PixelStrip: Stop Photos Broadcasting Your Location

Every photo taken on a smartphone embeds invisible metadata — including GPS coordinates accurate to within a few meters. PixelStrip strips it all out before you share. Zero upload, zero tracking, zero excuses.

A Quick Experiment

Pick any photo from your camera roll. Right-click it on your computer, open Properties (Windows) or Get Info (Mac), and look for the GPS fields. If location services were on when you took the photo — and they almost certainly were — you’ll see latitude and longitude coordinates that pinpoint exactly where you were standing.

Now imagine you posted that photo on a forum, sold something with it on Craigslist, or sent it in a group chat that got forwarded around. Anyone who saves the image can extract those coordinates and drop them into Google Maps. They’ll see your home, your office, your kid’s school.

This isn’t theoretical. It’s happened to journalists, activists, and abuse victims. And it’s happening to you right now, every time you share an unstripped photo.

What’s Hiding in Your Photos

The EXIF (Exchangeable Image File Format) standard was designed in the 1990s for digital cameras. It stores useful technical data — aperture, shutter speed, focal length. But smartphones added fields that were never meant to be shared publicly:

• GPS coordinates — latitude, longitude, altitude, and sometimes direction
• Device fingerprint — phone make, model, OS version, unique camera serial number
• Timestamps — date and time of capture, modification history
• Thumbnail images — a smaller version of the original, sometimes containing content you cropped out
• Software chain — every app that touched the image

Social media platforms like Facebook, Instagram, and Twitter strip EXIF data on upload — but email, messaging apps, forums, file-sharing services, and most CMS platforms do not.

How PixelStrip Works

PixelStrip parses the JPEG binary structure directly in your browser using JavaScript. It identifies EXIF markers (APP1 segments), IFD entries, and GPS sub-IFDs, then displays what it found with clear warning labels.

When you click “Strip All Metadata,” the image is re-rendered through an HTML5 Canvas — which by design does not preserve EXIF data — and exported as a clean JPEG. The visual content is identical; the metadata is gone.

No server involved. No upload. The file never leaves your browser tab.

The Technical Architecture

PixelStrip doesn’t just run the image through a Canvas and re-export it (though that would strip EXIF data too). Instead, it parses the JPEG binary structure directly, which lets it show you exactly what metadata is present before removing anything. Here’s how the pipeline works at the code level.

A JPEG file is a sequence of binary segments, each starting with a two-byte marker. The image data lives in the SOS (Start of Scan) segment. Metadata lives in APP segments — specifically APP1 (0xFFE1), which contains the EXIF data. PixelStrip reads the file as an ArrayBuffer and walks through these segments to find and parse the EXIF block.

Inside the EXIF APP1 segment, data is organized as IFD (Image File Directory) entries — essentially key-value pairs. IFD0 contains basic image info (camera make, software). The GPS sub-IFD (linked from IFD0) contains the location tags: GPSLatitude, GPSLongitude, GPSAltitude, GPSTimeStamp, and others. Each IFD entry has a tag ID, a data type, a count, and either the value itself or an offset to where the value is stored.

Here’s a simplified example of reading EXIF data from a File object in the browser:

async function readExif(file) {
  const buffer = await file.arrayBuffer();
  const view = new DataView(buffer);

  // Verify JPEG magic bytes: 0xFFD8
  if (view.getUint16(0) !== 0xFFD8) {
    throw new Error('Not a JPEG file');
  }

  // Walk segments looking for APP1 (EXIF)
  let offset = 2;
  while (offset < view.byteLength) {
    const marker = view.getUint16(offset);
    if (marker === 0xFFE1) {
      // Found APP1 segment - parse EXIF
      const length = view.getUint16(offset + 2);
      const exifData = buffer.slice(offset + 4, offset + 2 + length);
      return parseExifIFD(new DataView(exifData));
    }
    // Skip to next segment
    const segLength = view.getUint16(offset + 2);
    offset += 2 + segLength;
  }
  return null; // No EXIF found
}

The parseExifIFD function then walks the IFD entries, reading tag IDs and extracting values. GPS coordinates are stored as rational numbers (numerator/denominator pairs) in degrees, minutes, and seconds format. Converting to decimal coordinates requires: degrees + minutes/60 + seconds/3600.

