What is photo metadata?
Digital photos store information in a format called EXIF (Exchangeable Image File Format). This metadata includes technical details like camera settings, but also potentially sensitive information:
GPS coordinates showing exactly where the photo was taken
Date and time stamps
Device make and model
Camera settings (aperture, shutter speed, ISO)
Software used to edit the photo
In some cases, smartphones can even record which camera lens was used, whether the front or back camera took the shot. Research from George Mason University found that digital photos often contain far more information than what owners expect to share, creating significant privacy risks.
Real-world privacy breaches
Photo metadata has led to real consequences. In 2012, anti-virus software pioneer John McAfee was on the run from authorities in Belize. Vice magazine published a photo of him, taken with an iPhone 4S, without removing the embedded GPS coordinates. Within hours, a security researcher extracted the location data and pinpointed McAfee at a resort in Guatemala. He was arrested shortly after.
Back in 2010, a website called "I Can Stalk U" demonstrated the problem by analysing photos posted online for geolocation data. The site displayed the exact locations where photos were taken alongside the original posts. According to Canada's Privacy Commissioner, as little as four randomly chosen location data points can uniquely identify an individual.
A 2017 Kaspersky investigation found that even cropped photos can leak information. TV host Catherine Schwartz posted cropped photos to her blog in 2003, but the metadata still contained thumbnails of the original, uncropped images. The issue persisted in some software even years later, with Corel Photo-Paint X8 failing to update thumbnails when images were edited.
How social media platforms handle metadata
Different platforms take different approaches to photo metadata:
Facebook deletes EXIF data from uploaded photos, but stores the information in its own database. If you download your data backup, you will find geotags and IP addresses from which photos were uploaded.
Instagram removes most EXIF data, including GPS coordinates, from photos you share publicly.
Twitter strips location data from photos by default, though users can opt to add location information to tweets.
However, just because a platform removes metadata from the version others see does not mean your data is fully protected. Many platforms retain the original files and metadata on their servers, which could be exposed in a data breach.
Steps to protect yourself
Disable location services for your camera
The simplest solution is to prevent location data from being embedded in the first place.
On iPhone: Go to Settings> Privacy> Location Services> Camera, and select "Never".
On Android: Open your Camera app, go to Settings, and disable "Save location" or "Location tags".
Remove metadata before sharing
If you want to share photos that already contain metadata, you need to strip it out first. This is where ClearShare comes in. The app lets you see exactly what metadata is embedded in your photos and remove it before sharing. You can remove GPS coordinates, timestamps, and device information while keeping the photo itself intact.
Use platform features carefully
When sharing to social media, be aware that some platforms offer location tagging as a feature. Even if the photo metadata is stripped, adding your location through the platform's interface can reveal where you are.
Be cautious with photo management tools
Some photo editing software preserves metadata, while others remove it. Research from educational technology providers shows that not all services handle EXIF data consistently. If you are editing photos before sharing them, check whether your chosen tool removes or preserves metadata.
Why this matters
Photo metadata can be used to track your movements, identify your home or workplace, and build a detailed profile of your daily routine. A Stanford University study on metadata demonstrated that researchers could determine sensitive information about individuals, including medical conditions and personal relationships, from metadata patterns alone.
For parents sharing photos of their children, activists documenting protests, or anyone who values their privacy, removing metadata is a simple step that can prevent serious consequences.
Making privacy the default
The best approach is to handle privacy before you share, not after. By disabling location services on your camera and using tools to check and remove metadata, you can share photos without accidentally sharing your personal information.
Privacy should not require constant vigilance. With the right settings and tools, you can share moments from your life without broadcasting where you live, what device you use, or when you were there.
