Monday, March 26, 2007

windows xp's management of thumbs.db has a potential privacy threat

i found this out of curiosity. actually a thought came to my mind minutes back that does windows explorer delete thumbnails of those images which have been deleted from a folder, from thumbs.db too? it turns out that it doesn't.

i put 10 images in a folder

then i switched the folder to thumbnails view and this generated thumbs.db

its sha-1 hash is- E7CB4A8AA45C9CF0E64720AC670EEBFBE34FA6E4

then i removed 3 images from the folder and refreshed and re-entered the folder but thumbs.db's sha-1 hash continued to be- E7CB4A8AA45C9CF0E64720AC670EEBFBE34FA6E4

this confirms that windows xp does not delete redundant data in thumbs.db

i think this is not good engineering. a company which so vehemently emphasizes on its product being secure and responsible when it comes to privacy shouldn't take this issue lightly. its easy for image viewers like irfanview, xnview, or farstone viewer to implement reading thumbs.db and/or extracting thumbnails from it. remnants of deleted images can cause situations akin to those caused by browser's history, or by files that have been deleted, but shortcuts to whom remain in the 'recent' folder [in this case, the filename and file type is the only available data, along with date and time of the shortcut of course].

one good thing windows explorer does is to update thumbnails of those images which have same name as some previously present image in the folder, which had same filename as a newly added image. but in this case too, as i found out, if i modify the image's size and modification date time etc to match that of old image [assuming dimensions etc are all identical], windows explorer does not update the thumbnail. it is not programmed to check if a newly added image with filename and date/time same as a previously added image is different from it. this is not needed too since the probability of a newly added image being of same size and with same specifications and same size/date etc is zero for all practical purposes.

No comments:

Post a Comment