Max L

How to Strip EXIF Data from Photos Before Sharing (Free, Browser-Only)

Q: What’s Actually in Your EXIF Data

I ran exiftool on a random photo from my camera roll. Here’s what came back: $ exiftool IMG_4392.jpg | grep -i "gps\|model\|date\|software" Camera Model Name: iPhone 15 Pro Max GPS Latitude: 37 deg 46' 30.12" N GPS Longitude: 122 deg 25' 10.44" W Date/Time Original: 2026:04:22 14:33:07 Software: 18.4.1 Lens Model: iPhone 15 Pro Max back camera 6.765mm f/1.78 That’s my exact location, when I was there, what device I own, and what OS version I’m running. For a stalker or a social engineer, this is

Q: Verifying It Actually Works

Don’t take my word for it. After processing, run exiftool on the output: $ exiftool clean_IMG_4392.jpg ExifTool Version Number: 12.76 File Name: clean_IMG_4392.jpg File Size: 2.1 MB File Type: JPEG JFIF Version: 1.01 Image Width: 4032 Image Height: 3024 # That's it. No GPS. No camera. No dates. Compare that to the 47 lines of metadata in the original. Everything personally identifiable is gone.

Q: When You Want to Keep Some Metadata

Sometimes you want to strip GPS but keep the timestamp (for photo organization). Or keep the camera model but remove location. The Canvas API approach is nuclear — it removes everything. For selective removal, you need to parse the EXIF binary structure. The EXIF format is based on TIFF IFD (Image File Directory) entries. GPS data lives in IFD tag 0x8825. You can surgically remove just that tag while preserving everything else. This is what tools like exiftool -gps:all= photo.jpg do locally. For

Q: Batch Processing: The Command-Line Way

If you’re processing hundreds of photos (say, before uploading a portfolio), the browser tool works but CLI is faster: # Strip ALL metadata from every jpg in current directory exiftool -all= -overwrite_original *.jpg # Strip only GPS, keep everything else exiftool -gps:all= -overwrite_original *.jpg # Verify nothing leaked exiftool -if '$GPSLatitude' *.jpg && echo "LEAK FOUND" || echo "Clean" On my M1 MacBook, exiftool processes about 200 photos/second for metadata stripping. It’s fast because i

Q: A Note on PNG and WebP

PNGs use a different metadata format (tEXt/iTXt chunks rather than EXIF), but the Canvas API trick works identically — canvas.toBlob with type “image/png” produces a clean file. WebP can carry both EXIF and XMP metadata; same deal, canvas strips it all. One gotcha: if you’re converting formats (JPEG→WebP for size savings), our WebP converter also strips metadata as a side effect of the Canvas pipeline. Two birds, one canvas.

Q: Should You Care?

If you ever share photos outside of major social platforms (which auto-strip), yes. Especially: Selling items on Craigslist/Facebook Marketplace (photos reveal your home location) Forum posts with screenshots (some screenshot tools embed metadata) Dating apps that don’t strip EXIF (several don’t) Any photo sent via email or direct file transfer The fix takes 5 seconds. Drag, drop, download. Your image compressor does it automatically as part of the compression pipeline — metadata stripping is a

Written by

Max L

in

Deep Dives

Last month I sent a photo of my home office setup to a Discord server. Someone replied with my exact street address within minutes. They pulled it from the EXIF GPS coordinates embedded in the JPEG. I felt stupid — I’ve been a developer for over a decade and I forgot that every photo my iPhone takes embeds a full location history.

This isn’t hypothetical. Every JPEG and PNG from a modern phone contains an EXIF header with GPS lat/long (accurate to ~3 meters), device model, lens info, timestamps, and sometimes even your name if you set it in camera settings. When you upload to Twitter or iMessage, those platforms strip metadata automatically. But Discord, email attachments, forums, and most file-sharing services? They pass it straight through.

What’s Actually in Your EXIF Data

I ran exiftool on a random photo from my camera roll. Here’s what came back:

$ exiftool IMG_4392.jpg | grep -i "gps\|model\|date\|software"
Camera Model Name: iPhone 15 Pro Max
GPS Latitude: 37 deg 46' 30.12" N
GPS Longitude: 122 deg 25' 10.44" W
Date/Time Original: 2026:04:22 14:33:07
Software: 18.4.1
Lens Model: iPhone 15 Pro Max back camera 6.765mm f/1.78

That’s my exact location, when I was there, what device I own, and what OS version I’m running. For a stalker or a social engineer, this is gold.

The Problem with Online EXIF Strippers

Google “remove EXIF data online” and you’ll find dozens of tools. Most of them require you to upload your photo to their server. Think about that for a second — you’re trying to protect your privacy by sending your geotagged photos to a random website. That’s backwards.

