When you send a screenshot (even if height/width only is cropped) , the screenshot’s width and height can be used to find the iPhone model of someone or narrowed down.
The most unique sized iPhone on the market right now is the iPhone 16 Pro and iPhone 16 Pro Max, as no other phone has the same width and height. So if you send a screenshot people will 100% know your exact phone. The regular iPhone 16 is common with the rest of the other phones and not unique.
If you send a screenshot from a iPhone XR, people can know if you using an iPhone 11 or iPhone XR since they have the same dimension which narrows down alot of options. (828x1792)
You can use this site here to view a list of all the dimensions. Click the iPhone’s tab and sort the physical width or height.
If you don’t want to expose your phone model, crop both width and height of each screenshot randomly. I would suggest cropping out the top of the phone as it shows your time if you care about that. Some sites like X have random inaccurate dimensions in uploaded screenshots, which is different from the original raw screenshot.
I haven’t really checked with android phones, but it’s probably the same thing.
If you are into that could be interesting to learn about metadata, e.g EXIF data, and how anything can be used for fingerprinting. What’s interesting IMHO is to pragmatically know how valuable a specific piece of data or metadata is useful for fingerprinting, namely how identifying it truly is. For example knowing if a file comes from Android or iOS is too generic to be useful whereas timestamp with geolocation data segments the potential space a lot more.
A good example to “play” with could be https://coveryourtracks.eff.org/ which does highlight the idea of “bits of identifying information” namely :
“A “bit” is a basic unit of information for computers. The bit represents a logical state with one of two possible values, often represented as “1” or “0”, for example. In your results from Cover Your Tracks, some metrics may be listed as “1” or “0”, or “true” or “false”, indicating whether a setting is enabled or disabled. While each individual metric’s details may seem like a small amount of information, when combined with your browser’s other metrics, they can uniquely identify your browser. Your results are measured in “bits of identifying information,” which is a combined summary of all these metrics.”
Point being, not all behaviors, conscious or not, explicit or not, lead to the same amount of bits. Some are VERY valuable, others are basically pointless. Knowing the difference means not spending a lot of energy fighting without making a difference.
What do you think someone could possibly do with knowing a phone model given they wouldn’t be the only person with one
It’s bad op-sec and general privacy. What if you don’t want anybody knowing you use a old burner phone? Some people even hide there timezone even though millions of people have the same one, RFP hides your timezone aswell. People don’t share there birthday even though they aren’t the only person with it even without the year. It’s about connecting the dots with multiple pieces of information, and this is one of them.
Thanks for explaining! Honestly just never thought about it, I don’t tend to share screenshots/pictures to the public so never crossed my mind.
Privacy isn’t necessarily about risk for everyone. For some it’s more about their individual right to privacy, and to uphold that right they need to be aware of ways in which it may be breached. So this is probably not practical information for most people (I certainly don’t care) but it’s useful to share nonetheless.
i’m guessing that it may “help” if a person is already being targeted and now the phone model also is known
🤷
How specific is your threat model that information about which phone you use can be used to track you? And if it is, why are you sharing screenshots in the first place
Why can’t you share screenshots? It’s just general bad op-sec, obviously your phone model alone can’t be used against you, but it can be used to connect the dots with other information. People send screenshots all the time, and you can still share a screenshot of something while having privacy.
Some people share screenshots without knowing they are also giving other data included, like there phone model or something close to it. Even if metadata is stripped
If you go to a website your phone reports its model number to that website. If it doesn’t then that website can (and often does) use javascript to figure out what model it is with, among other things, viewport size.
Unless you have taken the time to turn it off, your phones model is embedded in the metadata of the screenshot you took.
Before anyone takes action based on this post, consider critically weather your device and usage pattern merit concealing your phone model from people or other entities.
It doesn’t know your device model but it knows you’re using an iPhone, but yes it can use the width of the viewport size to narrow down just like a screenshot but It does not matter as much if you have a more common sized iPhone rather than having a iPhone 16 Pro Max which is completely unique. Most likely there are other alternative browsers that spoof the viewport size for iOS, like letter boxing in Firefox.
I just talked about screenshots as they are shared all the time and some people might not want other people to know what type of phone they are currently using, just general privacy.
For iOS devices, the model is not included in the metadata of a screenshot
I didn’t know they fixed metadata on screenshots, good looking out!
I distinctly remember a time when most phones would pass their model in the headers. That may have passed though!
I gotta ask: where would you put “awareness of screenshot size uniqueness” on a continuum from insane schizo shit to reasonable private person?
I guess if there was a security flaw in your device then a screenshot could tell an attacker that you have the flawed device but there’s other, more subtle, ways a person could do that which don’t require that they acquire a screenshot somehow.
And I guess there is some platonic ideal of a private person who wants to share a screenshot, a literal pixel perfect copy of what’s on the screen on their device, but would also like to conceal the specific model from the person they’re sending the contents of their screen to.
It just seems like the kind of information cognizance of which would be useful in a vanishingly small number of scenarios.
Thank you
schizoposting 👍
