If you are concerned about privacy then you probably know that it isn’t good idea to use your real name as a Windows account name. Not only Windows contains security flaws that can steal your username, but it is prominently displayed on your laptop’s sign-in screen, and any person who is behind you knows your first name and last name.
Today’s story is about Windows 10 built-in tool that is used to take screenshots – Snipping Tool. It is very convenient software utility that allows you to capture full-screen images of your PC’s display or just a window or a part of it.
It is very easy and convenient to take a snip and share it in the internet. However, when you are sharing it in the form of JPG image, you are leaking your username or full name (in case you use it as sign-in or account name in Windows 10). Thankfully save as JPG is not the default setting for saving images, the PNG is. But also note that there is no any option or indication that your name will be embedded into image metadata also know as Exif Header.
I have created Capture.jpg image as an example using Windows 10 test account with the name of fictitious character – Drip Leaker Junior to illustrate the leak. After saving .jpg image on the storage, click right mouse button on it and choose Details tab. You will see your name under Authors property.
Fortunately there is an option to “Remove Properties and Personal Information” in the same Details tab as shown in the screenshot above. But unfortunately it does not remove information completely. That would be fun if NSA was behind this, but most probably this is just a bug that causes your name leakage hidden from you but visible to any computer savvy person.
So what happens after you click on the “Remove…” link? It asks you to create copy with all possible properties removed or allows you to remove selected properties from the original file. See the screenshot below.
It doesn’t matter which option you choose, the personal information is not removed. It seems removed if you open file properties again (right click on the file, and choose Details tab). But isn’t. Your username/full name is still embedded into JPG file.
To understand what is happening behind the scenes you will need some file viewer or better – Hex Editor. A program or App that can show contents of any file in byte or character representation. Using a such app can reveal information that usually is not visible to naive user.
Now if you look at the original Capture.jpg file using a such tool, you will notice embedded username in 3 places. See the hex dumps below.
When you use feature “Remove Properties and Personal Information”, it removes last entry, around 012B0 address, but leaves other two untouched. Also, notice 0x00 between characters in the second hex dump. Most probably it is Unicode version of the author.
Why I didn’t report this bug to Microsoft? I actually did report the same bug for Windows 8 about five years ago, and the fix never came…
So what can you do to prevent your personal information leakage? Maybe stick to the .png format (the default one) which seems to not have this bug. Or try to submit bug to Microsoft. Perhaps you will have better luck than me.
Software used to in the tests – fully patched Windows 10 Pro 64-bit, Version 1803 (OS Build 17134.167). Hex Editor used – freeware Febooti HEX Editor.