Every photo your phone or camera takes carries an invisible passenger: EXIF data. It rides along inside the file, adds nothing to what you see on screen, and can quietly tell a stranger where you were standing when you took the picture. Here's what EXIF data actually is, what it can reveal, and how to strip it before you share a photo.
What is EXIF data, exactly?
EXIF stands for Exchangeable Image File Format — a standard, maintained by the Camera & Imaging Products Association (CIPA), for embedding a block of metadata inside a JPEG photo. When a digital camera or phone saves a JPEG, it writes a small binary block right after the start of the file (technically, an APP1 segment structured like a miniature TIFF file) containing tags about the shot: not the pixels, but facts about the pixels.
It's not a hack or a leak in the traditional sense — EXIF was designed to be there. The problem is that almost nobody ever looks at it before hitting send.
What's actually inside an EXIF block
A camera can write dozens of EXIF fields, but the ones that matter for privacy are a short list:
| Field | What it reveals |
|---|---|
Make / Model |
The exact phone or camera model that took the photo |
Software |
The app or firmware version used to process it |
DateTime / DateTimeOriginal |
When the photo was taken and last saved, to the second |
Artist / Copyright |
A name, if the device or app was configured with one |
Orientation |
Which way to rotate the image for display |
ExposureTime / FocalLength |
Camera settings — not private, but confirms real gear was used |
GPSLatitude / GPSLongitude |
The exact location the photo was taken, often to within a few metres |
That last one is the field that actually causes harm. GPS coordinates baked into a photo are precise enough to point at a front door, a workplace, or a child's school — from a single JPEG, with no other information needed.
The Orientation tag is worth a specific mention because it's the one EXIF field browsers already act on: the CSS image-orientation property's default value, from-image, tells the browser to auto-rotate a JPEG using this exact tag — proof that EXIF isn't some obscure forensic curiosity, it's live metadata your own browser reads today.
How to see what your photo is carrying
You don't have to take any of this on faith — you can look. FileX's Inspect tool reads a JPEG's EXIF block and lists every tag it finds, including a specific warning if GPS coordinates are present, before you decide to share anything. It's read-only: nothing is written back to the file, and because it runs entirely in your browser, the photo itself never leaves your device just to be checked.
How to remove EXIF data from a photo
Once you know what's there, removing it is one step: FileX's Scrub tool takes a JPG or PNG and re-encodes it as a fresh JPEG at 95% quality, using the browser's <canvas> element. That re-encode is the whole mechanism — a canvas only ever knows about pixels, so when it redraws your photo it has no way to carry the old EXIF block along. The output is visually identical, full resolution, same content — just without the metadata that came in.
Two things worth knowing about that process:
- It always produces a JPEG, even if you dropped in a PNG. If your source was a PNG with embedded metadata, re-encoding still discards it.
- Because it's a genuine re-encode at high quality (not a lossless strip), there's no meaningful visible quality loss, but it isn't a bit-for-bit copy of the original either.
Does resizing or cropping remove EXIF automatically?
Not necessarily — plenty of photo editors preserve the EXIF block when they resize or crop, because they write the new pixels back into the same container without touching the metadata section. The only way to be sure is to either check with a tool like Inspect, or use a tool that explicitly re-encodes through a metadata-blind path like canvas — which is exactly what removes it here.
A quick before-you-send checklist
- Selling something online? Product photos taken at home routinely carry GPS. Scrub before you post the listing.
- Sharing photos from an event or trip? Timestamps and device model are low-risk alone, but combined with GPS they build a fuller picture than most people intend to share.
- Sending a photo to someone you don't fully trust? Inspect first — it takes seconds and costs nothing to know.
EXIF is only half the metadata story — PDFs and other documents carry their own hidden properties (author names, software fingerprints, timestamps), which works a little differently. The deeper look at hidden metadata covers both photos and documents side by side if you want the fuller picture.
Curious what your own photos are carrying? Drop one into the Inspect tool — it's free, read-only, and nothing is uploaded.