tech-weaponsby The Ghost in The Prompt2026-04-216 min read

Amnesia: Scrubbing the Location Data Hidden in Plain Sight

Photographers know this problem intimately, even if they've never framed it as a security issue.

You shoot on location. You strip EXIF before delivering. You know GPS coordinates are in there, you know how to remove them, you do it. Clean file. Job done.

Except the image itself still knows where it was taken.

The distinctive ironwork on that balcony. The particular species of palm that only grows in specific coastal regions. The condensation-fogged window with a street reflection in it. The menu board in the background with a restaurant name that, if you know the area, places the shot within two blocks. A good OSINT analyst with local knowledge doesn't need your GPS coordinates. They have the frame.

That's the attack surface Amnesia was built to address.

What Metadata Stripping Doesn't Touch

exiftool -all= image.jpg handles the structured fields. It does nothing about the pixels.

The visual geolocation problem is older than AI — there are whole communities built around identifying photo locations from environmental cues. What changed is that doing it at scale now takes seconds per image instead of minutes, and the inference quality on regional identifiers has gotten sharp enough to catch things even experienced photographers miss.

Amnesia runs that same inference pipeline in reverse: instead of identifying where an image was taken, it surfaces the specific elements that could be used to identify it, and gives you the tooling to remediate before the asset goes anywhere.

How Vision-Language Models Actually Read an Image

This is the part worth understanding, because it's what makes the modern threat different from anything that came before.

VLMs — models like Gemini Vision, GPT-4V, LLaVA — don't process images the way earlier computer vision systems did. They don't run a landmark detector and match against a database of known buildings. They reason about the image the same way a knowledgeable human would, drawing on a training corpus that includes enormous amounts of geotagged photography, travel writing, architectural documentation, botanical data, and regional signage.

The model has seen enough images of Haussmann-style ironwork to know which arrondissements use it. Enough images of coastal vegetation to distinguish Malibu scrub from Florida palms. Enough streetwear photography to recognize that a particular boutique exists in exactly one city.

It's not pattern matching. It's the same contextual inference a seasoned photo editor would apply — except it runs in two seconds and scales to an entire site audit.

This is what makes the remediation problem hard: the localization signal isn't in a header field you can zero out. It's distributed across the entire frame, in elements that look like background detail to a human reviewer who isn't specifically looking for them.

How the Scan Works

The web interface takes a target URL and scans it for images and video. Each asset goes through high-inference analysis — landmarks, street signage, architectural details, regional foliage, reflections, boutique signatures — anything that creates a localization vector. The model flags what it found and why, and you decide what to remediate.

The "Wipe & Download" function applies heavy visual redaction to flagged regions and saves the cleaned version. It's not a crop or a low-quality resize. It's a targeted blur on the specific elements the scanner identified, leaving the rest of the image intact.

HACK LOVE BETRAY
OUT NOW

HACK LOVE BETRAY

The ultimate cyberpunk heist adventure. Build your crew, plan the impossible, and survive in a world where trust is the rarest currency.

VIEW LISTING
# CLI batch scrubbing for local assets
# Strips all metadata across a directory in a single pass

amnesia-scrub ./client_deliverables/

# Output:
# ✓ campaign_01.jpg — EXIF cleared, GPS removed
# ✓ campaign_02.jpg — EXIF cleared, GPS removed
# ⚠ campaign_03.jpg — EXIF cleared | visual flag: identifiable storefront (frame right)
# ✓ campaign_04.jpg — EXIF cleared, GPS removed

The CLI handles metadata erasure across the whole directory. The visual flag on campaign_03 is what the metadata strip missed. That's the gap.

Zero-Cloud Mode

Some assets shouldn't travel. Client work under NDA, unreleased product shots, editorial involving private individuals — anything where sending the image to a cloud API is itself a disclosure event.

Zero-Cloud mode routes analysis through a local VLM via Ollama/LLaVA. The inference stays on the machine. No telemetry, no external API calls, nothing leaves your network. The tradeoff is inference quality — local models are less sharp on regional specificity than a frontier model — but for sensitive assets, that's the right call. Acceptable precision loss beats an unacceptable data exposure.

This is also why the architecture matters. A tool that solves the privacy problem by sending your private images to a third-party server hasn't solved anything. Amnesia's zero-cloud path exists because the use case demands it.

Ghost Mode: Auditing What's Already Live

The browser extension is the red team side of the tool. Right-click any image on any page, send it directly to your local Amnesia instance. Useful for auditing assets you've already published, checking what a client's existing site is exposing, or verifying that a scrubbing pass actually worked before the next campaign goes up.

Most sites have the same gap: EXIF is stripped somewhere in the upload pipeline — if it's stripped at all — and the visual content is never checked. Ghost Mode makes that audit fast enough to be practical. Load a page, scan what's there, see what the model flags. Five minutes of work that most teams have never done.

Why This Problem Is Getting Worse

Every platform that accepts user-uploaded images is accumulating a corpus of unintentionally geolocated assets. The person who photographed their product on their apartment balcony didn't include their address. The frame may have anyway.

The capability that makes Amnesia's scanner work is not proprietary. It's available to anyone running a multimodal model — which is anyone with an API key and twenty lines of code. The asymmetry is stark: creating visual location data is a side effect of shooting on location, costs nothing, and happens automatically. Remediating it has historically required either manual review by someone who knows what to look for, or specialized forensic tools that weren't built for creative workflows.

What the VLM era changed is that the attacker's capability scaled dramatically. The analyst who used to spend twenty minutes geolocation-researching a single image now spends two seconds. The defender's workflow didn't change at all — which means the gap widened.

Amnesia is an attempt to scale the defense to match.

The metadata strip was always the floor, not the ceiling. Now there's tooling for the ceiling too.

Authorized use only. Test your own infrastructure, your own assets, your own clients' sites with written permission.

github.com/ghostintheprompt/amnesia

GhostInThePrompt.com // EXIF was clean. The awning wasn't.

Continue Reading

tech-weapons

La Pecorina: A Quote Blocker With Other Ambitions

A browser extension that promises to clean up LinkedIn can also turn itself into a quiet witness to everything else. The useful part is not the stunt. It is the reminder that extensions sit much closer to your life than most people admit.

tech-weapons

The LinkedIn Timing Bomb

LinkedIn does not just reward performance. It rewards synchronized performance. Once you notice the weekly rhythm, the site starts looking less like a professional network and more like a scheduled theater with very anxious lighting.