DEV Community

Michael Lip
Michael Lip

Posted on • Originally published at zovo.one

Your Photos Contain More Personal Data Than You Think

#security #photography #privacy #beginners

Every photo you take with a smartphone embeds metadata that can include your exact GPS coordinates, the device model, the date and time, your name, and sometimes even the software used for editing. This metadata, stored as EXIF (Exchangeable Image File Format) data, travels with the image when you share it -- unless you explicitly remove it.

What EXIF data contains

A typical smartphone photo includes:

Camera information:

  • Camera make and model (e.g., "Apple iPhone 15 Pro Max")
  • Lens specification
  • Focal length, aperture, shutter speed, ISO
  • Flash status

Temporal data:

  • Date and time the photo was taken
  • Time zone offset
  • Date the file was last modified

Location data:

  • GPS latitude and longitude (often accurate to within 3 meters)
  • GPS altitude
  • GPS timestamp

Software data:

  • Software used to process the image
  • Editing history (in some formats)
  • Color profile

Personal data:

  • Copyright notice (if set)
  • Author name (if configured in camera settings)
  • Comments

The privacy implications

When you post a photo with intact EXIF data to a platform that does not strip metadata, anyone who downloads the image can see exactly where and when you took it. This has real consequences:

  • Posting a photo from your home reveals your home address
  • A photo of your morning coffee reveals your daily routine location
  • Photos from a vacation reveal that your home is unoccupied

Major platforms handle metadata differently:

  • Facebook/Instagram: Strip EXIF data on upload (but Facebook stores it internally)
  • Twitter/X: Strip EXIF data on upload
  • Discord: Strips GPS but keeps some camera data
  • Email: Does not strip metadata (the full EXIF travels with the attachment)
  • iMessage: Does not strip metadata by default
  • Personal websites/blogs: Typically do not strip metadata unless you use a build tool that does

Viewing metadata

On macOS:

mdls photo.jpg | grep -E "kMDItemLatitude|kMDItemLongitude|kMDItemCreator"
Enter fullscreen mode Exit fullscreen mode

Using ExifTool (the definitive command-line tool):

exiftool photo.jpg
exiftool -gps:all photo.jpg
Enter fullscreen mode Exit fullscreen mode

In Python:

from PIL import Image
from PIL.ExifTags import TAGS

img = Image.open('photo.jpg')
exif = img._getexif()
for tag_id, value in exif.items():
    tag = TAGS.get(tag_id, tag_id)
    print(f"{tag}: {value}")
Enter fullscreen mode Exit fullscreen mode

Removing metadata

Before sharing photos publicly:

# Remove all metadata
exiftool -all= photo.jpg

# Remove only GPS data
exiftool -gps:all= photo.jpg

# Batch remove from all JPEGs
exiftool -all= *.jpg
Enter fullscreen mode Exit fullscreen mode

On iOS, you can remove location data when sharing: tap the share button, tap "Options" at the top, and toggle off "Location."

When metadata is useful

EXIF data is not all liability. For photographers, it is essential:

  • Reviewing settings. Which aperture and ISO produced the best shot? EXIF tells you.
  • Organizing photos. Date-based and location-based photo organization relies on EXIF timestamps and GPS coordinates.
  • Legal evidence. EXIF timestamps can establish when a photo was taken for legal proceedings, though metadata can be edited and is not conclusive.
  • Color management. The embedded color profile ensures consistent color reproduction across devices and printers.

I built an image metadata viewer at zovo.one/free-tools/image-metadata-viewer that displays all embedded EXIF data from any image file, including GPS coordinates on a map, camera settings, and timestamps. The analysis runs entirely in your browser -- your image is never uploaded to any server. Check what data your photos are carrying before you share them.

I'm Michael Lip. I build free developer tools at zovo.one. 500+ tools, all private, all free.

Top comments (0)