On Mon, Dec 23, 2019 at 12:19:21AM +0000, alexandre.schm...@gmail.com wrote: > > > > not sure why i just now realize it but > > > > Storing the source path is problematic privacy and security wise > > > > Thanks > > > > What does this means? That it won't be applied? > > Can you give an example on why this would be a security issue, considering > you already have it anywhere, only not available to filters until now? > > Besides, isn't metadata way more sensitive than a simple file path?
About security The file path can reveal a wide range of information like The platform used, The username, A potentially writable location And a lot more depending on how the directories are layed out About privacy The username is commonly related to the users real name, thats sensitive information And a lot more depending on how the directories are layed out consider a doctors office might have directories which use the patients social security numbers in the path The problem here is this is new metadata, the input never contained this sensitive data but depending on what is done downstream with it the output might contain this sensitive metadata converting inputfile to outputfile shouldnt result in outputfile containing sensitive information that wasnt in the input and that the user did not explicitly ask for to be addded To show why for example thers a privacy concern here, a slightly unfunny hypothetical example: A girl gets stalked by some guy online, she takes a screenshoot of the message the guy sent her on facebook. And uploads that picture sadly the picture contains her name, phone number and GPS coordinates without her knowing. About "That it won't be applied?" I think the feature makes sense but it must be ensured that sensitive data isnt added or leaking somewhere without the users knowledge and concent Thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB "I am not trying to be anyone's saviour, I'm trying to think about the future and not be sad" - Elon Musk
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
