Review: MetaClean (Clean Exif/meta Data From Email Attachments Automatically)

Today’s article is about MetaClean, a Thunderbird plugin that you can use to automatically clean Exif (and other meta data) from email attachments. This is not the type of article I usually write, but it’s a very interesting extension for the Thunderbird email client. It’s good enough to help make folks aware of it.

Just the other day, I updated this article:

How To: Sanitize Exif Data From Your Digital Images For Privacy Sake

The update was largely a link that went to a study regarding the privacy implications of Exif data. If you’re unfamiliar with Exif data and its importance, I would strongly encourage you to read the article. I’d also strongly encourage you to read the linked article. If you’re concerned with your privacy, or are regulated to be concerned with the privacy of others, this might just be one of the best extensions you’ve ever used.

See, Exif data is just one type of meta data. Lots of files, from pictures to text documents, contain meta data. For example, a file generated by a rich text editor (such as LibreOffice) will contain your username, may contain a record of edits, and may contain a list of usernames that have also edited it. Meta data contains all that and more.

Enter MetaClean…

Note: MetaClean is a proprietary product with an enterprise/business solution that offer their services free for personal use. It’s a closed source product and using it means you trust them to perform the services claimed and adhere to their claims.

The file remains on the server for the time necessary for its processing, depending on the size of the file the processing time varies from 10 milliseconds to 600 milliseconds, after this time the file is removed and it will be impossible to restore it (GDPR compliant).

Read on to learn more about using MetaClean.

MetaClean Automatically Removes Meta Data:

It’s easy enough to add MetaClean to Thunderbird. Just click on Add-Ons and Themes, and then in the search box put “MetaClean.” The search result should contain the extension and you can install it with a single click. It’s remarkably easy.

MetaClean basically uploads all of your attachments to their own server, strips out the meta data (but will leave their own branding in the field, for free users) and then returns the sanitized file to your computer before the email actually sends. I tested this with a number of files and it’s amazingly fast.

Again, it requires that you trust them – and not care that they leave a comment in your meta data. The comment is harmless and won’t lead to you in any way. Your privacy will not be compromised.

Here’s the amazing thing, it not only does all that – but it even works on compressed files – though it only currently supports 7Zip and .zip formats. With them supporting Thunderbird (and it working fine on Linux), we can hope that they’ll expand that to .gz and some folks may like it if it could also work with .rar files. For now, it works just fine with the compressed files I tested.

Meta data is in all sorts of things that you create or touch, though it’s not always a bad thing. It’s sometimes useful to have meta data. I, for one, like to include the ID3 tags with my music files. But, you don’t always want to share the meta data. In fact, in some industries you have to not share it – to be compliant with privacy laws. However, if that’s you, you might be interested in their professional options – where the server that strips the meta data is actually owned and run by you.

Basically, once you’ve added it as an extension, it will automatically sanitize your files – removing any personal meta data from the file. It does this all without any user intervention (once you tell it to automatically do so). If you want to send a file while including the meta information you can also tell the plugin to let that email through with the personal information attached.

Closure:

It’s really that simple. Just install MetaClean and forget it. You won’t have to wonder if you remembered to sanitize your meta data before you sent it. You can be pretty confident that it was sent without that private data still attached. It’s definitely one of the most beneficial and easiest Thunderbird extensions that I’ve worked with lately.

I realize that I forgot to give it a number rating! In this case, it does what it says on the tin. I wish their privacy policy (while excellent) spelled it out a bit better. The tools could be a bit more fine-grained. They could see about adding support for more compression formats. As for the rest, they do great. I’m going to award them a solid 8 out of 10.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Sanitize Exif Data From Your Digital Images For Privacy Sake

When you take a digital picture, the resulting file contains potentially personal information. It is known as ‘Exif‘ and it contains sensitive information. This article will explain how to sanitize Exif data to avoid leaking your personal information.

If this article looks familiar, I’ve previously authored an article on this subject. It’s at the old site, which will be redirected here. I might as well write it anew, using the current style.


UPDATE: I received an email one Morgan Kinney, inviting me to review and include a link to a study they (authored by one Paul Bishoff) had done regarding Exif data and the privacy implications. If this article wasn’t clear enough about the privacy aspect of sanitizing Exif data, then please consider reading the following link:

EXIF metadata privacy: A picture is worth a thousand data points

I’d not normally do this, but their work is well done and is a worthy addition to your understanding of Exif data and the privacy risks associated with Exif data. See the “Closure:” section for more updated information.


