- General
- GDPR
- Analysis
- Security
Frequently Asked Questions
This FAQ describes the current site operations and policies.- What is FotoForensics?
FotoForensics provides budding researchers and professional investigators access to cutting-edge tools for digital photo forensics.
In August 2007, Dr. Neal Krawetz gave a presentation at the Black Hat Briefings computer security conference. The presentation, titled "A Picture's Worth", covered a handful of novel photo analysis algorithms. (A video of the presentation is available from iTunes, search for "Krawetz". The associated white paper and slides are available online.) Using these algorithms, researchers can determine if a picture is real or computer graphics, if it was modified, and even how it was modified. Dr. Krawetz gave variations of this presentation at different conferences between 2007 and 2010.
Following the disclosure of these algorithms, many people began recreating them. Error Level Analysis (ELA) is one of the simpler algorithms, and many people implemented their own variants. In 2010, Pete Ringwood created the "errorlevelanalysis.com" website as a free service where people could submit photos and web pictures for analysis. The result was an instant hit.
In 2012, Mr. Ringwood decided to retire the site, which had introduced millions of people to the field of photo forensics. Hacker Factor has recreated the service as "fotoforensics.com", maintaining the basic principles that Pete Ringwood established: a free service that provides an introduction to photo forensics. - Who provides this service? Hosting, administration, and site development are not free. This site is sponsored by Hacker Factor.
- What is the privacy policy?
This site's privacy policy is very basic: this is a public site. There is no web login and there is no privacy. Do not assume that the pictures you submit will be kept private.
If you want to use a private service, then visit the FotoForensics Lab: https://lab.fotoforensics.com/ - What information does this site collect and how is it used?
This site collects pictures that are submitted, information about the pictures (where it came from, when it was submitted, how often it is accessed), and typical weblog information.
While the pictures are displayed upon request by your web browser, other information is used for site management and related research purposes. To reiterate: FotoForensics is a research site; uploaded content will be used for research purposes. We will not publicly disclose personal information, and we will not provide collected information to external third parties (such as advertisers and data aggregates). This website does not collect email addresses. It also does not sell content.
By uploading a picture, you consent to having the picture viewed by FotoForensics, Hacker Factor, and research partners for analysis-related purposes. If the pictures contain illegal or potentially illegal content, then the site administrators may have an obligation to share the information with law enforcement. - Who should I contact about problems with this site?
Problems with this site, such as error messages, connectivity issues, maintenance, etc. should be submitted through the contact form or emailed to
.
Do not send this email address any advertisements, promotional offers, "let's swap links!" requests, or anything from any mailing list. Also, do not send questions about analysis results or requests for technical details about how the algorithms work. This email address is strictly for problems or issues with the website. - Who can use this site?
This free service is available to everyone for personal use. It is intended to give people an introduction to digital photo forensics and image analysis. This site does not draw conclusions or interpret results; it just shows raw data.
Because users interpret the results, FotoForensics takes no responsibility for inaccurate, incorrect, or misleading analysis interpretations.
This free service is not intended for commercial, business, legal, or bulk analysis uses. Commercial, business, legal, and bulk analysis users should use FotoForensics Lab. - What browsers are supported?
FotoForensics works best with HTML5 and CSS3. This includes most up-to-date web browsers. Browsers older than Internet Explorer 9, Firefox version 10, or Chrome version 10 are unlikely to work well with this site.
FotoForensics also requires JavaScript. Browsers that have JavaScript disabled will not be able to access most of the analysis results.
While FotoForensics permits people to upload content, this site does not permit uploads from automated systems (bots). Automated bulk-file uploaders will be banned. - Is Mobile Safari supported?
Apple's Mobile Safari web browser is partially supported. Specifically, Mobile Safari (the default browser on iPhone, iPad, and iPod devices) is only supported for URL uploads and not file uploads. This is because Mobile Safari explicitly alters all images prior to uploading.
- During the file upload, Mobile Safari actively strips out all metadata and recompresses the picture at a low quality. This means that the analyzers on this site will provide virtually no useful information about your picture. For example, Error Level Analysis and JPEG % will identify the resave by Safari and not the original picture. Mobile Safari also strips out the original metadata and substitutes its own, so metadata analysis will be of little use.
- Any analysis would be relative to the stripped, recompressed, and modified picture that was generated by your Mobile Safari browser. Image analysis will identify your browser and platform, but not information about the selected photo.
- If your picture is considered "evidence", then your Mobile Safari browser will tamper with the evidence.
