What Your Photos Reveal: EXIF Data Explained
Every photo you take contains hidden metadata: GPS location, camera model, date, and more. Here's what's in your images and how to protect yourself.
I posted a photo of my cat on Twitter a few months back. Just a cute picture of her sleeping on the couch. Nothing special. Within an hour a stranger replied with my neighborhood name. Not the city. The specific neighborhood. I freaked out.
Turns out my phone had been geotagging every photo I took. The GPS coordinates were embedded right there in the image file. Anyone who downloaded that picture could see exactly where I lived.
Most people have no idea this is happening. I didn’t, and I work with images every day.
What is EXIF data?
EXIF stands for Exchangeable Image File Format. Every digital photo you take, whether on a phone or a real camera, comes with a bundle of hidden information attached to it. This metadata travels with the image everywhere it goes.
You can’t see it by looking at the photo. It’s not visible in the image itself. But it’s there, tucked inside the file, readable by anyone who knows where to look.
Think of it like an invisible sticky note attached to the back of a printed photo. Except this sticky note knows your exact GPS coordinates.
What’s actually inside your photos
I pulled the EXIF data from a photo I took last week on my Pixel 8. Here’s what was hiding in there:
| Data point | What it showed | Why it matters |
|---|---|---|
| GPS coordinates | 37.7749, -122.4194 (accurate to ~3 meters) | Anyone can find the exact spot you took the photo |
| Date and time | 2025-05-14, 2:47 PM | Reveals your schedule and patterns |
| Camera model | Pixel 8 | Tells people what device you own |
| Lens info | f/1.7, 4.3mm | Camera-specific details |
| ISO / aperture / shutter | ISO 120, f/1.7, 1/120s | Photography settings |
| Software version | Android 15 | Reveals your OS version |
| Image dimensions | 4080 x 3072 | File specs |
| Flash used | No | Minor but still recorded |
That GPS line is the scary one. Three meters accuracy means someone could pinpoint which room in my apartment I was standing in when I took the shot.
The real privacy risks
Let me paint a picture of what someone can do with this data.
They know where you live. Upload a photo taken inside your home and your address is exposed. Not the street. The exact building.
They know where you work. Take a photo at your desk and post it online? Now your office location is public.
They can track your movements over time. If you post photos regularly, someone can build a map of where you go, when you go there, and how often. Your daily commute. Your gym. Your kid’s school.
A few years back researchers at Kaspersky downloaded random photos from social media and found that about 30% still contained GPS coordinates. That was after the platforms claimed to strip location data. Some did. Some didn’t.
It gets worse when you share photos through messaging apps or email. Those channels often preserve the original file intact, EXIF data and all. At least Instagram and Facebook try to remove it (most of the time). A direct message with an image attached? Whatever metadata was in there is still in there.
In 2019, a fitness tracking app called Polar revealed the locations of military bases and intelligence facilities around the world. Soldiers had been logging workouts while on duty. The GPS data embedded in their activity records showed exactly where they ran, which buildings they entered, and when. A journalist was able to identify individual users, their home addresses, and the classified facilities they worked at, all from publicly shared fitness data. The same principle applies to photos. That hiking shot you post could reveal exactly which trail you were on, at what time, and on what date. Scale that across a year of posts and someone can map your entire routine.
I tested my own photos
After the Twitter incident I went through my camera roll and checked the last 10 photos I’d taken. Every single one had GPS coordinates embedded. All 10.
Here’s the breakdown:
- 8 photos taken at home: all showed my apartment building’s location
- 1 photo at a coffee shop: pinpointed the exact cafe
- 1 photo at a friend’s house: revealed their address
None of these were special camera settings. This was just the default behavior of my phone. I never turned location tagging on. It was enabled from the factory.
I checked my partner’s iPhone too. Same story. Apple enabled location services for the camera by default as well. Her last 20 photos all had GPS data.
That’s when I started paying attention to EXIF data.
How to protect yourself
You have a few options. Some are better than others.
Strip EXIF when you compress. This is the easiest method and the one I use most often. When you compress an image with ImgPrism, the compressed output typically drops the metadata along the way. It’s a two-for-one: smaller file and cleaner privacy footprint.
Convert to a different format. Changing your image from one format to another can alter what metadata survives the conversion. The image format converter handles this during the conversion process.
Turn off GPS tagging on your phone. On Android, go to Camera settings and disable “Save location” or “Geotagging.” On iPhone, you can either turn off Location Services for the Camera app specifically or go to Settings, Privacy, Location Services, Camera, and select “Never.” This stops future photos from recording coordinates but does nothing for photos you’ve already taken.
Check what social media does. Most major platforms strip EXIF when you upload. Instagram, Facebook, Twitter, and LinkedIn all remove metadata from displayed images. But here’s the catch. They remove it from the version they show other people. The original file they receive might still be stored on their servers with all the data intact. And some platforms are inconsistent. I’ve downloaded images from Twitter that still had camera model and date info, even if the GPS was gone.
Don’t rely on just one method. I do both. I keep GPS tagging off on my phone for new photos. And I run anything I plan to share online through the compressor first. Takes about ten seconds per image and gives me peace of mind.
Check your own photos right now
If you’re curious what’s hiding in your photos, try this. Open a recent photo from your phone on your computer. On Windows, right click the file, go to Properties, then Details. On Mac, open it in Preview and click the info button, then the Exif tab.
You might be surprised by what you find.
Or just drop your image into the compressor and compare the file info before and after. The before version will show you everything that was attached. The after version should be a lot cleaner.
Every photo you take tells a story. Make sure it’s telling the story you want to tell, not the one your phone’s GPS is telling for you.