Before publishing SVG, you may use an optimization tool such as SVGO.
This is done to reduce unnecessary attributes, comments, and metadata, and to make the file smaller.
This is useful work.
However, in anonymity checks, you cannot say "it is safe because it went through SVGO." The information the tool removes and the information a human must look at are different.
This article organizes what it means to use SVGO and why manual checking as XML is needed afterward.
What is SVGO?
SVGO is a tool for optimizing SVG files.
It is used to remove unnecessary attributes and metadata and make SVG lighter. In the official repository, you can check usage, plugins, and configuration options.
The use covered here assumes that you check official information and run it in a local environment. If you upload SVG to an online optimization service, information inside the XML and the filename may be sent to an external service.
SVGO is useful, but it is not a dedicated anonymization tool.
Its main purpose is optimization. It does not judge and remove all information related to anonymity.
What tools can reduce
Depending on SVGO settings, comments, metadata, unnecessary attributes, empty elements, and similar content may be reduced.
Things that may be reduced
Description
Caution
Comments
Removes XML comments
Depends on settings
Metadata
metadata elements and similar information
Not necessarily all information
Unnecessary attributes
Attributes unnecessary for display
id and class may remain
Empty elements
Unused elements
Does not judge all hidden information
File size
Reduces extra descriptions
Not anonymity itself
Optimization is an important pre-publication step.
However, optimization and anonymization are not the same.
Why manual checking is necessary
Tools do not fully judge the meaning of strings.
For example, whether the ID project-alpha is an internal project name or just a shape ID cannot be understood without context. Whether a layer name such as school-map relates to anonymity also changes depending on the post content.
Information that may remain
Why a human looks
id and class names
Need to judge whether they are internal terms or project names
text elements
Need to check whether text is visible or hidden
Filename
Outside the scope of tool processing
Meaning inside the image
Backgrounds and logos are not removed by optimization
Contextual information
Some information is understandable only to people involved
For anonymity, look not only at the file structure, but also at meaning.
This check of meaning is ultimately done by a human.
Manual checking flow
After optimizing with SVGO or a similar tool, open the SVG in a text editor.
Check in the following order.
Order
What to check
Reason
1
Filename
Real name, project name, or date appears
2
metadata element
Author or tool information remains
3
Comments
Work notes or internal information remains
4
text element
Hidden text or pre-deletion text remains
5
id and class
Layer names or internal terms remain
6
URL
External links or internal environments become visible
Searching only for your own name is not enough.
Also check company names, school names, department names, project names, email addresses, place names, old handles, and internal abbreviations.
Visual checking is also necessary
Even if the XML is clean, information visible as an image may remain.
Logos, signs, maps, school emblems, name tags, user names, screen notifications, and distinctive chart designs are not removed by optimization.
Visible information
Remaining risk
What to check
Logo
Organization or service becomes visible
Replace it if needed
Map
Routine places or locations become visible
Lower the granularity
Screen UI
Account or notifications become visible
Check the edges too
Distinctive chart
Connects with past materials
Be careful with template reuse
SVG must be checked both for its XML contents and for its appearance as an image.
One side alone is not enough.
Choosing between SVG and PNG
When anonymity is needed, publishing after converting to PNG or a similar format instead of SVG is also an option.
If you convert to PNG, information such as XML comments and IDs will generally no longer appear on the surface.
However, information visible as an image remains even after PNG conversion. In addition, metadata may be attached to the converted image.
Method
Advantage
Caution
Publish as SVG
Clean when enlarged, easy to edit
Check information inside XML
Publish after SVGO
Can reduce extra descriptions
Manual checking is necessary
Publish after PNG conversion
Can reduce XML information
Look at information inside the image and metadata
Which format is better changes depending on purpose and risk.
If you do not need to publish it as an editable diagram, PNG conversion is also an option.
Manage configuration files and source files too
When using SVGO, think about not only the processed SVG but also how you handle configuration files and source files.
If you share source files in the same folder, pre-optimization information may be handed over together. Configuration files may contain project names or internal comments.
Target
What to check
Reason
Source SVG
Whether unprocessed information remains
It may be shared by mistake
Output SVG
What remains after optimization
It is the final publication file
Configuration file
Internal comments or paths
It may be included in what is shared
Folder name
Case name or organization name
Visible in zip sharing
README
Work notes or person in charge
May be bundled at publication
For anonymity, it is not always enough to look only at the processed file.
Check whether source files or notes are mixed into the folder or zip you upload.
Even with automation, look at it yourself at the end
If you use SVGO with the same procedure every time, automation is useful.
However, automation does not remove the need for checking. Rather, it is preprocessing so a human can check at the end.
After automatic processing, open the contents in a text editor, display it in a browser, and check the filename and bundled files.
For high-risk files, also consider having another person review them. However, that also means handing the file to that person, so choose the consultation contact carefully.
If the publication target is not a single file but a zip or folder, check bundled items as well as the output SVG.
If old SVGs, source data, work notes, or configuration files are mixed in, information leaks from somewhere other than the optimized file.
Summary
SVGO is a useful tool for optimizing SVG.
It may reduce comments, metadata, unnecessary attributes, and similar information.
However, SVGO is not a dedicated anonymization tool. Internal terms, id, class, text elements, filenames, and information visible as an image need to be checked by a human according to context.
Before publication, after processing with SVGO or a similar tool, open the contents as XML and check them.
For anonymity, what matters is not that you processed the file with a tool, but what ultimately remains.
Related tools
Metadata inspection
ExifTool
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.