TyperTech
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 44
- Reaction score
- 0
- Status
- Offline
- Last Seen
Photos are essential to proving possesion of an item in an anon enviroment and to providing the community with more useful product reviews. However the contents of photos can contain information helpful to profiling the user or their camera.
This may be most relevant to people with a high threat profile, however anyone interacting with those users can potentially be a weak link that allows them to be partially profiled or de-anonymized. As with good PGP practice properly anonomizing photos is something all users should make routine.
In this guide I'll cover staging, taking and anonymizing photos to defeat profiling using the tools availible in Tails.
Obviously you'll require a camera as well as a method to transfer your photos from the camera to your Tails enviroment. I strongly reccomend a non-phone camera and (some tinfoil) performing all local file transfers via a wired connection. At minimum phone cameras should be de-networked to the extent possible (SIM removed, wifi off, AUTOMATIC PHOTO BACKUPS DISABLED).
Staging & Taking Your Photo
This should be fairly self-explanatory. Have as little information in shot as possible (or crop it out later). Taking photos with some extra space to be cropped out later is probably actually preferable but not that big a deal.
A light box would be great, otherwise you can homebrew one with a folded piece of paper or two. Just fold the paper in half and place it where the vertical side will be supported, put your item on the paper, done.
Take a good quality photo with good lighting, the anonymizing will usually degrade the quality so this is pretty important for producing useful images.
Verification messages: Printed is best, obviously. Go b-movie ransom note on it if you don't have a printer avalible. Avoid publications with distinctive typefaces or limited circulation. Destroy any evidence of the verification message immediately after taking your photo.
Editing
Camera sensors and lenses are profileable. Lucky for us Tails comes with the GNU Image Manipulation Program (GIMP) installed (you'll find it under Applications > Graphics). For this guide I've downloaded a stock image to use as an example.
Our image includes some extra space, to crop use the rectangular selection tool (keyboard shortcut R) to select just the area we want to keep, then Image > Crop to Selection.
Next, we apply filters to blur and add random noise to the image. This is our stock image cropped and with stacked HSV Noise and Gaussian Blur filters. I used the default settings on the HSV Noise filter with new random seeds and decreased the blur settings to less than one pixel. They were applied HSVN > Blur > HSVN > Blur. Decreasing the blur settings perserved most of our image quality.
Based on what you're using the image for, what you're photographing, and your threat profile you could do more or less obfuscation. The goal is to obscure any profilable image defects while still producing a useful image.
My original image was large, so now I'll resize, or scale, the image ( Image > Scale Image... ) to 720 pixels on the long side.
Saving to a normal image format in GIMP is called exporting (File > Export As...) by default the file extension you use (.jpg/.png) will control the file format you export. Now would be a good time to name your photo something new the default file names can be used to profile your camera. I've used final.jpg.
Now you have your finished file, go ahead and navigate to it in Files and use Tails built-in utility to remove any metadata (Right click > Remove metadata). This gives me a file named final.cleaned.jpg. This could reveal that I've used Tails to remove metadata so I delete the original file and rename the cleaned file final.jpg. Here it is:
Success
There you have your final image you can safely share.
Be aware that for security reasons Tor Browser only has access to the Tor Browser and Tor Browser (Persistent) folders so if you didn't export your image there you'll need to move it before uploading. I don't know what you're using this guide for but think twice about saving to your persistent storage.
Also note that while I've given linx.do the implied endorsement of using their service here their 'randomize filename' function appears to be broken so renaming those images matters. Never assume any online service will cover for your laziness.
Thanks for reading, share and enjoy.
Edit: I considered further discussion of selective blur flitering or masking the main subject out of some or all of the filters but decided it wasn't appropriate for a ground up overview. Thoughts?
This may be most relevant to people with a high threat profile, however anyone interacting with those users can potentially be a weak link that allows them to be partially profiled or de-anonymized. As with good PGP practice properly anonomizing photos is something all users should make routine.
In this guide I'll cover staging, taking and anonymizing photos to defeat profiling using the tools availible in Tails.
Obviously you'll require a camera as well as a method to transfer your photos from the camera to your Tails enviroment. I strongly reccomend a non-phone camera and (some tinfoil) performing all local file transfers via a wired connection. At minimum phone cameras should be de-networked to the extent possible (SIM removed, wifi off, AUTOMATIC PHOTO BACKUPS DISABLED).
Staging & Taking Your Photo
This should be fairly self-explanatory. Have as little information in shot as possible (or crop it out later). Taking photos with some extra space to be cropped out later is probably actually preferable but not that big a deal.
A light box would be great, otherwise you can homebrew one with a folded piece of paper or two. Just fold the paper in half and place it where the vertical side will be supported, put your item on the paper, done.
Take a good quality photo with good lighting, the anonymizing will usually degrade the quality so this is pretty important for producing useful images.
Verification messages: Printed is best, obviously. Go b-movie ransom note on it if you don't have a printer avalible. Avoid publications with distinctive typefaces or limited circulation. Destroy any evidence of the verification message immediately after taking your photo.
Editing
Camera sensors and lenses are profileable. Lucky for us Tails comes with the GNU Image Manipulation Program (GIMP) installed (you'll find it under Applications > Graphics). For this guide I've downloaded a stock image to use as an example.
Our image includes some extra space, to crop use the rectangular selection tool (keyboard shortcut R) to select just the area we want to keep, then Image > Crop to Selection.
Next, we apply filters to blur and add random noise to the image. This is our stock image cropped and with stacked HSV Noise and Gaussian Blur filters. I used the default settings on the HSV Noise filter with new random seeds and decreased the blur settings to less than one pixel. They were applied HSVN > Blur > HSVN > Blur. Decreasing the blur settings perserved most of our image quality.
Based on what you're using the image for, what you're photographing, and your threat profile you could do more or less obfuscation. The goal is to obscure any profilable image defects while still producing a useful image.
My original image was large, so now I'll resize, or scale, the image ( Image > Scale Image... ) to 720 pixels on the long side.
Saving to a normal image format in GIMP is called exporting (File > Export As...) by default the file extension you use (.jpg/.png) will control the file format you export. Now would be a good time to name your photo something new the default file names can be used to profile your camera. I've used final.jpg.
Now you have your finished file, go ahead and navigate to it in Files and use Tails built-in utility to remove any metadata (Right click > Remove metadata). This gives me a file named final.cleaned.jpg. This could reveal that I've used Tails to remove metadata so I delete the original file and rename the cleaned file final.jpg. Here it is:
Success
There you have your final image you can safely share.
Be aware that for security reasons Tor Browser only has access to the Tor Browser and Tor Browser (Persistent) folders so if you didn't export your image there you'll need to move it before uploading. I don't know what you're using this guide for but think twice about saving to your persistent storage.
Also note that while I've given linx.do the implied endorsement of using their service here their 'randomize filename' function appears to be broken so renaming those images matters. Never assume any online service will cover for your laziness.
Thanks for reading, share and enjoy.
Edit: I considered further discussion of selective blur flitering or masking the main subject out of some or all of the filters but decided it wasn't appropriate for a ground up overview. Thoughts?