To reiterate: this is a browser issue and not a website issue. Although you want to evaluate the picture, the Mobile Safari browser is preventing analysis.
Fortunately, there is a solution: use a different web browser. Chrome and Firefox for Apple devices do not have this tampering issue and will allow you to upload the actual picture for analysis. - What proxies are supported?
Proxies are used to relay network requests through other computer systems. These are usually corporate proxies or small residential proxies that are used to share a network address between related computers. Proxies may also include translation systems, web virus scanners, and web speed improvement systems. For example, Google Translate and Chrome's "Data Saver" option both operate as proxies. However, proxies can also be used to intentionally obscure a user's true location (e.g., Tor).
Attributable proxies, including corporate, translation, and speed services, are permitted. However, FotoForensics has had a lot of problems with people using anonymous proxies to either upload prohibited content or attack the web server. For this reason, we do not permit anonymous proxies to upload content for analysis. Anonymous proxies can view existing content on the server, but they cannot upload new content for analysis.
We may treat your proxy system as a single user. If anyone using your proxy system uploads prohibited content, then it will likely result in the proxy system being banned. - What anonymizing services are supported? Some pictures are available on alternate networks beyond the Internet. This includes 'Darknet' services. Uploads to FotoForensics can only be accessed from the Internet. However, uploaded URLs for Tor (.onion) sites are permitted.
- Do you have an app?
There are no official apps for FotoForensics. This is a conscious decision:
- Most smartphones lack the necessary computing power.
- Library inconsistencies on different mobile devices can generate inconsistent results.
- Using this website with your web browser does not require any special software or access privileges on your smartphone device.
When we learn of these apps, we request the hosting sites to take them offline. If the unofficial app depends on the official service, then we block the app and warn the users.
If you see an app in the Apple or Android app store that claims to offer FotoForensics services, then tell us about it! It is unofficial and likely a scam, spyware, or virus. We can quickly get unofficial apps removed from the Apple and Android app stores. - Do you use ads?
No. This public FotoForensics service does not have ads and does not provide information to third-party data brokers.
If you see ads with the FotoForensics analysis, then you should assume that there is a virus on your browser or smartphone; the official site does not use ads. - Do you use a captcha?
Sometimes. We have had problems with bots and users who continually violate our terms of service. If your browser is detected as having bot-like attributes, or is coming from a known-hostile network, then you will see a captcha challenge. Uploads are not permitted until you prove that you are a human. (As annoying as it can be, this has dramatically reduced the number of service violations.)
reCAPTCHA is provided by Google. If you see a reCAPTCHA, then Google can see your network address and type of web browser. However, Google cannot see the content that you upload or other information related to how you use this site. - What can I upload for analysis?
You can submit a picture from your computer or provide a URL to an online picture.
- The picture must be a JPEG, PNG, WebP, HEIC, or AVIF.
- Uploads are limited to 10 megabytes per file.
- Pictures should be at least 100x100 pixels; thumbnail images are typically heavily postprocessed (cropped and resized) so modifications are rarely identifiable.
- Pictures must not be no larger than 10,000x10,000; extremely large pictures cannot be processed in real-time.
- Please consider the content you are uploading. If your typical web site would classify the picture as "NSFW", then it probably does not belong here. People who upload pornography, nudity, or sexually explicit content will be banned.
- As a public service, we value privacy. Do not upload documents that contain sensitive and personal information, such as drivers licenses, passports, utility bills, or ATM receipts.
- Do not use this free service to support illegal activities, such as drug distribution or human trafficking.
- Why only permit a few file formats (JPEG, PNG, WebP, HEIC, and AVIF)?
There are many different file types for storing pictures. However, this service only supports JPEG, PNG, WebP, HEIC, and AVIF files. This is because other formats will not work well with the available algorithms or consume too many system resources. For example:
- BMP. Windows Bitmaps are a lossless data format, comparable to PNG. But unlike PNG, BMP files are typically uncompressed. In the typical case, a PNG will be a fraction of the size of a BMP. And unlike PNG, a BMP file contains no metadata. In effect, a BMP will not generate useful metadata analysis and will consume much more disk space (system resources) than a PNG.
- GIF. GIF files are limited to 256 colors. The restrictive color space effectively ensures that algorithms like ELA will generate useless results. Many GIFs uploaded to this site are animated, but this site has no algorithms for evaluating animated sequences.
- TIFF. The Tagged Image File Format (TIFF) supports many different types of data encoding. Most of the encoding methods are not as efficient as PNG. (The exception is JPEG/DCT encoding, in which case you might as well submit the non-TIFF JPEG.) TIFF files may also contain multiple pages, but this site has no methods to represent multiple pages.
