How To: Sanitize Exif Data From Your Digital Images For Privacy Sake (5 min read)

When you take a digital picture, the resulting file contains potentially personal information. It is known as ‘Exif‘ and it contains sensitive information. This article will explain how to sanitize Exif data to avoid leaking your personal information.

If this article looks familiar, I’ve previously authored an article on this subject. It’s at the old site, which will be redirected here. I might as well write it anew, using the current style.

Moving on…

Exif is the additional information included in the file your digital camera makes, among other things. It can be as benign as color correction data to orientation settings. In some cases, it can also contain such privacy-wrecking gems as when and where (the GPS coordinates) and when  the picture was taken. It is defined as thus:

Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras.

The Exif data can even contain information about the camera’s brand and, as you can see, isn’t limited to just a fancy digital camera. Your other devices, from smartphone to scanner, add this extra data to the file. Anyone who is aware of this can easily look for this data. Exif data has even been used as evidence by the judicial system.

Obviously, there are huge privacy implications with this. You can probably minimize some of the data that’s created by changing your phone/camera’s settings. That does nothing for existing files, and nothing for when your device has no such configuration options.

Let’s See This Exif Data

There are any number of ways to examine the Exif data. For example, this is some of that data and it is being drawn from a program called XNViewMP.

Exif data
Exif data sample. There’s not a whole lot of data with this one.

That one tells you how old the picture is, and not a whole lot more. But, it also now contains the information about the last time it was accessed. That could be of interest, perhaps giving away things like the age of the photo’s subject.

This next picture is the Exif data from one of my cellphone pictures. I have the GPS data turned off, so that wasn’t included. You’ll see a ton of additional information.

More detailed Exif data.
See? Now you can tell I don’t bother updating my phone often.

As you can see, there’s even more data in that file. There may well be even more data in your pictures. It tells you what camera I was using (a cell phone, and an old one at that) and that I took the picture at 14:30, in a well lit room. It even tells you the software version, which may be exploitable to an attacker.

Don’t worry too much about this. It’s a solved problem. You can sanitize Exif data and maintain a bit more privacy. It’s actually remarkably easy.

Many image hosting sites will automatically strip the Exif data when you upload your image.

Let’s Sanitize Exif Data

The tool we’re going to use for this is ‘exiftool‘ and it’s pretty simple. It’s quite likely already in your default repositories, or at least the repositories you can add trivially. In Debian/Ubuntu/Mint/similar, you can install it with:

You’ll need to adjust the command for your distro, of course. Once you have it installed, you can navigate to the directory where you store your images and run something like this to sanitize png files:

Or, if you’re trying to sanitize .jpg images, you’d run this command:

Depending on the number of files in the directory, it could take a little while to run. It’s pretty speedy and it does give you confirmation when it’s done. I’ve used it on large numbers of images at once and it took care of them all in less than a minute. I probably should have paid more attention, that way I’d have some actual numbers for you.

NOTE: The exiftool can actually strip data from other files, including files like PDFs and other such types of documents. A complete list can be found here. Yes, those documents contain data beyond that of the text contained in them. They may contain such data as the computer name, username, and dates and times of file creation and editing.

Personally, I combine both the .png and .jpg commands into one command and I run that command with an alias. We haven’t covered aliasing yet, so I’ll just go ahead and show you what I use.

That, if added to .bash_aliases, would let you use ‘picclean’ to sanitize an entire directory’s worth of png and jpg files. It comes in pretty handy if you’re sharing a bunch of files and want to make sure they’re all clean before you send ’em.

Closure:

Well, there you have it. Hopefully you’ll now know a little bit more about how to sanitize your image files, removing the private data from them as much as you can. If you don’t generate the data in the first place, you don’t have to delete it. So, disable embedding GPS coordinates in your phone (or some fancy cameras) and don’t take pictures of yourself while doing illegal activities.

Thanks, as always, for reading. I always look forward to the feedback, here and on other sites. Don’t forget that you can unblock ads, sign up for the newsletter, donate, or contribute by writing an article or two. Don’t forget to share this site with your friends. Share the love!

Smash a button!
[Total: 2 Average: 5]
Subscribe to Newsletter!
Get notified when new articles are published!
We promise to never share your email!

Author: KGIII

Retired mathematician, residing in the mountains of Maine. I may be old and wise, but I am not infallible. Please point out any errors. And, as always, thanks again for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *