Image Metadata and Privacy: What EXIF Data Reveals and How to Protect Yourself

Every Photo Tells More Than You Think

When you take a photo with your smartphone, the resulting image file contains far more than pixel data. Embedded within the file is a rich set of metadata — information about where the photo was taken, when, with what device, and under what conditions. This metadata, primarily stored in a format called EXIF (Exchangeable Image File Format), travels with the image wherever it goes.

For photographers, EXIF data is invaluable. It records camera settings that help you learn and improve. For the privacy-conscious, however, it is a potential liability. Sharing a photo online can inadvertently reveal your home address, daily routines, device information, and more.

This guide covers what metadata is actually stored in your images, the real-world privacy risks, how to strip metadata effectively, and which platforms handle it for you.

What EXIF Data Contains

EXIF metadata was originally designed for digital cameras in the mid-1990s. It has since been adopted by smartphones, drones, scanners, and virtually every device that captures images. The standard defines hundreds of fields, but these are the most commonly populated:

Location Data (GPS)

This is the most privacy-sensitive metadata field. Modern smartphones embed GPS coordinates in every photo by default (unless explicitly disabled).

The GPS data includes:

| Field | Example | What It Reveals | |-------|---------|----------------| | GPSLatitude | 37° 46' 30.0" N | Latitude to ~1 meter precision | | GPSLongitude | 122° 25' 10.0" W | Longitude to ~1 meter precision | | GPSAltitude | 52.3 m | Elevation above sea level | | GPSSpeed | 0.0 km/h | Speed at time of capture | | GPSImgDirection | 247.5° | Direction the camera was pointing | | GPSDateStamp | 2026:03:15 | Date of GPS fix | | GPSTimeStamp | 14:32:08 UTC | Time of GPS fix |

With latitude and longitude accurate to several decimal places, anyone viewing the EXIF data can pinpoint the exact location where the photo was taken — often to within a few meters. This is enough to identify a specific building, apartment, or office.

Timestamps

| Field | Example | What It Reveals | |-------|---------|----------------| | DateTimeOriginal | 2026:03:15 14:32:08 | Exact date and time the photo was taken | | DateTimeDigitized | 2026:03:15 14:32:08 | When it was digitized (usually same as above) | | DateTime | 2026:03:15 14:35:12 | Last modification date | | SubSecTimeOriginal | 482 | Millisecond precision | | OffsetTimeOriginal | -07:00 | Timezone offset |

Timestamps reveal patterns. A series of photos taken at the same location at similar times on different days suggests a routine — a workplace, a gym, a school. Combined with GPS data, this paints a detailed picture of daily life.

Device Information

| Field | Example | What It Reveals | |-------|---------|----------------| | Make | Apple | Device manufacturer | | Model | iPhone 16 Pro | Specific device model | | Software | 19.3 | Operating system version | | LensMake | Apple | Lens manufacturer | | LensModel | iPhone 16 Pro back triple camera | Which camera was used | | SerialNumber | C8QZK...4R | Unique device serial number | | ImageUniqueID | a3f8b2c1... | Unique identifier for this specific image |

The serial number is particularly concerning — it uniquely identifies a specific physical device. If the same serial number appears in photos posted across different accounts or platforms, those photos can be linked to the same device (and likely the same person).

Camera Settings

| Field | Example | |-------|---------| | ExposureTime | 1/120 s | | FNumber | f/1.8 | | ISO | 100 | | FocalLength | 6.86 mm | | Flash | No flash | | WhiteBalance | Auto | | ExposureMode | Auto | | SceneCaptureType | Standard | | BrightnessValue | 8.2 |

Camera settings are less privacy-sensitive but can still reveal context. Indoor photos with high ISO and no flash indicate low-light environments. Specific lens configurations can identify the exact device used.

Thumbnail Images

Many cameras embed a small JPEG thumbnail (160x120 or 320x240) in the EXIF data. This thumbnail is generated from the original capture before any editing.

This has led to notable privacy incidents: people who carefully cropped sensitive content from a photo (faces, identifying details, documents) shared the image without realizing the EXIF thumbnail still contained the uncropped original.

