They say a picture is worth a thousand words. If you look up the origin of this expression, you’ll find out that it emerged in the USA in the early part of the 20th century. Today, however, a picture is worth much more than that and it can be a threat to your privacy and security.
The two most common file types shared online today are photos and videos. And both file types have one thing in common that can give away a lot more information than you might think. That’s metadata.
Besides what’s visible in the photo itself, metadata can reveal when and where the photo was taken, the device that was used to take the photo and other unique characteristics that can fingerprint you across the web. By not removing metadata, a hacker or OSINT researcher can easily find out where you live, where you work, your preferences and habits etc, just by extracting the Exif data hidden inside the photos you post online.
Luckily, most social media platforms eliminate this threat by stripping out metadata from the files you publish. So there you go. Make sure the service you use strips out metadata. End of story. Not really…
While social media platforms like Facebook or Instagram ( same company – Facebook ) strip out the metadata before it shows your photo to the world, they don’t just simply erase that metadata.
Metadata is valuble to them. They collect it and add it next to your likes, comments, your network of ‘friends’ etc in order to profile you.
Exif Data in Phtots
Exchangeable image file format, or Exif data, is information that accompanies an image file and contains many data fields that can be populated or left blank. The data fields are often written by the device that is used to take the photo, but can also be populated by programs such as Photoshop. Check out the full list of data fields supported by Exif.
There are a lot of web apps and browser addons that you can use to strip out metadata from photos. But today we’re going to focus on ExifTool – a cross-platform Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files ( varios image formats, audio formats, video formats, document formats etc ).
- Debian, Ubuntu, Mint, Kali
sudo apt install libimage-exiftool-perl
- Fedora, RedHat, CentOS
sudo dnf install perl-image-exiftool.noarch
- Arch, Manjaro
sudo pacman -S perl-image-exiftool
macOS: you can install it via Homebrew with
brew install exiftool
Windows: download ExifTool for Windows from the official website ( linked above )
NOTE: ExifTool is a powerful and complex tool. To learn what it’s capable of, once installed on your system, make sure to read the manual
Removing Exif data
To demo how to use ExifTool to remove metadata from a photo, I’m going to use this photo from flickr. Flickr does not remove Exif data by default and it’s displayed on the photo page but that’s not important for demo purpouses.
NOTE: the process is the same on all platforms ( Linux, macOS and Windows ).
If you’re running macOS, you can quickly view a photo’s metadata by switching to gallery view in Finder.
If you open the photo in Preview and hit
cmd+I ( or go to Tools > Show Inspector ) you’ll notice there’s quite a bit of info.
Now let’s see what’s Exiftool capable of. Open up a terminal and type
( replace path_to_photo with the location of the photo on your drive and include the format )
Pretty scary right? Yet, most people don’t even know or think about the amount of info they share when they just post a photo online.
To remove the data with ExifTool, all you need to do is type
exiftool -all= path_to_file. ExifTool will strip out all the Exif data from your photo and create a new file leaving the original photo untouched. Checking the photo again will show you this:
If you don’t think this is an important step to take before uploading any photo online and it’s too much work, at least disable geotagging on the device(s) you use to take your photos.
Please note that this process is not only to be applied to your photos. The same goes for videos, audio files and documents.
Also, remember what former intelligence boss and retired Gen. Michael Hayden said about metadata ( this is extreme, and won’t apply to 99.9% of the people, but it just goes to show you that metadata is serious business. NOTE: if you don’t want to use YouTube to watch the video below, here’s the invidious link. )