- RAW. There are many different RAW formats. Canon uses CRW and CR2, Nikon has NEF, Pentax uses PEF, and Adobe introduced DNG. Most RAW formats are TIFF variants, and each of these are large formats that usually cannot be evaluated in the time requirements for this real-time web service.
- Why did my upload fail?
If your upload fails, it is probably because:
- It was not one of the supported image formats: JPEG, PNG, WebP, HEIC, or AVIF.
- It was too large, or
- The submitted URL was inaccessible. (If the URL requires a login, then FotoForensics cannot access it.)
- Why does the picture look different?
Occasionally the uploaded picture does not look like you expected. It may appear inverted, rotated, or even larger than you thought.
JPEG images can contain display information such as rotation or color profiles. In effect, graphical applications render the JPEG and then apply a transform. For the types of photo forensics performed on this site, additional transformations may distort the image. As a result, post-rendering transformations are not applied. Images may appear rotated, flipped, or inverted depending on the post-rendering transformations.
In other cases, such as a URL upload, the picture retrieved by FotoForensics may not look like the picture you thought you uploaded because FotoForensics acquired a higher quality image. This can currently happen with pictures that come from specific sites, including:- Facebook: The URL may contain commands for scaling, cropping, and positioning the image. When FotoForensics detects this, it attempts to retrieve the full-size picture stored at Facebook, and not the cropped or scaled image. FotoForensics attempts to retrieve an unaltered image because scaling, cropping, and other server-side transformations result in a resave and may obscure information about an image. The picture retrieved by FotoForensics can appear larger and wider than the image shown on Facebook's web page.
- Imgur: Users occasionally submit the URL to the text web page and not the URL to the image. (Editor's note: Don't blame the user!) If this is detected, then FotoForensics will retrieve the primary image from the web page. If there are multiple images on the page, then it may not retrieve the one you wanted. Try submitting the URL to the image itself: right click on the image and select "View Image" (the actual menu item varies by browser), and submit that URL to FotoForensics.
- Tumblr Avatars: Tumblr avatar images come in a variety of sizes. They may appear on pages as 16x16, 24x24, 40x40, or similarly small icon images. However, the maximum size is 512x512. FotoForensics will automatically retrieve the largest image (512x512) since this does not undergo additional scaling and it retains the most detail.
- Google: Some Google URLs will retrieve the source image indirectly and alter it before returning it to your browser. The alterations may include resizing, cropping, recoloring, and removing metadata. When present, FotoForensics will detect this indirection and retrieve the source image without Google's alterations.
- News Sites: Some images hosted at popular news outlets are modified dynamically. This can alter the image size, quality, and remove metadata. If FotoForensics detects these real-time modification, then it will retrieve the source image without the additional alterations.
- Why does the picture look broken?
In rare cases, pictures retrieved from a URL upload may appear broken. With JPEG images, they will usually render the top part of the image, but the bottom part will appear as a gray box. This happens when the server hosting the picture cannot provide it within a reasonable timeframe. Either the hosting server is slow, or there is a significant network delay that is causing the download to timeout.
This problem has been repeatedly seen with pictures hosted in China, such as pictures from Baidu.com. As far as we can tell, China is tarpitting the network connection -- intentionally making it slower and slower until the download fails.
The best solution to this problem is to download the picture to your local computer and use the File Upload option to submit the picture. - Who can see the pictures I upload? When you submit an image, you are provided with a direct link that you can share with other people (and they, in turn, may tweet or post to Facebook or send it to friends). The pictures may also be reviewed by the site administrators and research partners. In limited cases that comply with Copyright Fair Use (e.g., teaching), select pictures may be used for analysis-related training purposes.
- How long are pictures kept on the server? Pictures remain on the server for at least 3 months and potentially indefinitely. After the initial 3 months, inactive pictures may be removed in order to reclaim disk space as needed. (Currently, we have plenty of disk space so only prohibited content is removed.)
- Why forbid pornography and nudity?
This site permits nearly all types of pictures. Dancing kittens, airplane crashes, and everything in between is par for the course. Currently, this site forbids pornography, nudity, and sexually explicit content.
This server is located in the United States of America. Although there are laws concerning obscenity, pornography and nudity in general is considered protected free speech. With one exception: it is a federal offense to knowingly possess or distribute child pornography (see 18 U.S.C. 2251, 2252, 2258, 2258A, 2258B, 2258C, and 1466). Regarding uploaded pictures: we expect users to adhere to both the laws of the United States of America and their local jurisdictions.
