EXIF Data Is a Privacy Risk: How to Remove Metadata From Photos Before Sharing
Every photo taken with a smartphone or digital camera contains hidden data called EXIF (Exchangeable Image File Format). This metadata is invisible when viewing the image but can reveal sensitive information about the photographer, including their exact location.
What EXIF data contains
A typical smartphone photo includes:
- GPS coordinates - latitude and longitude accurate to within a few meters
- Date and time - when the photo was taken, down to the second
- Device information - phone model, operating system version, camera serial number
- Camera settings - aperture, shutter speed, ISO, focal length
- Software - what app took or edited the photo
- Thumbnail - a small preview that may show the original uncropped image
Why this matters
Location tracking
The GPS coordinates in a photo can pinpoint where it was taken. Share a photo of your morning coffee, and anyone who examines the EXIF data knows exactly where you live. Share a photo from your office, and your workplace is exposed. This data has been used in stalking cases, doxxing, and burglaries.
Device fingerprinting
Camera serial numbers and device identifiers in EXIF data can link photos across different platforms. Even if you use different usernames on different sites, the same camera serial number ties your accounts together.
Cropped content recovery
The EXIF thumbnail is generated from the original image, not the cropped version. If you crop out sensitive information from a photo and share it, the EXIF thumbnail may still contain the original uncropped image, including whatever you tried to hide.
How to remove EXIF data
Option 1: Use an image host that strips EXIF automatically
The easiest approach is to upload through a service that removes metadata server-side. On imageupload.io, all EXIF, IPTC, and XMP metadata is stripped automatically during upload using libvips. You do not need to remember to do it manually - every image is cleaned before storage.
Option 2: Strip EXIF before uploading
If you want to remove metadata locally before sharing:
On macOS: Open the image in Preview, go to Tools > Show Inspector, and note the metadata. Unfortunately, Preview cannot remove EXIF. Use the command line instead:
```bash
Using exiftool (install via brew install exiftool)
exiftool -all= photo.jpg ```
On Windows: Right-click the file > Properties > Details > "Remove Properties and Personal Information"
On Linux: ```bash
Using exiftool
exiftool -all= photo.jpg
Using mat2
mat2 photo.jpg ```
Option 3: Use a mobile app
Most mobile sharing apps do NOT strip EXIF by default. iMessage preserves it. WhatsApp strips it. Signal strips it. Email attachments preserve it. Know which channels are safe before sharing sensitive photos.
Which platforms strip EXIF?
| Platform | Strips EXIF? |
|---|---|
| imageupload.io | Yes, automatically on upload |
| Twitter/X | Yes |
| Yes | |
| Yes | |
| Imgur | Partially (strips GPS, keeps some metadata) |
| Email attachments | No |
| iMessage | No |
| Discord | No |
| Slack | No |
| Google Drive | No |
Notice that most developer and business communication tools - email, Slack, Discord - do NOT strip EXIF. If you share screenshots or photos through these channels at work, the metadata travels with them.
What about screenshots?
Screenshots taken on a computer generally contain minimal EXIF data (no GPS), but they can still include:
- Screen resolution (reveals your monitor setup)
- Software name and version
- Operating system details
- Timestamp
For sensitive screenshots, it is still good practice to strip metadata before sharing.
Best practices
- Assume every photo has EXIF data unless you explicitly removed it
- Use an image host with automatic stripping for any public or semi-public sharing
- Check EXIF before sharing sensitive images through channels that preserve metadata
- Be careful with cropped images - the EXIF thumbnail may show the original
- Educate your team - most people do not know EXIF data exists
Conclusion
EXIF metadata is a privacy risk that most people do not think about. The simplest mitigation is to use tools that strip it automatically, so you never have to remember. For any image you plan to share online, assume the metadata contains your location, device, and timestamp - and remove it before posting.
Upload to imageupload.io - all metadata is stripped automatically, every time.