Hello Paul,

Hm, sorry but not too sure which page are you referring to here. Can you please advise?

for example in your demo: http://demo.stackideas.com/easysocial/albums/item/94-nice-photos/user/darius-scott

when you look at that album you see this metadata from the photo: "23 March 2014 at Huron Regional Airport (HON), 426 15th Street Northwest, Huron, SD 57350, USA"

That is nifty and not all cameras will provide that kind of detail but increasingly more will. The problem with it however is that there are privacy and legal issues with publishing this metadata. It needs to either be optional at the user's choice or not published. In the United States this would correspond to some federal and state/local laws and in Europe I believe these laws are even more strict. In the U.S. the FTC has standards for the Internet for children 13 or younger. However there are a larger collection of laws for "minors" this would be anyone under the age of 18. These laws are getting increasingly complicated both because it (privacy) is a hot issue right now and because all levels of government are chiming in and passing new laws.

As a general rule for administrating a website, anything that touches on privacy issues, you always have to start with the strictest standards/considerations and then give users any options from there that you as the website owner/publisher would want to offer - essentially where your users have to consciously opt-in for any relaxation of privacy or "sharing".

When you create an ALBUM, you are given the option to add a location or not. I don't think it is pulling it from the picture itself

checksum: not accurate for the individual photos. I tested this locally. It is displaying metadata from the photo

Hello Paul,

Ah, these data is actually coming from the exif data. You can remove this by editing the file /administrator/components/com_easysocial/tables/photo.php

        // Detect location for the photo

        if( $exif->isAvailable() && $image->hasExifSupport() )

        {

            $exif->load( $file[ 'tmp_name' ] );



            // Get the location

            $locationCoordinates    = $exif->getLocation();



            // Once we have the coordinates, we need to reverse geocode it to get the address.

            if( $locationCoordinates )

            {

                $my = Foundry::user();

                $geocode    = Foundry::get( 'GeoCode' );

                $address    = $geocode->reverse( $locationCoordinates->latitude , $locationCoordinates->longitude );



                $location               = Foundry::table( 'Location' );

                $location->loadByType( $this->id , SOCIAL_TYPE_PHOTO , $my->id );



                $location->address      = $address;

                $location->latitude     = $locationCoordinates->latitude;

                $location->longitude    = $locationCoordinates->longitude;

                $location->user_id      = $my->id;

                $location->type         = SOCIAL_TYPE_PHOTO;

                $location->uid          = $this->id;



                $state  = $location->store();

            }



            // Store custom meta data for the photo

            $model->storeCustomMeta( $this , $exif );

        }

However, I really don't see this as a problem because eventually if I am able to download the image to my local computer, I could just view the info on Photoshop or any other exif reader.

Mark, your logic may or may not be sound but it doesn't matter. We are dealing with laws and politics. This is why Facebook for example strips the exif metadata on the front end and saves it on their end to protect themselves from both types of legal issues.

I should add that there are good reasons for a site Administrator/Owner to want to save this metadata. One reason is for copyright and proof of ownership of digital media. exif is used to help prove legal ownership of media e.g. the photographer of a photo. law enforcement also uses this data for criminal investigations. So Facebook is probably the best working model of that impossible line between protecting privacy and protecting copyright owners. As I said, the best practice here is to start from the strictest standards and then an "opt in" from the user IF you choose to offer anything beyond that to your users. You do not necessarily remove any legal culpability but you do transfer at least some part of responsibility and show a legal foundation that you made an effort towards protecting privacy and obeying laws.

Hypothetically even if you allow users to opt-in on something like this, what happens if say, 15 year old Tom (minor by U.S. laws) sends 16 year old Sally (minor by U.S. laws) a compromising photo of themselves - compromising meaning that it reveals something that one of them might consider private. Then Sally publishes Tom's photo on your site, even though he (Tom, the legal owner of the photo) had not opted in to reveal the metadata in a photo - like his home address. Publishing the home address of a minor, could definitely break numerous laws. You could definitely get sued and you could definitely face criminal issues resulting in possible fines or at the very least, legal costs to defend yourself.

For that matter, as the developer of the software, Stackideas could also be sued in such a case - by both the minors and their families and by customers of your software who may have incurred legal costs or other damages. Whether or not a suit is won, doesn't really matter. It will cost you to defend yourself.

I am not an attorney though I did attend law school and have dealt with business law and intellectual properties issues, extensively.

Remember, whenever you post/share something online you are susceptible to all sort of privacy issues.
As mark has mentioned, anyone can download the picture to his/her computer and look at the exif info.

checksum, yes did you see my reference to how Facebook deals with this? This is why as a site admin if you take your role seriously you stay informed and follow best practices. Ongoing education of; Implementing and adhering to best practices is what distinguishes professionals from amateurs in any profession. The law even recognizes best practices when considering such things as negligence and liability.

I'm going to have to side with Paul on this issue. EXIF data can be removed from photos, here is an online example of a photo I took where the photo EXIF data is removed. Ideally it would be great if the admin could choose what EXIF data to store. JoomGallery has a manager for this (unfortunately their enable/disable buttons are broken ).

Allowing the admin to configure what EXIF data would not only help the legal issues, but would also save data space on sites that do not need it. In addition to this we could specify what we (the admin) deem as useful EXIF data for the user. So for example if there was a way to manage the EXIF data I could have it store the date taken, shutter speed, f/stop, focal length and maybe a few other details but have everything else stripped. This way we can show the user the techniques used to capture it but not infringe upon both their privacy and clutter the EXIF data with other stuff (makes it over whelming when you have it all).

I second Paul on this issue, like what Josh is saying there should be a management panel for Image EXIF.

We are still in Beta phase and just testing out Groups with our Staff and I'm already getting issue with some people asking to delete their photo because for some reason they feel it's offensive. This issue is not about EXIF Data but I think kind of related. In connection to this issue, I was thinking maybe it is a good idea to add a TOS for users when they Join a Group (join from the frontend or Site Admin assigns a user to the Group) so Site Admin can put up Terms with Photos. This TOS can be in the registration when they signup but just to make sure that Users are reminded of their Rights and Responsibility when joining a group. I was thinking Users will be prompted to Read and click on checkbox TOS when they Join the Group, Apply to Join the Group, and in case of Users added manually to a Group from the Backend, the same TOS popup will appear when they view the Group for the first time.

Hey guys,

We'll be adding an option to disable this altogether in the administration settings area.

Here it is:

Thanks for sharing checksum