I applied filters and took a screenshot of the screenshot to reduce image fidelity in case it contained any [covertly embedded]* identifying information [in the form of watermarks or hidden pixels].
In case people aren't aware, such a thing _is_ possible. Companies have used steganography techniques in the past to secretly embed identifiers into movies and other visual content. It's been used to track down the movie leakers, for example.
Another example; most printers covertly embed an identifier in their prints.
I have a vague memory of a pre-release video game doing it? Or maybe it was just debugging information that they were embedding. shrug
Personally I don't believe Apple is doing what you describe (though maybe they might do it to a prototype iPhone). But it's certainly your right to hold that belief and take measurements to protect yourself. Shame you're getting downvoted for explaining yourself.
> Another example; most printers covertly embed an identifier in their prints.
This frustrates me a lot with my current printer. The yellow dots which "covertly" identifies my prints are way too visible in the print. So every time I look carefully at something I print I am reminded of how I am being watched.
That’s an impressive level of opsec, but I have to think it would be a huge story if Apple were adding printer-dot-style tracking watermarks to screenshots, and that someone would have found it by now.
I'm sorry, but that's some tin foil hat level paranoia with no basis in reality. What's your threat model here? That Apple wants to deanonymize HN posters by tying them to their screenshots? Considering that they own the operating system, they could skip all the complicated and detectable stenography-in-screenshots and smuggle your mobilesafari (or webkit, which all apps are forced to use) browsing history and cookies along with the analytics data they regularly upload (which is way harder to detect). Failing that, they could also use their iOS backdoor and check every screeenshot that was taken a few hours before this post, and see which one matches. I don't imagine there are too many people taking screenshots of their privacy settings on a daily basis. Correlate that with paranoia tendencies (shouldn't be too hard to determine consider they own the operating system), and they trace it back to you with a high degree of certainty.
Something that actually protects your privacy (and doesn't make you stick out like a sore thumb) is getting the screenshot from an image search and posting from a regularly rotated HN account, all the while using tor.
That’s fine, it’s not a big deal, though I was specifically asked.
The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as being from gorgoiler’s phone?
But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.
Another reason could be: if you systematically scrub everything, then a third party wouldn't be able to use the fact that you scrubbed something as a hint that the thing had valuable information in it.
e.g.: if you use an encrypted chat app ONLY after a murder occurred, then this would be suspicious. If you always use encrypted chat apps, then there's no information hint being given about your possible involvement with the murder.
>The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as from gorgoiler?
A lot, actually. But why Apple would take the engineering resources to implement this, and risk all the reputation damage? If they're doing it for the money, how would they monetize it? If they're being coerced by the government, what's the government's motivations? In both cases, is smuggling bits in screenshots really the most plausible way to do it? Surely there must be some better way stenography in screenshots?
>But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.
On the flip side, if you do unusual obfuscation of your uploaded image (eg. heavy post processing), that in itself is an identifying characteristic. You're going to be that guy who uploads his screenshots in greyscale, with heavy compression and blurring. https://xkcd.com/1105/
So now everyone who sees an iPhone screenshot treated in such a way knows it's you, as there are probably not a lot of people who are paranoid about tracking pixels in their iOS settings menu.
What are trying to protect against? A screenshot of a screenshot with a filter applied to it isn’t going to help you if your name shows up somewhere in it.
Imagine that whenever you took a screenshot the text “TAKEN ON AUSTINJP’S IPHONE” were written across the page.
A “watermark” is simply a version of that designed to be invisible or imperceptible to the human eye, for example by embedding information in the least significant bits of the pixel colors.
“Digital Watermark Steganography” is a good search term for further investigation. As is the case with many security topics, there is an ongoing arms race between technology used to hide information, and technology used to detect information hiding.
At the end of the day if you truly wanted to share a screenshot of the iOS settings UI and remain anonymous, you should probably consider just drawing it with crayons. Except then someone will come along and process the crayon marks to recover your fingerprints etc. etc.
>A “watermark” is simply a version of that designed to be invisible or imperceptible to the human eye, for example by embedding information in the least significant bits of the pixel colors.
In this case however, it's hard to imagine how you'd do this without being detected. If you loaded the screenshot into mspaint and used the paint bucket tool, any color differences will become apparent. You could limit your modification to the edges, but detail there is going to get wiped by jpeg compression (if any).
Write a tool that replaces the least significant bit of each pixel with a random value. Compress the result with 80% quality. Compress the result with 79% quality. Make sure to strip exif info, and all other metadata. Enjoy the result.
It blows my mind, and makes me nervous about my own future, that old people do this kind of thing.
Are they actually incapable of learning the right way to do things? Is neuroplasticity playing a role here? Do they not care that their images look terrible when zoomed in on? I guess they grew up in an era when photos frequently had time and date stamps, and if their eyesight is going... I guess that explains both points.
What's the "right way" to do things anyway? I know quite well how to tap the share icon, then wait for the drawer to appear, then scroll down a bit, then tap the save icon, then wait for the next drawer to appear, then tap "To photos" or whatever.
Or I can just hit two physical buttons on my phone and grab the image in the form of a screenshot. Because I don't care about the image fidelity, I usually just want to share the thing on Discord or Slack or wherever.
Don't be so arrogant as to assume that people doing things differently than you must be too stupid or old or blind to do it "the right way".
If you are going to become an app developer, you shot stop blaming users for not learning your made up UI language, and start making your app work in their language.
I thought some apps and iOS had already responded to this workflow by doing smart things when users try to create screenshots. If they haven't yet, they should. There's no need in the common case for "screenshot" and "share main image" to have different UI entry points. Just pop up a menu asking the user that they want when they push the button.
Pretty sure many apps don't even allow you to save pictures at all. Maybe Facebook is one of them, not sure. That + the button to save pictures not being at the same place on all apps makes screenshots easier and reliable. They simply work.
*added for clarity.