Every photo you take may contain your exact location down to a few meters. Not just where you were, but when, what device you used, and how the file was created and modified. This data stays embedded in the image unless something explicitly removes it. In many cases, nothing does.
This has exposed people before. In 2012, John McAfee was reportedly located after a photo taken by journalists contained embedded location data. In other investigations, including cases linked to the January 6 Capitol riot, authorities combined image metadata with social media and other open-source intelligence to place individuals at specific locations and times. These are high-profile examples. The same mechanics apply to normal people posting normal photos.
You post a photo of your kid's first day of school. It may contain the exact location it was taken. You sell furniture on Facebook Marketplace. The image can reveal where it was photographed. You share a holiday photo. It can indicate you're not home and where you are instead. A photo of your car in your driveway can point to your house. A photo of your office can identify your workplace. A photo at a protest can place you there at a specific time even if your face isn't visible. A photo of a document can reveal when and how it was captured. Metadata records context without asking whether you meant to share it.
What Metadata Reveals
Photo metadata can include GPS coordinates accurate to within meters, timestamps showing when the photo was taken, device make and model, camera settings, and the software used to edit the image. Some devices also embed owner or device naming information. This data often remains intact across downloads, shares, reposts, and uploads unless a platform or tool removes it.
Social media platforms do remove parts of this data, but not everything, and the exact behaviour isn't always transparent. Relying on them means trusting that their processing is consistent and complete.
How to Strip Metadata
ExifTool works on Windows, Mac, and Linux. It's free, open source, and widely used. Install it on Linux with sudo apt install exiftool, on Mac with brew install exiftool, or download from exiftool.org for Windows.
View metadata on an image with exiftool photo.jpg. Strip all metadata with exiftool -all= photo.jpg. This removes embedded data and creates a backup with _original appended to the filename.
Process a folder with exiftool -all= -r /path/to/folder. Overwrite without backups using exiftool -all= -overwrite_original photo.jpg.
Mac users can use ImageOptim, a simple drag-and-drop tool that removes metadata while compressing images. The Preview app can remove location data, but not everything. Linux users can install mat2 (Metadata Anonymisation Toolkit 2) with sudo apt install mat2 then clean files with mat2 file.jpg. GIMP can also exclude metadata during export if you disable EXIF data.
Windows users can use ExifCleaner, a graphical wrapper for ExifTool. Windows also includes built-in metadata removal via file properties, but it's inconsistent and can miss fields. On Android, apps like Scrambled Exif remove metadata before sharing. On iOS, apps like Metapho provide similar control. Taking a screenshot will usually remove metadata, but reduces quality.
Manual cleanup gets forgotten. Automating it removes that risk. Example using inotify on Linux:
#!/bin/bash
watch_dir="$HOME/Pictures/to_clean"
inotifywait -m -e close_write "$watch_dir" | while read path action file; do
exiftool -all= -overwrite_original "$path$file"
doneAny file added to that directory is cleaned immediately. You can also create a shell alias with alias cleanimg='exiftool -all= -overwrite_original' then run cleanimg *.jpg to clean all JPGs in the current directory.
Removing metadata only affects embedded file data. It doesn't change what's visible in the image. If the photo shows street signs, landmarks, or identifiable features, those remain. Faces, documents, and objects are still visible. Reverse image search still works. Image analysis techniques still apply. Removing metadata also doesn't affect copies of the original image that may already exist elsewhere. It only removes one layer of information.
Removing metadata only affects the file itself. It does nothing about network-level information like your IP address, DNS requests, or how and where the file is uploaded from. If it matters, verify it yourself. Run ExifTool on the cleaned image. If no EXIF data appears beyond basic file structure, the embedded metadata is gone. This addresses one layer of exposure. The rest depends on how the image is shared and what other information is exposed alongside it.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
Do all social media platforms remove photo metadata?
No. Most platforms remove some metadata, usually GPS coordinates, but not everything. What gets stripped depends on the platform and can change without notice.
Does taking a screenshot remove metadata?
In most cases, yes. Screenshots create a new image without the original EXIF data. The tradeoff is reduced quality.
Can metadata be recovered after it's removed?
If it's properly stripped, it's gone from that file. It's not hidden or recoverable through normal means. Copies of the original file are a different story.
Do apps like WhatsApp or Messenger remove metadata?
Often, but not consistently. Many apps recompress images and strip some data, but behaviour varies. Don't rely on it if it matters.
Is removing metadata enough to stay anonymous?
No. Metadata is one source of information. Image content and network-level data can still identify you. Removing metadata reduces exposure, but it doesn't make you anonymous.