To strip the metadata, PixelStrip identifies the APP1 segment boundaries and reconstructs the JPEG without it — copying the SOI marker, skipping APP1, and then copying all remaining segments (DQT, SOF, DHT, SOS, and the compressed image data) intact. The visual image data is never decoded or re-encoded, so there’s zero quality loss.

Why Client-Side Processing Matters

The irony of most metadata removal tools is hard to overstate: they ask you to upload your photo to their server to remove the data that reveals your location. You’re sending your GPS coordinates to a third party in order to prevent third parties from seeing your GPS coordinates.

PixelStrip’s architecture eliminates this entirely. The processing pipeline runs 100% in your browser:

• File API — reads the image from your local disk into JavaScript memory
• ArrayBuffer — provides raw binary access to parse JPEG segments
• Parse — walks the binary structure to find and display EXIF data
• Strip — reconstructs the JPEG without the APP1 (EXIF) segment
• Blob — wraps the clean binary data into a downloadable file
• Download — triggers a browser download with no network request

Open your browser’s Network tab while using PixelStrip. You’ll see zero outgoing requests after the initial page load. The JavaScript, CSS, and HTML are served once, cached by your browser, and everything after that happens locally. It even works in airplane mode.

Compare this to server-side alternatives like several popular EXIF removal websites. Their typical flow is: upload your image (sending your GPS data over the network), wait for server processing, download the stripped version. Even with HTTPS, your photo sits on their server during processing. Their privacy policy might say they delete it “promptly” — but you have no way to verify that. And if their server is compromised, your photos (with location data) are exposed.

Client-side processing isn’t just a privacy feature — it’s also faster. There’s no upload latency, no server queue, no download wait. Stripping metadata from a 5MB photo takes under 100ms locally. The same operation through a server-based tool takes 3-5 seconds minimum, most of that being network transfer time.

Building PixelStrip: Lessons Learned

I started this project after reading about a journalist whose source was identified through photo EXIF data. The source had sent photos to document conditions at a facility, and the GPS coordinates in those photos led directly back to them. That story stuck with me — not because the technology was exotic, but because the fix was so simple. Strip the metadata before sharing. The problem was that no tool made it easy to do privately.

Building a JPEG parser from scratch taught me that the JPEG binary format is messy in practice, even though the spec is straightforward in theory. Every camera manufacturer embeds EXIF slightly differently. Some use big-endian byte order, others use little-endian — and the byte order is specified per-segment, so you have to check it for each EXIF block. I spent an entire weekend debugging a parsing failure that turned out to be a Samsung phone embedding a non-standard MakerNote tag with its own internal IFD structure.

Some camera brands embed thumbnail images inside the EXIF data — a smaller version of the original photo. This is particularly dangerous because even if you crop a photo to remove something sensitive, the uncropped thumbnail might still be in the EXIF data. PixelStrip removes these thumbnails along with everything else in the APP1 segment.

Browser memory limits were another challenge. JavaScript’s ArrayBuffer works great for typical photos (2-10MB), but panoramic shots and RAW-converted JPEGs can exceed 30MB. On mobile browsers with limited memory, loading a 30MB file into an ArrayBuffer while also keeping the original for display can cause the tab to crash. I added a file size check that warns users about very large files and processes them in chunks when possible.

Testing was the most time-consuming part. I collected sample photos from every major smartphone brand — Apple, Samsung, Google, OnePlus, Xiaomi, Huawei — because each manufacturer embeds EXIF differently. Apple’s format is clean and consistent. Samsung adds proprietary MakerNote fields. Google Pixel phones embed detailed lens calibration data. Each one required testing to make sure PixelStrip could identify and strip all metadata tags without corrupting the image data.

The most satisfying moment was running a stripped photo through ExifTool and seeing No EXIF data found. That’s the standard I hold PixelStrip to: not “most metadata removed” but “all metadata removed, verified by an independent tool.” If ExifTool can’t find it, neither can anyone else.

Who This Is For

• Online sellers — don’t leak your home address through product photos
• Freelancers & agencies — strip client metadata before handing off deliverables
• Privacy-conscious individuals — clean photos before posting anywhere
• Journalists & researchers — protect source locations and device identities
• Parents — remove geotags from family photos shared in group chats

Try It

👉 pixelstrip.orthogonal.info

Drop a photo. See what’s hiding. Strip it. Download. Takes about three seconds.