Take a photo on your phone right now. What do you see? The image. What does the file actually contain? A lot more than you think.
Hidden inside almost every JPEG and PNG photograph is a block of data called EXIF metadata. It was added to the image format back in the 1990s — a way for cameras to record technical information about how the shot was taken. Nobody designing it was thinking about GPS tracking. Nobody was thinking about data brokers. Nobody was thinking about governments building dossiers from publicly shared photos. That was then.
This is now.
What EXIF Metadata Actually Contains
Open the properties of almost any photo taken on a modern smartphone and you'll find fields like:
- GPS coordinates — latitude and longitude, often accurate to within a few metres
- Device make and model — "Apple iPhone 15 Pro Max", "Samsung Galaxy S24"
- Device serial number — a unique hardware fingerprint for your specific phone
- Timestamp — exact date and time the photo was taken, sometimes including timezone
- Software version — the OS version your phone was running
- Camera settings — aperture, ISO, shutter speed, focal length
- Thumbnail image — a small preview that can sometimes differ from the main image
Most people share photos every single day — on social media, in group chats, over email, via Telegram or WhatsApp. And most of the time, that metadata goes along for the ride.
Worth knowing: Some platforms like Instagram and Twitter strip EXIF data before displaying your photos. Many others don't. Direct file sharing, email attachments, and most messaging apps send the full original file — metadata included.
Why This Is a Bigger Problem Than It Sounds
Think about what a pattern of GPS coordinates means. You share a photo from home. Another from work. One from a café you go to every Thursday. Someone with those three images doesn't just know where you were — they know where you live, where you work, and your weekly routine.
That "someone" could be almost anyone. Stalkers and domestic abusers have used EXIF location data to track victims. Journalists have been identified and targeted through metadata in leaked documents. Law enforcement regularly uses photo metadata in investigations. Data brokers harvest it at scale to build profiles that are then sold on.
And it's not just individuals. Governments and intelligence agencies treat image metadata as intelligence. A photo posted online during a protest, a meeting, or a trip can place you at a specific location at a specific time. That's useful information for a lot of people you'd probably rather not hand it to.
The Problem With "Just Being Careful"
A common response is: "I'll just be careful about what I share." In theory, fine. In practice, it's nearly impossible to reliably inspect and clean metadata on every photo before you send it. Most phones and apps give you no indication the data is even there. You'd have to manually check every image, every time. Nobody does that consistently.
The other response is: "Platforms strip it anyway." Some do. Inconsistently. Incompletely. And that doesn't help with direct file transfers at all. If you send a photo over Telegram, WhatsApp direct message, email, or AirDrop — the original file goes, and the metadata goes with it.
How to Actually Fix It
The only reliable fix is to strip the metadata before the file leaves your device. Not after, not on the platform's end — before.
Our EXIF Scrubber does exactly this. You drop your image in, it removes GPS coordinates, device identifiers, timestamps, serial numbers, camera settings — everything — and hands you back a clean file. The whole process runs locally in your browser. The image never gets uploaded anywhere. Nothing is stored.
It supports JPEG and PNG, works on any device with a modern browser, and takes about three seconds.
🛡 Strip Your Photo Metadata Now
Free, browser-based, zero upload. JPEG and PNG supported.
Open EXIF Scrubber →Quick Facts Worth Remembering
- EXIF data is embedded in the image file itself — invisible to the eye, readable by any software
- GPS coordinates can be accurate to within 3–5 metres on a modern smartphone
- The device serial number in EXIF data is a unique identifier for your specific hardware
- Stripping metadata doesn't reduce image quality — only the hidden data block is removed
- Even "anonymous" photos can be de-anonymised through device fingerprinting via EXIF
The Bottom Line
This isn't about paranoia. It's about understanding what your files contain and making a conscious choice about what information you hand to the world every time you hit send. The technology to protect yourself exists, it's free, and it takes seconds. The only barrier is knowing the problem exists in the first place.
Now you do.