What EXIF actually is — and why it matters for your privacy

You take a photo on your phone, send it to a friend, post it on a marketplace listing. Most of the time, that's the end of it. But your photo file is carrying a small bundle of invisible information called EXIF data — and depending on the situation, it can leak more about you than you intended.

The short version

EXIF (Exchangeable Image File Format) is a metadata standard that lives inside almost every JPEG. Your camera or phone writes it automatically when the photo is created, and it travels with the file unless something explicitly strips it out.

What's in there?

• When the photo was taken, down to the second
• What device took it — make, model, lens, sometimes a unique camera serial
• How it was shot — exposure, aperture, ISO, focal length
• Where it was taken — exact GPS coordinates, if location services were on

That last one is the big one for most people.

"But I don't post my address anywhere"

You don't have to. If the photo you posted was taken at home — or your kid's school, your workplace, the friend's house you visited last weekend — the GPS coordinates in the EXIF block point at that physical address with accuracy good enough to drop a pin on a map.

The platforms most people post to (Instagram, Facebook, X) strip EXIF before serving the image, which is why this rarely comes up in conversation. But:

• Direct file shares — emailing a photo, sending a Discord/Slack attachment, posting on a marketplace, dropping a file into a chat — usually preserve it
• Some "image hosting" sites preserve it deliberately
• Cloud sync between your devices keeps it
• Anyone you give the file to can read it with a free tool in five seconds

How to actually see what's in a photo

The fastest way: drop a photo into a tool that reads it. Right now you can use CleanImages (the very tool you're reading this from) — it shows you everything it found before you decide whether to strip it.

If you want to verify what we do without trusting us: open a JPEG in any hex editor and look near the start for the bytes Exif\0\0 followed by a TIFF header. That's the segment. There are also command-line tools like exiftool that print everything in a readable format.

What about other formats?

• PNG — usually no EXIF, but has its own text fields that AI image generators love to fill with prompts and model names. Stable Diffusion writes the prompt right into the file.
• HEIC (iPhone default since 2017) — carries EXIF the same way JPEG does, plus a few new fields
• WebP — can carry EXIF, usually doesn't unless converted from a JPEG
• RAW formats — full EXIF plus maker-specific extra tags. Big files, lots of detail.

The honest version of "removing metadata"

A few things to keep in mind, because the topic attracts overpromises:

1. Removing EXIF is not the same as making an image anonymous. Reverse image search, facial recognition, and pixel-level analysis don't care about EXIF.
2. Removing EXIF is not the same as "making AI images undetectable." AI detectors look at pixels, not metadata. Stripping the parameters chunk from a Stable Diffusion PNG removes one signal among many.
3. What it IS good for: stopping casual leakage of your location, device, and timestamps when you share files. That's a real and useful thing. Just don't expect it to do more than that.

When you should care

• Posting a photo of where you live, work, or spend time
• Sharing photos of kids in any context where the location matters
• Selling something on a marketplace ("here's my address, come get it")
• Journalism, activism, or any situation where source protection is real
• Sending sensitive documents (screenshots can carry metadata too)

For everyday family photos shared inside a private group? Probably overkill. The point isn't paranoia — it's knowing what's actually in the file so you can decide.