Most people know that photos contain "metadata" — but few understand exactly what that means, which specific fields are present, and how a string of numbers like "40.748444, -73.985664" translates into a precise physical address that someone can walk to. This guide breaks down every significant EXIF data field with real example values and explains which ones represent actual privacy risks versus which are harmless technical settings.
The Complete EXIF Field Breakdown
EXIF data is organized into standardized tags. Each tag has a name, a numeric ID, and a value. Below is every field you are likely to encounter in a smartphone photo, with a real-world example value and an honest assessment of the privacy implications.
| EXIF Field | Example Value | What It Reveals | Risk Level |
|---|---|---|---|
| GPSLatitude | 40°44'54.4"N | North-south position — maps directly to a street block | HIGH |
| GPSLongitude | 73°59'8.5"W | East-west position — combined with latitude = exact address | HIGH |
| GPSAltitude | 42.3 m | Height above sea level — can indicate building floor | HIGH |
| GPSTimeStamp | 14:32:07 UTC | UTC time of location fix — reveals daily routine | HIGH |
| Make | Apple | Device manufacturer — reveals iPhone vs Android vs DSLR | MEDIUM |
| Model | iPhone 15 Pro | Exact device model — enables device fingerprinting | MEDIUM |
| Software | iOS 17.4 | Operating system version and editing apps used | MEDIUM |
| DateTime | 2026:01:15 08:34:22 | Date and time photo was taken — reveals daily patterns | HIGH |
| SerialNumber | C3RXXXXXX | Unique device identifier — definitively links photos to one device | HIGH |
| ThumbnailImage | (binary image data) | Original uncropped thumbnail — can reveal cropped-out content | HIGH |
| ExposureTime | 1/120 sec | Shutter speed — technical setting, minimal privacy risk | LOW |
| FNumber | f/1.8 | Lens aperture — technical setting | LOW |
| ISOSpeedRatings | ISO 400 | Light sensitivity — technical setting | LOW |
| FocalLength | 24mm | Lens focal length — can help identify camera equipment | LOW |
| Orientation | Rotate 90 CW | How the phone was held — no personal data | LOW |
| WhiteBalance | Auto | Camera setting — no personal data | LOW |
| Copyright | © John Smith 2026 | Author name — intentional when present | CONTEXT |
| Artist | John Smith | Photographer name — intentional when present | CONTEXT |
How GPS Coordinates Become a Street Address
GPS coordinates in EXIF are stored in degrees, minutes, and seconds (DMS format). Here is how they work and how quickly they can be converted to a navigable address:
Example GPS data from a photo:
- GPSLatitude: 40°44'54.4"N
- GPSLongitude: 73°59'8.5"W
Converting to decimal degrees (the formula):
Decimal Degrees = Degrees + (Minutes / 60) + (Seconds / 3600)
Latitude: 40 + (44/60) + (54.4/3600) = 40.748444
Longitude: -(73 + (59/60) + (8.5/3600)) = -73.985664 (negative for West)
What happens next: Anyone reading this EXIF data copies these two numbers — 40.748444, -73.985664 — pastes them into Google Maps, and is immediately presented with a map marker at the exact location. The satellite view shows the building, the street, and the neighborhood. Google's reverse geocoding typically returns the full street address. This entire process takes approximately 15 seconds for someone who knows what they are looking at.
Which Camera Apps Embed GPS by Default
Understanding which apps automatically embed GPS helps you know when you are at risk:
- iPhone Camera app: Embeds GPS if Location Services is enabled for Camera (the default). Settings → Privacy & Security → Location Services → Camera. The default is "While Using the App."
- Android Camera (Samsung, Pixel, others): Most Android camera apps embed GPS if location permission is granted. Often enabled by default during first camera setup. Look for a location icon in the camera app's settings or viewfinder.
- DSLR and mirrorless cameras: Do not embed GPS unless they have a built-in GPS module (rare in consumer models) or are paired with a companion app that writes GPS retroactively from phone location data.
- GoPro: Embeds GPS by default when GPS is enabled in settings — and GoPro footage GPS data can be very revealing as it shows movement paths, not just a single point.
- Drone cameras (DJI): Embed GPS by default showing the exact takeoff point and flight path. This is a significant risk for operators who do not want their launch location known.
How to Check Your Own EXIF Data Right Now
Before worrying about others seeing your metadata, verify what your own photos contain using these built-in tools:
On Windows
Right-click any JPEG file → Properties → Details tab. Scroll down to see GPS latitude, longitude, camera make/model, date taken, and other EXIF fields. This is available on every Windows 10 and 11 installation with no additional software.
On Mac
Open the photo in Preview → Tools menu → Show Inspector → click the information (i) icon. The GPS tab appears only if GPS data is present. The Exif tab shows all technical camera settings. You can also use the Photos app: open any photo → Window → Info (Command-I) for a simplified view.
Online — Jeffrey's Exif Viewer
Jeffrey Friedl's Exif Viewer (exif.regex.info) is a widely-used web tool for reading EXIF from uploaded photos or by URL. It displays all tags including GPS, shows a map if coordinates are present, and presents data in a human-readable format. The tool does not store uploaded photos. It's particularly useful for checking exactly what metadata a file contains before sharing it.
A Real Scenario: The Rental Listing EXIF Exposure
Consider this common situation: a homeowner wants to rent out their apartment. They photograph the interior with their iPhone — the kitchen, living room, bathroom. They upload these photos to a rental listing site that does not strip EXIF data. They are careful not to include identifying street signs or house numbers in any of the photos.
Any viewer of those photos can download them, open the EXIF data, and see GPS coordinates pointing to within five meters of the front door. The anonymization effort — avoiding street signs — was completely irrelevant because the location was embedded in every single photo file. Anyone with basic knowledge of EXIF reading tools can find the property's exact address regardless of what is shown or not shown in the image itself.
This scenario plays out with homeowners, domestic violence survivors who share photos from safe houses, and anyone else who photographs from a location they want to keep private. The solution is to strip metadata from image files before uploading to any platform that doesn't guarantee complete EXIF removal.
The Serial Number Problem
GPS coordinates get most of the attention, but camera serial numbers are underappreciated as a privacy risk. If you post photos on multiple platforms using the same camera, and even one of those photos includes your name or other identifying information, then all photos from that camera become linkable to your identity — even anonymous ones posted elsewhere.
This is a technique used in online investigations (OSINT). A photographer's camera serial number embedded in photos across different platforms can be used to build a profile connecting their anonymous posts to their identified ones. The serial number tag should be considered as sensitive as GPS data for users posting anonymously.
The Thumbnail Embedded Inside Your Photo
One of the least-known EXIF privacy risks is the embedded thumbnail. When a camera or phone saves a JPEG, it generates a small (often 160x120 pixel) compressed preview of the image and stores it inside the EXIF block. This preview is of the original, unedited, uncropped image.
If you photograph a document that includes your name and address, then crop the photo to remove the identifying information, the cropped main image looks safe — but the EXIF thumbnail still contains the original uncropped version with your name and address visible. Software like ExifTool can extract this thumbnail with a single command, making your crop entirely ineffective as a privacy measure.
Complete EXIF removal eliminates the thumbnail along with all other metadata fields. Cropping alone does not. This is a critical reason to remove EXIF data from photos using a proper tool rather than simply editing the image content.
