On 2/5/20 2:55 PM, Hanno Böck wrote:
Hello, I've been asked to bring this discussion to this mailinglist. There's an issue with GIMP that can lead to unexpected disclosure of private information if one tries to use GIMP to remove private data from images. The problem is that when someone "deletes" something with GIMP in an image with an alpha channel it's not actually deleted, the content is just set to be fully transparent. This can of course trivially be reversed. A typical situation where this might become problematic is when somene makes a screenshot for e.g. a social media post and wants to remove something that is private, e.g. a name/address/creditcard number etc. Will Dormann who works for CERT/CC has reported this as an issue[1], however it was closed arguing that this is expected behavior. FWIW I agree with Will Dormann here that this is very surprising behavior, and thus it should be considered dangerous and should be changed. He also told me he tested multiple other popular graphics editors and GIMP is the only one with this behavior. (Also FYI I am planning to write an article about this for Golem.de.) [1] https://gitlab.gnome.org/GNOME/gimp/issues/4487
And why should this mailing list make any difference? I'll even go further in the reasoning. If it makes sense for PNG/WEBP/GIF, why wouldn't it make sense for the XCF format itself? After all some poor souls could send someone an XCF where their credit cars number has been erased in a layer (as a Gimp forum owner, I see people routinely upload their XCF files fro all to see...). So we would have to also clear these data in XCF layers, making the whole editor unusable? _______________________________________________ gimp-developer-list mailing list List address: gimp-developer-list@xxxxxxxxx List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
