News:

2025-04-23: ExifTool 12.84 is now available

Main Menu

Question to data security

Started by herb, December 15, 2023, 06:28:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

herb

December 15, 2023, 06:28:06 AM
Hello,

ExiftoolGui has the feature of geo-coding. Thanks for this feature.
In order to work it needs WebView2Loader.dll and as far as I understand this is the interface to MS WebViewEdge.

I work also a little bit with wxWidgets and found the following feature request:
https://github.com/wxWidgets/wxWidgets/issues/23978
which asks for blocking WebViewEdge to NOT send data and URL's to MS.

What is the state when using ExifToolGui. Does MS WebViewEdge also send data to MS or is it blocked?

Thanks for your answer in advance
Best regards
herb 

FrankB

#1
December 15, 2023, 07:38:51 AM
Hi Herb,

Thanks for your feedback.

Your question is very good. The short answer is: I did not think about it when developing. Meanwhile I did some research:

- In ExiftoolGui the standard options of Embarcadero's TEdgeBrowser are used. This is their doc: https://docwiki.embarcadero.com/RADStudio/Sydney/en/Using_TEdgeBrowser_Component_and_Changes_to_the_TWebBrowser_Component
The privacy issue is not mentioned!

- Google does not reveal a great deal when I search for "edge browser delphi privacy".
Apparently this isn't a hot issue.

- In your link 2 interfaces are mentioned: ICoreWebView2Settings and ICoreWebView2EnvironmentOptions3. I searched for it in the Delphi VCL:

The ICoreWebView2Settings I did manage to find, but I can't figure out what function to call to disable 'SmartScreen and crash reporting'
Code Select
  ICoreWebView2Settings = interface(IUnknown)
    ['{203FBA37-6850-4DCC-A25A-58A351AC625D}']
    function Get_IsScriptEnabled(out IsScriptEnabled: Integer): HResult; stdcall;
    function Set_IsScriptEnabled(IsScriptEnabled: Integer): HResult; stdcall;
    function Get_IsWebMessageEnabled(out IsWebMessageEnabled: Integer): HResult; stdcall;
    function Set_IsWebMessageEnabled(IsWebMessageEnabled: Integer): HResult; stdcall;
    function Get_AreDefaultScriptDialogsEnabled(out AreDefaultScriptDialogsEnabled: Integer): HResult; stdcall;
    function Set_AreDefaultScriptDialogsEnabled(AreDefaultScriptDialogsEnabled: Integer): HResult; stdcall;
    function Get_IsStatusBarEnabled(out IsStatusBarEnabled: Integer): HResult; stdcall;
    function Set_IsStatusBarEnabled(IsStatusBarEnabled: Integer): HResult; stdcall;
    function Get_AreDevToolsEnabled(out AreDevToolsEnabled: Integer): HResult; stdcall;
    function Set_AreDevToolsEnabled(AreDevToolsEnabled: Integer): HResult; stdcall;
    function Get_AreDefaultContextMenusEnabled(out enabled: Integer): HResult; stdcall;
    function Set_AreDefaultContextMenusEnabled(enabled: Integer): HResult; stdcall;
    function Get_AreRemoteObjectsAllowed(out allowed: Integer): HResult; stdcall;
    function Set_AreRemoteObjectsAllowed(allowed: Integer): HResult; stdcall;
    function Get_IsZoomControlEnabled(out enabled: Integer): HResult; stdcall;
    function Set_IsZoomControlEnabled(enabled: Integer): HResult; stdcall;
    function Get_IsBuiltInErrorPageEnabled(out enabled: Integer): HResult; stdcall;
    function Set_IsBuiltInErrorPageEnabled(enabled: Integer): HResult; stdcall;
  end;

The ICoreWebView2EnvironmentOptions3 is not exposed in Delphi. (Can not be called)
Code Select
ICoreWebView2EnvironmentOptions3
- Thinking about the possible data that would be sent from ExiftoolGui to MS.

  - Crash reporting. I assume this means a crash in the Edge Runtime, not a crash in ExifTool(gui)
  - URLs sent to MS to block malicious websites. The urls that ExifToolGui uses are:

local files:
- %AppData%\local\temp\ExifToolGUI.html
- Any images you select to 'show on map'.
(I cant imagine that MS cares about local files, but that's an assumption)

and the OSM scripts

<script type="text/javascript"  src="http://openlayers.org/api/OpenLayers.js"></script>
<script src="http://www.openstreetmap.org/openlayers/OpenStreetMap.js"></script>

My conclusions at the moment:
- A very good question.
- I would not know how to use the interfaces mentioned in your post in Delphi.
- The affected data would not bother me, but I cant judge what users might think.

- There's only one thing that I can think of right now. When the user enables the 'Internet connection' show a warning message.

Frank


herb

#2
December 15, 2023, 10:33:16 AM
Hello FrankB,

thanks for your quick and detailed answer.
My goal was to know the current state.

QuoteWhen the user enables the 'Internet connection' show a warning message.
I think it is better NOT to show such a message.
I German we say: do not wake up a sleeping dog.

Helpful could be a short statement in documentation:
ExifToolGui uses MS WebViewEdge for geo-coding.

Best regards
herb

FrankB

#3
December 15, 2023, 10:55:45 AM
Quote from: herb on December 15, 2023, 10:33:16 AMI German we say: do not wake up a sleeping dog.

In Dutch it is: Geen slapende honden wakker maken.

Quote from: herb on December 15, 2023, 10:33:16 AMHelpful could be a short statement in documentation:
ExifToolGui uses MS WebViewEdge for geo-coding.

Maybe we have a misunderstanding. (I will take the blame)
The added Geo-coding functions with version V6.2.5 do NOT use the Edge Webbrowser. They execute rest requests directly to either Overpass, or Geocoding.
The Edge browser is used only to display the OSM Map. And there is a remark in the docs for that. (Requirements and preparation, bullet 3)
https://github.com/FrankBijnen/ExifToolGui/blob/main/Docs/ExifToolGUI_V6.md

Anyway, I will keep my mouth shut.

Frank

Edit: The confusion might be because the Geo-Coding functions also require  'Enable Internet..' in preferences.
Print
Go Up Pages1
User actions