EXIF metadata: what your photos quietly leak about you

Every modern smartphone photo carries 50-plus metadata fields by default. Most people know about GPS. The rest is more revealing than you'd think — and it doesn't all go away when you delete the GPS coordinates.

Published: 2026-07-19By: Toolhub Team

Take any photo from your phone. Right-click. View properties or open in any image inspector. You will see, at minimum, a few dozen pieces of metadata that the camera silently embedded the moment you tapped the shutter. A modern iPhone or Pixel photo can carry 200+ EXIF fields without you ever realising they exist. Most of those fields are technical and harmless. Some of them are surprisingly revealing.

This article walks through the four major categories of EXIF metadata, what each one leaks, where stripping fails, and which platforms preserve which fields when you upload. It's written for the journalist scrubbing photos before publication, the real-estate agent posting property listings, the parent posting school-pickup photos — anyone whose photos travel through channels where they don't fully control the audience.

The four categories of EXIF data

EXIF (Exchangeable Image File Format) was standardised in 1998 as a way for cameras to store information alongside the image data. Modern smartphones extended it with GPS, gyro/orientation, computational photography parameters, and software-edit trails. The data falls into four broad categories:

1. Capture data. Shutter speed, aperture, ISO, focal length, white balance, flash usage, exposure compensation. The technical settings of the photograph.
2. Device data. Camera make, model, firmware version, sometimes a unique device serial number. On smartphones, the model is usually clear enough to identify the phone generation.
3. GPS data. Latitude, longitude, altitude, GPS timestamp, sometimes heading and accuracy. The "obvious" leak.
4. Software and ownership data. What software last edited the file (Adobe Photoshop CS6, Lightroom, iOS Photos), edit timestamps, sometimes an owner name configured in the camera, sometimes copyright text.

Each category leaks something different, and most people only know about the third. The rest are quieter and sometimes more identifying.

GPS — the obvious one, but worth restating

Almost every smartphone embeds GPS coordinates in every photo by default. iPhone and Android both ship with this on. The coordinates are typically accurate to within 5-15 metres outdoors and somewhat less indoors (where the phone falls back on wifi-positioning).

Real-world consequences when someone forgets:

• Posting a photo of a pet from "somewhere in the city" — the EXIF coordinates point to the home address.
• A journalist publishing a leaked document photograph — the photo's GPS reveals where the document was photographed, sometimes inside a government building.
• A child's classroom photo posted publicly — coordinates pinpoint the specific school, sometimes the specific classroom window.
• A "working from a cafe" photo on a job application — the GPS tells the recruiter exactly which cafe, occasionally tipping them off that the candidate is in a different city than claimed.

The fix for GPS is well-known: strip it. The trouble is that "strip GPS" is incomplete, because GPS information sometimes lives in more than one place in the file (more on this below).

Capture data — surprisingly identifying

Camera make, model, lens, and serial number combine into a fingerprint that's stronger than most people realise. Two photos with the same serial number provably came from the same physical device. This has been used in:

• Forensic linking. Photos from different sources can be tied to the same camera when serial numbers match. This is how some image-trafficking investigations build chains of evidence.
• Anonymous-source de-anonymisation. A leaker who has previously posted personal photos under a real name, then posts evidence anonymously, gives the camera serial number away if they don't strip metadata first. The shared serial collapses the anonymity.
• Sensor pattern noise. Beyond EXIF, every camera sensor has microscopic manufacturing defects that produce a unique noise pattern in every photo. Sophisticated forensics can match photos even after EXIF stripping by analysing this PRNU (Photo Response Non-Uniformity). Out of scope for casual privacy, but worth knowing exists.

For most users, the practical risk from device metadata is the linkability. If your "personal Instagram camera" matches the "anonymous tip photo," that's a problem. Strip the device fields when posting anything you want unlinked from your identity.

Software trails — the long memory

Every time you edit a photo, the editing software stamps itself into the EXIF. "Adobe Photoshop CS6 (Windows)" persists in the file as the "Software" field. Lightroom adds its own edit history. iOS Photos quietly records that the file was modified by iOS Photos and when.

What this leaks:

• Which software you have. If you're an "anonymous" tipster running a leaked pirated copy of Photoshop, the EXIF says so. (Real case: investigations have traced leaks via the embedded software version.)
• Edit timestamps. The "DateTimeDigitized" and "DateTime" fields show when the photo was last modified. If the file claims to be from a press conference at 2pm but the modify-time is 11pm, the file has been edited post-event.
• Sometimes the workflow. Lightroom and Photoshop can embed Adobe XMP metadata that includes adjustments, ratings, keyword tags. A photo "of nothing in particular" can carry tags like "client_smith_2026_project_alpha" if the photographer's workflow uses keywords. Those tags ship to the publication target unless explicitly stripped.

Software metadata is the easiest to forget because most stripping tools focus on GPS and don't always touch the XMP packet. Verify after stripping.

