Last year, I helped a friend who was doing second-hand trading investigate something: the product picture he posted on the platform was found to have the approximate location of the shooting location, accurate to the community. He insisted that he did not write the address. Later, I dragged those original pictures into the tool and took a look - the GPS longitude and latitude, shooting time, and even the phone model were all in the file. He himself had no idea.
This is EXIF. This article explains it thoroughly: what is stored in EXIF, how to read it, how to clear it before posting pictures, and an honest boundary that many people ignore - clearing EXIF does not mean that you will be anonymous.
What is EXIF and why does it follow photos?
EXIF (Exchangeable Image File Format) is a piece of metadata written into the image file by cameras and mobile phones at the moment the photo is taken. It is hidden in the header of the JPEG/TIFF file and cannot be seen with the naked eye, but it can be turned out using any program that can read metadata. HEIC, some PNGs, and WebP may also carry similar information.
The key points are:It is written automatically by the shooting device, not added manually by you. So most people don't even know that the pictures they send out contain these. You can directly dump the original image into a chat, forum, second-hand platform, or resume attachment, and the data will be gone together.
Common EXIF fields and their corresponding privacy risks
The table below is the fields I pay most attention to when I usually check:
| EXIF field | What is saved | privacy risk |
|---|---|---|
| GPSLatitude / GPSLongitude | Shooting point latitude and longitude | Directly expose your home/company/frequented location, and you can check the address in reverse |
| DateTimeOriginal | Year, month, day, hour, minute and second taken | Expose daily schedule and whereabouts timeline |
| Make / Model | Phone or camera brand and model | Device fingerprint can be used to associate multiple pictures taken by the same person |
| LensModel / Software | Lens and photo editing software version | Auxiliary device fingerprint and judgment processing link |
| SerialNumber | Serial numbers of some cameras | Unique identifier, linked to the same device across graphs |
| ImageDescription / Artist / Copyright | Author, copyright, description | May have real name or ID |
| Orientation/Thumbnail | Direction, embedded thumbnail | Thumbnails sometimes retain the original uncropped frame (there have been incidents in history) |
Among them, GPS and time are the two most important ones. GPS directly gives coordinates, and time gives behavioral patterns. When the two come together, a person's life trajectory will be revealed. Going back to the second-hand transaction example at the beginning: the other party does not need any hacking methods. He just extracts the GPS coordinates of several product pictures and marks them on the map. The place where the coordinates of the several pictures are gathered is probably the seller's residence. Coupled with the shooting time, you can even tell what time the other party will be home. The device model plays a "serial connection" role - even if you change the account to post pictures, as long as the model and serial number are consistent, you can determine that it is the same person. Looking at one field alone may not be eye-catching, but the fear is that they corroborate each other when put together.
Let me add a word about format pitfalls: iPhone now shoots HEIC by default, and many Android models are also promoting their own formats. These containers also have GPS and time. Don’t think that “if it’s not JPEG, there’s no EXIF.” The same cleaning logic needs to be gone through for them before format conversion and image posting.
How to read EXIF
Command line: exiftool
Check individual sheets or batches,exiftool It's the most convenient. It recognizes almost all formats:
# See all metadata
exiftool photo.jpg
# Just watch GPS
exiftool -gps:all photo.jpg
# Scan a directory in batches and list only the GPS files
exiftool -if '$gpslatitude' -filename -gpsposition -r ./images
Python: Pillow / piexif
To process it in code, use Pillow for reading and piexif for detailed operations:
from PIL import Image
from PIL.ExifTags import TAGS, GPSTAGS
def read_exif(path):
img = Image.open(path)
raw = img._getexif() or {}
result = {}
for tag_id, value in raw.items():
tag = TAGS.get(tag_id, tag_id)
if tag == "GPSInfo":
value = {GPSTAGS.get(k, k): v for k, v in value.items()}
result[tag] = value
return result
data = read_exif("photo.jpg")
print(data.get("Make"), data.get("Model"))
print(data.get("DateTimeOriginal"))
print(data.get("GPSInfo"))
GPS stores "degrees, minutes and seconds + reference direction", which needs to be converted into decimal latitude and longitude by yourself:
def to_decimal(dms, ref):
d, m, s = [float(x) for x in dms]
val = d + m / 60 + s / 3600
return -val if ref in ("S", "W") else val
How to clean up before posting pictures
There are two ways to clear EXIF:Exactly delete fields and Recode the entire image.
