What Your Photos Reveal: EXIF Metadata and Privacy

GPS coordinates, timestamps, and device details hide inside your photos. What EXIF metadata is and how to strip it.

The data hiding inside every photo

When a camera or phone saves a photo, it writes more than pixels. Alongside the image sits a block of EXIF metadata — Exchangeable Image File Format data — recording when the photo was taken, what device took it, the exposure settings used, the software that last touched it, and often the exact spot on Earth where you were standing. JPEG, TIFF, HEIC, and most RAW formats carry EXIF by design, and PNG and WebP files can carry similar metadata chunks.

None of this is visible in the picture itself. But any photo viewer with a details panel, any metadata inspector, or a few lines of code can read it, and it travels with the file wherever the file goes — email attachments, forum posts, marketplace listings, shared folders.

GPS coordinates are the most sensitive field

Smartphones geotag photos by default once the camera app has location permission. The tag is not approximate: it stores latitude and longitude to several decimal places, often along with altitude and the compass direction the camera was facing. That level of precision resolves to a specific building, not a neighborhood.

The consequences are easy to picture. A photo of a couch you are selling, taken in your living room, carries your home address. A picture of your kid at a birthday party pins the location of the party. One photo gives away one place; a stream of photos shared over months quietly maps your home, your workplace, your gym, and your routines.

Timestamps, device details, and other identifiers

Capture timestamps seem harmless until you combine them with context. A vacation photo posted with its original timestamp announces that your house is empty right now. Timestamps can also contradict a claimed date — something that has mattered in journalism, insurance disputes, and court cases.

Device details go further than most people expect. EXIF records the camera make and model, and some cameras embed body or lens serial numbers, which can link photos posted from an anonymous account back to the same physical camera used elsewhere under your real name. The software tag reveals what you edited with, and some files keep an embedded preview thumbnail that is generated before edits — a known gotcha where content cropped out of a photo survived in the thumbnail.

Where the risk is real — and where it is not

The big social platforms strip EXIF from images when they publish them, so a photo posted to Facebook or Instagram does not expose your coordinates to other users. Two honest caveats: the platform itself reads the metadata before discarding it, and this protection only applies on those platforms.

Plenty of other channels pass files through untouched. Email attachments, messaging apps when you send a photo as an original file or document, cloud storage share links, personal websites, and many forums and marketplace sites will hand your full file — metadata included — to whoever downloads it. The practical rule: if you are not certain a channel strips metadata, assume it does not.

How stripping actually works

There are two ways to remove metadata. The first rewrites the file container, deleting the metadata segments while leaving the compressed image data untouched. The second decodes the image to raw pixels and re-encodes it — metadata does not survive that trip unless the software deliberately copies it across. Format converters use the second approach, which is why converting a photo is a natural moment to strip it.

Convertmaxxing does this entirely in your browser. The decoder and encoder run as WebAssembly on your own machine, so the photo is never uploaded to a server — there is no server-side processing at all. You choose whether to strip metadata during conversion; either way, the file, its GPS tags, and everything else in it stay on your device. It is free and requires no signup.

Two caveats: orientation and color

Many phones save photos in the sensor's native orientation and add an EXIF tag telling viewers to rotate the image. Strip that tag naively and the photo displays sideways or upside down. Because a converter decodes and re-encodes the image, the rotation gets baked into the pixels themselves, so the output looks right without needing the tag — but it is still worth glancing at the result before you share it.

Color profiles are the other catch. ICC profiles are technically metadata, and removing them can shift how a photo looks: wide-gamut images, such as Display P3 photos from recent iPhones, can appear slightly muted when a viewer falls back to assuming sRGB. For everyday sharing the difference is minor and a fair trade for privacy, but if color accuracy matters — product shots, artwork — check the stripped file before publishing it.

A practical routine

Three habits cover most situations. First, decide whether you want geotagging at all — you can revoke the camera app's location permission and photos will simply stop recording where they were taken. Second, inspect one of your own photos once, using your operating system's file properties panel or a tool like ExifTool, so you know exactly what your device embeds. Third, strip metadata whenever location or timing is sensitive: selling anything photographed at home, sharing pictures of children, or posting anything where your safety depends on not being found.

Finally, do the stripping locally. Uploading a photo to a random online EXIF remover in the name of privacy hands the file — coordinates and all — to a stranger's server first. Convertmaxxing runs the whole job in your browser, so nothing leaves your device at any point. If you are careful enough to strip metadata, be equally careful about where the stripping happens.

Ready to convert?

Convert images right in your browser — free, private, no signup.

Open the converter