EXIF Data Explained: What Your Photos Reveal About Your Privacy
Every photo your phone takes embeds hidden metadata called EXIF data — your GPS coordinates, device model, exact timestamp, and more. When you share that photo, this invisible data travels with it. Cybersecurity researchers and journalists have documented numerous verified cases where stalkers and bad actors used EXIF GPS data to locate victims — a threat that grows as smartphone cameras become more ubiquitous.
What Exactly Is Stored in Your Photos
EXIF (Exchangeable Image File Format) is a standard that defines metadata fields embedded in JPEG, TIFF, and some PNG files. Your camera or phone writes this data automatically every time you take a photo. Here is what a typical smartphone photo contains:
| Category | Data stored | Privacy risk |
|---|---|---|
| GPS coordinates | Latitude, longitude, altitude | Reveals exact location where the photo was taken — accurate to a few meters |
| Date and time | Original capture date, modification date, timezone | Establishes when you were at a specific location |
| Device info | Phone make and model, lens, serial number | Links multiple photos to the same device (and by extension, to you) |
| Camera settings | ISO, aperture, shutter speed, focal length, flash | Low risk alone, but adds context to forensic analysis |
| Software | Editing software name and version | Reveals which apps you use and whether the photo was edited |
| Thumbnail | Embedded preview image | May preserve the original image even after cropping |
You can check exactly what metadata your photos contain using Vizua's EXIF Viewer — drop any image file and see every field instantly, with no upload to any server.
Real Cases Where EXIF Data Caused Problems
EXIF data has been at the center of several high-profile incidents:
- John McAfee (2012) — the tech pioneer was on the run from Belizean authorities when a journalist published a photo taken with McAfee. The image's EXIF data contained GPS coordinates that revealed his exact location in Guatemala, leading to his arrest.
- Anonymous hacker "w0rmer" (2012) — a member of the CabinCr3w hacking group posted a photo alongside leaked law enforcement data. The FBI extracted GPS coordinates from the iPhone photo's EXIF metadata, tracing it to a house in Australia and identifying the suspect.
- Military personnel — multiple incidents have occurred where soldiers posted photos from classified locations. The embedded GPS coordinates revealed positions of military installations that were supposed to be secret.
- Tumblr EXIF exposure — until the issue was flagged, Tumblr preserved full EXIF data on uploaded photos, meaning any visitor could extract the GPS coordinates from photos shared by millions of users.
These are documented, public cases. The day-to-day privacy erosion from EXIF data — where someone's home address, workplace, or children's school can be extracted from casual photos — happens far more often and almost always goes unnoticed.
Which Platforms Strip EXIF Data (and Which Don't)
Not all platforms treat your metadata the same way. Based on 2025 testing data, here is the current status:
| Platform | Strips EXIF from public version? | Retains original internally? | Notes |
|---|---|---|---|
| Yes | Yes (Meta retains) | GPS removed from what others see, but Meta keeps full metadata | |
| Yes | Yes (Meta retains) | Same policy as Instagram — stripped publicly, retained internally | |
| WhatsApp (image) | Yes | No | Compresses and strips EXIF. But sending as "Document" preserves everything |
| Twitter/X | Yes | Unclear | Strips GPS from public images |
| Email attachments | No | N/A | Full EXIF data preserved — recipient gets everything |
| Cloud storage (Google Drive, Dropbox) | No | N/A | Files stored and shared exactly as uploaded, EXIF intact |
The pattern is clear: major social media platforms strip EXIF from what other users see, but the raw data often lives on the platform's servers. Email, cloud storage, forums, and most websites do not strip anything. If you share a photo outside of major social platforms, assume the EXIF data is fully accessible.
How to View and Remove EXIF Data
The first step is seeing what your photos contain. Vizua's EXIF Viewer lets you inspect every metadata field in any image, directly in your browser. No file upload, no server processing — your photos stay on your device.
To remove EXIF data, you have several options:
- Compress the image — Vizua's JPEG compressor strips EXIF metadata as part of the compression process, which both reduces file size and removes sensitive data. Two benefits in one step.
- Disable GPS tagging at the source — on iPhone: Settings > Privacy & Security > Location Services > Camera > Never. On Android: Camera app > Settings > disable "Location tags."
- Use your OS tools — on Windows, right-click a photo > Properties > Details > "Remove Properties and Personal Information." On macOS, Preview does not offer this natively, making a browser-based tool more practical.
The most reliable approach is to process photos through a tool that strips metadata automatically before you share them. If that tool runs locally — like Vizua's compressor or background remover — your photos never touch a server at any point in the workflow.
EXIF Data and Online Image Tools
Here is an irony worth noting: many people use online tools to process their photos, and in doing so, they upload the full EXIF data to a third-party server. If you use a tool that uploads your photos, your GPS coordinates, device info, and timestamps are sent along with the image.
This means the server operator potentially has access to not just your photo, but also where it was taken, when, and with what device. For tools that process thousands of images per day, this metadata represents a rich dataset — whether they use it or not.
Vizua avoids this entirely. Since all processing happens in your browser, your EXIF data never leaves your device. You can verify this by checking the Network tab in your browser's developer tools while using any Vizua tool.
Frequently Asked Questions
Does sending a photo via email preserve EXIF data?
Yes. Email does not modify attachments, so the full EXIF data — including GPS coordinates — travels with the photo. If you email a photo taken at home, the recipient can extract your exact address from the metadata. Strip EXIF data before emailing sensitive photos.
Do all phones add GPS data to photos?
Most smartphones add GPS coordinates by default when location services are enabled for the camera app. On iPhone, go to Settings > Privacy > Location Services > Camera and set it to "Never." On Android, open the Camera app, tap Settings, and disable "Location tags" or "Store location."
Can EXIF data be used in court?
Yes. EXIF metadata is routinely used as evidence in legal proceedings. GPS coordinates, timestamps, and device serial numbers can place a person at a specific location at a specific time. Law enforcement agencies have used EXIF data to track suspects, verify alibis, and establish timelines in criminal investigations.
Does compressing an image remove EXIF data?
It depends on the tool. Some compressors strip EXIF data automatically as part of the optimization process (reducing file size by removing metadata). Others preserve it. Vizua's JPEG compressor removes EXIF data by default, which both reduces file size and protects your privacy.
What is the difference between EXIF and IPTC metadata?
EXIF data is written automatically by your camera (settings, GPS, timestamps). IPTC metadata is added manually by photographers and editors — it includes fields like copyright, caption, and keywords. Both are embedded in the image file, but EXIF is the bigger privacy concern because it is generated without your active input.
Check your photo metadata
View, understand, and remove EXIF data — free, private, runs in your browser.