Option 1: exiftool a shuttle
# Delete all metadata (will generate photo.jpg_original backup)
exiftool -all= photo.jpg
# Just delete GPS, Other reservations (for example, if you want to reserve shooting time)
exiftool -gps:all= photo.jpg
# Clear directories in batches, overwriting original files without leaving backups
exiftool -all= -overwrite_original -r ./images
Option 2: Fine operation of piexif
Want to preserve image quality and only strip metadata in Python:
import piexif
piexif.remove("photo.jpg") # Delete in place EXIF part
Option 3: Front-end Canvas redrawing
In the Web upload scenario, the easiest thing is to let the browser redraw the image. Canvas drawImage Only pixels are moved, not metadata, and the resulting image is naturally clean:
function stripExif(file) {
return new Promise((resolve) => {
const img = new Image();
img.onload = () => {
const canvas = document.createElement("canvas");
canvas.width = img.naturalWidth;
canvas.height = img.naturalHeight;
canvas.getContext("2d").drawImage(img, 0, 0);
canvas.toBlob(resolve, "image/jpeg", 0.92);
};
img.src = URL.createObjectURL(file);
});
}
Note that Canvas redrawing will cause lossy compression again, resulting in a slight loss of image quality; and some browsers in older versions do not read Orientation, so the image may be redirected after redrawing, and you need to straighten it according to the EXIF direction before drawing.
Option 4: Unify strips when uploading on the backend
Personally, I prefer to put the matter of "clearing metadata" on the server side, and don't expect every client to do it right. Pillow Saving it again is the easiest way——Image.save() The original EXIF is not included by default:
from PIL import Image, ImageOps
def sanitize(src, dst):
img = Image.open(src)
img = ImageOps.exif_transpose(img) # First, last year, I helped a friend who was doing second-hand trading to investigate something: the product picture he posted on the platform was found to have the approximate location of the shooting location, accurate to the community. He insisted that he did not write the address. Later, I dragged those original pictures into the tool to take a look.——GPS The longitude and latitude, shooting time, and even the phone model are all in the file. He himself doesn't know at all.
this is EXIF.This article explains it thoroughly: EXIF What exactly is stored in it, how to read it, how to clear it before posting the picture, and an honest boundary that many people ignore - clear it EXIF Doesn't mean you're anonymous.
## EXIF What is it and why does it follow the photo?
EXIF(Exchangeable Image File Format)It is a piece of metadata written into the image file by cameras and mobile phones at the moment the photo is taken. it's hidden in JPEG/TIFF The header of the file cannot be seen with the naked eye, but it can be translated using any program that can read metadata..HEIC, part PNG, WebP There may also be similar information.
The key point is: **It is written automatically by the shooting equipment, not added manually by you..** So most people don't even know that the pictures they send out contain these. You can dump the original image directly into a chat, forum, second-hand platform, or resume attachment, and the data will be gone together..
## common EXIF Fields and their corresponding privacy risks
The table below is the fields that I pay most attention to when I usually check.:
| EXIF Field | What is saved | privacy risk |
|---|---|---|
| GPSLatitude / GPSLongitude | Shooting point latitude and longitude | Direct exposure to home/company/Frequently visited places, you can check the address |
| DateTimeOriginal | Year, month, day, hour, minute and second taken | Expose daily schedule and whereabouts timeline |
| Make / Model | Phone or camera brand and model | Device fingerprint can be used to associate multiple pictures taken by the same person |
| LensModel / Software | Lens and photo editing software version | Auxiliary device fingerprint and judgment processing link |
| SerialNumber | Serial numbers of some cameras | Unique identifier, linked to the same device across graphs |
| ImageDescription / Artist / Copyright | Author, copyright, description | May have real name or ID |
| Orientation / thumbnail | Direction, embedded thumbnail | Thumbnails sometimes retain the original uncropped frame (there have been incidents in history) |
in GPS and time are the two most important things.GPS Give coordinates directly and time to behavioral rules. When the two come together, a person's life trajectory will be revealed. Going back to the second-hand transaction example at the beginning: the other party does not need any hacking methods, just a few pictures of the product GPS The coordinates are drawn up and marked on the map. The place where the coordinates of several pictures are gathered is probably the seller's residence. Coupled with the shooting time, you can even tell what time the other party will be home. The device model starts from「series connection」Function - Even if you change your account and post pictures, as long as the model and serial number are the same, you can tell it's the same person. Looking at one field alone may not be eye-catching, but the fear is that they corroborate each other when put together..
To make up for the pitfalls in the format: Now iPhone Default shooting HEIC, Many Android models are also promoting their own formats, and these containers also come with GPS and time, don’t think「no JPEG No EXIF」.The same cleaning logic needs to be followed before format conversion and image posting..