Other Metadata Standards

Beyond EXIF, images can contain metadata in other formats:

IPTC (International Press Telecommunications Council): Used in journalism and stock photography. Fields include caption, credit, copyright, keywords, and location names.
XMP (Extensible Metadata Platform): Adobe's standard, stored as XML. Can contain editing history, Lightroom/Photoshop settings, face recognition tags, and custom fields.
ICC Profiles: Color management data. Usually not privacy-sensitive, but they add file size (2–50 KB typically).

Real-World Privacy Risks

Stalking and Location Tracking

The most direct risk. If you share a photo taken at your home, and the EXIF GPS data is intact, anyone who downloads the image can extract your home address. This has been documented in numerous stalking cases.

In 2012, tech journalist's home address was identified from EXIF data in a photo posted online. Anti-virus pioneer John McAfee's location in Guatemala was revealed in 2012 when Vice magazine published a photo with intact GPS metadata. These are not theoretical risks — they are documented incidents.

Deanonymization

If you maintain anonymous online accounts and post original photos, EXIF data can link those accounts to your real identity through:

Device serial numbers matching across accounts
GPS coordinates revealing your home, workplace, or frequently visited locations
Timestamps correlating with known activities
Camera model and firmware version narrowing down the device pool

Even without GPS data, the combination of camera model, lens, firmware version, and shooting patterns can create a "device fingerprint" that is surprisingly unique.

Corporate and Competitive Intelligence

Business-related photos can leak sensitive information:

Photos from a confidential meeting reveal the location and time
Product prototype photos reveal the device used to photograph them (traceable to a specific employee)
Office photos reveal network equipment, whiteboards with plans, and building details

Legal and Forensic Implications

EXIF data is routinely used as evidence in legal proceedings. Timestamps and GPS data can place a person at a specific location at a specific time. While this has legitimate uses (criminal investigations, intellectual property disputes), it also means that photos you share could be used in ways you did not anticipate.

How to Check Your Images for Metadata

Command Line (ExifTool)

ExifTool by Phil Harvey is the gold standard for reading and writing metadata. It supports virtually every metadata format and image type.

# Install (macOS)
brew install exiftool

# View all metadata
exiftool photo.jpg

# View GPS data specifically
exiftool -gps:all photo.jpg

# View in a structured format
exiftool -json photo.jpg

Sample output:

File Name                       : photo.jpg
File Size                       : 4.2 MB
Make                            : Apple
Camera Model Name               : iPhone 16 Pro
Date/Time Original              : 2026:03:15 14:32:08-07:00
GPS Latitude                    : 37 deg 46' 30.00" N
GPS Longitude                   : 122 deg 25' 10.00" W
GPS Altitude                    : 52.3 m Above Sea Level

Online Viewers

Several websites let you upload an image to view its metadata. However, this somewhat defeats the purpose of privacy — you are uploading the image (with all its metadata) to a third-party server. Use these for non-sensitive images only.

Operating System Tools

macOS: Right-click → Get Info shows basic metadata. Preview → Tools → Show Inspector → EXIF tab shows full details.
Windows: Right-click → Properties → Details tab shows most EXIF fields.
iOS: In Photos, swipe up on an image to see location and camera info. iOS 15+ lets you remove location data before sharing.
Android: In Google Photos, swipe up or tap the info (i) icon to see EXIF data.

How to Strip Metadata

ExifTool (Command Line)

# Remove ALL metadata
exiftool -all= photo.jpg

# Remove all metadata but keep orientation
exiftool -all= -tagsfromfile @ -Orientation photo.jpg

# Remove only GPS data (keep other metadata)
exiftool -gps:all= photo.jpg

# Remove metadata from all JPEGs in a directory
exiftool -all= *.jpg

# Remove metadata and process recursively
exiftool -all= -r /path/to/photos/

The -all= flag is the nuclear option — it strips everything. This is the safest approach for images you plan to share publicly.

Operating System Built-in Tools

Windows: Right-click → Properties → Details → "Remove Properties and Personal Information" → Select "Create a copy with all possible properties removed."

macOS: No built-in bulk metadata stripping tool. Preview can export without EXIF by using File → Export and selecting a format, but this is not reliable for all metadata types. Use ExifTool or a dedicated app.

iOS (Share Sheet): When sharing a photo in iOS 15+, tap the "Options" link at the top of the share sheet. You can toggle off "Location" and "All Photos Data" before sharing.

