File by CybXSan
FileXBlog › The hidden metadata your photos and PDFs leak about you

The hidden metadata your photos and PDFs leak about you

Sanjoy Karmakar·July 7, 2026·3 min read·CybXSan

When you send a photo or a PDF, you're almost always sending more than you think. Files carry hidden metadata — data about the data — that's invisible when you look at the file but trivially readable by anyone who receives it. A single holiday snap can broadcast where you live. A "clean" PDF can name the employee who wrote it and the internal file path it was saved from.

None of this is a hack. It's just how the file formats work — and why checking before you share is worth the ten seconds.

What photos leak: EXIF

Digital photos store EXIF (Exchangeable Image File Format) data alongside the pixels. Depending on the camera or phone, that can include:

The GPS field is the dangerous one. Photograph something at home, post it to a forum or a marketplace listing, and you may have published your home address without realizing it. Sell an item online with a photo taken in your living room and the coordinates can ride along with the JPEG. Researchers and stalkers alike have used EXIF GPS to locate people from a single public image.

Social networks usually strip EXIF on upload — but that's their choice, applied after your original reaches their servers, and it doesn't help when you email, message, or share the raw file directly.

What PDFs leak: document metadata

PDFs carry their own set of hidden properties, separate from anything visible on the page:

For a document leaving an organization, the author name and internal software fingerprint are exactly the kind of detail you'd rather not attach to a contract, a report, or a resume. And note: metadata is not the same as visible content. Removing document properties doesn't black out text on the page — that's redaction, a different job.

The reasonable response: look, then clean

You don't need to be paranoid — you need to be aware. Two habits cover almost everything:

  1. Inspect before you share. Use the Inspect tool to see exactly what a photo or PDF is carrying — GPS, device, author, timestamps — read-only, entirely in your browser. What's invisible becomes an informed decision.
  2. Strip what you don't want to send. For photos, remove EXIF and GPS: FileX re-encodes the image at full quality, keeping every pixel and discarding the hidden fields. For PDFs, clear the document metadata to drop author, software, and timestamps.

Because all of this runs on your device, the sensitive file never leaves it just to be checked or cleaned — which matters, since the whole point is that the file is sensitive.

A quick checklist before you hit send

Curious what your own files are carrying? Drop one into the Inspect tool — it reads the metadata locally and shows you, without uploading anything.

Try the tools

Inspect hidden metadata in a fileRemove EXIF metadata and GPS from photosRemove hidden metadata from a PDF