Hacker News new | ask | show | jobs
by gorgoiler 2412 days ago
That’s fine, it’s not a big deal, though I was specifically asked.

The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as being from gorgoiler’s phone?

But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.
2 comments
AYBABTME 2412 days ago
Another reason could be: if you systematically scrub everything, then a third party wouldn't be able to use the fact that you scrubbed something as a hint that the thing had valuable information in it.

e.g.: if you use an encrypted chat app ONLY after a murder occurred, then this would be suspicious. If you always use encrypted chat apps, then there's no information hint being given about your possible involvement with the murder.

link
gruez 2412 days ago
>The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as from gorgoiler?

A lot, actually. But why Apple would take the engineering resources to implement this, and risk all the reputation damage? If they're doing it for the money, how would they monetize it? If they're being coerced by the government, what's the government's motivations? In both cases, is smuggling bits in screenshots really the most plausible way to do it? Surely there must be some better way stenography in screenshots?

>But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.

On the flip side, if you do unusual obfuscation of your uploaded image (eg. heavy post processing), that in itself is an identifying characteristic. You're going to be that guy who uploads his screenshots in greyscale, with heavy compression and blurring. https://xkcd.com/1105/

link