What Your Photos Reveal About You: EXIF, GPS, and Device Fingerprints
Published April 2026
A JPEG file is not just an image. It is an image plus a data record that documents where you were, when you were there, which device you used, how you edited the file, and in some cases, who you are.
Most people have no idea what is embedded in the photos they share every day. Here is what your images contain by default.
What your photos reveal
Your exact location
Embedded fields
- GPSLatitude / GPSLongitude: coordinates accurate to meters
- GPSAltitude: floor-level precision in multi-story buildings
- GPSTimestamp: time you were at that location
- GPSAreaInformation: named location if available
Privacy risk
If you photograph inside your home, your home address is in every JPEG until you remove it.
Your device identity
Embedded fields
- Make: phone brand (Apple, Samsung, Google)
- Model: exact device model (iPhone 16 Pro, Pixel 9)
- LensModel: rear vs. front camera, specific lens
- BodySerialNumber / CameraSerialNumber: unique hardware ID
Privacy risk
Anyone who receives your photos can identify exactly which device you own. Multiple photos can be linked as coming from the same device.
Your schedule
Embedded fields
- DateTimeOriginal: when you took the photo
- CreateDate: when the file was created
- ModifyDate: when you last edited it
- SubSecTimeOriginal: millisecond-precision timestamps
Privacy risk
A series of photos reveals your daily routine, travel patterns, and when you are home vs. away.
Your software and workflow
Embedded fields
- Software: editing app and version
- ProcessingSoftware: post-processing tool
- XMP History: complete edit history with each operation
- CreatorTool: which app made the last edit
Privacy risk
For AI-generated images, this field reveals exactly which AI tool was used, including version numbers.
Your identity
Embedded fields
- Artist: your name if set in camera/phone settings
- Copyright: copyright string you configured
- Owner Name: camera owner field
- Creator (XMP): creator name from editing software
Privacy risk
Your real name may be embedded without your knowledge if you set it up years ago in your camera or phone settings.
Who can read your metadata
Metadata is readable by anyone who receives the original file. This includes:
- Anyone you email a photo to, if you send the original file
- File sharing services that preserve metadata (Dropbox, Google Drive shared links, WeTransfer)
- Platforms that do not strip metadata before storage (some do, some do not)
- Buyers if you sell photos directly (stock photography, client work)
- Forensic analysis if files become evidence
- Third-party apps that request photo library access on your phone
What to do about it
StripShot removes all EXIF, XMP, IPTC, GPS, and AI metadata from images at the binary level. The image is never decoded or re-encoded. Your original quality is preserved. Only the metadata is removed.
Use the analyzer first to see what is in your files. Then strip what you do not want to share.
See and remove what your photos contain
Drop any image into StripShot to see all embedded metadata, then remove it in one click. Free. 100% private. Nothing leaves your browser.
FAQ
Does every photo have GPS data?
Only if the device that took it had location services enabled. Smartphone photos almost always include GPS because phones request location permission. DSLR and mirrorless cameras typically do not have GPS unless you use an external GPS unit or phone tethering.
Can someone find my home address from a photo?
Yes. If you photographed inside your home with a smartphone with location services enabled, the GPS coordinates in the EXIF data are precise enough to identify the specific address. This applies to images shared directly or uploaded to platforms that preserve metadata.
Does Instagram remove metadata when you upload?
Instagram strips most EXIF data on upload. However, this stripping happens server-side after your file arrives at their servers. You have already transmitted the data. For privacy, strip metadata before upload so the data never leaves your device.
How do I know what's in my photos?
Use StripShot's metadata analyzer: drop your image and see every embedded tag. It shows GPS coordinates, device info, software history, AI signatures, and C2PA credentials. Free tool, no upload required.
Should I strip metadata from all photos before sharing?
For privacy-sensitive photos, yes. Photos taken at home, your workplace, your children's school, or during travel all carry GPS data that reveals those locations. If you share original JPEGs with anyone, removing GPS and device info is good hygiene.