Category: Command Line

How To: Sanitize Exif Data From Your Digital Images For Privacy Sake

When you take a digital picture, the resulting file contains potentially personal information. It is known as ‘Exif‘ and it contains sensitive information. This article will explain how to sanitize Exif data to avoid leaking your personal information.

If this article looks familiar, I’ve previously authored an article on this subject. It’s at the old site, which will be redirected here. I might as well write it anew, using the current style.

UPDATE: I received an email one Morgan Kinney, inviting me to review and include a link to a study they (authored by one Paul Bishoff) had done regarding Exif data and the privacy implications. If this article wasn’t clear enough about the privacy aspect of sanitizing Exif data, then please consider reading the following link:

EXIF metadata privacy: A picture is worth a thousand data points

I’d not normally do this, but their work is well done and is a worthy addition to your understanding of Exif data and the privacy risks associated with Exif data. See the “Closure:” section for more updated information.

Moving on…

Exif is the additional information included in the file your digital camera makes, among other things. It can be as benign as color correction data to orientation settings. In some cases, it can also contain such privacy-wrecking gems as when and where (the GPS coordinates) and when  the picture was taken. It is defined as thus:

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras.

The Exif data can even contain information about the camera’s brand and, as you can see, isn’t limited to just a fancy digital camera. Your other devices, from smartphone to scanner, add this extra data to the file. Anyone who is aware of this can easily look for this data. Exif data has even been used as evidence by the judicial system.

Obviously, there are huge privacy implications with this. You can probably minimize some of the data that’s created by changing your phone/camera’s settings. That does nothing for existing files, and nothing for when your device has no such configuration options.

Let’s See This Exif Data

There are any number of ways to examine the Exif data. For example, this is some of that data and it is being drawn from a program called XNViewMP.

Exif data
Exif data sample. There’s not a whole lot of data with this one.

That one tells you how old the picture is, and not a whole lot more. But, it also now contains the information about the last time it was accessed. That could be of interest, perhaps giving away things like the age of the photo’s subject.

This next picture is the Exif data from one of my cellphone pictures. I have the GPS data turned off, so that wasn’t included. You’ll see a ton of additional information.

More detailed Exif data.
See? Now you can tell I don’t bother updating my phone often.

As you can see, there’s even more data in that file. There may well be even more data in your pictures. It tells you what camera I was using (a cell phone, and an old one at that) and that I took the picture at 14:30, in a well lit room. It even tells you the software version, which may be exploitable to an attacker.

Don’t worry too much about this. It’s a solved problem. You can sanitize Exif data and maintain a bit more privacy. It’s actually remarkably easy.

Many image hosting sites will automatically strip the Exif data when you upload your image.

Let’s Sanitize Exif Data

The tool we’re going to use for this is ‘exiftool‘ and it’s pretty simple. It’s quite likely already in your default repositories, or at least the repositories you can add trivially. In Debian/Ubuntu/Mint/similar, you can install it with:

You’ll need to adjust the command for your distro, of course. Once you have it installed, you can navigate to the directory where you store your images and run something like this to sanitize png files:

Or, if you’re trying to sanitize .jpg images, you’d run this command:

Depending on the number of files in the directory, it could take a little while to run. It’s pretty speedy and it does give you confirmation when it’s done. I’ve used it on large numbers of images at once and it took care of them all in less than a minute. I probably should have paid more attention, that way I’d have some actual numbers for you.

NOTE: The exiftool can actually strip data from other files, including files like PDFs and other such types of documents. A complete list can be found here. Yes, those documents contain data beyond that of the text contained in them. They may contain such data as the computer name, username, and dates and times of file creation and editing.

Personally, I combine both the .png and .jpg commands into one command and I run that command with an alias. We haven’t covered aliasing yet, so I’ll just go ahead and show you what I use.

That, if added to .bash_aliases, would let you use ‘picclean’ to sanitize an entire directory’s worth of png and jpg files. It comes in pretty handy if you’re sharing a bunch of files and want to make sure they’re all clean before you send ’em.

Closure:

Well, there you have it. Hopefully you’ll now know a little bit more about how to sanitize your image files, removing the private data from them as much as you can. If you don’t generate the data in the first place, you don’t have to delete it. So, disable embedding GPS coordinates in your phone (or some fancy cameras) and don’t take pictures of yourself while doing illegal activities.

