Every photo you take with a smartphone or digital camera contains invisible data embedded in the image file. This data — called EXIF metadata — can include your exact GPS coordinates, the device you used, the date and time, your camera settings, and sometimes even your name.
When you share that photo — posting it on a forum, emailing it to a stranger, uploading it to a marketplace listing — all of that hidden data goes with it, unless you deliberately remove it.
Most people have no idea this data exists. This article explains what EXIF data contains, why it matters for privacy, and how to control it.
What Is EXIF Data?
EXIF stands for Exchangeable Image File Format. It's a standard that defines how metadata is embedded within image files, primarily JPEG and TIFF formats. The EXIF specification was first published in 1995 by the Japan Electronic Industries Development Association (JEIDA) and has been adopted universally by camera and smartphone manufacturers.
When your camera or phone takes a photo, it doesn't just record the pixel data — it writes dozens of metadata fields into the image file alongside the visual content. This metadata is invisible when viewing the photo normally but is fully readable by anyone who has the file.
What Information Does EXIF Data Contain?
The amount of information embedded in a typical smartphone photo is extensive. Here's what's commonly included.
GPS Location
If location services are enabled for your camera app (which is the default on most phones), every photo includes precise GPS coordinates — latitude, longitude, and sometimes altitude. This data is accurate enough to identify your home address, workplace, school, gym, or any other location where you regularly take photos.
A photo taken inside your apartment can reveal your street address. A photo taken at a friend's house reveals their address too. A series of photos taken over time can reconstruct your daily routine — where you go, when you go there, and how long you stay.
Device Information
EXIF data includes detailed information about the device that captured the image:
- Camera make and model — "Apple iPhone 15 Pro Max" or "Samsung Galaxy S25 Ultra"
- Lens information — focal length, aperture, which lens was used (on multi-camera phones)
- Software version — the operating system version and sometimes the camera app version
- Serial numbers — some cameras embed the device serial number, which uniquely identifies your specific device
This information can be used to identify you across different photos, even if you post them from different accounts. If two photos from "different people" were both taken with the same camera serial number, they came from the same device.
Timestamps
Every photo records when it was taken — not just the date and time, but often the timezone offset. Combined with GPS data, this creates a precise record of where you were at a specific moment.
EXIF timestamps include:
- DateTimeOriginal — when the shutter was pressed
- DateTimeDigitized — when the image was digitized (same as original for digital cameras)
- DateTime — when the file was last modified
- GPSDateStamp and GPSTimeStamp — UTC time from GPS at capture
Camera Settings
Every technical parameter of the shot is recorded:
- Aperture (f-stop)
- Shutter speed
- ISO sensitivity
- Focal length
- Flash status (fired, not fired, auto)
- White balance mode
- Metering mode
- Exposure compensation
- Scene type
While camera settings are less privacy-sensitive, they contribute to a photographic fingerprint that can link photos to a specific photographer based on their typical settings and shooting style.
Thumbnails
Many EXIF implementations include an embedded thumbnail — a small preview image stored in the metadata. This thumbnail is generated from the original unedited image. Here's why that matters: if you crop or edit a photo to remove sensitive content (like a face or a license plate) but don't strip the EXIF data, the thumbnail may still contain the original uncropped image.
This has caused real privacy incidents. In 2003, a TV presenter's photo that was cropped to show only her face still contained an EXIF thumbnail of the original, more revealing image.
Additional Metadata
Depending on the device and software, EXIF data may also contain:
- Owner name — some cameras let you set a photographer name that's embedded in every image
- Copyright information — explicitly set by the user
- Unique image ID — a unique identifier for each image
- Orientation — how the camera was held (portrait/landscape)
- Color space and profile — technical color information
- XMP data — extensible metadata from Adobe and other software, which can include editing history, keywords, and custom fields
Real-World Privacy Risks
EXIF data has been involved in numerous real-world privacy incidents.
Location Tracking
In 2012, security researcher Ben Jackson demonstrated that public photos posted by a tech executive revealed his home address, gym, favorite restaurants, and daily commute — purely from EXIF GPS data. The executive had no idea his photos contained location information.
Law enforcement and intelligence agencies routinely extract EXIF data from photos as part of investigations. While this can be legitimate, it also means that any photo you share publicly can be used to determine your location history by anyone with basic technical skills.
Stalking and Harassment
Domestic violence organizations have documented cases where abusers used EXIF data from photos shared on social media or messaging apps to locate victims who had relocated to escape them. A single photo of a new apartment, even without visible landmarks, can contain GPS coordinates precise to within a few meters.
