Every photo you take with a phone or camera carries a hidden passenger: a block of metadata called EXIF that records how, when, and — alarmingly often — where the picture was taken. You can't see it when you look at the image, but it travels inside the file everywhere you send it. For photographers it's useful. For everyone posting pictures online, it's a quiet privacy leak that's trivial to close once you know it's there.
1. What EXIF actually stores
EXIF — Exchangeable Image File Format — is a standard for embedding metadata in image files, most commonly JPEG. A typical photo from a modern phone includes:
- Device — camera or phone make and model (e.g. Apple iPhone 15 Pro).
- Capture settings — aperture, shutter speed, ISO, focal length, lens, flash.
- Timestamps — the exact date and time the photo was taken, often to the second.
- GPS location — latitude and longitude, sometimes altitude and compass direction.
- Software — the app or editor that created or last modified the file.
- Thumbnail — a small embedded preview that can persist even after edits.
2. The GPS problem
Of everything in EXIF, GPS coordinates are the real risk. If location services were on when you took a photo, the file may contain the precise spot you were standing — accurate to a few meters. Post that photo to a marketplace listing, a forum, a dating profile, or a public album, and anyone who downloads it can read the coordinates and drop them straight onto a map.
The danger compounds with patterns. A handful of geotagged photos can reveal your home address, your workplace, the school in a child's photo, or when a house is empty. This isn't hypothetical — it has been used in stalking and burglary cases. The fix is simple: strip the metadata before the photo leaves your control.
3. "Don't platforms already strip it?"
Some do, some don't, and the inconsistency is exactly what makes it dangerous to assume. Large social networks like Facebook, Instagram, and X typically remove most EXIF on upload. But many common sharing paths keep it intact:
- Messaging "send as file / original" — preserves the full file, metadata and all.
- Email attachments — almost never stripped.
- Cloud share links (Drive, Dropbox) — share the original bytes.
- Marketplace and classified sites — behavior varies; many keep EXIF.
- Direct file transfer / AirDrop / USB — nothing is stripped.
The only way to be certain a file you hand off is clean is to strip it yourself and verify there's nothing left.
4. Lossless removal vs re-saving
There are two ways to remove metadata, and they are not equal. The crude method is to re-save the image — open it and export a new copy. This drops the metadata but also re-compresses the JPEG, so the image loses a little quality every time, a problem known as generation loss. Do it repeatedly and the degradation accumulates.
The better method is a lossless strip. A JPEG is a sequence of segments: some hold metadata (EXIF, XMP, IPTC, comments) and others hold the actual compressed image. A lossless remover deletes only the metadata segments and writes the original image data back out byte-for-byte. The pixels are untouched; only the hidden data is gone. A good tool also preserves the ICC color profile so colors don't shift. Our EXIF Viewer & Remover does exactly this in your browser, with no upload.
5. Step by step
- Open the EXIF Viewer & Remover and drop in your JPEG.
- Review what it shows — watch for a GPS location warning in particular.
- Click Strip metadata to remove EXIF, GPS, XMP, and comments losslessly.
- Download the clean copy and share that file, keeping your original safely.
- Re-check the clean file to confirm it now reports no metadata.
6. Prevention: turn off geotagging
Stripping after the fact works, but you can also stop GPS from being written in the first place. On iPhone: Settings → Privacy & Security → Location Services → Camera → Never. On Android: open the Camera app settings and disable "Location tags" or "Save location." You'll lose the convenience of map-organized photo libraries, but nothing you capture will carry coordinates. Many people leave geotagging on for personal archives and simply strip metadata on anything they share publicly — a reasonable middle ground.
FAQ
Does removing EXIF reduce photo quality?
It doesn't have to. A lossless strip removes only the metadata segments and keeps the original compressed image data unchanged, so the pixels are identical. Tools that re-save or re-encode the image can degrade it slightly; a proper metadata remover does not.
Do Instagram and Facebook remove EXIF automatically?
Generally yes — major social platforms strip most EXIF on upload, partly for privacy and partly to reduce file size. But you can't rely on this universally: messaging apps' 'send as file/original' options, email attachments, cloud-share links, and marketplace sites often preserve metadata intact. When in doubt, strip it yourself first.
What's the most sensitive thing in EXIF?
GPS coordinates. Many phones embed the exact latitude and longitude where a photo was taken. Combined with timestamps, this can reveal your home address, routines, and locations of people in the photos. Camera model and software are far less sensitive but still identifying.
Will stripping metadata rotate my photo?
It can change how some viewers display orientation, because the EXIF Orientation tag is removed along with everything else. Most modern apps store pixels in the correct orientation regardless, but if a stripped photo appears sideways, re-save it from an editor that bakes the rotation into the pixels.
References
- CIPA DC-008 — Exchangeable image file format for digital still cameras (Exif)
- Apple — Location Services and Privacy documentation
- Android — Camera location settings documentation
- EFF — Surveillance Self-Defense: metadata
- ISO/IEC 10918 — JPEG segment structure (APPn markers)
About the OnlyFormat Editorial Team
OnlyFormat's editorial team is made up of working web developers and image-workflow engineers who ship file-conversion tooling for a living. Every guide is reviewed against primary sources — W3C/WHATWG specifications, IETF RFCs, MDN Web Docs, ISO/IEC media standards, and the official documentation of libraries we actually use in production (libwebp, libjpeg-turbo, libavif, FFmpeg, pdf-lib). We update articles when standards change so the guidance stays current.
Sources we cite: W3C · WHATWG · MDN Web Docs · IETF RFCs · ISO/IEC · libwebp · libavif · FFmpeg · pdf-lib