UPDATE: As mentioned, I’d not normally do this – but there are exceptions. I don’t mind linking to other sites if the content is worth the attention of my readers. If you have your own content and would like to have it referenced here, don’t be afraid to contact me. Just be aware that I decline about 60% of these sort of requests. While I do love guest additions and guest articles, no I won’t be including articles about mortgage rates and the benefits of CBD oil. My readers aren’t interested in articles like that. So, your content needs to be both good and topical.

Thanks, as always, for reading. I always look forward to the feedback, here and on other sites. Don’t forget that you can unblock ads, sign up for the newsletter, donate, or contribute by writing an article or two. Don’t forget to share this site with your friends. Share the love!

UPDATED: (Updated on 01/23/2022)

Smash a button!
[Total: 5 Average: 5]

Prevent Application Updates With ‘YUM-VERSIONLOCK’

I recently wrote a similar article, illustrating how you can use ‘apt-mark’ to prevent application updates. While that was handy, it only applied to those who use APT as their package manager. It offered nothing of value to those who use YUM.

This article will explain how you can prevent application updates with ‘yum-versionlock’. You will learn how you can temporarily prevent application updates when you have no choice but to.

In the previous article, I explained that you should always use the most up-to-date software that you can, at least if your system is connected to the public internet. Software updates provide security fixes, not just bug fixes.

Not updating means you’re vulnerable and your vulnerabilities may impact other users. For example, your computer may become a part of a botnet, a spam relay, or even be used as a command and control device for those things. As a global citizen of the ‘net, you’re obligated to do what you can to minimize harm.

So, it is possible to prevent application updates, but you really should only do so when it’s absolutely necessary. In an ideal world, you’d be able to always use the updated version, but we don’t live in that world. We live in the real world, where we have things like compliance and compatibility issues. 

YUM, what is it? YUM stands for Yellowdog Updater, Modified. It’s a package management utility for RPM based distros. You’ll find YUM in distros like RHEL, Fedora, and even OpenSUSE. It’s fairly widely used, though many of the RPM-based distros are more prominent in the server space than they are in the desktop space.

These days there’s actually DNF (which stands for Dandified YUM – don’t blame me, I don’t name these things) but that’s not important today. Today, we’ll be using ‘YUM-VERSIONLOCK‘ to prevent application updates.

Prevent Updates with ‘yum-versionlock’

Unlike ‘apt-mark’, you’ll need to install something in order to do this. It should also be mentioned that there are other ways to accomplish this, but this is the easiest way to prevent application updates. Using versionlock is the most straightforward way of accomplishing this.

First, you’re gonna need to crack open your terminal. You can do that by using your keyboard. Just press CTRL + ALT + T

Once your terminal is open, you’ll need to install ‘yum-versionlock’. You can try this first:

If that gives you an error, I can’t figure out where the name changed, then you can most likely install it with:

Once you have it installed, you can check the man page to see how you use it. Even if you installed it with the second command, the man page is still found at:

The one-liner quite accurately defines versionlock as:

yum-versionlock – Version lock rpm packages

Anyhow, to use it to hold a package at its current version, you simply use:

NOTE: The command supports wildcards. You can use an asterisk with this command. The command will give you feedback. You can also use ‘add’, but it’s redundant.

If you want to remove the lock, which you should do as soon as realistically possible, then the command is fairly evident. It’s just:

If you, like me, don’t always keep the best notes and don’t have the greatest memory, then you can list the locked packages with this command:

There’s no need for elevated permissions with that command, but it will take a little while for it to complete. It will output any locked packages and you can unlock them individually. Again, you can use wildcards in this command.

However, you can remove all the locks with just one command:

As you might expect, that removes all the locks and your system will resume updating normally. You should not keep software locked to one version for long. Though you may be using a LTS-type distro, only getting minor point release upgrades, you are still getting security updates. Keeping your system secure makes you a good netizen. 

Closure:

And there you have it. Another article in the books, this one explaining how to stop updates for specific applications. Thanks for reading and feel free, nay encouraged, to leave feedback. If you have any ideas for articles, feel free to share them. You can also contribute by writing your own article. I’ll even edit it up for you!

Don’t forget that there’s a newsletter (we never spam or share your address with anyone, it’s all in-house) and you can even donate. I’d kinda like the site to at least pay for itself, simply out of principle. If not, there are ads you can unblock! Even if you do none of those things, there are good odds that I’ll keep this site up, running, and interesting.

