Your Photos Are Broadcasting Your Home Address — Strip EXIF GPS in the Browser

Written by

in

A friend sent me a photo of their new apartment last year and asked me to guess the neighborhood. I opened the JPEG in a terminal, ran exiftool, and read back their street address to two decimal places of latitude. They had never posted the location. The phone did it for them.

That is the whole problem PixelStrip exists to fix. Most photos coming off a modern phone carry a GPS block inside the file — the exact coordinates where the shutter fired, down to a few meters. Share that JPEG anywhere that doesn’t re-encode it, and you’re publishing your home, your kid’s school, your office desk. This post is about what’s actually in that metadata, which platforms strip it and which don’t, and why I built a browser-only tool instead of telling people to install desktop software.

What’s actually inside the file

EXIF (Exchangeable Image File Format) is a block of tags glued into the JPEG right after the start-of-image marker. It was designed for camera settings — shutter speed, ISO, focal length. Useful stuff. But the spec also carries an entire GPS sub-directory, and phones fill it in by default.

Here’s what a single photo off an iPhone typically hands over:

GPS Latitude    : 37 deg 46' 29.88" N
GPS Longitude   : 122 deg 25' 9.84" W
GPS Altitude    : 14.2 m Above Sea Level
Create Date     : 2026:07:04 18:32:11
Make            : Apple
Model           : iPhone 15 Pro
Software        : 17.5.1

That latitude/longitude pair drops a pin within about 5 meters. The timestamp tells anyone reading it when you were standing there. The device model and OS version are a nice bonus for anyone building a fingerprint of you. None of it is visible when you look at the picture. It rides along silently.

If you want the gory byte-level details of how those coordinates get packed into IFD structures, I wrote a separate teardown: How EXIF GPS Data Is Stored in a JPEG. The short version: GPS coordinates are stored as three rational numbers (degrees, minutes, seconds), each a pair of 32-bit integers, referenced by an offset pointer in the main tag table. It’s a tidy little format, which is exactly why it’s easy to both read and remove.

The “but platforms strip it” myth

The common reassurance is that social networks scrub metadata on upload. Some do. Many don’t, and the behavior is inconsistent enough that I don’t trust any of it:

  • Facebook, Instagram, Twitter/X: re-encode images and drop EXIF. Generally safe — but they replace it with their own tracking, and the re-encode wrecks quality.
  • Discord: keeps full EXIF on direct image attachments. That coordinate block ships straight through.
  • Slack: preserves the original file for downloads.
  • Email attachments: untouched. Whatever your camera wrote is what lands in the recipient’s inbox.
  • Your own website / self-hosted gallery: serves the raw file unless you strip it yourself.
  • Cloud storage share links (Dropbox, Drive): hand over the original bytes.

The failure mode that bit my friend was a real-estate listing tool that just re-served the uploaded JPEGs. Coordinates intact. So “the platform handles it” is not a plan. Stripping at the source is.

Why browser-only, and why that matters here

The obvious fix is exiftool, which is excellent. But telling a non-technical person to install a Perl utility and run exiftool -all= photo.jpg from a terminal is a non-starter. The alternatives most people reach for are worse:

  • Online EXIF removers: you upload your geotagged photo to some stranger’s server to have the location removed. Read that sentence again. You just handed the coordinates to exactly the party you were hiding them from.
  • Desktop apps: fine, but overkill for “clean these 8 photos before I text them.”
  • Phone share-sheet toggles: iOS has a “Remove Location” option buried in the share sheet’s Options menu. It works, but only for location, only on Apple’s terms, and most people never find it.

PixelStrip runs entirely in your browser. The photo never leaves your device — there’s no upload, no server round-trip, no log file with your coordinates in it. When you drop a JPEG in, the JavaScript reads the file with the FileReader API, walks the EXIF markers, and rewrites the file without the metadata block, all client-side. You can literally pull your network cable and it still works.

The mechanism is simple enough to describe in a paragraph. A JPEG is a series of segments, each marked by 0xFF followed by a marker byte. EXIF lives in the APP1 segment (0xFFE1). To strip it, you parse the segment list, drop APP1 (and optionally APP0, XMP, and any color-profile junk you don’t need), and re-concatenate the rest. The image pixels sit in the scan data, untouched — so unlike the social-network approach, there’s zero quality loss. No re-encode, no recompression artifacts. Same pixels, minus the tracking.

How I actually use it

Three cases come up for me weekly:

  1. Before texting photos of anything at home. Package on the porch, a receipt, my desk setup — all geotagged with my address. Drop, strip, send.
  2. Before uploading to my own blog. WordPress will happily serve the original file. I strip first so a right-click-save doesn’t leak where I live.
  3. Selling stuff online. Marketplace photos of your living room, tagged with your home coordinates, sent to strangers. Strip every one.

You can try it here: PixelStrip. Drag a photo in, download the clean copy, verify with exiftool if you’re paranoid (I was — the GPS block is gone, the pixels are byte-identical in the scan segment).

If you shoot a lot, fix it at the camera

Stripping after the fact works, but the cleaner move for anything sensitive is to not write the coordinates in the first place. On iOS: Settings > Privacy & Security > Location Services > Camera > set to Never. On Android it’s under the camera app’s own settings, usually “Location tags” or “Save location.” You lose the nice “photos on a map” feature, which is the tradeoff.

For anyone doing serious photography who still wants a reliable offline scrub across hundreds of files, a small NAS or even a Raspberry Pi running a scheduled exiftool job on an import folder is the setup I’d build. If you’re speccing a cheap always-on box for that kind of home-automation chore, the Raspberry Pi 5 (8GB) is what I’d grab, paired with a decent Samsung microSD card so the write-heavy batch jobs don’t chew through cheap flash. Full disclosure: those are affiliate links — I only link gear I actually run.

But for the 90% case — a few photos, right now, before you hit send — a browser tab that never phones home is the right tool. That’s the whole pitch.


Related reading on this site: the byte-level EXIF teardown and why I stopped pasting JWTs into online decoders — same browser-only, nothing-leaves-your-machine principle.

Join https://t.me/alphasignal822 for free market intelligence.

📧 Get weekly insights on security, trading, and tech. No spam, unsubscribe anytime.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Also by us: StartCaaS — AI Company OS · Hype2You — AI Tech Trends