← All Tips/METADATA
METADATA

Scrub Your Photos

Posting a photo from home? Strip the GPS coordinates first or everyone knows your origin.

What Is EXIF Data?

Every photo your phone or camera takes is embedded with metadata — technical information about the image. This is called EXIF data (Exchangeable Image File Format).

EXIF data typically includes:

  • GPS coordinates (latitude and longitude, often precise to within 10 meters)
  • Timestamp (exact date and time the photo was taken)
  • Device information (make, model, and often the unique serial number of your camera or phone)
  • Camera settings (aperture, shutter speed, ISO)
  • Software version of your phone's operating system

When you post a photo online without stripping this metadata, you're potentially broadcasting your exact home address, your daily patterns, and your device fingerprint.

Real-World Risks

For individuals: A photo posted from home with GPS enabled tells anyone who extracts the EXIF data where you live. Stalkers, harassers, and burglars can use this. John McAfee was famously located by journalists who extracted GPS coordinates from a photo his team posted.

For businesses: Photos of internal documents, whiteboards, or office equipment can contain metadata revealing device identities, time zones, and internal file structures.

For journalists and activists: Posting photos without stripping metadata in hostile environments can reveal source locations and journalist identities.

How to Check Your Photos for EXIF Data

Online (for testing): Jeffrey's Image Metadata Viewer (exifdata.com) — upload a photo to see all embedded data

On Mac: Right-click the image → Get Info → More Info → check for location data

On Windows: Right-click → Properties → Details → GPS section

How to Strip EXIF Data

Before posting:

*iPhone:*

  • iOS 13+: When you copy/paste a photo, GPS is stripped. When you AirDrop, it's preserved.
  • Settings → Privacy → Location Services → Camera → "Never" (disables GPS in photos entirely)

*Android:*

  • Settings → Camera → Location tags → Off

*Manual stripping on desktop:*

# Using ExifTool (free, cross-platform)
exiftool -all= photo.jpg

For bulk stripping:

ExifTool can process entire directories:

exiftool -all= -r /path/to/photos/

Social Media Handling

Most major platforms (Instagram, Twitter/X, Facebook) strip EXIF data when you upload. But:

  • They store the original metadata on their servers
  • Some platforms and direct file sharing do not strip it
  • You shouldn't rely on the platform — strip before uploading

Know what your photos are saying before you post them.

Get your site properly hardened.

The Voice of Cash delivers professional security audits and hands-on implementation.

Speak to a Specialist →
← Previous
Update Your Firmware
Next →
Hover Before You Click