Understanding EXIF
Everything your photo knows about you.
Camera model, GPS coordinates, timestamp, device serial — all smuggled inside a JPG, often without their owner's knowledge.
What EXIF is.
EXIF (Exchangeable Image File Format) is a metadata standard for embedding information inside JPG, TIFF, HEIC and some PNG images. The original purpose was workflow — track exposure settings, lens, white balance, the camera that took the shot — so post-processing tools could do their job. Over the years the spec grew to include GPS, device serial number, owner copyright, and a thumbnail of the image embedded inside the image.
image bytes + invisible metadata
The privacy story.
A holiday photo posted to a forum can leak a precise GPS fix and a timestamp accurate to the second. The image looks identical with or without that data. People have been doxxed this way; military deployments have been compromised; a well-meaning author of a "where I work from home" post once published their address by accident. Most major social networks now strip EXIF on upload, but plenty of tools, forums and direct messages preserve it.
What's worth keeping.
A blanket strip removes useful data along with sensitive data. Keep orientation — without it the photo rotates on its side in viewers that respected the original tag. Keep the colour profile (ICC) — without it some viewers display wrong colours. Strip GPS, camera serial, timestamp and the embedded thumbnail. The thumbnail in particular is sometimes overlooked: it's an old version of the picture from before any edit, stored as a raw block inside the file.
Where it lives in the file.
In a JPG, EXIF lives in an APP1 marker near the start of the file. The marker has a length prefix; a stripper rewrites the file with the marker replaced by zeros (or removed entirely) and the rest of the bytes intact. No re-encoding of pixels is needed, which is why an EXIF strip is a lossless operation that takes milliseconds even on large photos.
HEIC and the modern containers.
HEIC and AVIF use the ISO base media file format (the same family as MP4) and store metadata in meta boxes rather than legacy markers. The information is the same — GPS, timestamp, camera model — but the structure is different. A stripper has to know the container and rewrite the right boxes. Generic JPG strippers that haven't been updated may silently no-op on HEIC.
Strip on the device.
Privacy is preserved best by stripping before the photo leaves your machine. iOS has a "Maintain Privacy" setting under Photos → Sharing that drops location on share. Android offers similar in the share sheet. Browser-based strippers (like this one) do the work locally and never upload the image. Server-based ones, by definition, see the metadata; choose one only when you trust the operator.
Read next