Most people think of a photo as just the picture. The file is more than that. Wrapped invisibly around the image data is a block of text called EXIF metadata, and on virtually every phone photo taken with location services enabled, that block includes the exact coordinates of where the photo was taken.

None of this shows up when you open the photo. It shows up when someone runs the file through a tool built to read it — and increasingly, that's not a hard thing to do.

What's actually hidden inside a photo

EXIF data is a standard part of how cameras and phones save JPEG files. It was originally designed for genuinely useful purposes: helping photographers organise their work, letting editing software apply the correct rotation, recording exposure settings for people who want to learn from their shots.

The fields that matter for privacy are a small subset of a much larger standard:

GPS coordinates

Latitude and longitude of where the photo was taken, stored as precise decimal-degree values.

Camera or phone model

The exact make and model of the device used, sometimes including the specific lens.

Date and time

The precise moment the photo was taken, often to the second.

Software used

Any editing app or software that touched the file after it was taken.

None of these fields are visible in the image itself. All of them are sitting in the file, readable by anyone who knows to look.

How precise the location data really is

This is the detail that tends to surprise people. EXIF GPS data isn't a rough estimate of "somewhere in this city." It's typically accurate to within a few metres — the same level of precision your phone's mapping app uses to put a pin on a building.

What "a few metres" actually means

A few metres of accuracy is enough to distinguish between a front door and a back door, identify which floor of an apartment building a photo was taken from, or confirm that a photo claiming to be from "a friend's place" was actually taken at a specific home address. This isn't a theoretical risk — it's the literal design purpose of the data field.

Where this becomes a real problem

The risk isn't constant — it depends entirely on where the photo goes and who can access the underlying file rather than a re-compressed version of it.

  • Marketplace listings. Selling something on Facebook Marketplace, Craigslist, or a similar platform often means the photo file itself, location data intact, is what gets attached or downloaded by a buyer.
  • Email attachments. Sending a photo as a direct email attachment ships the original file exactly as it was saved on your device.
  • Cloud storage share links. A shared Google Drive or Dropbox link typically serves the original file, not a stripped version.
  • Domestic safety situations. For anyone who needs to keep a current location private from a specific person, a single shared photo can undo that privacy instantly and without any visible sign that it happened.
  • Photos involving children. A photo of a child outside a school or home, shared more widely than intended, can reveal exactly where that child regularly is.
  • Client and professional delivery. Photographers and designers delivering final files to a client are also handing over whatever metadata sits inside those files, unless it's deliberately removed first.

Which platforms strip this, and which don't

This is genuinely inconsistent, which is part of why it catches people out.

Sharing method Typically strips GPS data?
Instagram, Facebook, most major social platforms (upload through app) Usually yes
Email attachments No
Direct messaging apps (varies by app) Inconsistent
Cloud storage share links (Drive, Dropbox, iCloud) No
Marketplace and classifieds listings Inconsistent
Direct file transfer (USB, AirDrop, file sharing apps) No
Why "usually yes" still isn't good enough

Platform behaviour changes over time, varies by upload method (app versus browser versus API), and is never something the platform formally guarantees to you as a user. Treating "the platform probably strips it" as a privacy plan means your safety depends on a setting you don't control and can't verify at the moment it matters.

The hidden thumbnail problem

This is the part almost nobody knows about, and it complicates the assumption that cropping or editing a photo makes it safe.

Some cameras and editing tools store a small embedded thumbnail image directly inside the EXIF data, separate from the main visible photo. If that thumbnail was generated before you cropped or edited the image, it can still show the original, unedited version — sitting inside the file, untouched by whatever you changed afterward.

In practice, this means a photo you cropped specifically to remove a license plate, a face, a piece of mail, or a background detail can still contain that exact detail in miniature, inside the metadata, even after the visible image looks clean.

How to check what your own photos reveal

Before assuming a photo is safe to share, it's worth actually looking at what's inside it. Humanify's EXIF Remover scans a photo and shows you exactly what metadata is present before removing anything — camera details, timestamp, and GPS coordinates with a direct link to view the exact location on a map, so you can see precisely what someone receiving that file would be able to find.

This step matters on its own, separate from removal. Seeing the actual coordinates on a map tends to change people's sense of how serious this is, in a way that reading "contains GPS data" in the abstract doesn't.

How to remove it properly

Removing EXIF data correctly is not the same as just resaving the photo through any random tool. Done wrong, it can either fail to remove everything, or it can recompress the entire image as an unnecessary side effect of removing a small text block.

  • 1
    Use a tool that strips metadata directly from the file

    A proper EXIF remover edits the file structure itself rather than re-encoding the whole image, which means zero quality loss — the visible photo is completely unchanged, only the hidden data block is removed.

  • 2
    Check the preview before you remove anything

    A good tool shows you what's actually in the file first. If there's no GPS data and no sensitive camera details, you may not need to do anything at all for that particular photo.

  • 3
    Keep your original file

    Always save the cleaned version separately rather than overwriting your only copy, in case you need the original later for re-editing or printing.

  • 4
    Re-check after editing software has touched the file

    If you edit a photo after removing its metadata, some editing software re-adds its own metadata on save. Check again before sharing if editing happened after the cleanup step.

See exactly what's hidden in your photos, then remove it in one click — free, private, no upload.

Open EXIF Remover

Common mistakes people make

  • Assuming every platform automatically strips metadata, when behaviour varies by platform, upload method, and changes over time
  • Cropping out a sensitive detail and assuming that makes the file safe, without checking for an embedded thumbnail that may still show it
  • Treating email and direct messages as inherently private, when the file shared is typically the unmodified original
  • Removing metadata once and assuming it stays removed, even after the file passes through other software that may re-add its own data
  • Using a recompression-based "cleaner" that strips metadata but also degrades the actual image quality as a side effect

Frequently asked questions

How do I know if my photo has GPS location data?
Most phones embed GPS coordinates automatically when location services are on at the time the photo is taken. You can check by opening the photo's file details on most devices, or by running it through a metadata viewer that displays EXIF data, including a direct link to the exact coordinates on a map.
Do Instagram and Facebook remove location data automatically?
Most major social platforms strip EXIF metadata, including GPS coordinates, when you upload a photo through their app or website. This is not universal, however, and platforms change their handling over time, so it should not be relied on as a guarantee.
Where does location data in photos cause real problems?
Email attachments, direct messages, cloud storage share links, marketplace listing photos, and any platform that doesn't automatically strip metadata. These are the situations where the original, unmodified file — GPS data intact — is what the other person actually receives.
Can a cropped photo still reveal what was cropped out?
In some cases, yes. Certain cameras and editing tools store a small embedded thumbnail image inside the EXIF data, separate from the visible photo. If that thumbnail was generated before the crop or edit, it can still show the original, unedited version even after the visible image has been changed.
How accurate is the GPS data stored in a photo?
Typically accurate to within a few metres, which is precise enough to identify a specific building, room, or exact spot on a street. This is the same level of precision used by mapping and navigation apps.
Does removing metadata reduce photo quality?
Properly done, no. Metadata can be stripped directly from the file without touching or recompressing the actual image data, so visual quality is unchanged. Some basic tools recompress the whole image as a side effect of removing metadata, which does cause a small quality loss — it's worth checking which approach a tool actually uses.
Is it worth removing metadata from every photo I share?
Not necessarily every photo, but it's worth doing for anything leaving a closed circle of trusted people — marketplace listings, client deliverables, anything posted publicly outside a platform known to strip metadata automatically, and any photo where the location itself is sensitive.