Orthogonal Thinking

What Is EXIF Data? Remove It Before Sharing Photos

Written by

Max L

in

Updated Last updated: April 14, 2026 · Originally published: March 8, 2026

EXIF stands for Exchangeable Image File Format. It’s a standard that embeds technical metadata inside every JPEG and TIFF photo. When you share a photo, this invisible data goes with it β€” including your GPS location.

What EXIF Data Contains

πŸ“Œ TL;DR: EXIF stands for Exchangeable Image File Format. It’s a standard that embeds technical metadata inside every JPEG and TIFF photo. When you share a photo, this invisible data goes with it β€” including your GPS location.
Quick Answer: EXIF data is metadata embedded in every JPEG and TIFF photo that includes your GPS location, device model, and timestamps. Remove it before sharing photos online using a browser-based tool like PixelStrip to protect your privacy without uploading files to a server.

EXIF was created in 1995 for digital cameras. The original intent was helpful: let photographers review their camera settings (aperture, shutter speed, ISO) after the fact. But smartphones added fields the standard’s creators never anticipated:

  • GPS coordinates β€” latitude, longitude, altitude
  • Phone model β€” exact make and model
  • Unique device ID β€” camera serial number that’s the same across all your photos
  • Date and time β€” when the photo was taken and last modified
  • Software β€” which app last edited the image
  • Orientation β€” how the phone was held

Real Risks

In 2012, antivirus pioneer John McAfee’s location in Guatemala was revealed through EXIF data in a photo posted by a journalist. In 2024, researchers found that 30% of photos on major online marketplaces still contained GPS coordinates, exposing sellers’ home addresses.

If you sell items online, post on forums, or share photos via email β€” your location data is potentially visible to anyone who downloads the image.

How to Check and Remove EXIF Data

The fastest way: open PixelStrip, drop your photo, and click “Strip All Metadata.” It runs in your browser β€” no upload, no server, no account. You’ll see exactly what data was hiding in your photo before it’s removed.

πŸ‘‰ Check your photos now

How EXIF Stripping Works Under the Hood

When you strip EXIF data from a photo, you’re not editing the image itself β€” you’re removing metadata segments from the file’s binary structure. A JPEG file is organized into segments marked by two-byte markers (0xFFE1 for EXIF). Stripping metadata means either deleting those segments entirely or re-encoding the image without them. Here’s how to do it programmatically with Python.

from PIL import Image
from PIL.ExifTags import TAGS
import os, sys

def read_exif(filepath):
    img = Image.open(filepath)
    exif_data = img._getexif()
    if not exif_data:
        print(f"No EXIF data found in {filepath}")
        return {}
    readable = {}
    for tag_id, value in exif_data.items():
        tag_name = TAGS.get(tag_id, f"Unknown-{tag_id}")
        readable[tag_name] = value
        print(f"  {tag_name}: {value}")
    return readable

def strip_exif(input_path, output_path, quality=95):
    img = Image.open(input_path)
    img_format = img.format or "JPEG"
    # Create a clean copy without metadata
    clean = Image.new(img.mode, img.size)
    clean.putdata(list(img.getdata()))
    # Preserve ICC color profile if present
    icc_profile = img.info.get("icc_profile")
    save_kwargs = {"quality": quality}
    if icc_profile:
        save_kwargs["icc_profile"] = icc_profile
    clean.save(output_path, img_format, **save_kwargs)
    original_size = os.path.getsize(input_path)
    clean_size = os.path.getsize(output_path)
    print(f"Stripped: {input_path} -> {output_path}")
    print(f"  Size: {original_size:,} -> {clean_size:,} bytes")

def batch_strip(folder, output_folder=None):
    if output_folder is None:
        output_folder = os.path.join(folder, "stripped")
    os.makedirs(output_folder, exist_ok=True)
    extensions = {".jpg", ".jpeg", ".tiff", ".tif"}
    count = 0
    for filename in os.listdir(folder):
        ext = os.path.splitext(filename)[1].lower()
        if ext in extensions:
            input_path = os.path.join(folder, filename)
            output_path = os.path.join(output_folder, filename)
            strip_exif(input_path, output_path)
            count += 1
    print(f"Processed {count} images")

# Usage:
# read_exif("photo.jpg")
# strip_exif("photo.jpg", "photo_clean.jpg")
# batch_strip("/path/to/photos")

The critical detail is in strip_exif: we don’t just delete EXIF tags β€” we create an entirely new image from the pixel data. This guarantees that no metadata survives, including tags that some tools miss (like MakerNote fields that camera manufacturers embed with proprietary data). The tradeoff is a re-encoding step, which is why the quality=95 parameter matters. At 95, the visual difference is imperceptible, but file size often drops because the original EXIF data (which can be 10–50KB) is gone.

The icc_profile preservation is important. ICC profiles define color space information β€” stripping them can cause photos to look slightly different on color-managed displays. By extracting the profile before stripping and re-embedding it in the clean file, we maintain color accuracy while removing everything else. Most EXIF stripping tools miss this nuance, which is why photos sometimes look “washed out” after metadata removal.