## How to read EXIF
### command line: exiftool
Check single or batch, `exiftool` It's the most convenient. It recognizes almost all formats:
```bash
# See all metadata
exiftool photo.jpg
# Just watch GPS
exiftool -gps:all photo.jpg
# Scan a directory in batches and list only the GPS files
exiftool -if '$gpslatitude' -filename -gpsposition -r ./images
Python: Pillow / piexif
To process it in code, use Pillow for reading and piexif for detailed operations:
from PIL import Image
from PIL.ExifTags import TAGS, GPSTAGS
def read_exif(path):
img = Image.open(path)
raw = img._getexif() or {}
result = {}
for tag_id, value in raw.items():
tag = TAGS.get(tag_id, tag_id)
if tag == "GPSInfo":
value = {GPSTAGS.get(k, k): v for k, v in value.items()}
result[tag] = value
return result
data = read_exif("photo.jpg")
print(data.get("Make"), data.get("Model"))
print(data.get("DateTimeOriginal"))
print(data.get("GPSInfo"))
GPS stores "degrees, minutes and seconds + reference direction", which needs to be converted into decimal latitude and longitude by yourself:
def to_decimal(dms, ref):
d, m, s = [float(x) for x in dms]
val = d + m / 60 + s / 3600
return -val if ref in ("S", "W") else val
How to clean up before posting pictures
There are two ways to clear EXIF:Exactly delete fields and Recode the entire image.
Option 1: exiftool a shuttle
# Delete all metadata (will generate photo.jpg_original backup)
exiftool -all= photo.jpg
# Just delete GPS, Other reservations (for example, if you want to reserve shooting time)
exiftool -gps:all= photo.jpg
# Clear directories in batches, overwriting original files without leaving backups
exiftool -all= -overwrite_original -r ./images
Option 2: Fine operation of piexif
Want to preserve image quality and only strip metadata in Python:
import piexif
piexif.remove("photo.jpg") # Delete in place EXIF part
Option 3: Front-end Canvas redrawing
In the Web upload scenario, the easiest thing is to let the browser redraw the image. Canvas drawImage Only pixels are moved, not metadata, and the resulting image is naturally clean:
function stripExif(file) {
return new Promise((resolve) => {
const img = new Image();
img.onload = () => {
const canvas = document.createElement("canvas");
canvas.width = img.naturalWidth;
canvas.height = img.naturalHeight;
canvas.getContext("2d").drawImage(img, 0, 0);
canvas.toBlob(resolve, "image/jpeg", 0.92);
};
img.src = URL.createObjectURL(file);
});
}
Note that Canvas redrawing will cause lossy compression again, resulting in a slight loss of image quality; and some browsers in older versions do not read Orientation, so the image may be redirected after redrawing, and you need to straighten it according to the EXIF direction before drawing.
Option 4: Unify strips when uploading on the backend
Personally, I prefer to put the matter of "clearing metadata" on the server side, and don't expect every client to do it right. Pillow Saving it again is the easiest way——Image.save() The original EXIF is not included by default:
from PIL import Image, ImageOps
def sanitize(src, dst):
img = Image.open(src)
img = ImageOps.exif_transpose(img) # Press first EXIF Set the course
img.convert("RGB").save(dst, "JPEG", quality=92) # Restore, discard metadata
exif_transpose This step cannot be omitted, otherwise the user will lie down after saving the picture taken vertically.
Let’s take a look at commonly used metadata/image processing tools
According to usage scenarios, I usually use these:
- Command line/batch: exiftool (Swiss Army knife for reading and writing metadata), ImageMagick (
-stripRemove metadata with one click) - code base: Python's Pillow, piexif, exifread
- View/process online: Some image tool stations that can run in the browser can view metadata or perform compression and cleaning after uploading, such as squoosh, tinypng, and online image editing stations like tudingai.cn (processing links such as changing backgrounds and zooming in are usually re-encoded, and the side effect is that the metadata is also lost)
- The system comes with: You can also view and delete some fields in macOS preview "Show Introduction" and Windows "Properties-Details"
The advantage of online tools is that they don’t need to install an environment. However, if the original image is privacy-sensitive and can be processed locally using exiftool, don’t upload it. Once the image is handed over, the initiative is not entirely yours.
The Boundary of Honesty: Cleared EXIF ≠ Anonymous
This part is more important than the previous code. Don't be fooled by the security of "I cleared EXIF".
-
Screenshots basically do not include GPS/device EXIF, but will include others.. Mobile phone screenshots are not the product of shooting, and usually do not have camera EXIF; however, they may expose the system language, status bar time, person's name in the notification banner, and input method candidate words. Information leakage is never limited to EXIF.
-
The content of the screen itself is the biggest source of leaks. The landmark buildings outside the window, express delivery receipts, house numbers, license plates, work plates, screen reflections - none of these clear metadata can be moved. To truly prevent privacy, you must first look at "what's in the screen."
