With cameras getting more and more advanced, everyone’s taking photos of everything these days. However, those photos are more than just the perfect sunrise you captured while trekking up a hill. To a computer, each image file is a dossier. They contain a lot of information, not just about the photo and the device it was taken on, but also about you.
You’ve probably never checked the metadata behind the photos you take, but it’s essential information that can be a huge privacy breach if shared unchecked. This is exactly why you shouldn’t share photos until you run a metadata audit to ensure you’re only sharing a photo on the internet, not the location to your living room.
What your photos reveal without you knowing
Why your camera leaves a digital trail in every shot
All digital cameras add extra data to an image called EXIF (Exchangeable Image File Format). In the days of film photography, photographers had to manually write down their shutter speed, aperture, and ISO settings if they wanted to remember how they took a specific shot. Digital cameras solve this by automatically embedding this technical data into the file.
Smartphones and most modern cameras take this a step further by recording a ton more information every time you snap a picture. This often includes:
- GPS Coordinates: Photos often get saved with geolocation data, with coordinates of where they were taken.
- Time and date: The precise moment a photo was taken.
- Device details: These include the make, model, and software of the device on which the photo was taken.
- Camera settings: Technical information such as ISO, shutter speed, or lens data when the shot was taken.
EXIF data wasn’t created so bad actors could scour your photos for data and snoop on you. It was created so software could access it and categorize your photos the way you see in your phone or computer gallery. You can sort images by dates, location, and even faces or objects now. Although there’s a lot of AI processing on your images to organize them by search terms, this data still gets embedded into your photo. When you share these photos on the internet, depending on the platform, anyone can download these images and access this information.
The risks hackers, apps, and social platforms can exploit
The biggest privacy risk image data can reveal is location. If you take a photo of an item you’re selling online and upload the raw file to a classifieds site, a savvy buyer (or thief) could download the image, view the properties, and see the exact GPS coordinates of your living room.
This isn’t theoretical either. In 2012, fugitive software tycoon John McAfee was hiding from authorities in Belize. A Vice journalist who was invited to interview him posted a photo of him and forgot to delete the metadata. The GPS coordinates revealed he was actually at a swimming pool in Guatemala, leading to a swift arrest.
One photo can reveal where you were at a specific moment, but a series of photos can expose your routine. If you regularly post photos with metadata, it’s not entirely unrealistic to map out your daily routine run.
Then there are social engineering risks. As mentioned before, image EXIF data also includes your device’s make and model. Let’s say you’re using a specific, outdated Android or iOS device. A hacker can find this information from an online photo and send targeting phishing messages pretending to be a security update for that specific model. This can increase the odds you’ll click the link and get into trouble, as the message looks a lot more legitimate.
The internet (mostly) has your back
Relying on auto-removal isn’t always enough
Thankfully, most major social media platforms strip EXIF data from the images you upload automatically. If you’re uploading a photo to Facebook, Instagram, X (formerly Twitter), or LinkedIn, their servers compress the image and wipe the EXIF data in the process.
That said, there are specific channels where images are shared with this data intact. These include:
- Email: Images sent as email attachments often retain the original file with all metadata intact.
- Text messages: Frequently retain metadata for the recipient.
- Cloud storage links: Cloud storage links like Google Drive or Dropbox also retain metadata.
- Online forums and websites: These are largely inconsistent. Some sites may strip EXIF data, others retain it.
- WhatsApp: Strips sensitive data if the photo is sent as an image, but keeps it if you send it as a document—a common trick used to preserve quality.
If you’re uploading a photo on a social media platform, you’re generally good to go. However, if you’re uploading to a site you’re unsure about, it’s best to strip the data manually before uploading a photo.
How to check EXIF data and delete it
Simple ways to wipe or edit metadata on any device
Most photo gallery software and apps have an options menu where you can see all the metadata an image has. This information is often displayed with an option to remove location or other sensitive data. Still, you can try free apps such as Metadata Remover on Android and Photo Metadata EXIF Remover on iOS to remove this data as well.
How to View and Edit EXIF Photo Data in Windows 11
Check out your photo’s EXIF data on Windows 11 with these tips.
On a computer, you can use ExifTools, a small utility that saves me hours when batch-editing photos, to strip image data via the command line using the following command. This will remove all metadata from all JPG images in a given folder.
exiftool -all= *.jpg
Windows also has a built-in Remove Properties and Personal Information option you can find on the Details tab of any photo’s properties. This lets you create a copy of the photo with all the sensitive EXIF data wiped clean.
Double-check before you hit upload
Metadata isn’t bad by any means. If anything, we need it more than ever now that there are thousands of photos in any person’s library.
If you’re texting a photo of your new puppy to your mom, the location data is fine. But if you’re emailing a photo of a sensitive document or posting a picture of your new, expensive home setup on a public forum, take the extra few seconds it takes to wipe sensitive information from the picture.
Your photos speak a thousand words—just make sure they aren’t telling strangers where you live.
