AllConvert

What your photos reveal: a practical guide to EXIF and metadata

A photo is never just the picture. Tucked inside almost every image file is a block of metadata describing how, when and often exactly where the shot was taken. Most of the time this is harmless, even useful — it is how your gallery app builds a map of your trips. But if you have ever posted a photo of something for sale, or shared a picture from home, that same data can say more than you meant to. Here is what is actually in there, and what to do about it.

What EXIF is, and what a phone really writes down

EXIF (Exchangeable Image File Format) is a standard for embedding structured data inside JPG, HEIC, TIFF and some other files. It dates back to 1995 and every camera and phone made since writes it automatically. Take one photo with a modern phone and it records, roughly:

Five decimal places of latitude is about one metre of precision. The GPS block does not say "Seoul"; it says which side of your house you were standing on.

What GPS data in a shared photo actually gives away

The risk scales with how you share. Photos that go to strangers are where geotags matter: a listing on a secondhand marketplace photographed in your living room, a lost-pet poster shot in your yard, photos of your kids sent to a group of people you half know. Anyone who saves the original file can read the coordinates in seconds — no special skills, just "file info" on most systems.

Timestamps combine badly with location. A photo geotagged at your home at 9 a.m. on a weekday, posted alongside vacation photos geotagged abroad, is an announcement that the house is empty. This is not theoretical; police forces have warned about it for years, and there are well-documented cases of people being located from geotags — including a famous 2012 incident where a fugitive tech founder's position was exposed by the EXIF in a journalist's photo.

None of this means panic. Photos shared to big social platforms are mostly fine, for a reason covered next. The cases that deserve attention are original files sent directly to people you do not fully trust.

Which platforms strip metadata, and which do not

The major social networks — Facebook, Instagram, X, and similar — re-process every upload, and the image other users can download has the EXIF stripped, GPS included. (The platform itself typically reads the metadata before discarding it, which is a privacy question of a different kind, but at least other users cannot see it.) WhatsApp and most chat apps do the same for pictures sent the normal way, because they recompress images to save bandwidth.

The gaps are everywhere people deliberately preserve quality:

Notice the irony: choosing the "full quality" sharing option is exactly what preserves the data you might want gone.

How to see what is inside your own photos

The quickest way to make this concrete is to look at one of your own files. Drop any photo into our image metadata viewer and it lists every EXIF field it finds — camera, settings, timestamps, and GPS coordinates if present. The check runs entirely in your browser; the photo is never uploaded anywhere, which matters rather a lot for a tool whose whole point is privacy. Try it with a photo taken by your phone camera and one saved from a social network, and you will see the difference immediately: the first is full of data, the second is nearly empty.

How to remove metadata before sharing

Both major phone platforms let you share without location: iOS has an "Options" toggle on the share sheet, Android's Google Photos can remove location on share. Those handle GPS but often keep the rest of the EXIF.

The blunt, reliable method is re-encoding: decode the image to raw pixels, then save a brand new file from those pixels. The new file contains what the encoder writes — which, for the tools on this site, is no EXIF at all. Practically, that means either running the photo through the image compressor (you get a smaller, metadata-free copy in one step) or converting it to another format, for example PNG to JPG or HEIC to JPG. Since everything here runs client-side, the original never leaves your machine during the process.

One caveat: removal only helps before sharing. Once an original file is out, its copy of the metadata is out with it.

The new metadata: AI generation info

A newer category is worth knowing about. Images made with AI tools often carry their own kind of metadata. Stable Diffusion interfaces such as AUTOMATIC1111 and ComfyUI write the full generation recipe — prompt, negative prompt, seed, sampler, model name — into text chunks of the output PNG. If someone shares a generated image as the original PNG, the exact prompt they typed rides along inside the file, which has embarrassed more than one person who prompted for something they would not say out loud.

Going the other direction, the industry is starting to add provenance on purpose. C2PA "Content Credentials", backed by Adobe, Microsoft, Google and camera makers, embeds a signed record of where an image came from and what edited it — some cameras now sign photos at capture, and tools like Photoshop and several AI generators attach credentials on export. The idea is to make "is this photo real?" answerable. Adoption is early and uneven, but these records are appearing in more files every year.

Our metadata viewer reads PNG text chunks and other embedded segments too, so it will surface an embedded Stable Diffusion prompt or flag C2PA-related data where present — a quick way to check what a downloaded image admits about its own origins.

The short version