Every photo you take with a smartphone or digital camera contains hidden metadata (EXIF data) that records far more information than most people realize. This includes the exact GPS coordinates where you took the photo, the date and time, your camera make and model, serial number and more. The data is completely invisible when you look at the image: it lives in the file header, silently traveling wherever the photo goes.
Before you share photos online, upload them to social media, or send them to strangers, understanding what your photos contain is essential. A single unstripped photo posted to a public forum can reveal your home address, your daily routine and the device you used to take it. This guide explains exactly what EXIF data is, which fields carry real privacy risks, how to view what's embedded in your own photos and how to remove it, selectively or entirely, before you share.
What Is EXIF Data?
EXIF stands for Exchangeable Image File Format. It is a standard for embedding metadata inside image files, first developed by the Japan Electronic Industries Development Association (JEIDA) in 1995 and later maintained by the Camera and Imaging Products Association (CIPA). Every JPEG, TIFF and RAW file produced by a digital camera or smartphone automatically includes an EXIF header. WebP and PNG files use their own metadata containers (XMP and tEXt chunks, respectively) that serve the same purpose.
EXIF data is invisible to the naked eye. It has no effect on how the image looks: it is pure metadata riding alongside the pixel data inside the same file. You can view a photo a thousand times and never know the coordinates of where it was taken unless you specifically look at the metadata.
The EXIF specification defines hundreds of standard fields and with vendor-specific maker notes the total reaches into the thousands. In practice, a typical smartphone photo contains 30-60 populated fields. The most commonly written fields include:
| EXIF Field | Example Value | Privacy Risk |
|---|---|---|
| GPS Latitude / Longitude | 37.7749° N, 122.4194° W | Very High |
| GPS Altitude | 52 metres above sea level | Medium |
| GPS Direction (ImgDirection) | 274.5° (facing west) | Medium |
| Date / Time Original | 2024:11:15 08:42:11 | Medium |
| Camera Make & Model | Apple iPhone 15 Pro | Low-Medium |
| Camera Serial Number | C02XG1JKJG5J | Medium |
| Lens Model | iPhone 15 Pro back triple camera 6.765mm f/2.8 | Low |
| Aperture (FNumber) | f/2.8 | None |
| ISO Speed | ISO 250 | None |
| Shutter Speed | 1/120 s | None |
| Software | 17.1.1 | Low |
| Color Space | sRGB | None |
| Image Dimensions | 4032 × 3024 px | None |
| Copyright | © Jane Smith 2024 | Low |
| Artist / Creator | Jane Smith | Low |
| Embedded Thumbnail | Small JPEG preview (~10-50 KB) | Medium |
The Privacy Risk: GPS Location in Photos
When Location Services are enabled on your smartphone (the default on both iOS and Android), every photo you take is tagged with your exact GPS coordinates. The precision is typically within 5-10 metres, far more accurate than most people expect from a phone that fits in your pocket.
Consider what a single coordinate pair can reveal about you:
- Where you live: if you photograph anything in or around your home
- Where your children go to school: a photo taken at school pickup time
- Where you work: a lunchtime photo at the office
- Your travel patterns: a series of photos over time creates a detailed map of your movements
- Your property layout: the direction and altitude fields reveal which floor you were on and which way you were facing
These are not hypothetical risks. High-profile incidents include:
- A journalist who posted photos of their workspace online had their home address extracted from the EXIF data within hours by a reader who then used it for harassment.
- Real estate fraud investigators found that criminals were harvesting GPS data from property listing photos to identify temporarily unoccupied homes.
- A military whistleblower inadvertently revealed the location of a classified facility by posting an unstripped photo online.
The critical misconception: many people believe social media protects them because platforms strip metadata on upload. While Instagram, Facebook and Twitter do remove GPS data from photos uploaded through their apps, this protection does not apply when you share the original file directly, via email, iMessage, AirDrop, WhatsApp document attachments, Google Drive shared links, Dropbox, or any messaging platform that delivers the raw file rather than a re-encoded copy. In those cases, the GPS data travels with the photo in full.
Use Remove GPS from Photo to strip only the location fields while keeping all other metadata intact, or use Strip Metadata to remove everything at once.
Other Privacy-Sensitive EXIF Fields
GPS location is the most dangerous EXIF field, but it is far from the only one that carries meaningful privacy implications.
Camera Serial Number
Many cameras and smartphones embed a unique serial number in every photo they produce. This means that a collection of photos posted from different accounts, at different times, can be linked back to the same physical device and therefore the same person, by anyone who compares serial numbers. This technique is used by researchers, journalists and law enforcement to connect pseudonymous online identities to real individuals.
Timestamps
The DateTimeOriginal field records the exact second a photo was taken, accurate to the device clock. Combined with GPS data this creates a timestamped location history. Even without GPS, a precise timestamp can corroborate or contradict an alibi, or reveal that you were somewhere you claimed not to be.