-
Platform behavior is uncontrollable. Many social platforms will automatically re-encode and erase EXIF after uploading, but this is an implementation detail of the platform, not a promise. Different platforms are different, so don’t use it as your line of defense.
-
Deleted may not be completely deleted. Some tools simply mark the EXIF segment for deletion, or leave another set of metadata like embedded thumbnails, XMP/IPTC, etc. uncleared. If you want to confirm, use exiftool to read back after cleaning to see if the return is a vacuum. Don't skip this step.
-
Metadata also has legitimate uses. The copyright information of the photographic work and the shooting parameters (aperture, shutter, ISO) in the professional workflow must be retained. "Cleaning metadata" does not mean deleting all the data without thinking, but deciding what to keep and what to delete according to the scenario: if it is sent to strangers or posted publicly, try to clean it as much as possible; if it is archived by yourself or given to collaborators, keep the parameters that should be kept. This judgment cannot be made across the board and must be determined based on the direction of the map.
One sentence to end
EXIF is the kind of problem that "you keep running around naked if you don't know it, but you can cure it if you know three lines of code." Make a habit for yourself:For external images, especially original images, go through strip; use exiftool to read back and accept sensitive scenes after clearing them. At the same time, remember that it is just a link in the privacy chain - the content in the screen and the corner information in the screenshot are often easier to betray you than the string of longitude and latitude. Orient by EXIF img.convert("RGB").save(dst, "JPEG", quality=92) #Resave, discard metadata
`exif_transpose` This step cannot be omitted, otherwise the user will lie down after saving the picture taken vertically..
## Let’s take a look at commonly used metadata/Image processing tools
According to usage scenarios, I usually use these:
- **command line/batch**: exiftool(The Swiss Army Knife of reading and writing metadata), ImageMagick(`-strip` Remove metadata with one click)
- **code base**: Python of Pillow, piexif, exifread
- **View online/deal with**: Some image tool stations that can be run in the browser can view metadata or perform compression and cleaning after uploading, such as squoosh, tinypng, and like tudingai.cn This type of online photo retouching station (processing links such as background changing, zooming in, etc. are usually re-encoded, and the side effect is that the metadata is also lost.)
- **The system comes with**: macOS Preview「Show introduction」, Windows「Properties-Details」You can also view and delete some fields
The advantage of online tools is that they don’t need to install an environment, but they can be used locally if they involve privacy-sensitive original images. exiftool Don’t upload it if you want to process it - once the image is handed over, the initiative is no longer entirely yours..
## The Boundary of Honesty: Cleared EXIF ≠ anonymous
This part is more important than the previous code, don’t be fooled「I'm clear EXIF」deceived by the sense of security.
1. **Basically no screenshots GPS/equipment EXIF, But I will bring something else**.Mobile phone screenshots are not the product of shooting, usually without a camera EXIF; But it may expose the system language, status bar time, names in notification banners, and input method candidate words. Information leakage is never limited to EXIF inside.
2. **The content of the screen itself is the biggest source of leaks**.The landmark buildings outside the window, express delivery receipts, house numbers, license plates, work plates, screen reflections - none of these clear metadata can be moved. To truly prevent privacy, you must first look「What's in the picture」.
3. **Platform behavior is uncontrollable**.Many social platforms will automatically re-encode and erase them after uploading. EXIF, But this is an implementation detail of the platform, not a promise. Different platforms are different, so don’t treat it as your line of defense..
4. **Deleted may not be completely deleted**.Some tools just EXIF The segment is marked for deletion, or an inline thumbnail is left, XMP/IPTC Wait until another set of metadata is cleared. I want to confirm, clean it up before use. exiftool Read it back to see if the return is empty. Don’t skip this step..
5. **Metadata also has legitimate uses**.Copyright information of photographic works, shooting parameters (aperture, shutter) in professional workflow, ISO), It's to be kept.「Clear metadata」It’s not about deleting everything without thinking, but deciding what to keep and what to delete based on the situation: if you send it to strangers or hang it out in public, try to clean it as much as possible; if you archive it yourself or give it to collaborators, keep the parameters that should be kept. This judgment cannot be made across the board and must be determined based on the direction of the picture..
## One sentence to end
EXIF That's the kind「I have been running around naked without knowing it. If I know three lines of code, I can cure it.」problem. Make a habit for yourself: **Review the pictures sent to the public, especially the original pictures. strip; Use after clearing sensitive scenes exiftool Read back acceptance.** At the same time, remember that it is just a link in the privacy chain - the content in the screen and the corner information in the screenshot are often easier to betray you than the string of longitude and latitude..