Moving on…

Exif is the additional information included in the file your digital camera makes, among other things. It can be as benign as color correction data to orientation settings. In some cases, it can also contain such privacy-wrecking gems as when and where (the GPS coordinates) and when  the picture was taken. It is defined as thus:

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras.

The Exif data can even contain information about the camera’s brand and, as you can see, isn’t limited to just a fancy digital camera. Your other devices, from smartphone to scanner, add this extra data to the file. Anyone who is aware of this can easily look for this data. Exif data has even been used as evidence by the judicial system.

Obviously, there are huge privacy implications with this. You can probably minimize some of the data that’s created by changing your phone/camera’s settings. That does nothing for existing files, and nothing for when your device has no such configuration options.

Let’s See This Exif Data

There are any number of ways to examine the Exif data. For example, this is some of that data and it is being drawn from a program called XNViewMP.

Exif data
Exif data sample. There’s not a whole lot of data with this one.

That one tells you how old the picture is, and not a whole lot more. But, it also now contains the information about the last time it was accessed. That could be of interest, perhaps giving away things like the age of the photo’s subject.

This next picture is the Exif data from one of my cellphone pictures. I have the GPS data turned off, so that wasn’t included. You’ll see a ton of additional information.

More detailed Exif data.
See? Now you can tell I don’t bother updating my phone often.

As you can see, there’s even more data in that file. There may well be even more data in your pictures. It tells you what camera I was using (a cell phone, and an old one at that) and that I took the picture at 14:30, in a well lit room. It even tells you the software version, which may be exploitable to an attacker.

Don’t worry too much about this. It’s a solved problem. You can sanitize Exif data and maintain a bit more privacy. It’s actually remarkably easy.

Many image hosting sites will automatically strip the Exif data when you upload your image.

Let’s Sanitize Exif Data

The tool we’re going to use for this is ‘exiftool‘ and it’s pretty simple. It’s quite likely already in your default repositories, or at least the repositories you can add trivially. In Debian/Ubuntu/Mint/similar, you can install it with:

You’ll need to adjust the command for your distro, of course. Once you have it installed, you can navigate to the directory where you store your images and run something like this to sanitize png files:

Or, if you’re trying to sanitize .jpg images, you’d run this command:

Depending on the number of files in the directory, it could take a little while to run. It’s pretty speedy and it does give you confirmation when it’s done. I’ve used it on large numbers of images at once and it took care of them all in less than a minute. I probably should have paid more attention, that way I’d have some actual numbers for you.

NOTE: The exiftool can actually strip data from other files, including files like PDFs and other such types of documents. A complete list can be found here. Yes, those documents contain data beyond that of the text contained in them. They may contain such data as the computer name, username, and dates and times of file creation and editing.

Personally, I combine both the .png and .jpg commands into one command and I run that command with an alias. We haven’t covered aliasing yet, so I’ll just go ahead and show you what I use.

That, if added to .bash_aliases, would let you use ‘picclean’ to sanitize an entire directory’s worth of png and jpg files. It comes in pretty handy if you’re sharing a bunch of files and want to make sure they’re all clean before you send ’em.

Closure:

Well, there you have it. Hopefully you’ll now know a little bit more about how to sanitize your image files, removing the private data from them as much as you can. If you don’t generate the data in the first place, you don’t have to delete it. So, disable embedding GPS coordinates in your phone (or some fancy cameras) and don’t take pictures of yourself while doing illegal activities.

UPDATE: As mentioned, I’d not normally do this – but there are exceptions. I don’t mind linking to other sites if the content is worth the attention of my readers. If you have your own content and would like to have it referenced here, don’t be afraid to contact me. Just be aware that I decline about 60% of these sort of requests. While I do love guest additions and guest articles, no I won’t be including articles about mortgage rates and the benefits of CBD oil. My readers aren’t interested in articles like that. So, your content needs to be both good and topical.

Thanks, as always, for reading. I always look forward to the feedback, here and on other sites. Don’t forget that you can unblock ads, sign up for the newsletter, donate, or contribute by writing an article or two. Don’t forget to share this site with your friends. Share the love!

UPDATED: (Updated on 01/23/2022)

Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.