Smash a button!
[Total: 0 Average: 0]

Prevent Application Updates With ‘APT-MARK’

While unwise, there are times when you need to prevent application updates. You can do this with ‘apt-mark’ and this article will explain how. Obviously, this method is only effective if you use a Linux distro that has an APT-based package manager.

For the most part, you should always keep your software updated. However, that’s a rule for the Ideal World®. For the rest of us, those of us that live in the Real World®, you’ll almost certainly run into an eventuality that requires you to keep an existing, specific version of software.

While entirely stupid and irresponsible, I kept a version of Thunderbird past its due date because the update simply ruined my existing installation. I only kept that outdated version long enough to make the leap to a more recent distro version. The tool I used to prevent application updates was apt-mark.

You will have your own reasons, from compliance to stability to functionality, for keeping the same version of your installed software. You should only use this sparingly, only as necessary, when there’s simply no other solution. This should also be a temporary measure. You should always try to use the upgraded software because there are (possibly) security implications if you don’t.

A little about APT

While we’ll technically be using ‘apt-mark‘, it should be mentioned that APT stands for Advanced Package Tool. It’s the default package manager that is used in many distros, mostly Debian and those of Debian descent. So, you’ll see it in everything from Ubuntu to Linux Mint. 

In the desktop scene, I suspect it’d be the most common of all package management tools. Even if you use a different distro with a different package manager, you should probably have a basic familiarity.

Using ‘apt-mark’ hold and unhold

The tool we’ll be using is ‘apt-mark’, and the man page helpfully defines it as:

apt-mark – show, set and unset various settings for a package

We’ll only be concentrating on a couple of commands, those necessary when you want to prevent application updates, plus one extra command that will help you keep track of the two commands we’ll be focusing on.

The first of those two commands is ‘hold’. This command is used when you want to ‘hold’ a package at its current version, preventing upgrades. Remember, this should really be used only when there’s no other solution, as many upgrades fix security issues as well as bugs. It’s actually a fairly simple command.

When you enter this command, you’ll get a confirmation message. It will tell you that the application is now being held. It will remain held until you ‘unhold’ it. So, it’s a set-it-and-forget-it type of deal, though you shouldn’t really forget it. You should undo it as soon as you realistically can.

To reverse the restriction, resuming your normal updates, you simply need to ‘unhold’ it. The command is fairly obvious, and it looks like this:

That will free the hold on the package and tell you that the hold has been lifted. The package should then upgrade as necessary and as issued. If new upgrades show up in the repositories, it should function as normal and upgrade like it did prior to the hold.

If you are like me, you may well forget that you’ve held packages back. The package names are often long and nonsensical, so they’re easy to forget. In the heat of the moment, you may have forgotten to make a note of the package(s) you’ve held.

Don’t worry, ‘apt-mark’ has you covered! When you want to know what packages are being held, just run this command:

Note the lack of ‘sudo’ in that command. You don’t need sudo because you don’t need elevated permissions to list held packages. You only need elevated permission if you want to change something. As that command only lists them, you can run it as a normal user.

The apt-mark command has a ton of other uses, this is not an all-inclusive article. You can always see the man page for more help and the rest of the features. This article is only covering the ‘hold’ and ‘unhold’ functions. Maybe there will be another article covering other aspects, but this limited in scope – preventing application updates.

Like always, thanks for reading and I appreciate the feedback! Don’t forget that the site has ads enabled and that you can donate. So, if this article helped you learn how to prevent application updates then show some love! Otherwise, sign up for the newsletter or share this article with your friends on social media. Thanks!

 

Smash a button!
[Total: 2 Average: 5]

When Did I Install Linux? (Expanded Edition!)

In the other site’s version of this article, I only had information for Ubuntu. This time, I’ll expand it to cover the major distros. It seems like a good a time as any to fix this. (I’d link to the original article, but that page will now direct here.)

I’m not sure why you’d want to know when you installed Linux. I suspect that reason mostly curiosity that people ask, “When did I install Linux?” The question pops up with some regularity.

It’s really not vital information, and as such, it’s not a generic command that you can run to retrieve the information. There isn’t a whole lot I can do with the answer, except maybe jar a few memories loose. “Oh, yeah… That’s when I installed, so I must have bought the computer around that time!”

