ImageMagick is a suite of tools for Linux which allows you to manipulate images from the command line. The “
convert” command allows you to perform image conversions and image transformations;
however, there are several other tools included in the suite, some of
which allow you to work with the Exif data in JPEG photos.Your Linux distribution probably has ImageMagick already installed, but if it doesn’t, you can add it
on Ubuntu, Debian and Raspbian using:
sudo apt-get install imagemagick |
On RPM based distributions you can use:
su -c 'yum -y install ImageMagick' |
To view some basic information about the image, use ImageMagick’s “
identify” command:Unfortunately, the resulting output won’t tell you much beyond the filename, its dimensions and the filesize.
To see more, use the “
-verbose” flag:identify -verbose IMG_1312.JPG
|
You can use “
grep” to find just the Exif data:identify -verbose IMG_1312.JPG | grep exif |
grep” search:identify -verbose IMG_0312.JPG | grep exif:Make: |
You can search for multiple fields at once using the “
\|”
operator in grep. So to search for the date, the make of camera, the
camera model, file size, the number of megapixels and information about
the flash use:identify -verbose IMG1.JPG | grep "DateTime:\|exif:Make:\|exif:Model\|Filesize\|Flash:\|pixels:" |
You might be wondering what “exif:Flash: 16″ means. This field can have several different values and is made up of a set of flags where different bits in the number indicate the status of the flash. Bit 0 indicates the flash firing status (1 means fired), bits 1 and 2 indicate if there was any strobe return light detected, bits 3 and 4 indicate the flash mode, bit 5 indicates whether the flash function is present, and bit 6 indicates “red eye” mode. 16 in binary form is 001000 which means flash didn’t fire + strobe return detection not available + flash suppressed. Or in other words, the flash didn’t fire and couldn’t anyway since it was closed/switched off.
The full list of values is as follows:
0=Flash did not fire 1=Flash fired 5=Strobe return light not detected 7=Strobe return light detected 9=Flash fired, compulsory flash mode 13=Flash fired, compulsory flash mode, return light not detected 15=Flash fired, compulsory flash mode, return light detected 16=Flash did not fire, compulsory flash mode 24=Flash did not fire, auto mode 25=Flash fired, auto mode 29=Flash fired, auto mode, return light not detected 31=Flash fired, auto mode, return light detected 32=No flash function 65=Flash fired, red-eye reduction mode 69=Flash fired, red-eye reduction mode, return light not detected 71=Flash fired, red-eye reduction mode, return light detected 73=Flash fired, compulsory flash mode, red-eye reduction mode 77=Flash fired, compulsory flash, red-eye reduction, no return light 79=Flash fired, compulsory, red-eye reduction, return light detected 89=Flash fired, auto mode, red-eye reduction mode 93=Flash fired, auto mode, no return light, red-eye reduction 95=Flash fired, auto mode, return light detected, red-eye reduction |
Privacy concerns
Although having the make and model of your camera embedded into the photos probably isn’t much of a privacy problem, having the GPS location of where the photo was taken certainly can be.At the end of 2012, John McAfee – famous for starting the McAfee anti-virus company – went on the run after the murder of his neighbor in Belize. He fled to Guatemala but gave an exclusive interview to reporters working for Vice. Unfortunately McAfee was photographed by one of the reporters using a smartphone that stored the GPS information in the Exif data. When the photo was subsequently uploaded to the Internet, his location was revealed and he was later arrested. Additionally, the recent documents leaked by Edward Snowden show that the NSA analyses photos to extract their Exif data.
As a result, it is sometimes useful to remove all the Exif data from a JPEG. This can be done using ImageMagick’s “
mogrify” tool. To remove the data, use:mogrify -strip IMG_0312.JPG
|
identify -verbose” against the image, and you will notice that all the Exif data has been removed.
