[gruez]

I'm sorry, but that's some tin foil hat level paranoia with no basis in reality. What's your threat model here? That Apple wants to deanonymize HN posters by tying them to their screenshots? Considering that they own the operating system, they could skip all the complicated and detectable stenography-in-screenshots and smuggle your mobilesafari (or webkit, which all apps are forced to use) browsing history and cookies along with the analytics data they regularly upload (which is way harder to detect). Failing that, they could also use their iOS backdoor and check every screeenshot that was taken a few hours before this post, and see which one matches. I don't imagine there are too many people taking screenshots of their privacy settings on a daily basis. Correlate that with paranoia tendencies (shouldn't be too hard to determine consider they own the operating system), and they trace it back to you with a high degree of certainty.

Something that actually protects your privacy (and doesn't make you stick out like a sore thumb) is getting the screenshot from an image search and posting from a regularly rotated HN account, all the while using tor.

[gorgoiler]

That’s fine, it’s not a big deal, though I was specifically asked.

The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as being from gorgoiler’s phone?

But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.

[AYBABTME]

Another reason could be: if you systematically scrub everything, then a third party wouldn't be able to use the fact that you scrubbed something as a hint that the thing had valuable information in it.

e.g.: if you use an encrypted chat app ONLY after a murder occurred, then this would be suspicious. If you always use encrypted chat apps, then there's no information hint being given about your possible involvement with the murder.

[gruez]

>The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as from gorgoiler?

A lot, actually. But why Apple would take the engineering resources to implement this, and risk all the reputation damage? If they're doing it for the money, how would they monetize it? If they're being coerced by the government, what's the government's motivations? In both cases, is smuggling bits in screenshots really the most plausible way to do it? Surely there must be some better way stenography in screenshots?

>But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.

On the flip side, if you do unusual obfuscation of your uploaded image (eg. heavy post processing), that in itself is an identifying characteristic. You're going to be that guy who uploads his screenshots in greyscale, with heavy compression and blurring. https://xkcd.com/1105/