File Tunnel/site
RELAY · SEOUL
All guides
GUIDE

EXIF Metadata: What Your Photos Reveal, and What Apps Strip

What hidden EXIF, IPTC, and XMP metadata rides along in your photos, the real GPS privacy risk, and which messengers, social apps, and email keep or strip it.

By the File Tunnel team · 2026-06-23 · EN/KO

Every photo you take is two things at once: the visible image, and a block of hidden text describing how, when, and often where that image was made. That hidden text is metadata, and most people never look at it. But the apps you send photos through absolutely do — some delete it, some quietly keep it, and some pass it along untouched.

This guide explains what that metadata actually contains, why a single casual snapshot can leak your home address, and how different channels — social networks, messengers, email, and file transfer — handle it. The short version: "stripped on display" is not the same as "never uploaded," and the only metadata you can fully trust is the metadata you removed yourself before sending.

What are EXIF, IPTC, and XMP?

"EXIF" gets used as a catch-all, but there are really three overlapping metadata standards embedded inside image files, usually JPEG, HEIC, or TIFF.

For privacy, EXIF is the one that matters most, because the GPS tags are written automatically and silently. You never typed them in; your phone did.

The real privacy risk: GPS

The camera settings are harmless. Nobody is harmed by knowing you shot at f/2.8, 1/250s, ISO 400. The timestamp is mildly sensitive — it can place you somewhere at a specific moment. The GPS coordinates are the actual hazard.

A photo of your cat on the living-room couch, if it carries GPSLatitude and GPSLongitude, encodes the coordinates of that room — typically accurate to within tens of meters, sometimes better. Paste those into any map and you are looking at someone's front door. This is not theoretical: investigators, stalkers, and curious strangers have located people from a single image. A recurring pattern is a public figure who posts an indoor photo and inadvertently publishes their home location, because the file still carried the original GPS tags from a channel that preserved them.

The danger is precisely that it is invisible. The image looks like an ordinary picture of a cat. Nothing on screen hints that the file also says here is exactly where this was taken.

Why platforms handle it so differently

There is no universal rule. Whether your metadata survives depends entirely on what each channel does to the bytes, and that splits into three broad behaviors.

Social networks: usually strip on the public copy (and recompress)

Most large social platforms — Facebook, Instagram, X, Reddit — re-encode images server-side. They resize, recompress to their own JPEG settings, and serve a derivative file. Recompression discards the original metadata block as a side effect, so the photo that displays to other users typically has no EXIF. That protects other viewers, but it comes with two important caveats covered below.

Email and file transfer: send the original bytes unchanged

Email attachments, and most file-transfer and relay tools, do not touch your image. SMTP carries the exact file you attached, encoded for transport but byte-identical once decoded. Services like a plain cloud-storage share link, WeTransfer-style transfers, and relay-style transfer tools are designed to deliver the original bytes faithfully — that is the whole point of a file transfer. So if your photo had GPS in it, the recipient gets the GPS, intact. Fidelity is the feature here, and it works against your privacy unless you strip first.

Chat apps: it depends on the send mode and the app

Messengers are a mixed bag. Many recompress images sent as inline "photos" — WhatsApp, Telegram (as a photo), iMessage — which usually drops most EXIF much like social uploads do. Signal is stricter still: it deliberately removes metadata from outgoing images, including most file sends, as a privacy design choice. But several apps let you send the picture as a document / file, and in that mode many of them preserve the original bytes, GPS and all. The exact behavior varies by app and version and changes over time, so never assume; test it, or strip beforehand.

Channel vs. metadata behavior

ChannelTypically keeps EXIF?
Email attachmentYes — original bytes sent unchanged
File transfer / relay / cloud share linkYes — designed to preserve the original file
WeTransfer-style servicesYes — delivers the file as-is
Facebook / Instagram / X (public image)No — recompressed, stripped on the public copy
Reddit / most image hostsNo — usually recompressed
Chat app, sent as a "photo"Often no — recompressed (Signal strips aggressively)
Chat app, sent as a "document/file"Often yes — original preserved (Signal is an exception)
Cloud backup (iCloud, Google Photos)Yes — full metadata retained, by design

How to inspect and remove it yourself

Do not rely on the destination to protect you. Check and clean the file on your own device, before it leaves.

Built-in OS features

exiftool, the precise way

Phil Harvey's exiftool is the reference tool for power users and works on all major platforms. A few useful commands:

Note that -all= removes the EXIF/IPTC/XMP blocks but, on some formats, may leave a stored thumbnail or maker notes unless you also clear them; verify the result with a second exiftool read.

Re-export as a quick fallback

Taking a screenshot of a photo drops camera metadata because the new file is generated from the pixels on screen, not copied from the original. It is lossy and crude, but in a pinch a screenshot carries no original GPS. Be careful with "Export" or "Save As" in an editor, though: many editors faithfully copy metadata into the new file, so re-exporting does not reliably strip anything unless the export options explicitly say so.

Limitations: what stripping does and does not give you

This is where honesty matters, because "the platform strips EXIF" leads people to a false sense of safety. Several situations exist where metadata removal does little or nothing for you.

When this does not apply

Metadata hygiene is not always the right battle. If you are posting only through platforms that recompress public images and you do not care who holds the data behind the scenes, the EXIF on the visible image is already gone for your audience. Many phones taken with location services off never write GPS in the first place, so there is nothing to strip. And for photos that contain no sensitive location — a screenshot, a scanned document, an image with no geotag — fussing over EXIF is wasted effort. The point is not to strip everything reflexively; it is to know which channels preserve location and to act only when the photo, the place, and the destination actually warrant it.

The practical rule is simple: if a photo is going somewhere you do not fully control, and you care about location privacy, remove the GPS yourself before sending and confirm it is gone. Treat every channel as if it might preserve everything, because plenty of them do.

Frequently asked questions

Does taking a screenshot remove EXIF data?+

Yes, in practice. A screenshot is a brand-new image generated from the pixels on screen, so it carries no original camera EXIF and no GPS coordinates. The trade-off is quality and resolution loss, and the screenshot file will have its own (harmless) metadata, such as the time it was captured and the device that took it.

If Instagram strips EXIF, is my location safe?+

Only from other users, not from the platform. Instagram removes EXIF from the public derivative image, but it received your full original file — including GPS — during upload, and can read or store that server-side. "Stripped on the public copy" protects you from followers, not from the company holding the data.

Will sending a photo over email leak my GPS location?+

Yes, if the photo still contains GPS tags. Email sends your attachment as the original bytes, byte-identical once decoded, so any embedded EXIF travels intact to the recipient. The same is true of most file-transfer and cloud-share links, which are designed to deliver the original file faithfully. Strip the metadata before attaching.

How do I check whether a photo contains GPS coordinates?+

On the file directly, run exiftool -gps:all photo.jpg for a precise readout, or use the OS file properties. On macOS, Preview's Inspector shows a GPS tab for geotagged images; on Windows, right-click → Properties → Details; on iPhone, the Photos info panel shows a map if location is present. If a map or coordinates appear, the file is geotagged.

Is removing metadata the same as protecting my privacy in a photo?+

No. Stripping EXIF removes hidden data like GPS and timestamps, but it does nothing about identifying details visible in the actual image — a street sign, a house number, a license plate, or a name badge. Metadata removal and visual redaction are two separate steps, and you often need both.

The File Tunnel team

We build a real-time file-transfer relay in Rust, and write these articles from hands-on work with file transfer, networking, encryption, and browser platform APIs. More about us →

← Browse more guides