Ownership data — sometimes there's a name

Many cameras allow setting an "owner name" or "copyright" field that gets baked into every photo the camera takes. DSLR users often configure this. Smartphone users rarely do, but professional camera apps sometimes set it automatically.

What this looks like in practice: a photographer configures their camera owner-name as "John Smith Photography" once, ten years ago, and then every photo from that camera carries that string. If they later post anonymously, the EXIF identifies them by name in the file. Same for "Artist," "Copyright," and "ImageDescription" fields that some camera apps populate from user settings.

Less common but worth knowing: Adobe Lightroom's XMP sidecar files can carry the photographer's full contact information if they've set up their identity plate. The sidecar travels alongside the JPG if exported as a bundle.

Where EXIF survives stripping

This is where "I removed EXIF" goes wrong in practice. Several places where metadata persists after a naive strip:

• Embedded thumbnails. JPEG files often contain a small thumbnail image alongside the main image. The thumbnail has its own EXIF data, and many strippers don't touch it. Result: main image has no GPS, thumbnail still does. Forensics tools and modern OS image viewers both read thumbnail EXIF.
• XMP packets. EXIF and XMP are two different metadata systems. Most strippers handle EXIF; not all handle XMP. Adobe-edited files in particular often have XMP that survives EXIF stripping.
• IPTC headers. A third metadata system, mostly used by photojournalism workflows. Carries headline, caption, keywords, and creator information. Generic strippers sometimes miss IPTC.
• Maker notes. Camera manufacturer proprietary blob inside EXIF. Often contains additional GPS-related fields, settings, sometimes a serial number duplicate. Some strippers preserve maker notes by default.
• Filename. Many cameras name files like "IMG_20260719_143022.jpg" where the timestamp is encoded in the filename. The EXIF inside is stripped but the filename outside isn't. Rename before sharing.

The defensive strip is: main EXIF + thumbnail EXIF + XMP + IPTC + maker notes, then rename the file to something generic, then verify with a fresh metadata viewer that all four are gone.

Which platforms strip metadata on upload (and which don't)

Major platforms vary widely in their default behaviour. Tested across multiple uploads from a metadata-rich source file:

• Strips most metadata on upload: Facebook, Instagram, Twitter/X, LinkedIn, WhatsApp (compressed mode), TikTok. All of these re-encode the image and discard EXIF/XMP/IPTC. Note: they keep some metadata on their backend for their own use, but it isn't in the version other users download.
• Preserves metadata fully: Imgur (direct upload), Flickr (settings-dependent, defaults to preserve), GitHub raw, S3 buckets configured for public access, most personal blogs and CMS systems unless explicitly configured to strip, Discord (preserves for non-image attachments and most images).
• Mixed: Email attachments — depends on the email client. Most modern clients preserve. Forwarded as an attachment keeps the original metadata. Forwarded as an "inline image" sometimes strips.
• WhatsApp specifically: the "send as photo" mode compresses and strips. The "send as document" mode preserves the original file in full, including metadata. This is a frequent way GPS coordinates leak — sending a screenshot as a document instead of a photo.

The rule: assume metadata is preserved unless you're certain the platform strips. Strip locally before uploading anywhere you'd be unhappy seeing the metadata exposed.

Tool walkthrough

The EXIF stripper processes the photo entirely in your browser — the image bytes never leave your device. Before stripping, the tool lists every metadata field it finds (often surprisingly long — a recent test on a routine iPhone photo enumerated 387 distinct EXIF/XMP/IPTC fields). The before/after comparison view shows exactly what gets removed.

The tool's defaults strip all four metadata systems plus the embedded thumbnail's metadata, which is the configuration that defeats almost all naive forensic checks. There's also a "preserve orientation only" option for cases where you need the image to display rotated correctly but want everything else removed.

For the related concern of file size, image compress reduces file size while optionally stripping metadata in the same pass. Useful for "upload a smaller photo with the EXIF gone" in a single step.

What this article isn't saying

Two important caveats:

• Metadata isn't always bad. Photographers benefit from keeping camera settings in EXIF — they're useful for learning, for portfolio organisation, for proving authorship in copyright cases. The point of this article isn't "always strip everything." It's "know what you're shipping when you ship a photo somewhere."
• Stripping EXIF doesn't make a photo untraceable. Sensor noise, visible content (a window view, a unique landmark in the background, identifiable interior decor), and shadow analysis can all reveal location independent of metadata. EXIF stripping is a hygiene step, not a guarantee of anonymity.

Where to read further

• exif.org — the official EXIF specification reference. Dense but authoritative.
• ExifTool documentation — Phil Harvey's reference is the de-facto guide to all metadata systems in image files. Command-line utility for power users who want forensic-grade control.
• EFF privacy resources — broader context on how metadata fits into the digital privacy picture, including pattern-of-life inference from photo collections.

Photos carry more than what's visible in the frame. The metadata is invisible to the human eye but plainly readable to any software that knows where to look — which today includes search engines, social platforms, forensic tools, and anyone with a free EXIF viewer. Worth a few seconds of stripping before sharing, especially for anything that touches an audience you don't fully trust.