Really, this isn’t all that important. Still, it’s a fairly often asked question. If you have found a real use for this information, please feel free to leave a comment and to let us know why you need this information.

Let’s get on with it, shall we!

When Did I Install Linux?

Like many exercises, this one starts with opening up your default terminal. You can use your keyboard, by just pressing CTRL + ALT + TOnce you have the terminal open, you can use the following commands to see when you installed Linux.

Ubuntu/Debian/Derivatives:

If that doesn’t work, you can also use:

NOTE: Change /sda1 to the disk where you installed Linux.

Fedora/RedHat/Derivatives:

Arch/Manjaro/Derivatives:

And, there you have it. You now know how to check to see when you installed Linux. If you use some obscure distro (or have other ways to get this information) please feel free to leave a comment.

This article was revamped due to a comment from Wiz at Linux.org. They mentioned that they’d used the previous article and that they wanted the information for other distros. So, that feedback does work – even if it may take months to happen. Seriously, leave feedback and I’ll do what I can.

Finally, and as always, thanks for reading. You may have not noticed, but the site is now running ads from Google. It’d be great if you whitelisted this domain, but it’s okay if you don’t. Don’t forget the newsletter, that you can donate, contribute an article, and that you can share this article with your friends. 

Smash a button!
[Total: 8 Average: 5]

How Long is my Ubuntu Support Going to Last?

Ubuntu versions, and official flavors, have different lengths of time that they’re supported. Today, we’ll learn how to tell how much longer you have Ubuntu support and what you can do about it.

Every two years, Ubuntu releases a LTS version. That means “Long Term Support” and the support length for that is usually 3 years, and then it enters ESM, which means Extended Security Maintenance. Except when they don’t, and you get 5 years of support and 10 years of ESM.

Ubuntu’s official flavors have LTS versions that also come out every two years. Those are supported for three years and then you have no access to the flavor-specific updates unless you update to the newest LTS version of said official flavor.

Every six months, Ubuntu releases an ‘interim’ release. These releases are supported for nine months, which means you have a three month window to upgrade to the next version before the upgrade window closes. These releases also explore new versions of software that will make it into the LTS releases.

LTS releases are always YY.04 releases, but not all YY.04 releases are in fact LTS releases. They’re only LTS releases if the year of release was an even year. So, 18.04 and 20.04 are all LTS releases and there won’t be another LTS release until 22.04 –  which, according to Ubuntu’s versioning format will be in April of 2022.

Confused yet?

I can’t blame you if you are! After all, unless you spend all your time learning about this sort of stuff then you’re not going to remember that. At best, you have the “proper” configuration and you upgrade when your OS tells you to upgrade. If you’re using an interim release and miss that upgrade notice then it can be quite an ordeal to upgrade to a new version.

Let’s figure this out.

How To: Check Ubuntu Support Status

Fortunately, you can check your support status pretty easily. The results may be confusing, but you’ll figure it out.

Like so many articles, let’s crack open the terminal. Just use your keyboard and press CTRL + ALT + T to open your default terminal emulator.

If you’re using 18.04 or older, then you use the following command:

If you’re using 18.10 or newer, then you’d use this:

Your output will look something like this:

Which, as you can see, says I have support until 2025. If I had ESM enabled, that’s software from the Ubuntu Advantage program, then I’d have security updates even longer. As you may recall, that requires Snap apps, and I’ve chosen to disable Snap Applications. So, obviously I won’t be doing that whole ESM thing. 

Not that it matters with the ESM, because I’m using Lubuntu. Where it says 2025, I have to assume “official support” to only last until 2023 – three years of support. Now, you can keep using an official flavor beyond those three years, it’s just that the official flavor parts won’t be getting any additional updates. That’s generally considered a Bad Idea®. But, you can do so, and that’s why the date for ending Ubuntu support is later than it really is.

Anyhow, that should make it more clear. You should find the end date of your OS’s support and keep that in mind. You should make plans to upgrade in a timely manner, because security updates are important to you and the rest of the ‘net.

NOTE: When your computer isn’t upgraded you’re a threat not just to yourself. You risk becoming compromised and becoming part of a botnet, spamming relay node, or worse. So, keep things upgraded. Thanks!

Like always, thanks for reading. You can participate by contributing articles, donating, or sharing the links with others. You can also sign up for the newsletter. I promise, I won’t send you any spam!

Smash a button!
[Total: 4 Average: 5]
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Zoom to top!