When you take a photo with your phone and upload it to a website, you're probably sending more than you realize. Embedded inside that JPEG is a block of structured data called EXIF — and it can contain your precise GPS coordinates, the exact time the photo was taken, and the make and model of your device.
What Is EXIF?
EXIF stands for Exchangeable Image File Format — a standard for embedding metadata within image files, originally defined by the Japan Electronics and Information Technology Industries Association (JEITA) in 1995, with details summarized on Wikipedia's EXIF reference. Almost every digital camera and smartphone writes EXIF data into JPEG and TIFF files automatically.
The data lives in a dedicated header segment at the beginning of the file, before the compressed image data, so it can be read without decoding the full image.
What EXIF Data Contains
The metadata fields vary by device and application, but a typical smartphone photo includes:
Camera and device information:
- Make and model (e.g.,
Apple iPhone 15 Pro) - Software version (e.g.,
iOS 17.4.1) - Lens model and focal length
- Flash status
Exposure settings:
- Shutter speed (e.g.,
1/120 sec) - Aperture (e.g.,
f/1.8) - ISO sensitivity (e.g.,
ISO 400) - Exposure mode and metering mode
Timestamp:
DateTimeOriginal— when the shutter fired, in local timeDateTimeDigitized— when the file was created
Orientation:
- An integer (1–8) representing whether the camera was held portrait, landscape, or upside down. Used by viewers to rotate the image correctly on display.
GPS coordinates:
GPSLatitudeandGPSLongitude— stored as degrees/minutes/seconds (DMS rational numbers), with a separateGPSLatitudeRef(N/S) andGPSLongitudeRef(E/W) tag indicating hemisphereGPSAltitude— elevation in meters, withGPSAltitudeRefindicating above or below sea levelGPSTimeStamp— UTC time from GPS lock
That last category is what most people find surprising. Modern smartphones embed your precise location by default unless you've specifically disabled location access for the camera app.
Privacy Implications
Sharing a photo publicly without stripping EXIF means anyone who downloads it can potentially learn:
- Where you live (if taken at home)
- Your daily routine (timestamps + locations over time)
- What devices you own
- When you were somewhere specific
Social media platforms like Twitter, Instagram, and Facebook strip EXIF data server-side before making photos publicly accessible. But file-sharing links, forum attachments, direct Discord uploads, and email attachments often preserve the full metadata. Researchers from the Electronic Frontier Foundation have repeatedly highlighted the deanonymization risk of unstripped EXIF.
If you share photos directly — a ZIP of RAW files with a client, a rental listing with apartment photos, a forum post — the EXIF travels with the file.
How to View EXIF Data
Several tools give you visibility into what's in a file:
ExifTool is the most comprehensive command-line option. It reads virtually every metadata format across thousands of file types — see the official ExifTool docs for the full tag list:
exiftool photo.jpg
# or for just GPS fields:
exiftool -gps:all photo.jpgBrowser DevTools won't show EXIF directly, but you can inspect file sizes and compare before/after stripping. Some browser extensions (like "EXIF Viewer Pro") let you right-click an image on a web page and see its metadata if it's been preserved.
Online viewers — including the metadata reader in Image Compressor — extract and display key EXIF fields without needing a local install.
In macOS, you can also select a photo in Finder and press Cmd+I (Get Info) to see basic EXIF, or open it in Preview and check Tools > Show Inspector.
How to Strip EXIF Data
If you want to share a photo without its metadata:
Using ExifTool (preserves image quality, lossless for JPEG):
# Strip all metadata in-place (creates backup with _original suffix)
exiftool -all= photo.jpg
# Strip all metadata and delete the backup
exiftool -all= -overwrite_original photo.jpg
# Strip only GPS fields
exiftool -gps:all= photo.jpgUsing ImageMagick:
convert photo.jpg -strip stripped.jpgUsing sharp (Node.js) — when you run images through sharp without explicitly forwarding metadata, it's stripped by default. You have to opt in to keep it:
// Strips metadata by default
await sharp('input.jpg').toFile('output.jpg');
// Explicitly keep metadata
await sharp('input.jpg').withMetadata().toFile('output.jpg');This is relevant if you're building an image pipeline — understand whether your processing library preserves or discards EXIF. Most will strip by default unless told otherwise.
Other Metadata Formats: IPTC and XMP
EXIF isn't the only metadata format that can live inside an image file.
IPTC (International Press Telecommunications Council) was designed for editorial and news photography. It stores caption text, copyright notices, keywords, and contact information for the photographer — photojournalists use it to attach bylines and licensing info that survives the file as it moves across systems.
XMP (Extensible Metadata Platform) is Adobe's XML-based metadata format. More flexible than EXIF or IPTC, it can be embedded inside JPEG, PNG, PDF, and many other file types. Adobe applications (Lightroom, Bridge, Illustrator) write XMP extensively. XMP can embed structured license data (Creative Commons, rights declarations) and custom application-specific properties.
