A surprising behavior when editing images in the Gimp graphics program can lead to users revealing information that has been deleted. If an alpha channel is activated in an image, deleting an image area does not actually delete the pixels there. Rather, they are only marked as completely transparent. An exported PNG image can therefore contain unwanted information that is still removed.
In transparent PNG images, four color values are saved for each pixel: the usual red, green and blue values and a fourth value for transparency, the so-called alpha channel. This makes it possible for an image area to contain color data that is invisible because the image there is completely transparent through the alpha channel.
Private data can end up in social media posts
This becomes problematic when a user uses Gimp, for example to remove private data from a screenshot. This can be an address or a credit card number that a user wants to remove before an image is published in a social media post. The apparently deleted data can be reconstructed trivially by removing the alpha channel from the image.
IT security expert Will Dormann from the organization CERT / CC pointed out this behavior of Gimp. The Gimp developers see no problem in the behavior. On error ReportDormann created has been closed. The Gimp developers explained that this behavior is meant to be.
There are several ways to avoid this problem. A relatively reliable method is not to delete data, but rather to paint over it with a black bar. When exporting to pure pixel formats, this should ensure that the data is overwritten. With formats that support multiple levels, such as Gimp's own XCF format, you also have to be careful here.
But the biggest problem is likely that many users do not worry about this problem at all. It is at least very surprising that an image processing program does not delete data with a delete function.
Gimp is the only one of the common graphics editing programs that shows this behavior. Dormann has tested various other programs, including Photoshop, Paint.net and Krita. In all of these programs, deleting actually results in the underlying pixels being removed.
Shell script may identify problematic images
If you suspect that you are affected by the problem yourself, you can log into Linux systems use the shell script we provide, The script extracts the alpha channel from images and checks whether it contains transparent areas. If this is the case, a warning is issued and the image is made available in a temporary directory in addition to a version without an alpha channel.
These images can then be checked manually. The script can be used, for example, to check data export from platforms such as Twitter for possibly sensitive images.