The Embedded Thumbnail
One of the least-known EXIF privacy risks is the embedded JPEG thumbnail. Most EXIF-capable cameras and phones embed a small preview image (typically 160×120 px to 320×240 px) directly inside the EXIF header. This thumbnail is generated at capture time from the original, unedited image.
What this means in practice: if you crop out an embarrassing or sensitive element from a photo and then publish the cropped version, the original uncropped image may still be accessible inside the EXIF thumbnail. Image editing software that does not update the thumbnail will leave the original preview intact even after heavy cropping or editing.
Software and Operating System Version
The Software field records the application and OS version used to capture or last edit the image. This can be used for security fingerprinting: identifying unpatched software versions or correlating metadata across devices to identify a person.
Editing History and Copyright Fields
Adobe Photoshop, Lightroom and other professional tools write an XMP editing history into the file, which can include every adjustment made, the original filename and the machine name of the computer used. The Copyright and Artist fields may contain your full legal name or business name, even on photos you intended to publish anonymously.
How to View EXIF Data
Before you strip metadata, it is worth checking what your photos actually contain. Here are the easiest methods on every platform.
Online (No Software Required)
The fastest option is Image Metadata Viewer. Upload your photo and the tool displays all EXIF, XMP and IPTC fields in a readable table. Crucially, processing happens entirely inside your browser (the image is never sent to a server), so viewing sensitive metadata does not itself create a privacy risk.
Windows
- Right-click the image file in File Explorer.
- Select Properties.
- Click the Details tab.
This shows most common EXIF fields including camera, GPS and date information. It does not show every field: advanced fields like the embedded thumbnail or XMP data require a dedicated tool.
macOS
- Open the image in Preview.
- Go to Tools → Show Inspector (or press ⌘I).
- Click the (i) tab, then the Exif sub-tab for camera data, or the GPS tab to see location on a map.
iPhone
Open the photo in the Photos app, tap the (i) icon below the image, and scroll down. iOS shows camera metadata and a map preview for GPS-tagged photos. For the full EXIF dump, use the online viewer linked above.
Android
In Google Photos, tap the three-dot menu → Info. The detail panel shows location, date, camera and aperture/shutter/ISO. For full metadata, use the online viewer or a file manager app with EXIF support.
Command Line (Advanced)
ExifTool by Phil Harvey is the industry-standard open-source tool for reading and writing EXIF data. To view all metadata for a file:
exiftool photo.jpg
To view only the GPS fields:
exiftool -GPS:all photo.jpg
How Social Media Platforms Handle EXIF Data
Social media platforms vary significantly in how they handle the metadata embedded in uploaded photos. The table below reflects documented platform behaviour as of early 2026.
| Platform | GPS Stripped? | Other EXIF Stripped? | Raw File Preserved? |
|---|---|---|---|
| Instagram (app upload) | Yes | Yes. All EXIF removed. | No. Image re-encoded. |
| Facebook (app upload) | Yes | Yes - all EXIF removed | No. Image re-encoded. |
| Twitter / X | Yes | Yes. All EXIF removed. | No. Image re-encoded. |
| Yes | Yes. All EXIF removed. | No. Image re-encoded. | |
| WhatsApp (photo mode) | Yes | Yes. Image compressed. | No |
| WhatsApp (document mode) | No | No. Full EXIF preserved. | Yes. Original file sent. |
| iMessage / SMS | No | No. Full EXIF preserved. | Yes. Original file sent. |
| Email attachment | No | No. Full EXIF preserved. | Yes. Original file sent. |
| Google Drive (shared link) | No | No. Full EXIF preserved. | Yes. Original file sent. |
| Dropbox (shared link) | No | No. Full EXIF preserved. | Yes. Original file sent. |
The critical pattern: platforms that re-encode your image (compressing and resaving it) strip metadata as a side-effect. Platforms and services that deliver the original file intact preserve all EXIF data. When in doubt, strip metadata before sending: do not rely on the receiving platform to protect you.
A particularly common mistake is sharing photos via WhatsApp in document mode. Users switch to document mode to avoid WhatsApp's image compression, not realising that this also delivers the full EXIF-intact original file to the recipient.
When to Remove EXIF Data (and When to Keep It)
Stripping metadata is not always the right call. There are legitimate professional and personal reasons to preserve EXIF data. The decision comes down to who will receive the file and what they might do with it.
Always Remove EXIF When:
- Publishing photos of your home or property: rental listings, for-sale photos, home improvement posts on social media. GPS data in listing photos has been used in burglary planning.
- Sharing photos of children: school events, birthday parties, playground photos. Never share GPS-tagged photos of children with people outside your trusted circle.
- Posting as a journalist, activist, or whistleblower: your safety may depend on source anonymity and location privacy.
- Submitting photos to websites you don't control: forums, marketplaces, classified ad sites, any third-party upload form.
- Sharing medical or sensitive personal images: dental, skin condition, or other clinical photos sent to a provider should have timestamps and device IDs removed.
- Contributing to open-source projects or public datasets: GPS coordinates can inadvertently tag a contributor's home address.
