DEV Community

Max
Max

Posted on • Originally published at orthogonal.info

Your Photos Are Broadcasting Your Home Address (Strip EXIF GPS in the Browser)

A friend sent me a photo of their new apartment and asked me to guess the neighborhood. I opened the JPEG in a terminal, ran exiftool, and read back their street address to two decimal places of latitude. They had never posted the location. The phone did it for them.

Most photos off a modern phone carry a GPS block inside the file the exact coordinates where the shutter fired, down to a few meters. Share that JPEG anywhere that doesn't re-encode it, and you're publishing your home, your kid's school, your office desk. Here's what's actually in that metadata, which platforms strip it and which don't, and why browser-only is the right fix.

What's actually inside the file

EXIF is a block of tags glued into the JPEG right after the start-of-image marker. Designed for camera settings shutter speed, ISO, focal length. But the spec also carries an entire GPS sub-directory, and phones fill it in by default.

What a single iPhone photo typically hands over:

GPS Latitude    : 37 deg 46' 29.88" N
GPS Longitude   : 122 deg 25' 9.84" W
GPS Altitude    : 14.2 m Above Sea Level
Create Date     : 2026:07:04 18:32:11
Make            : Apple
Model           : iPhone 15 Pro
Software        : 17.5.1
Enter fullscreen mode Exit fullscreen mode

That lat/long pair drops a pin within ~5 meters. The timestamp says when you were standing there. The device model and OS version are a bonus for anyone fingerprinting you. None of it is visible in the picture. It rides along silently.

Under the hood: GPS coordinates are stored as three rational numbers (degrees, minutes, seconds), each a pair of 32-bit integers, referenced by an offset pointer in the main tag table. Tidy little format which is exactly why it's easy to both read and remove.

The "but platforms strip it" myth

The common reassurance is that social networks scrub metadata on upload. Some do. Many don't, and the behavior is inconsistent enough that I don't trust any of it:

  • Facebook, Instagram, Twitter/X: re-encode and drop EXIF. Generally safe but they replace it with their own tracking, and the re-encode wrecks quality.
  • Discord: keeps full EXIF on direct image attachments. That coordinate block ships straight through.
  • Slack: preserves the original file for downloads.
  • Email attachments: untouched. Whatever your camera wrote lands in the recipient's inbox.
  • Your own site / self-hosted gallery: serves the raw file unless you strip it yourself.
  • Cloud share links (Dropbox, Drive): hand over the original bytes.

The failure mode that bit my friend was a real-estate listing tool that just re-served the uploaded JPEGs. Coordinates intact. "The platform handles it" is not a plan. Stripping at the source is.

Why browser-only matters here

The obvious fix is exiftool, which is excellent. But telling a non-technical person to install a Perl utility and run exiftool -all= photo.jpg is a non-starter. The alternatives most people reach for are worse:

  • Online EXIF removers: you upload your geotagged photo to some stranger's server to have the location removed. Read that sentence again you just handed the coordinates to exactly the party you were hiding them from.
  • Desktop apps: fine, but overkill for "clean these 8 photos before I text them."
  • Phone share-sheet toggles: iOS has a "Remove Location" option buried in the share sheet's Options menu. Works, but only for location, only on Apple's terms, and most people never find it.

The mechanism for doing it client-side is simple enough to describe in a paragraph. A JPEG is a series of segments, each marked by 0xFF followed by a marker byte. EXIF lives in the APP1 segment (0xFFE1). To strip it, you parse the segment list, drop APP1 (and optionally APP0, XMP, and any color-profile junk), and re-concatenate the rest. The image pixels sit in the scan data, untouched so unlike the social-network approach, there's zero quality loss. No re-encode, no recompression artifacts. Same pixels, minus the tracking. Read the file with FileReader, walk the markers, rewrite without the metadata block all in the tab, no upload, no server round-trip, no log file with your coordinates in it.

I wrote up the full teardown plus a live browser tool that does exactly this here: Strip EXIF GPS in the Browser. Drag a photo in, download the clean copy, verify with exiftool if you're paranoid (I was the GPS block is gone, the pixels are byte-identical in the scan segment).

Fix it at the camera if you shoot a lot

Stripping after the fact works, but the cleaner move for anything sensitive is to not write the coordinates in the first place:

  • iOS: Settings > Privacy & Security > Location Services > Camera > Never.
  • Android: the camera app's own settings, usually "Location tags" or "Save location."

You lose the "photos on a map" feature that's the tradeoff.

But for the 90% case a few photos, right now, before you hit send a browser tab that never phones home is the right tool.

What's the sketchiest "upload it here to make it private" tool you've seen someone actually use?

Top comments (0)