This website is used for photo research. It is possible and likely that an administrator or research partner will see the pictures that you upload. I do not want my administrators spending any time guessing whether a person in a picture is over or under the legal age of consent. As such, we have implemented a very simple rule: no pornography, no nudity, no sexually explicit content. I do not care if you think the person is clearly an adult, and it does not matter if you think nudity is artistic. Uploading prohibited content will result in a ban. - Is this site broken?
For some people, this site may appear broken. There is no upload window and every link to an analysis shows nothing. Every page says to visit this FAQ.
Fear not! This site is not broken! You have been banned. We deploy bans as a response to abusive behavior. The most common reasons for being banned:- You uploaded prohibited content. (This public site is not for commercial use, evaluating identity cards, or hosting your personal porn archive.)
- You are using a network connection that is regularly used by people who upload prohibited content. Most anonymous proxies have been banned because they were used to violate this site's terms of service.
- You attempted to compromise this site's security.
- You attempted to use this free service for commercial, business, legal, or long-term analysis purposes. This is not an appropriate use for this free, public service. We provide lab.fotoforensics.com for commercial, business, legal, and long-term use.
- You attempted to use this free service to support an illegal activity, such as drug distribution or human trafficking.
- You uploaded documents that contain sensitive and personal information, such as drivers licenses, passports, utility bills, or ATM receipts. This includes face photos for use in visa or passport applications. As a public service, we value privacy; personal documents should not be uploaded to any publicly accessible service.
- You abused this service by using an automated uploader or otherwise intentionally stressing the system. For example, uploading hundreds of pictures, or uploading every frame from a video, is an abuse of this public site. If you're doing any kind of bulk analysis, then please use lab.fotoforensics.com.
The ban will lift automatically after 3 months. That is, 3 months after you stop visiting this site, and the counter resets every time you visit.
If you feel unfairly banned from this site, you can submit an unban request through the removal request form. Be sure to explain why you believe that your actions (e.g., submitting pornography, nudity, or sexually explicit content) were appropriate behavior on a public web service. Be sure to identify who you are (name, email address, postal address, phone number -- in case we need to contact you), what content you submitted, and approximately when it was submitted -- otherwise we will not be able to identify which block is associated with you.
NOTE: You must include an explanation, who you are, and a description of the type of content you were submitting. Requesting to be unbanned does not guarantee an unban. - Why is my hotlink broken?
Hotlinking is a type of bandwidth theft. It occurs when someone links to a picture without referencing the hosting source of the picture. Hotlinking uses someone else's service, resources, and bandwidth as if it were a free picture hosting site. In this case, hotlinking uses this service as a photo hosting platform and not for the intended purpose: photo analysis.
FotoForensics permits linking to pictures for the purpose of photo analysis. However, we do not permit hotlinking. When hotlinking is detected, we may return an alternate picture or block access to the content. There are plenty of other web services that offer general-purpose image hosting for free; we are not one of them.About copyright and trademarks
- What are the trademarks? Dr. Neal Krawetz of Hacker Factor has trademarks on the following terms and trade names: "Hacker Factor", "FotoForensics", "FotoForensics Lab".
- Who owns the copyright?
This website is Copyright Hacker Factor, All Rights Reserved. However, we do not own the copyright to the submitted pictures.
Each picture's copyright is retained by the original copyright holder. For the derivative works (i.e., the analysis pictures), it depends on the picture and how much it looks like the original image. The derivative work is either the copyright work of Hacker Factor or of the original source's copyright holder. (It's best to consult an attorney, and I'm not an attorney.) It suffices to say that you do not own the copyright just because you submitted the picture. - What about copyright permission?
Let me preface this with "I am not a lawyer and this is not legal advice," "You should consult an attorney," and "It is my understanding that..."
US Copyright Law permits Fair Use for the purpose of criticism, comment, news reporting, teaching, scholarship, and research. Fair Use permits limited copying or distribution.
This site permits people to submit pictures to a digital image analysis system.- The system does not draw any conclusions about the picture.
- The purpose is for education, research, and criticism.
- This site does not host advertisements and is operated at a financial loss; it is not a profit-oriented service and does not gain financial profit from the submitted content.
- Direct links to submitted content are only provided to the people who submit the content (or who already have the link).
- In the case of pictures where the link or content is widely distributed and openly discussed, direct links may be disclosed publicly in order to further the discussion.
