They say a picture is worth a thousand words. If you look up the origin of this expression, you’ll find that it emerged in the USA in the early 20th century.
Today, however, a picture is worth much more than that, and it can threaten your privacy and security.
The two most common file types shared online today are photos and videos. And both file types have one thing in common that can give away a lot more information than you might think. That’s metadata.
Besides what’s visible in the photo itself, metadata can reveal when and where the photo was taken, the device used to take the photo and other unique characteristics that can fingerprint you across the web.
By not removing metadata, a hacker or OSINT researcher can easily find out where you live, where you work, your preferences and habits, etc., just by extracting the Exif data hidden inside the photos you post online.
Luckily, most social media platforms eliminate this threat by stripping out metadata from your published files.
So there you go. Make sure the service you use strips out metadata. End of story. Not really…
While social media platforms like Facebook or Instagram ( same company – Facebook ) strip out the metadata before it shows your photo to the world, they don’t just erase that metadata.
Metadata is valuable to them. They collect it and add it next to your likes, comments, your network of ‘friends’ etc., to profile you.
Exif Data in Photos
Exchangeable image file format, or Exif data, is information that accompanies an image file and contains many data fields that can be populated or left blank.
The data fields are often written by the device used to take the photo but can also be populated by programs such as Photoshop.
Check out the full list of data fields supported by Exif.
There are a lot of web apps and browser addons that you can use to strip out metadata from photos.
But today, we’re going to focus on ExifTool – a cross-platform Perl library plus a command-line application for reading, writing, and editing meta information in various files ( various image formats, audio formats, video formats, document formats, etc.).
- Debian, Ubuntu, Mint, Kali
sudo apt install libimage-exiftool-perl
- Fedora, RedHat, CentOS
sudo dnf install perl-image-exiftool.noarch
- Arch, Manjaro
sudo pacman -S perl-image-exiftool
macOS: you can install it via Homebrew with
brew install exiftool
Windows: download ExifTool for Windows from the official website ( linked above )
NOTE: ExifTool is a powerful and complex tool. To learn what it’s capable of, once installed on your system, make sure to read the manual
Removing Exif data
To demo how to use ExifTool to remove metadata from a photo, I’m going to use this photo from flickr.
Flickr does not remove Exif data by default, and it’s displayed on the photo page, but that’s not important for demo purposes.
NOTE: the process is the same on all platforms ( Linux, macOS, and Windows ).
If you’re running macOS, you can quickly view a photo’s metadata by switching to gallery view in Finder.
If you open the photo in Preview and hit
cmd+I ( or go to Tools > Show Inspector ) you’ll notice quite a bit of info.
Now let’s see what’s Exiftool capable of. Open up a terminal and type
( replace path_to_photo with the location of the photo on your drive and include the format )
Pretty scary, right? Yet, most people don’t even know or think about the amount of information they share when posting a photo online..
To remove the data with ExifTool, all you need to do is type
exiftool -all= path_to_file.
ExifTool will strip out all the Exif data from your photo and create a new file leaving the original photo untouched.
Rechecking the photo will show you this:
If you don’t think this is an important step to take before uploading any photo online and it’s too much work, at least disable geotagging on the device(s) you use to take your photos.
Please note that this process is not only to be applied to your photos. The same goes for videos, audio files, and documents.
Also, remember what former intelligence boss and retired Gen. Michael Hayden said about metadata ( this is extreme and won’t apply to 99.9% of the people, but it just goes to show you that metadata is serious business. )