, the photo and information will be sent together, and anyone can read it. How is this information generated? Which processing technologies can protect users' privacy to the greatest extent? How should the public enhance their awareness of personal protection? The reporter of science and technology daily interviewed frontline network security experts on these issues. Privacy information hidden in digital image generation "When we send information in the form of original image or original file, EXIF information will be sent together, which has nothing to do with whether we use wechat to send." Panbowen, a senior security expert of Antan mobile security, said in an interview with the reporter of science and Technology Daily that each digital photo has a set of information that can be exchanged in the image file format, referred to as EXIF, which is the self-contained information generated during the shooting of the photo, mainly including the accurate location and time at the time of shooting, as well as the unique ID number of the shooting equipment. "This information is automatically generated when taking photos using a smartphone or digital camera." Panbowen said. So why should these private information be stored and displayed in photos? Why can't they be replaced? Panbowen told Science and Technology Daily that EXIF is a kind of standard information, which can help users classify and process photos in the process of finding, managing and using them. More importantly, the key to the difference between digital photos and films lies in the later digital editing. It is EXIF that records some professional data during the shooting process, which can assist photographers to do some professional debugging. Currently, camera programs of smart phones such as Huawei and Xiaomi provide a switch to turn off the automatic recording of geographical location information. When "record and save geographic location information" is turned off, the phone will not be able to use the product function of filtering and viewing photo streams according to the shooting location in the album. "In this way, the geographic location information will not be included in the original photo file, but the shooting time and device identification information will still exist." Pan Bowen added. From the perspective of the whole process, a key link involved in the exposure or disclosure of privacy due to the shooting content is "image intelligence analysis". In the endless stream of typical cases, the relevant personnel can often analyze the location of the photographer through the buildings, signs, angles and other information in the photos, and some can even be accurate to the specific floor where the photographer is located. Based on this, combined with the self-contained shooting timestamp information in the photo file, privacy disclosure will still occur. "So removing the geographic location information during the shooting process can really improve privacy security, but it can't be done once and for all," Pan warned Social platforms and equipment manufacturers can continue to improve quality and upgrade The transmission of information depends on channels, and most of the transmission channels of HD original pictures are social platforms. For the convenience of information transmission and personal privacy protection, when users upload or share photo files on some mainstream social platforms, the program will cut or compress the files by default. "During this process, the photos will not only become smaller, but also the original EXIF information will be removed or modified. This is a kind of protection for private information." Panbowen said. For example, when sharing photo files in wechat, there will be "original image" option. This procedural setting is a good prompt and choice for users, that is, whether to transfer the HD original image is up to the user. Panbowen suggested that for social platforms, in order to help users avoid exposing the privacy of the original photo, the pre inspection function can be given when users choose to upload or share pictures. When suspected sensitive information is detected, users will be reminded of the existence of security risks or deleted. Of course, in order to improve the interactive experience, the social platform can also provide the built-in function of automatically deleting the EXIF information of pictures. When users take pictures with their mobile phones, can the generated photos be automatically protected? For shooting manufacturers, this puts forward new requirements for upgrading and optimizing the shooting functions of mobile phones and other devices. In particular, when a photograph is taken and generated, the photographing device can write a random information or fuzzy information. For example, the photographing device information can be random, and the photographing time can be a fuzzy time of the day. Of course, these can also be provided to the user as a choice in the setting. The smart phone's "camera" or "photo album" tools or apps with similar functions can also actively provide the function of deleting photos EXIF information in batches, so as to strengthen the protection of users' privacy information. Building a strong sense of privacy and security is crucial As mentioned above, deleting EXIF information can not completely eliminate the risk of users' privacy disclosure. Users' privacy security awareness is very important when using social media and other products. Panbowen told Science and Technology Daily that the application of technical means is an objective condition for privacy protection, and the key lies in the improvement of subjective awareness. "There are now a wide variety of social products for users to share their daily life. In this process, if users set inappropriate access rights, especially if strangers can publicly access these information contents, it will be a disaster for personal privacy security." Panbowen said. For example, a mother may just take a picture of her child and share it with the social platform, and no private access or restricted access is set. At this time, strangers can use the "nearby" sharing status function provided by the social platform to access and view the information just shared by the mother. Then, even if the photo itself is not attached with location information, it will also cause the risk of personal privacy disclosure. Panbowen reminded that for ordinary users, before sharing and uploading photos related to personal privacy, they should always check the access permission settings of the social platform they use, and set the "privacy and permission" of the social platform to be accessible only to friends; If there is a sharing time setting, try to set it as short as possible. In addition, if there are obvious location marks in the taken photos, you can choose to cut them and then send them. "Moreover, we suggest that parents should be careful to share their children's photos." Panbowen said. In recent years, government agencies and regulatory authorities have paid close attention to the problems of the Internet and Internet products related to personal information protection, privacy security and data security, and the national legislative work has also been carried out in an orderly manner. In view of the common situations at work, panbowen pointed out that even if the Internet platform complies with the compliance requirements and pays attention to the privacy and data security of users, the risk of personal privacy disclosure caused by users for their own reasons will still exist. "This requires all sectors of society to continuously strengthen users' awareness of privacy and security through popular science publicity and other means. At the same time, Internet platforms should not only ensure the privacy and security compliance of their own products, but also consider the risk of privacy disclosure when users use the platform, and reasonably avoid the function design of the products." Panbowen said. (Xinhua News Agency)