When opening some .png files in a program called TweakPNG to view the chunk data for unrelated reasons, I discovered that Krita is secretly leaking my name (presumably from the Windows user account) into the exported files in the form of a zTXt chunk. Digging around in the Krita preferences and menus, I found that it's possible to change "Active Author Profile" to Anonymous, however that only seems to affect newly created documents. Opening an existing .kra file and exporting a .png from it will still include the username even with Anonymous author profile selected. This is in my opinion a very bad default setting, as it is effectively secretly leaking personally identifiable information into every file exported without the user ever being made aware of it. It should probably default to the Anonymous author profile, or at least require the user to explicitly enter and confirm the name in the Default Author Profile.
I think it should be anonymous by default, I just ran into this myself when using ImageMagick to figure out what was wrong with my file(Krita claimed information about bit depth on the image that was incorrect). I noticed my username was included, I'm a Linux user so not platform specific. Keeping this metadata with existing filese that contain it on save I understand if it's meant to preserve that(as in it was metadata from a third party source, not always necessarily going to be by our user only). Definitely something users should be aware of due to privacy if this is not going to be switched to anonymous by default. Perhaps a first run or similar(since existing users should perhaps be notified when they update) warning about this feature being enabled, even if disabled by default in future perhaps let users know about the change and impact on all images they have created with Krita in the past?
Partially resolved in master now with the default author profile being empty(amongst other author profile adjustments). I still want to make it a wee bit more explicit with toggles for saving metadata in png and jpeg.
Git commit 5018257923f0b2c7a15f2c6c740ab60fb7f01849 by Wolthera van Hövell tot Westerflier. Committed on 25/11/2017 at 11:25. Pushed by woltherav into branch 'master'. Add explicit metadata and author checkboxes to the png converter. This adds two checkboxes that need to be explicitely set to store author and meta data in the png, to ensure the user is fully aware that this will happen. The author and meta data will not be stored if this is not possible, but lets not attempt to be too smart and also disable the checkboxes. The tooltip should be sufficient. Ref T6627 M +24 -6 libs/ui/kis_png_converter.cpp M +4 -0 libs/ui/kis_png_converter.h M +11 -0 plugins/impex/png/kis_png_export.cc M +74 -54 plugins/impex/png/kis_wdg_options_png.ui https://commits.kde.org/krita/5018257923f0b2c7a15f2c6c740ab60fb7f01849
Git commit 410dfbf5a30f33a212bfc9c1d28dfd3edb388b05 by Wolthera van Hövell tot Westerflier. Committed on 25/11/2017 at 16:14. Pushed by woltherav into branch 'master'. Add explicit author and metadata checkboxes to JPEG. Ref T6627 M +0 -1 libs/ui/kis_png_converter.cpp M +2 -0 plugins/impex/jpeg/kis_jpeg_converter.h M +67 -0 plugins/impex/jpeg/kis_jpeg_export.cc M +31 -11 plugins/impex/jpeg/kis_wdg_options_jpeg.ui https://commits.kde.org/krita/410dfbf5a30f33a212bfc9c1d28dfd3edb388b05
Okay, I was also gonna handle tiff, but we're not actually storing any metadata in tiff, so this ought to be enough.