On rare occasions, we do solicit pictures specifically for testing and research. We do not solicit photos containing personal information and we do not request third-party pictures. Any exceptions will be identified during the solicitation. Submitting a photo in response to a research request does not transfer the copyright; the photographer still owns the copyright. Our research requests require permission for FotoForensics and Hacker Factor to use the photos in ways related to the research. - What privacy restrictions are supported?
This FotoForensics service does not provide Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOX), EU General Data Protection Regulation (GDPR), or other industry-specific privacy requirements. We do not accept your compliance responsibilities.
If you have content that requires special privacy or compliance requirements, then check with your legal department before uploading to this service. We do not accept your requirement risks. - How can I request content removal?
FotoForensics provides two different options for requesting content removal:
- Web form. Requests can be submitted using the removal request form. This is the simplest and fastest option, and it automates much of the lookup information, making it easier for administrators to identify the content to be removed.
- Postal Service. Requests can be mailed to:
FotoForensics
c/o: Hacker Factor
P.O. Box 270033
Fort Collins, CO
80527-0033
United States of America
Due to delays in postal mail delivery, mailing us a letter is the slowest method and could take over a week to be processed. (And that's assuming that you included everything needed to identify the content.)
- The direct link to the content that you wish to have removed.
- A statement about why the content should be removed. If this is a copyright complaint, then you must include why you believe that this site is not in compliance with Section 107 of US Copyright Law (Title 17). All other requests must still provide an explanation about why it should be removed.
- Information that we can use to verify that you are the copyright holder, you represent the copyright holder, or you represent the subject of the picture.
- Your name and contact information (email address, postal address, phone number) for any followup questions and replies.
- How can I report offensive content?
Offensive is a very subjective term. See "How can I request content removal?"
Be sure to mention the nature of the offense and why you feel it is offensive.
Some types of pictures are illegal in the United States; we will contact law enforcement immediately.
This site does not cater to people who want to use it for hosting photos intended to harass or harm other people. Harassment complaints will be expedited.
About the site
About file submissions
Last modified: 2022-12-26 14:59:52Z
GDPR
The European Union's General Data Protection Regulation (GDPR) defines privacy requirements that apply to all EU citizens, regardless of where the online service is located. This FAQ section addresses the GDPR requirements.This information is also found in the FAQ 'General' section (and has been there since this site first went live, long before the GDPR existed).
- What information is collected?
This public service collects pictures that are submitted, information about the pictures (e.g., where it came from, when it was submitted, and how often it is accessed), and typical weblog information.
This public service is explicitly a research-oriented service. For this purpose, we also collect information related to various internal research projects. For example, one of the research projects is related to IPv6 support and usage, and another project checks for indications of an infected web browser. Both of these experiments are documented in the tutorials.
Many of our ongoing experiments are not publicly disclosed. In particular, we do not disclose what we collect or how we collect it. This is because disclosure could cause a bias. (It is a scientific method called a blind experiment, or a double-blind experiment, depending on how the test is configured.)
This public service does not have logins, so it does not have personal information about the user who uploaded the picture.
For our contact form, we do have optional fields for users to provide their name, address, and other information. This is used when we need to provide additional information back to the user. This information is only required when the user has been caught violating our terms of service. We do not sell or distribute this information; we do not have a mailing list. - Who can see the data?
When you submit an image, you are provided with a direct link that you can share with other people (and they, in turn, may tweet or post to Facebook or send it to friends). The pictures may also be reviewed by the site administrators and research partners. In limited cases that comply with Copyright Fair Use (e.g., teaching), select pictures may be used for analysis-related training purposes.
In general, weblogs and related information are strictly controlled; the public does not see this. However, some users are hostile: if you attack our server then data related to the attack may be shared with research and network security associates.
We have research partners who occasionally see content related to research interests. These partners do not have permission to copy or redistribute content.
As a service in the United States, we are required by law to report pictures related to child exploitation to law enforcement. Failure to report is a felony. For pictures related to child exploitation, we will turn over everything to law enforcement: pictures and related logs. (If the trade is between us protecting your privacy or us accepting a felony because of your actions, then you will lose. We are not taking a felony for you.) - Which advertisers or data aggregates can access your data? None. This public service does not have advertisers and does not share information with data aggregates.
- How do we use the data?
As noted, this public site is a research service. We collect data and generalize it into algorithms that can be widely distributed. The algorithms do not contain any of your personal information. Examples of these research projects are in the tutorials.
