David Huerta 2019

Digital Security Trainer

Last updated
A crowd in a protest wearing Guy Fawkes masks.

Photo by Richard. CC BY 2.0

By and large, the most used cameras in people’s hands are the ones built into their smartphone. Smartphones present their own privacy and security risks, which we have some guidelines on how to address, but they also provide some tools to quickly adjust and redact sensitive photos, such as images of sources or others who would be at risk by having their photo shared.

Redaction: What works and what doesn’t

There are no shortage of app filters and algorithms that try to detect a person or a face in a photo, then cover it. Sometimes, these exist as filters on photo sharing apps, with varying degrees of effectiveness. Unfortunately there is often little visibility into what happens with the original photo once it’s opened in a platform’s app and if it is sent alongside the edited version to the platform owner.

A screenshot of Facebook's law enforcement data request portal

In the case of Instagram filters, that platform owner is Facebook, which has a dedicated portal to serve requests for user data from law enforcement, including things you may have set to appear only to close friends or friends. Other platforms are not alone in this—TikTok and Snapchat also have processes in place for handing over your photos, videos or more to the police. Because of this, unwittingly sharing the original, unredacted photos with those platforms introduces the risk of those photos falling into the hands of law enforcement. However, your smartphone likely allows you to redact photos before sharing them.

Both iOS (Apple) and Android phones have built-in apps for you to edit photos before sharing them. On iPhones, that’s the “Photos” app, which allows you to mark up a photo before sharing it, like adding shapes, text and more. On Android it varies, but on newer Android phones there’s usually an app that’s also coincidentally called “Photos” which lets you similarly edit a photo before sharing it.

Example of an redacted work ID card which is actually a sharpie illustration it has a sunglasses face emoji over the face and black rectangle over the ID number

Example of an unredacted work ID card which is actually a sharpie illustration on the back of a coffeeshop punch card

There are numerous methods available to blur the original, but some of these algorithms may be vulnerable to some de-obfuscation methods, and it’s better to completely block a number, face, identifiable tattoo or whatever you’re trying to cover with something completely opaque. Consider redacting images by adding plain old-fashioned black rectangles or spice things up 🌶🔥 by overlaying your favorite emojis with your photo editor’s text tool.

After saving the edited version, don’t share it yet. Take a screenshot of it to make a copy without the metadata—that is, data about data.

Wait, what about metadata?

A screenshot of a redacted photo's metadata in Tails OS

Even with parts of the photo successfully redacted, digital photos contain metadata, which we’ve previously written about in-depth. How much and what kind of metadata depends on your phone, the app you use and the settings you have to change to include or not include that metadata. Because every phone, every app, and every combination of settings will yield different types of metadata, the best thing to do is never share the original photo. Instead, if you’re on the go, you can use your phone’s built-in screenshot feature to make a copy of the photo as displayed on your screen without the original’s metadata. Instructions for taking a screenshot are available for all iPhones and most Android phones.

Note: Some Android phones may add new metadata in screenshots, (though it won’t be the same as metadata in the original photo)! If this is the case with your phone, or if you just want to take an extra precautionary step, you can use Signal to send the screenshot copy to “Note to Self," which will send you back a copy of the photo with the metadata removed that you can then save to your phone.

After creating a screenshot of the redacted image, you can then crop out the phone’s clock, cell signal strength indicator and app buttons—which are in themselves a kind of metadata that you don’t need to include, then finally share your photo safely with the world.