What Your Photos Reveal: Stripping EXIF Before You Share

Every photo you take is a small intelligence file. Open any JPEG straight off your phone and you'll usually find the exact GPS coordinates where it was shot, the camera serial number, the timestamp down to the second, and sometimes even the device owner's name. Share that file as-is on a forum, a support ticket, a marketplace listing, or a personal blog, and you've leaked more than you think.

Most major social networks strip metadata on upload — but plenty of platforms don't. Discord, Slack, GitHub issues, email attachments, WordPress media libraries, Telegram (in file mode), and almost every direct file transfer preserve EXIF data untouched. If you care about operational privacy, client confidentiality, or just not broadcasting your home address with every cat picture, you need a habit of cleaning images before they leave your machine.

What's actually inside an image file

Modern image formats embed several flavors of metadata, and "removing metadata" means different things depending on which you target:

• EXIF — Camera make/model, lens, ISO, shutter speed, GPS latitude/longitude, altitude, original date/time, device owner.
• IPTC — Captions, keywords, copyright, photographer credit. Common in stock photography workflows.
• XMP — Adobe's extensible format, often holds editing history, ratings, and software fingerprints.
• ICC profiles — Color space data. Usually safe to keep, sometimes worth stripping for size.
• Thumbnails — Older EXIF can include an embedded thumbnail that wasn't updated after cropping, leaking the original uncropped image.

That last one is not theoretical. There are well-known cases where a person cropped sensitive content out of a screenshot, but the embedded thumbnail still showed the original.

Quick check: does your image have metadata?

Before you scrub, confirm what's there. You can drop a file into the AXOX Hub Metadata Remover and it will surface every tag in the file — GPS, timestamps, camera info, software history — in seconds, all in your browser. Nothing is uploaded to a server.

If you prefer the command line, exiftool is the canonical option:

exiftool photo.jpg

You'll get a dump of every field the file carries. Look specifically for GPS Latitude, GPS Longitude, Owner Name, and Serial Number.

Removing metadata across platforms

On Windows

1. Right-click the image and choose Properties.
2. Open the Details tab.
3. Click Remove Properties and Personal Information at the bottom.
4. Select Create a copy with all possible properties removed, then OK.

This is fast but not exhaustive — Windows leaves some XMP and maker-note fields behind. Fine for casual sharing, not enough for sensitive material.

On macOS

Preview's Tools → Show Inspector → ⓘ → GPS → Remove Location Info only nukes GPS. For a full scrub, use ImageOptim (free) which strips EXIF, XMP, and thumbnails on drag-and-drop, or run:

exiftool -all= photo.jpg

On iPhone

iOS 15+ lets you strip location per-share: tap Options at the top of the share sheet, toggle Location off. This only removes GPS — camera model and timestamps stay. For deeper cleaning, the Metapho app or Shortcuts can re-export with all metadata removed.

On Android

Google Photos: open the image → swipe up → tap the location pin and choose Remove location. Like iOS, this is GPS-only. For a complete strip, Scrambled Exif (F-Droid) or the share-to-clean workflow in Photo Exif Editor works well.

In the browser

For one-off files where you don't want to install anything, a client-side tool is the cleanest option. The AXOX Hub Metadata Remover processes images locally — your file never touches a server — and outputs a clean copy you can download immediately.

Batch workflows for developers and content teams

If you publish images regularly, manual cleanup doesn't scale. A few patterns:

exiftool batch

exiftool -all= -overwrite_original *.jpg

Strips every tag from every JPEG in the current directory. Combine with -r for recursive folders. Add -tagsfromfile @ -Orientation if you want to preserve rotation.

ImageMagick

mogrify -strip *.png

Removes profiles and comments. Useful in a build pipeline before publishing assets.

Git pre-commit hook

For docs repos and blogs, add a hook that runs exiftool -all= on any staged image. You'll never accidentally commit a screenshot with your home GPS embedded.

CI for user uploads

If your app accepts image uploads, strip metadata server-side on ingest. Sharp (Node.js) does this by default — it only keeps metadata if you explicitly call .withMetadata(). Pillow (Python) requires re-saving without the exif argument.

Common mistakes that leak data anyway

• Trusting screenshots blindly. macOS screenshots embed the device name and sometimes the user. Windows Snipping Tool adds timestamps and app version.
• Editing without re-exporting. Cropping in Preview or Photos often preserves the original EXIF, including the pre-crop thumbnail.
• Relying on platform stripping. Twitter/X strips, Instagram strips, Facebook strips. But Discord, Slack, Telegram (as file), email, WhatsApp (as document), and most CMSs do not.
• Ignoring PNG and HEIC. People assume only JPEGs carry EXIF. PNG supports tEXt and eXIf chunks; HEIC carries a full EXIF block. Both leak GPS.
• Forgetting derivative files. If you resize an image with a tool that preserves metadata, the thumbnail and the full-size version both leak.

A simple sharing checklist

1. Before you upload anywhere outside the big social networks, run the file through a metadata viewer to confirm what's inside.
2. If it contains GPS, timestamps, or device info you don't want public, strip it with exiftool -all=, ImageOptim, or the AXOX Hub Metadata Remover.
3. Re-open the cleaned file and visually confirm — sometimes a strip fails silently if the file is locked or read-only.
4. For ongoing publishing, automate the strip in your build pipeline or upload handler so a clean file is the only kind that exists.

Want to inspect and clean a file right now in your browser, with nothing uploaded? Open the free Metadata Remover at AXOX Hub, drop your image in, and download the scrubbed version.