Is your feature request related to a problem? Please describe.
Yes. As Lap scales as a local-first media manager, it inherently acts as a secure enclave for personal archives. However, exporting or sharing files externally currently introduces a critical operational security gap. Sharing a file exposes underlying metadata (GPS nodes, hardware serial numbers, timestamps, and custom taxonomies) to third-party platforms. Users are forced to break their GUI workflow to sanitize files via external tools before distribution.
Describe the solution you'd like
I propose the implementation of a deterministic metadata sanitization engine integrated directly into Lap's UI (e.g., an "Export Clean" toggle in the export dialog, and a "Sanitize" action in the context menu/viewer).
Crucially, this should not rely on destructive transcoding, but rather on industry-standard stream manipulation:
- Targeted Block Stripping (Images): The engine should specifically target and drop privacy-compromising segments (EXIF, IPTC, XMP, MakerNotes) while strictly preserving visual integrity markers like ICC Color Profiles and color space data.
- Stream Remuxing (Video): Instead of CPU-heavy re-encoding, the utility should remux the container (similar to
ffmpeg -map_metadata -1 -c copy), stripping global metadata atoms (e.g., udta in MP4/MOV) without altering the underlying h.264/h.265 bitstreams, ensuring zero generation loss.
Describe alternatives you've considered
- Full Re-encoding/Transcoding: Rejected. Re-encoding lossy formats purely for metadata removal causes unacceptable generation loss and wastes compute cycles.
- CLI Utilities (exiv2 / exiftool): Highly effective, but requiring users to drop into a terminal contradicts the purpose of a comprehensive GUI media manager.
- External GUI Exif-Cleaners: Forces reliance on additional, potentially unmaintained software, breaking the contained, telemetry-free application stack.
Additional context
Integrating deterministic sanitization elevates Lap from a mere viewing tool to a secure, sovereign gateway for media distribution. Considering the planned improvements to EXIF/XMP handling (as seen in recent backlog discussions), pairing read/write capabilities with a robust, lossless "strip" function ensures complete data sovereignty for the end user.
Is your feature request related to a problem? Please describe.
Yes. As Lap scales as a local-first media manager, it inherently acts as a secure enclave for personal archives. However, exporting or sharing files externally currently introduces a critical operational security gap. Sharing a file exposes underlying metadata (GPS nodes, hardware serial numbers, timestamps, and custom taxonomies) to third-party platforms. Users are forced to break their GUI workflow to sanitize files via external tools before distribution.
Describe the solution you'd like
I propose the implementation of a deterministic metadata sanitization engine integrated directly into Lap's UI (e.g., an "Export Clean" toggle in the export dialog, and a "Sanitize" action in the context menu/viewer).
Crucially, this should not rely on destructive transcoding, but rather on industry-standard stream manipulation:
ffmpeg -map_metadata -1 -c copy), stripping global metadata atoms (e.g.,udtain MP4/MOV) without altering the underlying h.264/h.265 bitstreams, ensuring zero generation loss.Describe alternatives you've considered
Additional context
Integrating deterministic sanitization elevates Lap from a mere viewing tool to a secure, sovereign gateway for media distribution. Considering the planned improvements to EXIF/XMP handling (as seen in recent backlog discussions), pairing read/write capabilities with a robust, lossless "strip" function ensures complete data sovereignty for the end user.