Guide
What your photos reveal: EXIF data, GPS location, and how to remove it
The pixels are what you meant to share. The metadata is what came along for the ride.
By Buğra SözeriPublished
A photo file is two things: the pixels you see, and a block of metadata you don’t. The metadata — EXIF, plus its siblings XMP and IPTC — is written automatically by the camera pipeline and travels with the file through most copies, emails, and uploads. Most of it is harmless. Some of it is a street address with a timestamp. This guide covers what’s in there, when it matters, and how to remove it without breaking the image.
What EXIF actually contains
EXIF (Exchangeable Image File Format) is defined by CIPA, the camera industry’s standards body, and is embedded in JPEG, TIFF, and HEIC files. Typical contents of a smartphone photo:
- GPS coordinates. Latitude, longitude, often altitude, plus a separate GPS timestamp. Written whenever location services are enabled for the camera. Precision is typically a few meters — enough to identify a specific building.
- Date and time. When the photo was taken (
DateTimeOriginal), separate from the file-system timestamps, which change on copy. - Device identity.Make and model (“Apple iPhone 15 Pro”), lens details, and on some dedicated cameras the body serial number and lens serial number — enough to link separate photos to the same physical camera.
- Capture settings. Shutter speed, aperture, ISO, focal length, flash state. Harmless for privacy; useful for photographers.
- Software trail. The
Softwaretag records the app or editor that last wrote the file, which can reveal editing history. - An embedded thumbnail. EXIF carries a small preview image generated at capture time. Some editors update the pixels but not the thumbnail — there have been real cases where a cropped or redacted photo still contained the original, uncropped scene in its EXIF thumbnail.
Why it matters
One photo with GPS tags is a location leak. A stream of them is a pattern: where you live (photos taken at home, clustered at night), where you work, when you travel and when your house is empty. The timestamp plus coordinates is the sensitive combination — and it’s exactly what the GPS block stores. Privacy frameworks such as NIST SP 800-122 treat precise location and persistent device identifiers as personally identifiable information for this reason.
Serial numbers are the quieter risk. A camera body serial embedded in EXIF links every photo from that camera together, including ones posted under different identities. For most people this never matters; for anyone posting pseudonymously, it can.
Where metadata survives — and where it doesn’t
Whether your metadata reaches the recipient depends entirely on the path the file takes.
- Large social platforms generally strip it. Major social networks re-encode uploads (resize, recompress, convert format), and the file other users can access generally has the EXIF block removed. Two caveats: the platform itself typically reads and retains the metadata server-side before stripping, and stripping the downloadable file is a platform behavior, not a guarantee — verify with a test upload if it matters.
- File-transfer paths generally preserve it. Email attachments, files synced to a cloud-drive folder, direct file transfers, and anything sent explicitly “as a file” or “as a document” moves byte-for-byte. The recipient gets the full metadata.
- Messaging apps vary. Many recompress photos sent the default way (which tends to remove EXIF) but pass originals through untouched when you choose a full-quality or file-attachment option. The same app can behave both ways depending on how you send.
The safe rule: assume metadata survives unless you removed it yourself. Relying on a platform’s stripping behavior means trusting an implementation detail that can change without notice.
How to see what a photo carries
Inspect before you share. Our EXIF viewer parses the metadata entirely in your browser — the file is read locally by JavaScript and never uploaded anywhere, which is the right property for a tool whose whole purpose is checking for sensitive data. Drop a photo in and look for a GPS section: if one exists, the photo is geotagged.
On the command line, exiftool photo.jpg prints every tag in every metadata block. ExifTool, by Phil Harvey, is the reference implementation for photo metadata — it reads and writes EXIF, XMP, IPTC, and dozens of maker-specific formats, and it’s what most GUI tools wrap internally.
How to remove it
Ordered from most convenient to most thorough:
- OS-level share options.Both iOS and Android provide ways to share or export photos with location data removed, and iOS lets you toggle location per-share. Windows Explorer’s file Properties dialog offers “Remove Properties and Personal Information.” Convenient, but scope varies — some options remove only location, not the rest of the block.
- Re-export through an editor or converter. Tools that decode the image and write a fresh file usually drop metadata unless they deliberately copy it. Our compressor, resizer, and crop toolre-encode through the browser canvas, which produces a clean file — the canvas API has no access to the source’s EXIF, so none can leak through. Note that professional editors often do the opposite by design: preserving metadata is a feature for photographers, so check the export settings.
- Screenshot the photo.Crude but effective for metadata: the screenshot is a new image generated by the OS with no camera metadata. The costs are real, though — you lose resolution and add recompression, and the screenshot can still carry its own creation timestamp and OS identifiers. It removes the camera’s story, not necessarily all of yours.