On occasion, our partners may need to see examples of pictures from specific cameras or software packages. (This is usually to identify device or software artifacts. For example, "is this ICC Profile common for the iPhone 8?") This public data may be used to find examples. In some instances, we may even provide these partners with examples for research purposes. The recipients of these pictures do not have permission to redistribute images. - Do we have consent?
Yes. Users voluntarily upload content to this service.
In regions where the user is too young to give consent, the young user is not permitted to use this site. (And if they do use the site, then it is a misrepresentation on their part.) Since we do not collect personal information (name, age, etc.) and do not have any method to validate personal information, we do not ask for consent confirmation. - Do we track users?
Sometimes. Specifically, every user has a unique signature. We only collect signatures when users behave suspiciously or violate our terms of service. In case of violations, we block user access based on one or more identified signatures.
With regards to the GDPR: Your right to privacy does not grant you permission to violate this site's security or terms of service. If we identify bad behavior, then we will do our best to identify you, track you, and stop you.
For well-behaved users: No, we don't track you and we don't collect anything except pictures and access logs. - How can you request content removal?
FotoForensics provides two different options for requesting content removal:
- Web form. Requests can be submitted using the removal request form. This is the simplest and fastest option, and it automates much of the lookup information, making it easier for administrators to identify the content to be removed.
- Postal Service. Requests can be mailed to:
FotoForensics
c/o: Hacker Factor
P.O. Box 270033
Fort Collins, CO
80527-0033
United States of America
Due to delays in postal mail delivery, mailing us a letter is the slowest method and could take over a week to be processed. (And that's assuming that you included everything needed to identify the content.)
- The direct link to the content that you wish to have removed.
- A statement about why the content should be removed. If this is a copyright complaint, then you must include why you believe that this site is not in compliance with Section 107 of US Copyright Law (Title 17). All other requests must still provide an explanation about why it should be removed.
- Information that we can use to verify that you are the copyright holder, you represent the copyright holder, or you represent the subject of the picture.
- Your name and contact information (email address, postal address, phone number) for any followup questions and replies.
- Can you request a copy of your data?
For pictures: If you have the link to your picture, then you can access the picture.
For log files: We do not provide these to users. In particular, since we have no way to automatically identify you, we cannot determine which logs belong to you. At best, we can associate log entries with a specific browser at a specific time, but we cannot determine who used the browser at that time. Since we cannot prove it was you, we cannot provide any logs to you. - Where can you go for privacy?
This public, research-oriented web service is not private. (That's why we call it a "public" service.)
If you want to use a private service, then visit the FotoForensics Lab: https://lab.fotoforensics.com/. Data on Lab is kept private, not used for research, and administrators only access it when it needs more than the automated maintenance provides. (Lab is about 99% automated, and the remaining 1% is usually associated with user requests.) - GDPR applicability
Many of this service's policies are compatible with GDPR.
However, we occasionally receive requests from people who demand that we fully comply with GDPR.
Regarding the applicability of EU GDPR:
- Our company and our servers are not located in the EU.
- Our company has fewer than 250 people.
- Our company does not specifically cater to the EU. (Text is in American English and outside of this specific FAQ page, we have no specific EU content.)
- The public FotoForensics service is explicitly not for long-term use. (GDPR defines this as "occasional use".)
Last modified: 2022-09-06 13:03:55Z
Frequently Asked Questions about Analysis
This FAQ answers questions about image analysis.- Will this tell me if the picture is fake?
No. This site is like a microscope -- it will show you data, but it does not draw any conclusions. FotoForensics includes tutorials to help you understand what to look for in the analysis results.
In some cases, the analysis may not provide the answer you wanted. For example, you may want to know if a picture was edited. However, if the picture is a low quality, then the results may not permit identification of anything beyond "low quality, multiple resaves."
As a concrete example, consider analyzing a picture from Facebook. Facebook strips out all original metadata and replaces it with their own metadata. So the metadata analysis will not identify anything beyond "Facebook". Facebook also resaves the image at a low quality, so the JPEG quality (JPEG %) will report a low quality image. Error Level Analysis will typically return a dark result with large colored rectangles -- indicating a low quality image and multiple resaves (a solid description of what Facebook provides). Even if the picture is visually altered, the algorithmic results may not detect much more than an image resaved by Facebook.
The tutorials on this site identify some common applications and online services that leave tell-tale artifacts that are usually identifiable. - What is Error Level Analysis?
