What EXIF metadata is and why it matters
EXIF is a structured block of data embedded in image files — JPEGs, HEICs, and others — that records information about the photo beyond what appears in the pixels. These fields are invisible in normal image viewing; you need a metadata reader to see them, which is exactly why they are easy to forget about when sharing. The fields that matter most for privacy are:
- GPSLatitude / GPSLongitude: exact coordinates of where the photo was taken
- DateTimeOriginal: when the photo was captured, down to the second
- Make / Model: device that took the photo
- Software: app or OS used to capture or edit
What each platform strips, at a glance
Most big platforms strip EXIF from public photos but keep the original internally — and almost all of them leak it when a photo is sent as a file or in a DM. The detail for each follows below.
| Platform | Public photo post | Sent as file or DM |
|---|---|---|
| Strips GPS and most EXIF | DMs can keep GPS (original quality) | |
| Strips GPS and most EXIF | Messenger and Marketplace vary | |
| X (Twitter) | Strips EXIF | DMs and API clients may retain |
| Photo picker strips it | Document attachment keeps full EXIF | |
| Telegram | Photo strips it | Sending as a file keeps full EXIF |
| Strips EXIF | Message attachments vary | |
| Nothing is stripped | Full EXIF intact |
Instagram strips GPS metadata and most EXIF fields from photos before making them publicly accessible. Photos downloaded from Instagram by other users do not contain the original GPS coordinates.
However, the original file with full EXIF is transmitted to Instagram's servers during upload. Instagram processes the image server-side and produces the stripped version. The original, with metadata intact, was sent and received by the platform's infrastructure before the stripped copy was stored for public access.
Facebook similarly strips GPS and most technical EXIF fields from photos that appear on timelines and in albums. Like Instagram, the original file with metadata is uploaded first, and the stripped version is what appears publicly.
Facebook's handling of metadata in private messages, groups, and Marketplace listings has historically varied. In some contexts, original files with metadata have been accessible to recipients. Treat Messenger file transfers the same as email attachments — assume metadata is preserved.
X (formerly Twitter)
X strips EXIF data from photos uploaded through its standard interfaces. Photos displayed in the timeline and accessible via the image URL do not contain original EXIF fields. The same caveat applies: the original was transmitted to X's servers before processing.
WhatsApp re-encodes photos during transmission, which removes most EXIF metadata. However, when you send a file using the Document attachment type instead of the photo picker, WhatsApp transmits the original file without re-encoding. A JPEG sent as a document reaches the recipient with its full EXIF intact, including GPS coordinates.
The photo picker strips metadata. The document attachment does not. Many users are unaware of this distinction.
LinkedIn strips metadata from photos uploaded to profiles, posts, and articles. The behavior for file attachments in messages is less consistent and has changed over time.
Telegram
Like WhatsApp, Telegram distinguishes between sending an image through the photo picker (which re-encodes and typically strips metadata) and sending a file (which preserves the original file exactly). A JPEG sent as a file in Telegram reaches the recipient with full EXIF.
Email carries attachments without modification. A JPEG attached to an email is received exactly as it was sent, with all EXIF fields intact. This applies across all email providers and clients. There is no stripping layer.
Why you should not rely on platform stripping
Even for platforms that consistently strip metadata today, several risks remain:
- Platform behavior can change: A policy update, a new API version, or a bug can change what metadata is stripped without public announcement.
- Original files travel before stripping happens: The unstripped original reaches the platform's infrastructure every time. You are trusting the platform's post-processing, not preventing the transmission.
- Files can be re-shared: Someone who downloads your photo and re-shares it — or shares the original file they received — may bypass the platform's stripping.
- Edge cases exist in every platform: File attachments, original-quality downloads, API access, and private message contexts often behave differently from public posts.
- Platforms keep the original anyway: Stripping only applies to the public copy. Instagram, Facebook, and others retain your unstripped original on their servers for their own use.
- Location leaks in other ways: Even with EXIF gone, a platform can infer where you are from your IP address, app telemetry, a manual location tag, or landmarks visible in the photo itself.
The reliable approach
Strip metadata from the file before it leaves your device. That way, every platform and every recipient receives a version that has already been prepared for sharing, regardless of what any individual platform does or does not do.
The Remove EXIF tool on PhotoTools processes files locally in your browser. Drop in a photo, verify what metadata it contains, and download a clean copy with GPS, timestamps, and device information removed. The original in your photo library is not touched.