- exiftool, for certainty.
exiftool -all= photo.jpgremoves every metadata block and keeps a_originalbackup. Add-overwrite_originalto skip the backup. This is the only option on this list where you can be confident that EXIF, XMP, and IPTC are all gone — and it works in batch across a whole directory.
Whichever route you take, verify: run the cleaned file back through an EXIF viewer. The most common failure mode is a tool that strips EXIF but leaves an XMP packet behind with the same GPS coordinates in it.
Beyond EXIF: XMP and IPTC
EXIF is not the only metadata container in an image file, which is why “remove EXIF” is not the same as “remove metadata.”
- XMP (Extensible Metadata Platform) is an XML-based block, originally from Adobe, written by most professional editing tools. It can duplicate EXIF fields — including GPS — and additionally records edit history, creator information, and ratings. A file whose EXIF was stripped can still be geotagged via XMP.
- IPTC metadata, standardized by the International Press Telecommunications Council, is the news-industry block: captions, bylines, copyright notices, and location names (city, country) entered by humans rather than measured by GPS. Less common in personal photos, routine in published ones.
All three blocks can coexist in one JPEG. Thorough removal means clearing all of them — which is exactly what exiftool -all= does and what a full re-encode through a metadata-unaware pipeline achieves implicitly.
A reasonable default policy
- Photos of documents, your home, or anything you post publicly: strip metadata first, verify after.
- Photos sent as files (email, cloud folders, “send as document”): treat as metadata-intact and clean them yourself.
- Your own archive: keep the metadata. GPS tags and timestamps are what make photo libraries searchable by place and date. Strip copies at the point of sharing, not the originals.
Start by looking: open a recent phone photo in the EXIF viewer and see what it says about you. It runs locally in your browser, so checking costs nothing — the file never leaves the page.
Frequently asked questions
- What is EXIF data?
- EXIF (Exchangeable Image File Format) is a metadata block embedded inside JPEG, TIFF, and HEIC files by cameras and phones. It records capture settings (shutter speed, aperture, ISO), the date and time the photo was taken, the device make and model, the editing software used, and — if location services were on — GPS coordinates. The standard is maintained by CIPA, the Camera and Imaging Products Association.
- Does my photo contain location data?
- If it was taken on a smartphone with location services enabled for the camera app, almost certainly yes: latitude, longitude, often altitude, and a GPS timestamp are written into the EXIF GPS tags. The only way to know for a specific file is to inspect it — an EXIF viewer will show a GPS block if one exists. Photos taken with location services off, and most screenshots, carry no coordinates.
- How do I remove metadata from a photo?
- Three reliable approaches: use an OS-level option (iOS and Android both offer ways to share or export photos without location data; Windows Explorer has a 'Remove Properties and Personal Information' option), re-export the image through a tool that writes a clean file, or use exiftool on the command line: 'exiftool -all= photo.jpg' strips every metadata block. Always verify the result by re-inspecting the file, because some tools remove EXIF but leave XMP or IPTC blocks behind.
- Do screenshots have EXIF data?
- Screenshots generally carry far less metadata than camera photos — no GPS block, no camera settings — because the operating system creates them rather than a camera pipeline. They are usually PNG files, a format with no EXIF section in the traditional sense. But they are not guaranteed to be metadata-free: the OS may embed creation timestamps or device/software identifiers, and the screenshot content itself can reveal more than any tag. Inspect before assuming clean.
- Do social networks remove EXIF data when I upload a photo?
- Major social platforms re-encode uploaded images and, in the process, generally strip embedded EXIF from the file that other users can download — though the platform itself typically reads and stores that metadata server-side first. Do not generalize this to other channels: email attachments, files placed in cloud-drive folders, and documents sent as files typically pass through byte-for-byte, metadata included. When it matters, strip metadata yourself before sending rather than relying on the pipeline.
- Can EXIF data reveal my home address?
- Indirectly, yes. GPS tags store coordinates to a precision of well under ten meters, so a photo taken at home and shared with EXIF intact pinpoints the building. Combined with the timestamp, a series of photos can reveal not just where you live but when you are usually there. This is why location metadata is treated as personally identifiable information in privacy guidance such as NIST SP 800-122.
Sources & references
Authoritative references cited by this piece. Verified by Buğra Sözeri on the dates shown and re-checked at every deploy.
- CIPA DC-008 — Exchangeable image file format for digital still cameras (Exif) — The standards body that maintains the Exif specification; tag definitions referenced throughout(as of )
- ExifTool by Phil Harvey — official site — The reference command-line tool for reading and removing EXIF, XMP, and IPTC metadata(as of )
- IPTC Photo Metadata Standard — The IPTC/XMP metadata blocks discussed in the section beyond EXIF(as of )
- NIST SP 800-122 — Guide to Protecting the Confidentiality of PII — Framework for treating location and device identifiers as personally identifiable information(as of )
Related
Published July 15, 2026