Error Level Analysis (ELA) is an algorithm that evaluates the error level potential of a JPEG image. JPEG is a lossy image format; every resave degrades the picture. The amount of degradation varies based on the number of saves. The first save loses a lot, the second save loses a little more, and by the 20th save, it is probably as low quality as it will ever get.
When a picture is modified, the changed parts have a higher error level potential than the rest of the image. ELA works by saving the picture at a known quality level (like a JPEG at 95%), and then determines how much changed. Edits and splices appear as regions with more change. See the tutorial for more detail. - How do I cite ELA?
The Error Level Analysis algorithm was publicly disclosed by Dr. Neal Krawetz in a white paper and presentation at the Black Hat Briefings security conference. The revised white paper and slides are from the 2008 conference in Washington, DC.
APA citation
Black Hat Briefings DC. (2008) A Picture's Worth: Digital Image Analysis and Forensics [White paper]. Washington, DC. Retrieved from https://blackhat.com/presentations/bh-dc-08/Krawetz/Whitepaper/bh-dc-08-krawetz-WP.pdf
MLA citation
Krawetz, N., "A Picture's Worth: Digital Image Analysis and Forensics." Black Hat Briefings DC. 2008. <https://blackhat.com/presentations/bh-dc-08/Krawetz/Whitepaper/bh-dc-08-krawetz-WP.pdf>
Chicago Manual of Style citation
Krawetz, N., "A Picture's Worth: Digital Image Analysis and Forensics." Black Hat Briefings DC. 2008. Available from https://blackhat.com/presentations/bh-dc-08/Krawetz/Whitepaper/bh-dc-08-krawetz-WP.pdf - How do I read the ELA picture? See the tutorial and sample analysis.
- What does ELA detect?
ELA measures the amount of change during a JPEG resave. When a digital photo is edited, the modified portions will have a different error level potential compared to the rest of the picture. Splices, drawing, and significant edits are usually visible as a significantly different error level potential.
There is a difference between real and authentic. A real photo of a forged document or a staged situation will not appear unusual under ELA. This is because the picture is real, even if the subject of the photo is not authentic. ELA does not identify the authenticity or other attributes related to the picture's subject.
ELA also does not detect all forms of digital manipulation; it only identifies differences in the JPEG compression rate. Digital modifications that do not significantly alter the error level potential, such as a minor color adjustment over the entire picture, may not be detected by ELA. - Why is the picture black? A very low quality picture that has undergone multiple resaves will have no more error level potential. A black result is informative: this picture (1) is not a camera original, (2) is very low quality, and (3) has been repeatedly resaved.
- Why does this ELA picture look different from other ELA systems?
When the Error Level Analysis algorithm was disclosed in 2007, we intentionally did not release source code. As a result, every implementation is a variant of the algorithm. They all implement the same basic approach and all can be used to reach the same conclusions. However, different settings can lead to differences in the appearance of the ELA image.
For a proper experiment, the results must be repeatable. This system uses libjpeg-6b with a resave quality of 75% and a post-process brightness factor of 20. Different JPEG libraries and different parameters will generate different ELA images. - How can I improve the results?
The results from an analysis are directly dependent on the image quality. You may want to know if something was added, but if the picture is a copy of a copy of a copy, then it may only detect the resaves. Try to find the best quality version of the picture.
For example, many pictures are hosted at Flickr. Flickr provides small, medium, large, and original images. The small, medium, and large are derivative images (resaves) created by Flickr. The "original" is whatever the user sent to Flickr, so the original will be the best quality. Similarly, pictures on news sites are usually resaved. If they have a tagline like "Source: AP Images", then go to the source and use that picture instead. News sites typically recolor, resize, and crop images before saving them at a very low quality. Go for the original source (or get as close as you can to the original source) to improve the image's quality and the results.
If you do not know where to start, then try TinEye. Many pictures on the web are resaved as they pass from user to user. TinEye does not know every picture, but it knows many pictures. If the picture is being passed around, then TinEye can help find the source (or at least a better copy of the image). In general, the biggest image is usually the best quality. (But some sites do scale images larger...) - OMG, this picture is totally fake, who do I tell?
First remember: any single analysis algorithm can generate noise that may result in a false-positive interpretation. You should confirm your results with other analysis methods. ("Observation" is always a good one, so is "common sense".)
Second, identify how the picture was modified. For example, scaling a picture smaller for the web will remove high frequencies and modifies every pixel. Are you seeing artifacts related to how the picture was processed, or are you seeing intentional deception?
Finally, who you tell is up to you. If it is from the mass media, then find out where they got it -- usually they purchase pictures from Getty Images, Reuters, AFP, AP Images, or other professional organizations. Contact the right people. Be polite, and tell them what you found. (Do not demand that they fire the photographer; if you are right, that will happen automatically.)
