I work with Canon cameras a lot as a developer, and sometimes discover nasty things in their firmware. Most of the time these are just annoyances that delay or block some feature’s availability, but what I recently found may have a serious impact on every Canon EOS camera user’s privacy.
To demonstrate the issue I’ll use my ShutterCount app, which among many other things, can display camera data in question.
The Problem
You are a photographer who cares about intellectual property rights and thus properly set up copyright info in the camera. This consists of four fields: owner name, artist name, copyright and (on newer pro cameras) IPTC info.
Now, you are also privacy-conscious, and delete these before selling a camera to a used equipment dealer. You use the camera’s Delete copyright information menu item, thinking that it will remove everything. Unfortunately this isn’t the case. Besides not touching owner and IPTC fields at all, it only replaces the very first character of the author name and copyright fields with a zero, leaving your previously set copyright information in the camera.
ShutterCount‘s new Raw Copyright Information feature reveals deleted data.
Moreover, setting a shorter-than-previous author or copyright using the camera’s menu will just overwrite the newly entered characters, leaving part of the previous longer text unmodified.
Red characters mark the leftover, black characters are legitimate, currently active text. Zero memory values are displayed as spaces for better legibility.
Leftover after setting shorter text in-camera.
The remote control interface is also affected. Using EOS Utility (and possibly many other remote control apps) will fill the remainder of these fields with arbitrary memory contents of the camera. Actually this is what triggered my research into the issue: I saw part of my address from the IPTC info in the author field.
The garbage EOS Utility leaves. Note parts of the previous values!
As far as I know, this behavior is exhibited by every single Canon EOS digital camera model announced since 2007.
Consequences
Your identity may be exposed to anyone who buys your camera through a used equipment dealer. I don’t know about you, but the idea that some camera-illiterate idiot will bug me after buying my old camera through a shop makes me uncomfortable.
Or worse, your long-sold camera may be found on a crime scene, and CSI finds the copyright info that accuses you being connected with the crime. Creepy, isn’t it?
Yeah, private information leaks are creepy. But this bug is double-edged sword, and may be terribly useful every once in a while.
Suppose your camera was stolen, and the thief deleted your copyright with the aforementioned menu command. Law enforcement will be able to reveal that it actually belongs to you.
Used equipment dealers may also benefit from it, being able to double-check the camera’s owner.
Mitigation
There’s a zero-cost method, which takes some time, but there’s also an automated method, which costs a few bucks.
The zero-cost method is to first delete both the owner and and IPTC info with EOS Utility, then go into the camera’s menu and completely fill the author and copyright fields with spaces, or X characters (or anything you would like), and save them. Then use the Delete copyright information menu item.
If you prefer the automated method, ShutterCount‘s Wipe Personal Data command will securely wipe all ownership and copyright information from the camera. This feature is available in the Pro version, or after you purchased the Plus Plack in the regular version.
I’d like to mention that the Copyright Information Template in both my ShutterCount and Kuuvik Capture apps will set the author and copyright fields properly, removing any previous leftover.
Ultimately I hope Canon will step up and address this issue by properly zero-padding the author and copyright fields, regardless of whether they were set in-camera, or remotely.
Exploiting It for Good Purposes
As you know by now, ShutterCount can reveal the extraneous information contained in the author and copyright fields, and can be used by anyone who has a reason to peek into that. It displays the dialog box what you see on the screen shot above.
I’m sure used camera shops and law enforcement agencies will find this feature rather useful. And hope that camera shop personnel will go through their used assets now, wiping personal data from every single one of them as a courtesy to previous owners.
The mentioned features are available in ShutterCount 4.7 or later. The Raw Copyright Information and Wipe Personal Data commands are on the Camera menu on macOS and under Camera Settings on the More tab on iOS.