A single image file can technically contain all three metadata blocks simultaneously — EXIF in the APP1 segment, IPTC in APP13, and XMP also in APP1. Most consumer tools only display EXIF, so IPTC and XMP can go unnoticed.
What Happens to Metadata Through Image Tools
Understanding how your toolchain handles metadata saves surprises. Key behaviors:
- sharp (Node.js): strips metadata by default; use
.withMetadata()to preserve - ImageMagick convert: preserves metadata by default; pass
-stripto remove it, or-auto-orient -stripto apply orientation correction then discard EXIF - browser Canvas API:
canvas.toBlob()andcanvas.toDataURL()always strip EXIF — the rendered pixel data has no metadata - Python Pillow:
image.save()strips EXIF unless you explicitly pass theexifparameter back in
If you're building a tool that processes user images and EXIF matters (a photo sharing app, an orientation-aware viewer), you need to explicitly handle the metadata — read it before processing, then write it back afterward. The orientation tag in particular needs attention: if you ignore it, phones that take portrait photos will display them rotated sideways.
For a look at how encoding affects image data more broadly, see How Image Compression Works. And if you're embedding images directly in HTML or CSS data URIs, Base64 Images in HTML and CSS covers what gets preserved (and lost) in that process.
For a full specification reference, the EXIF spec is maintained by CIPA and covers all defined fields with their types and value ranges.
Use Image Compressor when you need to reduce file size before sharing — it processes images through sharp, which strips EXIF by default, so you get both a smaller file and a cleaner privacy footprint without any extra steps.
FAQ
Does Twitter/Instagram strip EXIF when I upload a photo?
Yes — every major social platform (Twitter/X, Instagram, Facebook, TikTok, LinkedIn) strips EXIF data on upload before re-encoding the image for delivery. They do this both for privacy reasons and to reduce CDN storage. Direct sharing channels (Discord file uploads, email attachments, Slack DMs, file transfers via AirDrop/Nearby Share) generally do not strip EXIF — the original file with all metadata is preserved.
Why are my portrait photos sideways after upload?
The image's orientation is stored as an EXIF tag (1–8) rather than physically rotating the pixels in the file. Phones write the photo with the sensor's natural orientation and add a tag telling viewers "rotate this 90° clockwise on display." Tools that strip EXIF without first applying the rotation leave the image in its sensor orientation. Fix: use exiftool -auto-orient or convert input.jpg -auto-orient -strip output.jpg before stripping.
How do I strip GPS but keep camera settings (for portfolio purposes)?
Selectively strip the GPS namespace: exiftool -gps:all= photo.jpg. This removes GPSLatitude, GPSLongitude, GPSAltitude, and related tags while preserving exposure, lens, and timestamp data — useful for photographers who want to share technical metadata without revealing locations. You can also strip date with exiftool -gps:all= -datetimeoriginal= photo.jpg if you want anonymity around timing.
Does WebP or AVIF support EXIF?
Yes — both formats have a metadata chunk that can carry EXIF, ICC profiles, and XMP. WebP uses a EXIF RIFF chunk; AVIF wraps EXIF in an item box. Conversion tools usually preserve metadata by default unless you explicitly strip it. Sharp's .withMetadata() includes EXIF in WebP and AVIF output. The same privacy considerations apply — converting a JPEG with GPS to WebP doesn't automatically remove the GPS data.
Are there fingerprinting risks beyond GPS?
Yes — the combination of camera make/model, lens identifier, and software version can identify a specific device or narrow the pool significantly. If you have a photo from a unique lens (especially manual lenses or older legacy bodies) plus a timestamp, that's enough to tie photos to a specific photographer. For maximum anonymity, strip all metadata; for general privacy, strip only GPS and DateTimeOriginal.
What's the difference between EXIF and ICC profile?
EXIF is photographic metadata — exposure, GPS, camera info. ICC profile is a color profile that tells viewers how to interpret the pixel values (which color space the image was captured in: sRGB, Adobe RGB, Display P3). They're different chunks of the file. You can strip EXIF and keep the ICC profile, which is sometimes desirable for color-accurate display without leaking metadata. Sharp's .keepIccProfile() does exactly this.
How does PNG store metadata?
PNG uses tEXt, zTXt, and iTXt chunks for plain-text metadata, plus a separate eXIf chunk (added in 2017) for EXIF data. Most older PNG encoders only write tEXt; newer ones write eXIf if metadata is present. Browsers don't surface PNG metadata anywhere visible. ExifTool reads all PNG metadata chunks; the pngcrush -rem alla command strips them.
Can I read EXIF in JavaScript without uploading?
Yes — libraries like exifr, exif-js, and piexifjs parse EXIF directly from a File or Blob in the browser, no server roundtrip needed. They read the raw bytes from the JPEG/HEIC and decode the metadata structure client-side. This is the right pattern for privacy-conscious tools (image editors, photo galleries) — show the metadata to the user, give them an option to strip it, and only then upload.