Android: When sharing from Google Photos, you can choose to remove location data. Settings → Privacy → "Remove geolocation" on shared items.

Browser-Based Stripping

When you process images through a client-side tool like Krunkit, metadata is typically stripped as part of the encode/decode process. When an image is decoded to raw pixel data (an array of RGBA values) and then re-encoded with a WASM codec like MozJPEG or WebP, the EXIF data from the original file is not carried over. The re-encoded image contains only pixel data and the minimal metadata the encoder adds (like image dimensions and color space).

This is an inherent privacy benefit of client-side re-encoding: the image never leaves your device, and the output is metadata-clean by default.

Programmatic Stripping

For automated pipelines (build scripts, upload handlers):

// Node.js with Sharp
const sharp = require('sharp');

await sharp('input.jpg')
  .withMetadata(false) // Strip all metadata
  .toFile('output.jpg');

// Or keep orientation only
await sharp('input.jpg')
  .withMetadata({ orientation: undefined }) // Sharp auto-rotates
  .toFile('output.jpg');

# Python with Pillow
from PIL import Image

img = Image.open('input.jpg')
# Create clean copy without EXIF
data = list(img.getdata())
clean = Image.new(img.mode, img.size)
clean.putdata(data)
clean.save('output.jpg', quality=85)

Which Platforms Strip Metadata Automatically

Not all platforms handle metadata equally. Some strip it to protect users; others preserve it for different reasons.

Social Media

| Platform | GPS Stripped | EXIF Stripped | Notes | |----------|-------------|---------------|-------| | Facebook | Yes | Mostly | Strips GPS and most EXIF. Adds its own metadata. | | Instagram | Yes | Mostly | Strips GPS and camera data. Compresses aggressively. | | Twitter/X | Yes | Yes | Strips all EXIF data on upload. | | LinkedIn | Yes | Mostly | Strips GPS. Some device info may remain. | | TikTok | Yes | Yes | Strips metadata from uploaded images and video. | | Snapchat | Yes | Yes | Strips metadata. Ephemeral by design. |

Messaging Apps

| Platform | GPS Stripped | EXIF Stripped | Notes | |----------|-------------|---------------|-------| | iMessage | No | No | Sends original file with all metadata intact | | WhatsApp | Yes | Yes | Strips metadata and compresses images | | Signal | Yes | Yes | Strips all metadata by default | | Telegram | Depends | Depends | Compressed images: stripped. "As file": metadata preserved | | Discord | No | No | Preserves original file and all metadata | | Slack | No | No | Preserves original file and all metadata |

Cloud Storage and Sharing

| Platform | GPS Stripped | EXIF Stripped | Notes | |----------|-------------|---------------|-------| | Google Drive | No | No | Files stored as-is | | Dropbox | No | No | Files stored as-is | | iCloud Photos | No | No | Full metadata preserved (it is used for features like Memories and Places) | | Google Photos (shared link) | No | No | Shared albums preserve metadata | | Google Photos (download) | Configurable | Configurable | Can choose to include/exclude location | | Imgur | Yes | Yes | Strips EXIF on upload | | Flickr | Yes (from public API) | Partially | GPS hidden by default but stored; photographer can enable |

Key Takeaway

Do not assume any platform strips metadata. If privacy matters, strip metadata yourself before sharing. The only reliable approach is to handle it at the source.

Metadata in Different Image Formats

JPEG

JPEG is the most common format for photos with EXIF data. Metadata is stored in APP1 (EXIF), APP13 (IPTC), and APP2 (ICC profile) markers at the beginning of the file. It can be stripped without re-encoding the image (tools just remove the marker segments).

PNG

PNG uses "text chunks" (tEXt, iTXt, zTXt) for metadata. PNG does not natively support EXIF, but:

Some tools embed EXIF in an eXIf chunk (since PNG 1.5 / 2017)
XMP can be embedded in an iTXt chunk
Screenshots rarely have EXIF (no camera to populate it), but they may contain creation timestamps and software information

WebP

WebP supports EXIF metadata in an EXIF chunk within the RIFF container. When converting from JPEG to WebP, tools may or may not carry over the EXIF data — it depends on the tool and settings.