Deanonymization
Journalists, activists, whistleblowers, and anonymous online users have been identified through EXIF data. A photo posted to an anonymous account can be linked to a specific device — and from there, to a specific person — through camera serial numbers, unique image IDs, or the combination of device model and location data.
Marketplace and Classifieds
When selling items online, photos often include the seller's home location in EXIF data. Posting a photo of an item for sale on a marketplace can inadvertently broadcast your home address to every potential buyer — and to anyone else browsing the listings.
Social Engineering
Detailed device information in EXIF data can be used for targeted social engineering. Knowing someone uses a specific phone model and OS version can help craft more convincing phishing messages or identify exploitable software vulnerabilities.
How to View EXIF Data
Before you can manage your EXIF data, you need to see what's there.
Using FileMuncher
The most straightforward way to view all EXIF data in a photo is FileMuncher's Image Metadata Viewer. Drop an image file onto the tool, and it displays every metadata field in the file — GPS coordinates, device info, timestamps, camera settings, and any embedded thumbnails.
Because FileMuncher processes files in your browser, the photo you're inspecting never leaves your device. This matters — you're trying to assess what private information a photo contains, so uploading it to a cloud-based metadata viewer would be counterproductive.
On Desktop
Windows: Right-click the image, select Properties, go to the Details tab. This shows common EXIF fields but may not show all data (GPS coordinates are sometimes hidden in this view).
macOS: Open the image in Preview, then go to Tools > Show Inspector (Cmd+I). The "GPS" tab shows location data if present.
Command line: ExifTool is the most comprehensive EXIF reader available. Install it, then run exiftool photo.jpg to see every metadata field in the file.
On Mobile
iOS: Open a photo in the Photos app, swipe up or tap the info button (i) to see basic metadata including location on a map.
Android: Open a photo in Google Photos, swipe up or tap the three-dot menu > Details to see metadata including location.
How to Remove EXIF Data
Before Sharing: Strip Metadata
The most reliable approach is to remove EXIF data before sharing any photo.
FileMuncher's Image Compressor (/tools/image/compress) can strip metadata as part of the compression process. When you compress an image, EXIF data is removed from the output file. This combines two useful operations — reducing file size and removing metadata — in a single step, all processed locally in your browser.
For format conversion, FileMuncher's Image Converter also strips metadata when converting between formats. Converting a JPEG to PNG or WebP produces a clean file without the original's EXIF data.
Social Media Platform Behavior
Major platforms handle EXIF data differently:
| Platform | Strips EXIF on upload? | Strips GPS? | Notes |
|---|---|---|---|
| Yes | Yes | Strips most EXIF but retains data internally | |
| Yes | Yes | Strips from public-facing image | |
| Twitter/X | Yes | Yes | Strips from displayed image |
| Yes | Yes | Compresses and strips | |
| Telegram | Partial | No (by default) | "Send as file" preserves all EXIF |
| Discord | No | No | Full EXIF preserved |
| No | No | Full EXIF preserved | |
| Forums/blogs | Varies | Varies | Most don't strip EXIF |
The important caveat: even platforms that strip EXIF from the publicly visible image may retain the original metadata in their internal systems. Facebook, for example, removes EXIF from the image others can download but logs the location and device data for their own use.
Also note that "strips EXIF" applies to the standard upload flow. Sharing via direct message, as a file attachment, or through third-party apps may bypass the stripping process.
On Desktop
Windows: Right-click > Properties > Details > "Remove Properties and Personal Information." This creates a copy with metadata removed or lets you selectively remove specific fields.
macOS: No built-in metadata removal tool. Use Preview to export with "Exclude Sensitive Info" checked, or use ExifTool: exiftool -all= photo.jpg
ExifTool (all platforms): exiftool -all= photo.jpg removes all metadata. exiftool -gps:all= photo.jpg removes only GPS data while keeping camera settings.
On Mobile
iOS 15+: When sharing a photo via the share sheet, tap "Options" at the top and toggle off "Location" to strip GPS data. This only removes location — other EXIF data is preserved.
Android: No built-in stripping tool. Third-party apps or using a browser-based tool like FileMuncher are the main options.
Prevention: Stop Recording EXIF Data
The most effective approach is to prevent sensitive metadata from being recorded in the first place.
