view original photo - privacy risk

I didn't even think about this until I saw an article on the news about "hackers" utilizing EXIF data on photos posted to social network sites to determine the location of interesting subjects.

When dolphin resizes your images, it appears to do an effective job at stripping all EXIF data, to include the GPS coordinates that now get embedded from GPS capable devices (iphone, android, etc).

The only weak spot I have found is the 'View Original Image' link on the photo view page, this opens the original image in the browser window and viewers are able to extract full EXIF data from that file, unless the submitter had already done so.

If you want to remove the view original button, get rid of this action box in the database: bx_photos_action_view_original

This may or may not be a concern for your sites, but i'd say if you run it as a dating service this 100% affects your members privacy rights and exposes their location to unwanted eyes, in the perfect circumstances. I find that only 2-3% of the photos on my site come from a GPS capable device, so it may not be that big of a deal but something to be aware of.

If I understood your correctly do you want a clear EXIF info into all uploaded images?

That would be preferred, either completely clear EXIF or just the geocoding details if they exist on all images to include the original.

Other option is to allow administrator to allow or deny users the ability to use the View Original photo button, which is what I have done. The original photo with the full EXIF details still exist, but the average member is not going to find it.

submit a support ticket

I'm so buried in development costs I can't afford the $1 it takes to submit a ticket

Seriously though, If I didn't put the workaround in that I now have in place, I probably would submit the ticket. I'm now trying to address forum attachments..