What your photos reveal: EXIF data, GPS and how to remove them
Every photo a phone takes is really two things: the picture, and a hidden report about the picture — where you were standing, at what second, holding which device, using which settings. The report is called EXIF, it travels inside the file, and it survives copying, renaming and most casual sharing. None of this is sinister; cameras write it for good reasons. But it is worth knowing exactly what is in there, when it actually matters, and how to take it out in the cases where it does.
What EXIF actually is
EXIF — Exchangeable Image File Format — is a standard block of metadata that cameras and phones write into an image file at the moment of capture. It lives mainly in JPG and HEIC photos (TIFF too, and PNG has its own metadata scheme that can carry the same kind of information). It changes nothing about the pixels: two photos can look identical while one carries a full report and the other carries nothing. Ordinary viewers never show it, but any file manager, photo app or ten-line script can read it.
It exists for honest reasons. EXIF is how your photo library sorts by date, groups pictures by place, and knows which way up to display a shot taken sideways. The privacy question only appears when the file leaves your own devices.
What's actually embedded
From a typical phone photo, a reader can pull:
- GPS coordinates — latitude and longitude, usually precise to within a few meters. Not “Chicago”; a particular building.
- Timestamps — the date and time of capture, to the second.
- The device — make and model (“Apple iPhone 16 Pro”), and often the specific lens used.
- Software — the OS version or editing app that last saved the file.
- Exposure settings — aperture, shutter speed, ISO, focal length.
- Orientation — which way the camera was rotated. This one is load-bearing: it is how viewers know to display the image upright.
Dedicated cameras can embed more still — some record the camera body's serial number. Put together, a single original file can place a specific device at a specific location at a specific second. The fastest way to make this concrete is to look inside one of your own photos.
Look inside a photo: the EXIF viewer & remover shows everything embedded in a photo — camera, lens, timestamps, GPS — entirely in your browser, so the photo itself goes nowhere (how that works).
When it matters — and when it doesn't
This is not a reason to stop taking pictures. EXIF becomes a problem only when two things line up: the audience is untrusted, and the route passes your original file along. Some realistic cases:
- Selling things from home. Photograph the couch in your living room and post the original file, and the listing can carry your home's coordinates. The same applies to photos taken for a rental or roommate ad — places where strangers are the intended audience.
- Pseudonymous accounts. If you post original files under a name you keep separate from your identity, device model plus timestamps plus the occasional coordinate can quietly stitch your posts together — or to you.
- Photos of routine. Pictures that reveal where your kids go to school or when your house sits empty say more with coordinates attached than without.
And the reassurance: if your sharing happens mostly on big social feeds, the platforms already re-process images and strip metadata from what other users see. The situations that deserve attention are direct file handoffs — email, cloud links, “send as document” — and smaller sites that republish exactly what you upload.
Which sharing routes strip EXIF — and which don't
| Route | What happens to the metadata |
|---|---|
| Facebook, Instagram, X, Reddit | Stripped from what viewers see and download. The platform itself still receives the original data first, and may keep it. |
| WhatsApp or Telegram, normal photo send | The image is recompressed for delivery; metadata is dropped in the process. |
| Chat apps, “send as file/document” | The original file arrives intact — metadata included. |
| Email attachments | Untouched. The recipient gets your exact file. |
| Cloud drive links (Drive, Dropbox, etc.) | Untouched — faithfully storing your file is the product. |
| AirDrop and iPhone Messages | The original file, though iOS's share sheet has an Options row that can remove the location first. |
| Forums, marketplaces, your own website | Varies widely. Many serve exactly the bytes you uploaded — assume intact unless proven otherwise. |
The pattern behind the table: anything that recompresses images for display tends to lose metadata as a side effect, and anything whose job is to deliver your file delivers all of it.
How to remove it
- Strip it from a finished photo. Drop the image into the EXIF viewer & remover, review what it found, and download the cleaned copy. The tool re-encodes the image without the metadata block (JPGs are re-saved at high quality, so the difference is not visible in normal use), and the rotation gets baked into the pixels — so stripping the orientation tag does not leave the photo sideways.
- Stop the location at the source. On an iPhone, the share sheet's Options row lets you switch off location for that share; Google Photos has a setting to hide location data from link shares. If you never want coordinates recorded, deny the camera app location access entirely.
- Let another tool do it incidentally. Any tool that redraws the image into a fresh file — the image compressor, the image converter — outputs a file with no EXIF, because metadata is not carried across the re-encode. If you were compressing for the web anyway, the metadata is already gone.
- Verify. Drop the cleaned file back into the viewer. It should report no readable EXIF — a five-second check that beats assuming.
What stripping EXIF does not do
Removing metadata removes the report, not the picture. Keep four things in mind:
- The pixels still talk. Street signs, storefronts, license plates, a distinctive skyline, reflections in windows and sunglasses, an envelope on the counter — if the location or identity is visible in the image, no metadata tool touches that. GPS-free is not the same as anonymous.
- Platforms saw the original. Stripping for viewers is not stripping for the service — whatever you uploaded, it received.
- Copies already shared keep whatever they carried. Cleaning a file today does not clean the version you emailed last month.
- Filenames can hint too. Some apps name saved images by date; a quick rename costs nothing.
So treat EXIF stripping as one habit among several for photos leaving your trusted circle — and give the image itself a look with fresh eyes before it goes anywhere public.
The bottom line
Your camera writes an invisible report into every shot: place, time, device. Big social feeds discard it for viewers; email, cloud links and file sends do not. For anything headed to strangers — a marketplace listing, a forum post, a pseudonymous account — spend the ten seconds: inspect, strip, verify, share. It is not about fear. It is about knowing what is in the envelope before you mail it.
Related: Why Toolkit runs entirely in your browser · How to compress images for the web without losing quality · Browse all tools