AVIF

AVIF inherits metadata support from its HEIF (High Efficiency Image Format) container. It supports EXIF and XMP. The metadata situation is similar to JPEG — it can contain full GPS, camera, and timestamp data.

HEIC/HEIF

Apple's default iPhone photo format since iOS 11. Fully supports EXIF metadata with GPS, and also supports depth maps and Live Photo data. Because HEIC is less commonly shared directly (most apps convert to JPEG for sharing), the metadata risk depends on the sharing workflow.

SVG

SVG is XML-based and can contain arbitrary metadata in <metadata> elements. It can also contain embedded raster images (as base64 data) that may have their own EXIF data. SVGs generated by design tools often include the tool name, version, and creation date in comments or metadata tags.

RAW Formats

Camera RAW formats (CR3, NEF, ARW, DNG) contain extensive metadata including complete camera settings, lens corrections, white balance data, and — critically — a full-resolution JPEG preview. Sharing RAW files shares all of this data plus the preview.

Best Practices for Metadata Privacy

For Individuals

Disable GPS tagging on your camera app if you do not actively use location data. On iOS: Settings → Privacy → Location Services → Camera → Never. On Android: Camera app settings → Location tags → Off.
Use iOS/Android sharing controls to remove location before sharing. Both platforms now offer this in the share sheet.
Strip all metadata before posting to platforms that do not strip it — especially messaging apps (iMessage, Discord, Slack) and cloud storage shares.
Be aware of EXIF thumbnails. If you crop a photo to remove identifying content, the thumbnail may still contain the uncropped original. Re-encoding the image (not just cropping) eliminates this risk.
Check photos before sharing with ExifTool or your OS's built-in metadata viewer, especially for photos taken at sensitive locations.

For Developers and Businesses

Strip metadata on upload as part of your image processing pipeline. This protects your users even if they forget to strip it themselves.

// Express.js middleware example using Sharp
app.post('/upload', async (req, res) => {
  const processed = await sharp(req.file.buffer)
    .withMetadata(false) // Strip all metadata
    .toFormat('webp', { quality: 82 })
    .toBuffer();
  // ... save processed image
});

Document your metadata policy. Tell users whether you strip metadata, what you store, and what you share. This is a trust signal and may be required under GDPR (GPS coordinates linked to a person are personal data).
Consider selective preservation. For photography platforms, you may want to preserve camera settings (useful for photographers) while stripping GPS and serial numbers. ExifTool makes this selective stripping straightforward.
Audit third-party image handling. If you use a CDN, image processing service, or CMS, verify whether they strip or preserve metadata. Do not assume.

For Organizations Handling Sensitive Images

Implement automated metadata stripping in your document management system
Train staff about metadata risks, especially for photos shared externally
Include metadata in your data classification policy — photos with GPS of sensitive facilities should be treated as location data
Conduct periodic audits of publicly accessible images for metadata leakage

The GDPR Dimension

Under the EU's General Data Protection Regulation, GPS coordinates associated with an identifiable person constitute personal data. This means:

If your platform stores photos with GPS metadata, you are processing personal data
Users have the right to access this data (Article 15) and request its deletion (Article 17)
You need a lawful basis for processing it (consent, legitimate interest, etc.)
A data breach involving photos with GPS data is potentially a notifiable breach

Stripping GPS metadata on upload is the simplest way to avoid these compliance obligations for location data. You cannot leak what you do not store.

Conclusion

Image metadata is a double-edged sword. For photographers and archivists, it is invaluable contextual data. For privacy, it is a liability that most people do not know they are carrying.

The core principle is simple: be deliberate about what you share. Before posting or sending a photo, decide whether you want its metadata — especially GPS location and device identifiers — to travel with it. If not, strip it.

The tools exist. ExifTool handles command-line stripping. iOS and Android offer sharing controls. Client-side image processing tools inherently strip metadata through the re-encoding process. The only missing ingredient is awareness — and now you have that too.