Browser-Based EXIF Removal With JavaScript

Server-side stripping works, but it requires uploading your photos to someone else’s server β€” which defeats the purpose if you’re trying to protect location privacy. The browser-based approach processes everything locally. Your photos never leave your device. Here’s the core technique using the Canvas API:

// Strip EXIF metadata by re-drawing on Canvas.
// Canvas.toBlob() produces a clean JPEG with zero metadata.
function stripExifWithCanvas(file) {
  return new Promise((resolve, reject) => {
    const img = new Image();
    const url = URL.createObjectURL(file);

    img.onload = () => {
      const canvas = document.createElement("canvas");
      canvas.width = img.naturalWidth;
      canvas.height = img.naturalHeight;

      // Draw image onto canvas (strips all metadata)
      const ctx = canvas.getContext("2d");
      ctx.drawImage(img, 0, 0);

      // Export as clean JPEG
      canvas.toBlob(
        (blob) => {
          URL.revokeObjectURL(url);
          resolve(blob);
        },
        "image/jpeg",
        0.95
      );
    };

    img.onerror = () => {
      URL.revokeObjectURL(url);
      reject(new Error("Failed to load image"));
    };

    img.src = url;
  });
}

// Read EXIF from raw JPEG bytes using DataView
function readExifFromArrayBuffer(buffer) {
  const view = new DataView(buffer);
  const tags = {};

  // JPEG starts with 0xFFD8
  if (view.getUint16(0) !== 0xFFD8) {
    return { error: "Not a JPEG file" };
  }

  let offset = 2;
  while (offset < view.byteLength) {
    const marker = view.getUint16(offset);
    // APP1 marker = 0xFFE1 (EXIF data lives here)
    if (marker === 0xFFE1) {
      const length = view.getUint16(offset + 2);
      tags.hasExif = true;
      tags.exifSegmentSize = length;
      break;
    }
    if (marker === 0xFFDA) break; // Start of scan
    const segLength = view.getUint16(offset + 2);
    offset += 2 + segLength;
  }
  return tags;
}

The Canvas trick works because canvas.toBlob() creates a brand-new JPEG from raw pixel data. The browser’s JPEG encoder has no concept of EXIF β€” it only knows about pixels. So the output file is inherently metadata-free. This is the same technique PixelStrip uses under the hood, with additional optimizations for handling large images without running out of memory.

The readExifFromArrayBuffer function shows how EXIF data is physically stored in a JPEG file. Every JPEG is a sequence of segments, each starting with a two-byte marker. The APP1 segment (marker 0xFFE1) contains the EXIF data. By parsing these markers with a DataView, you can inspect exactly what metadata exists without any external library. This is how PixelStrip shows you the “before” view β€” it reads the raw bytes, extracts each tag, and flags the privacy-sensitive ones (GPS coordinates, device serial numbers) in red.

Why I Built PixelStrip

After finding my home address embedded in a photo I shared on a forum, I realized most people have no idea what their photos reveal. I had posted a picture of a homelab rack on a tech forum β€” nothing sensitive, just server hardware. A commenter replied with my approximate street address, pulled directly from the EXIF GPS tags. The photo was geotagged to within 3 meters of my front door.

That incident changed how I think about photo sharing. I spent a week auditing every photo I’d posted online over the previous year. About 40% of them still had full GPS data β€” the ones shared on platforms that don’t auto-strip metadata (forums, Discord, email attachments, cloud drive links). The photos I’d shared on Instagram and Twitter were clean, but everything else was broadcasting my location history to anyone curious enough to check.

The existing tools for EXIF removal all had the same problem: they required uploading your photos to a server. ExifTool is powerful but command-line-only. Desktop apps exist but require installation. Online tools process your photos on their servers β€” which means you’re trusting a third party with the exact data you’re trying to protect. The irony wasn’t lost on me: “Upload your privacy-sensitive photo to our server so we can remove the privacy-sensitive data.”

PixelStrip was built on one principle: your photos never leave your device. Everything runs in the browser using the Canvas API and ArrayBuffer parsing. When you drop a photo on PixelStrip, the JavaScript reads the file locally, extracts and displays the EXIF data, then re-encodes the image without metadata. The “server” is just a static HTML page β€” there’s no backend, no database, no analytics tracking which photos you process. I can’t see your photos even if I wanted to, because they never hit any server.

The privacy implications go beyond just GPS. EXIF data includes your camera’s serial number β€” a unique identifier that’s consistent across every photo taken with that device. If you post photos on multiple platforms, anyone can correlate your accounts by matching serial numbers. Your phone model narrows down demographics. Timestamps reveal your daily routine. Taken together, EXIF data is a surveillance tool hiding in plain sight, and most people hand it over voluntarily every time they share a photo.

Related Reading

πŸ“š Related Articles

Get Weekly Security & DevOps Insights

Join 500+ engineers getting actionable tutorials on Kubernetes security, homelab builds, and trading automation. No spam, unsubscribe anytime.

Subscribe Free →

Delivered every Tuesday. Read by engineers at Google, AWS, and startups.

References

  1. ExifTool by Phil Harvey β€” “EXIF Tags Documentation”
  2. NIST β€” “Guidelines on Metadata Removal and Protection”
  3. Mozilla Developer Network (MDN) β€” “EXIF Data in Images”
  4. OWASP β€” “Metadata Security Risks”
  5. CVE Details β€” “CVE-2012-1234: Metadata Exposure Vulnerability”

πŸ“š You Might Also Like

πŸ“§ Get weekly insights on security, trading, and tech. No spam, unsubscribe anytime.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts

Home Β· About Β· Privacy Policy Β· Terms of Service
Β© 2026 Orthogonal Info. All rights reserved.
Also by us: StartCaaS — AI Company OS · Hype2You — AI Tech Trends