Photo Image Files

Photo Image Files

  1. Photo images. Your source or the "anonymous" publisher of a leaked document online may use a Scanner, but they may, nowadays use a Digital Camera.

    There is often camera make / model identifying metadata embedded in the raw digital images taken by many types of Digital Camera. These may be used as "evidence" if your Digital Camera is seized during a "leak inquiry" investigation.

    There is even facility for Global Positioning Satellite latitude and longitude data (likely to become increasingly common with mobile phone camera pictures) to be stored within this metadata, and camera specific serial numbers, which, if cross referenced with purchase or repair or warranty registration records, may provide clues or evidence as to the identity of your confidential source.

    See this report in The Times (19th July 2007) about the embedded EXIF data which reveals the Camera Model and Serial Number, which may be of use to copyright lawyers, in tracing the photographer who allegedly leaked images onto the internet, of the then as yet unpublished popular novel Harry Potter and the Deathly Hallows, the final book in the immensely popular and profitable series by J.K.Rowling.

  2. There is an excellent free Perl module and a Windows executable command line tool called ExifTool, which displays, and can selectively edit, most of this metadata which is encoded according to the industry standard Exchangeable File Image Format (Exif)

  3. You can examine (but not change or delete) such photo image metadata via this website, which is powered by the ExifTool perl script software: Jeffrey's Exif Viewer

  4. Standard image editing software such as Adobe PhotoShop can preserve the original metadata, which is useful for keen photographers, but not so good for preserving the anonymity of your anonymous sources.

    Very often using File Save As within the image editor, and saving to a different filename from the original automatically digital camera name and numbered images, reduces the amount of metadata to an acceptable level.

  5. Another freely available command line tool, for both Windows and Linux, (which does not require Perl to be installed) is jhead. Whilst not as comprehensive in displaying all the EXIF data, as ExifTool (which also now has a Windows executable binary version), and restricted only to .jpg files (the most common digital camera output), it does provide the ability to edit comments (e.g. to put in your own copyright notice) and to delete all the potentially whistleblower source betraying EXIF data.

  6. You may wish to blank out or censor items in .jpg or .gif or .bmp graphics image.

    Again, there is a temptation by the uninitiated to use, say, a PhotoShop pixellation or motion blur special effect filter. Remember, that these standard filters effects can often be reversed. e.g. as Interpol has shown with the enhanced version of the reversible PhotoShop Twirl plug-in effect used to try to identify a suspected child rapist

    Since Digital Camera images and Scans of documents are usually much too large for web pages, you might want to reduce the number of colours and probably the size of the images, before publishing them as thumbnails and even as larger images on a blog or website.

    Remember to apply your PhotoShop pixellation etc. after reducing the image size and number of colours, i.e. after you have thrown away some of the identifying data, so as to reduce the chances of the filter effects being reversed.

  7. The jhead documentation and program options remind us that many digital cameras embed a small, up to 10Kb thumbnail image in the file, used by the camera display itself, or external software, to show for thumbnail gallery views of a set of photos.

    If you are digitally manipulating the main image e.g. to pixellate out a face or a location specific sign, a vehicle number plate, or to redact an email address or telephone number etc., then the thumbnail also might need to be re-generated from the modified main image using jhead, or else the thumbnail should be deleted.

  8. EXIF metadatais not the only way of forensically linking a digital image from a whistleblower source to other digital images which may be more easily traced to the source camera or scanner.

    Cameras or Scanners introduce potentially characteristic non-random background noise into the images which they produce, as a combination of individual wear and tear patterns and the variations within the manufacturing tolerances, and small errors, such as faulty pixels on the Charge Coupled Device electronic chip, of any particular device.

    Professor Jessica Fridrich, of the Thomas J. Watson (founder of IBM) School of Engineering and Applied Science at Binhampton Uniiversity in the State of New York, has published Camera Identification From Printed Images (.pdf) academic research and software which can statistically compare such background noise patterns (Photo-Response Non-Uniformity) , and match a series of digital photos together as having been made by the same digital camera or mobile phone camera or scanning device. If some of the photos are easily identifiable, due to their content or metadata, e.g. on a public photo sharing website like, where family album or holiday snaps might betray the identity of the whistleblower, if he or she uses the same equipment for their confidential or leaked photos.

    See the step by step guide and comments - Avoiding Camera Noise Signatures

About this blog

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Some of these people will, in the public interest, act as whistleblowers, and may try to leak documents or information to the mainstream media, or to political blog websites etc.

Here are some Spy Blog "Hints and Tips", giving some basic preecautions, and some more obscure technical tips, which both whistleblowers, journalists, and bloggers need to be aware of, in order to help preserve the anonymity of whisteleblowing or other journalistic sources, especially in the United Kingdom, but applicable in other countries as well.

Whistleblower anonymity may not always be possible, or even necessary, forever into the future, but it is usuially crucial during at least the early stages of a "leak", whilst it is being evaluated by others, to see if it merits wider publication and publicity.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.


Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

You can download a free copy of the PGP encryption software from
(available for most of the common computer operating systems, and also in various Open Source versions like GPG).

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.


Tag Cloud

CryptoParty London

CryptoParty London

Most months there is a CryptoParty London event. where some of these Hints and Tips and other techniques are demonstrated and taught.

Usually at:

Juju's Bar and Stage 15 Hanbury St, E1 6QR, London

Follow on Twitter: @CryptoPartyLDN

Syndicate this site (XML):


Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Open Rights Group

renew for freedom - renew your passport in 2006
Renew For Freedom - renew your Passport in the Summer Autumn of 2006.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

Amnesty International's campaign

BlogSafer - wiki with multilingual guides to anonymous blogging

NGO in a box - Security Edition privacy and security software tools

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Public Concern at Work - "(PCaW) is the independent authority on public interest whistleblowing. Established as a charity in 1993 following a series of scandals and disasters, PCaW has played a leading role in putting whistleblowing on the governance agenda and in developing legislation in the UK and abroad. All our work is informed by the free advice we offer to people with whistleblowing dilemmas and the professional support we provide to enlightened organisations."