Where can I find this library?
that bcrypt one (ignoring everything past the first 72 bytes) is concerning
Yep, that’s why mastodon only allows for 72 characters maximum in passwords, I assume.
Is that cursed? Seems like the right privacy-focused default behavior and good design to me
Imo the cursed part is that only some do that and not all.
It’s cursed because it happens silently, such that you might accidentally be deleting gps data you wanted to keep without noticing, for a reason that you probably wouldn’t think to check, probably instead erroneously filing a bug on the app for doing it.
Unless I’m uploading pictures to cloud storage I want GPS data filed off. I’d rather have some unnecessary bug reports targeting the wrong things then stalkers showing up at my door.
Immich is a self-hosted photo hosting service. They’re listing this in their docs because people are trying to upload photos with GPS data, hitting this cursed behavior because they didn’t give immich Location access (because why would you?), and then filing unnecessary bug reports on them about their disappearing data.
To be clear, no one is against stripping GPS data, that’s not what anyone takes issue with, it’s the silently part that is unexpected behavior.
I think all apps should have those explanation screens of what’s not going to work if you deny X permission and why, especially in the case of an issue like this
It should request location access, and if it’s denied tell the user that it won’t be able to get the location data from images and give them a button to have it ask permission again
I find it to be a bit sketchy in general, because it means the OS is actually parsing and editing the actual bytes of the file contextually when an app tries to access it. Probably making a shadow copy somewhere without the GPS exif data.
But yeah, I agree, at a minimum the OS should pop up a notification that “By default, GPS data will be stripped from the file due to inadequate location permissions” until the user either changes their preference or says “that’s fine, don’t remind me for this app”. Having it happen silently just isn’t good.
You’re probably right but it wouldn’t be a clean implementation for the os to do it. If it was more universal and better documented app devs could just put notices in themselves