Start a new topic

Strip Exif data from uploaded images

It seems like Cohost currently doesn't strip Exif data from uploaded images. This is pretty dangerous, as that data can include the GPS location the image was taken at, which could result in users getting doxxed. It'd be really nice if Cohost both stripped Exif data of newly-uploaded images and also went back and retroactively stripped it from all currently-uploaded images. It'd make the site a lot safer on the whole.

26 people like this idea

if this is implemented, one thing i’d really like to ask not to be stripped is the icc color profile (which may not even be part of exif data, but ‘exif-stripping’ tools like to remove it anyway). it typically does not contain any identifying data except maybe the display model a screenshot was taken on, and it’s important for maintaining accurate colors.

11 people like this

(also important to not strip is rotation metadata)

7 people like this

A friend of mine has done a bit of investigating and it looks like standard exif-strip practices are followed when images are cached through CloudFlare's CDN but not when they're uncached, so it'd likely be better to just do the stripping on Cohost's side so it's consistent

2 people like this

Could the file name be stripped too? I uploaded some pictures and only then I realized my personal file names are included. It feels revealing and makes it so I need to think of my naming as public, or need to go out of my way to rename before posting

3 people like this

We do strip EXIF data and apply the orientation tag before serving. We have done this for months.

There was temporarily a bug where on rare occasions images would get served with EXIF tags intact, but this was resolved a couple weeks ago. We hadn't publicly announced the bug because we were still working through notifying users who may have been affected.

We also ask that you not use the community forums to report potential security issues. Please report them to us directly via

6 people like this