One warning: there is a difference between accusing someone of photo manipulation and libel/slander. (Consider using alternate wording like "it is my belief that" and "based on the following tests it appears that".)
Last modified: 2022-08-08 05:13:59Z
Security Policy
This FAQ describes this site's security policies.- Acceptable Use
The FAQ's General section details the acceptable use policy. We provide a variety of FotoForensics services, each with different acceptable use policies. These are summarized as follows:
With each of these services, unauthorized 'hacking', security audits, and network scans are not permitted. These will be viewed as an attack and treated as such. This may result in a short-term ban, long-term ban, and/or a legal response.Service Acceptable Uses Public The public site (fotoforensics.com) is intended for amateur, low volume analysis. There is no login and there is no privacy. All uploaded content may be used for research. The research is typically related to the development of new forensic and analysis tools, but it can also include methods to better secure the server from abuses.
Because content uploaded to the public server may be viewed by other people, we do not permit pornography, nudity, or sexually explicit content. Per Federal law, child pornography is immediately reported to NCMEC. The public service also prohibits documents that contain personally identifiable information, including pictures of credit cards, passports, ATM receipts, and utility bills.Lab The FotoForensics Lab service (lab.fotoforensics.com) is intended for commercial, bulk, and private analysis. No uploaded content is used for research, and uploaded files are automatically removed after one day of inactivity (24-25 hours after the last access). Because the uploaded content is private, we only forbid child pornography. Solo All standalone FotoForensics instances (the Solo servers) are outside the scope of our control. The FotoForensics Solo servers exist in your network environment; we do not have remote access and we do not manage them. Contact your IT department for their security and acceptable-use policies. (If you're not on Public or Lab, then you're on Solo.) - Security Response Policy
In the event of a compromise, our first priority is to identify and stop the abuse. Our second priority is to notify users. The type of data that could be compromised and method of notification varies based on the type of FotoForensics service.
Service Response Policy Public The public site (fotoforensics.com) has no logins and no privacy. Therefore, there is no expectation of privacy. Moreover, the use policy forbids the uploading of personally identifiable information. (Any user who uploaded this type of prohibited content already breached any privacy and agreed to making the pictures publicly accessible.) Notifications will be made on Mastodon (via @hackerfactor) and in the system status log. Lab The FotoForensics Lab service (lab.fotoforensics.com) is a paid service but never has access to credit card information. All credit card transactions are handled by Stripe. Lab does contain the personal information used for requesting an account (name, email, optional field of work, optional country, and optional additional details.). Lab also caches the last 24 hours of uploaded pictures. Notification will be made by email. Solo All standalone FotoForensics instances are outside the scope of our control. Contact the respective service providers. - Bug and Vulnerability Reporting
Bugs and any security related matters should be immediately reported using the contact form or by email: . Please include:
- Which services are impacted? (All? Only the Public site? Or you only saw it on one service and haven't checked the others? Great -- just let us know; we can check the others.)
- As much detail as possible about the issue and what you found. If we can recreate it, then we can work on a solution. But in order to find the bug, evaluate a vulnerability, or recreate a problem, we need details. If the issue is associated with a picture, please include a link to the picture or to the FotoForensics ID (the long value after 'id=' in the analysis page URL).
Note: Unless we explicitly ask for it, do not email us pictures. Our email system automatically removes attachments before delivery, so we will not receive unsolicited picture attachments. - Your contact information (at minimum, your email address). This will be used to acknowledge receipt of the issue, provide status or resolution updates, and to request any additional information.
If the issue is theoretical or suspected, then do not attempt to validate the issue without permission. Instead, contact us and we will evaluate the threat.
If the issue is a viable exploit, then please do not exercise the exploit. Instead, contact us and we will address the issue.
After the issue is resolved, we can coordinate a public statement. - Bug and Vulnerability Renumeration
We're not Google; we're not wealthy and we don't have unlimited resources. There are some people who won't report bugs if there isn't an established bug bounty program. Unfortunately, we cannot promise a payout or swag to people who report serious issues.
We provide web services that help people all over the world. By helping us make this site better, you help all of those other people. Please accept our thanks. (And if we meet you at any conferences, we'll buy you a beer.)
Security Policy
Last modified: 2023-01-08 01:31:53Z
Copyright 2012-2024 Hacker Factor, All Rights Reserved.System Status • Blog • FAQ • Contact