I tested five popular ones:

verexif.com — uploads to server, no HTTPS on the upload endpoint
exifremove.com — uploads, keeps files for “processing” (how long?)
imgonline.com.ua — server-side, slow, ad-heavy
thexifer.net — actually decent but still server-based
Our tool at orthogonal.info — runs entirely in your browser via Canvas API

Only one of these never sees your actual file.

How Browser-Only EXIF Stripping Works

The technique is surprisingly simple. When you draw an image onto an HTML5 Canvas element and then export it, the Canvas API produces a new image with zero metadata. The EXIF block simply isn’t part of the canvas pixel data — it’s file-level metadata that the browser discards during the decode→render→encode pipeline.

// The core logic is ~10 lines
const img = new Image();
img.onload = () => {
  const canvas = document.createElement("canvas");
  canvas.width = img.naturalWidth;
  canvas.height = img.naturalHeight;
  const ctx = canvas.getContext("2d");
  ctx.drawImage(img, 0, 0);
  // This blob has ZERO exif data
  canvas.toBlob(blob => {
    saveAs(blob, "clean_" + file.name);
  }, "image/jpeg", 0.92);
};
img.src = URL.createObjectURL(file);

That’s it. The image pixels are identical (well, within JPEG re-encoding tolerance at quality 0.92 — we’re talking <0.3dB PSNR difference, visually imperceptible). But all metadata is gone. GPS, camera model, timestamps, thumbnail previews — all stripped.

Verifying It Actually Works

Don’t take my word for it. After processing, run exiftool on the output:

$ exiftool clean_IMG_4392.jpg
ExifTool Version Number: 12.76
File Name: clean_IMG_4392.jpg
File Size: 2.1 MB
File Type: JPEG
JFIF Version: 1.01
Image Width: 4032
Image Height: 3024
# That's it. No GPS. No camera. No dates.

Compare that to the 47 lines of metadata in the original. Everything personally identifiable is gone.

When You Want to Keep Some Metadata

Sometimes you want to strip GPS but keep the timestamp (for photo organization). Or keep the camera model but remove location. The Canvas API approach is nuclear — it removes everything. For selective removal, you need to parse the EXIF binary structure.

The EXIF format is based on TIFF IFD (Image File Directory) entries. GPS data lives in IFD tag 0x8825. You can surgically remove just that tag while preserving everything else. This is what tools like exiftool -gps:all= photo.jpg do locally.

For browser-based selective stripping, libraries like exif-js can parse the binary, but rewriting EXIF without corruption is tricky. My recommendation: if you’re sharing publicly, just nuke all metadata. If you need selective control, use exiftool locally.

Batch Processing: The Command-Line Way

If you’re processing hundreds of photos (say, before uploading a portfolio), the browser tool works but CLI is faster:

# Strip ALL metadata from every jpg in current directory
exiftool -all= -overwrite_original *.jpg

# Strip only GPS, keep everything else
exiftool -gps:all= -overwrite_original *.jpg

# Verify nothing leaked
exiftool -if '$GPSLatitude' *.jpg && echo "LEAK FOUND" || echo "Clean"

On my M1 MacBook, exiftool processes about 200 photos/second for metadata stripping. It’s fast because it’s only modifying the file header, not re-encoding pixels.

A Note on PNG and WebP

PNGs use a different metadata format (tEXt/iTXt chunks rather than EXIF), but the Canvas API trick works identically — canvas.toBlob with type “image/png” produces a clean file. WebP can carry both EXIF and XMP metadata; same deal, canvas strips it all.

One gotcha: if you’re converting formats (JPEG→WebP for size savings), our WebP converter also strips metadata as a side effect of the Canvas pipeline. Two birds, one canvas.

Should You Care?

If you ever share photos outside of major social platforms (which auto-strip), yes. Especially:

Selling items on Craigslist/Facebook Marketplace (photos reveal your home location)
Forum posts with screenshots (some screenshot tools embed metadata)
Dating apps that don’t strip EXIF (several don’t)
Any photo sent via email or direct file transfer

The fix takes 5 seconds. Drag, drop, download. Your image compressor does it automatically as part of the compression pipeline — metadata stripping is a free bonus of the Canvas re-encoding approach.

My Setup

I have an iOS Shortcut that runs exiftool via SSH on my home server whenever I share a photo. Overkill? Probably. But after the Discord incident, I’d rather be paranoid than doxxed. For most people, bookmarking a browser-based tool and using it before sharing is plenty.

If you’re working with sensitive images regularly, a solid external drive with hardware encryption is worth the investment. I use a Samsung T7 Shield (full disclosure: affiliate link) — it’s USB-C, does 1050MB/s reads, and has AES 256-bit hardware encryption. Photos never touch cloud storage unencrypted.

For developers building apps that handle user photos, strip metadata server-side before storing anything. One line with Sharp in Node.js: sharp(input).withMetadata(false).toFile(output). There’s no good reason to store someone’s GPS coordinates in your image CDN.

📡 I publish daily market signals and tech analysis on Alpha Signal — free to join, no EXIF data required.