EXIF Can (or Should) Stay When:
- Sharing with professional clients: wedding and event photographers routinely deliver EXIF-intact files so clients can sort by time taken and know the camera settings used.
- Personal archiving: keeping EXIF in your personal photo library lets you search by date, location and camera settings years later.
- Submitting to stock photo agencies: Getty, Shutterstock and Adobe Stock all require or strongly prefer EXIF-intact submissions. Copyright and creator fields are used for attribution.
- Scientific and geospatial work: geotagged photography for mapping, ecology, or journalism where location data is the point of the exercise.
- Internal professional workflows: passing files between editors, retouchers and art directors where EXIF metadata aids organisation and quality control.
How to Remove EXIF Data
There are several ways to strip EXIF data, ranging from a single click in a browser tool to command-line batch processing for thousands of files at once.
Browser-Based (Recommended for Most Users)
The simplest and most private option: Strip Metadata processes your photo entirely inside your browser using JavaScript. The image is never uploaded to any server. You can strip all EXIF, XMP, IPTC and ICC profile data in one click, or use Remove GPS from Photo to delete only the location fields while preserving camera and timestamp metadata.
Windows (Built-in)
- Select one or more image files in File Explorer.
- Right-click → Properties → Details tab.
- Click "Remove Properties and Personal Information" at the bottom.
- Choose "Create a copy with all possible properties removed" to keep the original, or select specific properties to remove.
This method works for JPEG and some TIFF files. It does not process PNG or WebP.
macOS (Preview)
Go to File → Export and uncheck "Save Metadata" if the option is present. Alternatively, use File → Export as PDF (strips all EXIF) and re-export if necessary. For reliable metadata stripping on macOS, the browser tool or ExifTool are more dependable.
iPhone: Prevent GPS Tagging at Source
Go to Settings → Privacy & Security → Location Services → Camera and set to "Never" or "Ask Next Time". This prevents new photos from being GPS-tagged. Existing photos already in your library retain their coordinates.
Android: Prevent GPS Tagging at Source
Open the Camera app → Settings → disable Location Tags (or "Save location", wording varies by manufacturer). Again, this affects new photos only.
ExifTool (Command Line: Batch Processing)
To strip all metadata from a single file and save to a new file:
exiftool -all= -o output.jpg input.jpg
To strip GPS only, preserving all other EXIF:
exiftool -GPS:all= -overwrite_original photo.jpg
To process an entire directory recursively:
exiftool -all= -r -overwrite_original ./photos/
ExifTool is free, open-source and handles over 140 file formats. It is the gold standard for professional or high-volume metadata management.
Frequently Asked Questions
Does Instagram show my location from EXIF data?
No. When you upload a photo through the Instagram app or website, Instagram strips all EXIF data (including GPS coordinates) before displaying the image to other users. However, if you share your original photo file directly (via email, iMessage, WhatsApp document mode, or a cloud storage link), the GPS data is fully preserved. Only rely on Instagram's stripping if the photo goes through the Instagram upload process itself.
How do I know if my photos contain GPS data?
The fastest way is to use the online Image Metadata Viewer at /tools/image-metadata-viewer: upload your photo and it will display all embedded fields including GPS coordinates. On iPhone, open the photo in the Photos app, tap the (i) icon and look for a map thumbnail. On Windows, right-click the photo, choose Properties, go to the Details tab and scroll to the GPS section. If latitude and longitude values appear, the photo is location-tagged.
Does removing EXIF data change image quality?
No. EXIF data is stored in the file header separately from the pixel data. Stripping metadata removes only the hidden text fields: it does not re-encode, re-compress, or modify the actual image pixels in any way. The visual quality of the photo is identical before and after metadata removal. The only change is that the file becomes slightly smaller (typically 20-100 KB smaller, depending on how much metadata was embedded).
Can I remove just the GPS data and keep other metadata?
Yes. The Remove GPS from Photo tool at /tools/remove-gps-from-photo strips only the GPS-related EXIF fields (latitude, longitude, altitude, GPS direction, GPS timestamp) while leaving all other metadata intact: camera model, lens settings, exposure data, timestamps and copyright fields are preserved. This is useful for photographers who want to protect location privacy while retaining technical shooting data for clients or archives.
What happens to EXIF data when I share photos via WhatsApp?
It depends on how you share. When you send a photo in WhatsApp's normal photo/video mode, WhatsApp compresses and re-encodes the image, which strips EXIF data as a side-effect. However, if you share the photo as a "Document" (to avoid compression), WhatsApp sends the original file unchanged, complete with all EXIF data including GPS coordinates. This is one of the most common accidental EXIF leaks. Always strip metadata before sending originals.
Is it safe to upload photos to online EXIF viewers?
It depends on the tool. Some online EXIF viewers upload your image to a remote server for processing, where it may be stored, logged, or analysed. The Image Metadata Viewer at /tools/image-metadata-viewer processes your photo entirely inside your browser using JavaScript: the image data never leaves your device and is never transmitted to any server. For sensitive photos (containing faces, locations, or personal information), always verify that a tool processes locally before using it.