Disable Camera Location Access
iOS: Settings > Privacy & Security > Location Services > Camera > set to "Never"
Android: Settings > Apps > Camera > Permissions > Location > set to "Don't allow"
This prevents GPS coordinates from being embedded in future photos. Existing photos are not affected — they retain whatever location data was recorded when they were taken.
What You Lose
Disabling location data for your camera means:
- Photos won't appear on the map view in your photo library
- "Memories" and location-based photo grouping won't work
- You won't be able to search photos by location
For many people, this trade-off is worth it. You can always re-enable location for specific situations (travel photography, for instance) and disable it again afterward.
EXIF Data and the Law
EXIF metadata has legal implications in several contexts.
As Evidence
EXIF data is routinely used as evidence in legal proceedings. GPS coordinates and timestamps can establish where someone was at a specific time. However, EXIF data can be modified — it's not cryptographically signed by default — so its evidentiary weight depends on the chain of custody and corroborating evidence.
Privacy Regulations
Under GDPR, EXIF data containing GPS coordinates or device identifiers qualifies as personal data. Organizations that collect and process photos containing EXIF data have obligations around consent, data minimization, and deletion. This applies to any service that accepts user-uploaded photos — marketplaces, social platforms, forums, and cloud storage providers.
Copyright and Ownership
EXIF data can include copyright notices and creator information. While this doesn't provide legal copyright protection by itself, it can serve as evidence of authorship in copyright disputes. Some photographers deliberately embed their name and copyright notice in every image's EXIF data as a first line of defense against unauthorized use.
A Practical EXIF Privacy Checklist
Here's a straightforward checklist for managing EXIF privacy:
-
Audit your current settings. Check whether your phone's camera has location access enabled. If you don't need geotagged photos, disable it.
-
Check before sharing. Before posting or sending a photo, view its metadata using FileMuncher's Image Metadata Viewer or your device's built-in tools. Know what data you're about to share.
-
Strip metadata for public sharing. Any photo that will be posted publicly — on marketplaces, forums, blogs, or social media that doesn't strip EXIF — should have metadata removed first. Use FileMuncher's Image Compressor to remove metadata and reduce file size simultaneously.
-
Be careful with "Send as file." Messaging apps that strip EXIF during normal photo sharing may preserve it when you send images as file attachments. Telegram, for example, strips metadata from photos sent normally but preserves everything when sent "as a file."
-
Consider your photo archive. If you have years of geotagged photos in cloud storage (Google Photos, iCloud, Dropbox), those photos contain your complete location history. Review sharing settings for these libraries carefully.
-
Review old marketplace listings. If you've posted photos on Craigslist, Facebook Marketplace, eBay, or similar platforms that don't strip EXIF, those photos may still contain your home coordinates.
Frequently Asked Questions
Do screenshots contain EXIF data?
Screenshots typically contain minimal metadata — usually just the date, time, and device model. They generally do not contain GPS coordinates because screenshot capture doesn't access the device's location services. However, the exact metadata varies by device and operating system.
Does converting an image to PNG remove EXIF data?
It depends on the conversion tool. PNG supports metadata through "text chunks" rather than EXIF, but some converters carry metadata from the source image into the PNG. Using FileMuncher's Image Converter produces clean output files, but this behavior is not guaranteed across all conversion tools.
Can EXIF data be faked?
Yes. EXIF data is not cryptographically signed in standard implementations. Anyone with basic tools can modify timestamps, GPS coordinates, device information, or any other EXIF field. This is why EXIF data alone is not considered conclusive evidence — it's useful but must be corroborated.
Do RAW photo files contain more metadata than JPEGs?
Yes, typically much more. RAW files from professional cameras can contain extensive metadata including detailed lens profiles, autofocus point information, in-camera processing settings, and proprietary manufacturer data. RAW files should be handled with even more caution than JPEGs when it comes to metadata privacy.
Does resizing or cropping a photo remove EXIF data?
Not necessarily. Many image editors preserve EXIF data through editing operations. The image content changes but the metadata (including GPS coordinates) remains intact. Always verify with a metadata viewer after editing, or explicitly strip metadata as a separate step.
What about video files?
Video files contain similar metadata in different formats (typically MP4/QuickTime metadata rather than EXIF). Smartphone videos commonly include GPS coordinates, device information, and timestamps — the same privacy concerns apply. Video metadata is often less visible in file properties dialogs than image EXIF data, making it easier to overlook.
Want to check what your photos are revealing? View your image metadata now with FileMuncher — instant, private, and processed entirely in your browser.