You took a photo at home. You shared it in a neighborhood Facebook group to ask about a plant in your yard. Friendly enough.
Embedded in that file was the GPS latitude and longitude of where you were standing when you took it. Precise to within a few meters. Anyone who downloaded that photo — and on Facebook, that includes people you've never met — had your home address. Not your street. Your exact position in your backyard.
You didn't know it was there. Most people don't.
This article explains what EXIF metadata is, shows you what it actually looks like in a real photo file, and walks you through where you encounter it in the wild. It ends with a free browser-based tool that strips it completely before you share — no upload, no account, nothing leaves your device.
When your phone takes a photo, it doesn't just save the image. It saves a record of the moment. The camera app writes a block of structured data into the file itself — invisible when you look at the photo, but readable by anyone with the right software. That data travels with the file everywhere it goes: text messages, email attachments, social media uploads, forum posts, real estate listings, dating profiles.
Most platforms strip some metadata when you upload — but not all of them, not always, and not reliably. You don't know which ones do and which ones don't. And even platforms that strip it on upload may retain it in their own systems before the public-facing copy is cleaned.
The safer position is to strip it yourself before it leaves your device.
EXIF stands for Exchangeable Image File Format. It's a standard that's been baked into digital cameras and phones for decades. Here's what a real metadata block from a smartphone photo contains — this is what anyone inspecting your file actually sees.
GPS Latitude: 30° 37' 14.40" N
GPS Longitude: 96° 20' 18.12" W
GPS Altitude: 96.8 m above sea level
GPS Timestamp: 14:23:07 UTCThose coordinates resolve to a specific address. Paste them into any mapping service and you're standing in someone's backyard. This field is present in every photo taken with location services enabled — which is the default on both iPhone and Android.
Make: Apple
Model: iPhone 15 Pro
Software: 17.4.1
Lens Model: iPhone 15 Pro back triple camera 6.765mm f/1.78
Camera Serial: [device serial number]The make and model alone tell someone what device you used. Combined with other photos you've shared, the serial number can tie disparate accounts together. If you've ever posted photos on a forum or platform where you're anonymous, your device serial number is a potential link between that account and others.
Date/Time Original: 2026:05:14 09:17:43
Date/Time Digitized: 2026:05:14 09:17:43
Offset Time: -05:00The timestamp records when the photo was taken, down to the second, including your timezone offset. This can contradict stated timelines, reveal daily routines, or simply tell someone more than you intended about when you were somewhere.
Software: Adobe Lightroom 7.4 (iOS)
XMP Toolkit: Adobe XMP Core 6.0
History Action: saved
History Instance: xmp.iid:a3f2...Edited photos often carry the software used and sometimes a partial edit history. This can reveal which apps you use and, in some cases, metadata left by the editing software itself.
The fields above are from real photo files — the coordinates and serial numbers are illustrative, but the field names, formats, and presence of this data are accurate representations of what smartphone photos actually contain.
Start paying attention to where you share photos and what might travel with them.
Social media profile photos. Your profile picture on any platform started as a photo file. If you uploaded it directly from your phone without stripping metadata, it may have included your home location at the time you took it.
Real estate listings. Sellers and agents routinely photograph homes and upload directly to listing services. Photos of the interior of your home, with GPS coordinates embedded, are publicly accessible to anyone viewing the listing — including people you'd rather not know your floor plan.
Dating profiles. Photos uploaded to dating apps are frequently downloaded by other users. Metadata in those photos can reveal where you live, where you work, and what device you use — information that has enabled stalking cases documented by security researchers.
Forum and community posts. Nextdoor, neighborhood Facebook groups, local subreddits, hobbyist forums — anywhere you post photos of your home, your car, your workspace, or your neighborhood carries the same risk.
Email attachments. A photo sent as an attachment travels with its full metadata intact. Your email provider doesn't strip it.
Document photos. A photo of your ID, a receipt, a handwritten note, a whiteboard — all carry the same metadata as any other photo.
The risk isn't only immediate. A photo you share today may be stored, archived, or downloaded by someone who checks the metadata months or years later. Stripping it before sharing is a one-time action that eliminates a permanent risk.
Before you share any photo, check and strip the metadata. The ZTDev Image Metadata Stripper does this entirely in your browser — the photo never leaves your device, no account required, no upload.
How to use it:
Drop any JPEG, PNG, WebP, or TIFF photo into the tool. It reads and displays all the metadata it finds — GPS coordinates, device info, timestamps, software — so you can see exactly what's in the file before deciding what to do. If you want to share a clean copy, click Download. The image content is unchanged. The metadata is gone.
Start with a photo you've already shared. Pull a recent photo from your camera roll, drop it in the tool, and see what was traveling with it. Most people find GPS coordinates on the first try. Once you've seen it on your own photo, you won't forget it.
From that point on, stripping metadata before sharing takes about ten seconds. That's the habit worth building.
Strip metadata from your photos — ZTDev Image Metadata Stripper