Skip to main content
All articles
Security
6 min read

Image Metadata and Social Media: Which Platforms Strip It, Which Don't

Not all social platforms strip EXIF data from uploaded photos. Here's which platforms remove image metadata, which don't, and what to do before uploading.

The assumption that platforms handle it

Many people assume that when they upload a photo to a social media platform, the platform strips all metadata before displaying or serving the image. This assumption is partially correct — some platforms do strip EXIF data — but the behavior is inconsistent across platforms, across upload methods, and even across time as platforms change their processing pipelines.

Relying on a platform's metadata handling as your privacy strategy means trusting that every platform you use, every upload path, and every API endpoint consistently removes all sensitive metadata fields. That trust is frequently misplaced.

Platform-by-platform behavior

Facebook and Instagram (Meta)

Meta strips EXIF data from photos uploaded to Facebook and Instagram. GPS coordinates, camera information, and other EXIF fields are removed from the publicly served image files.

However, Meta extracts and stores this metadata internally before stripping it from the public-facing files. The metadata is used for content organization, advertising targeting, and compliance purposes. Your followers cannot see the GPS coordinates, but Meta has them.

WhatsApp (Meta)

WhatsApp strips EXIF data from images sent through the platform. Photos received via WhatsApp do not contain the original EXIF metadata.

There is a nuance: WhatsApp's "send as document" feature, which sends files without compression, does not strip metadata. If someone sends a photo as a document attachment rather than as a photo, the full EXIF data is preserved.

Signal

Signal strips EXIF data from images by default. The app includes a setting to remove metadata from media, which is enabled by default. Signal also does not retain stripped metadata on its servers.

Twitter/X

Twitter strips most EXIF data from uploaded images. GPS coordinates are removed from the publicly served files. However, Twitter's behavior has been inconsistent over time. There have been periods where certain API endpoints or download paths served images with partial EXIF data intact.

As of recent behavior, images served through the standard web interface and API have EXIF data stripped. But given the platform's history of inconsistency, treating this as guaranteed is inadvisable.

LinkedIn

LinkedIn strips EXIF data from uploaded profile photos and post images. Document uploads (PDFs, presentations) are served as-is, with their native metadata intact.

Snapchat

Snapchat strips EXIF data from snaps. The platform processes images through its own pipeline, which removes EXIF metadata before delivery.

Discord

Discord does not strip EXIF data from uploaded images. Photos shared in Discord channels retain their original EXIF metadata, including GPS coordinates. Anyone in the channel can download the image and extract the full metadata.

This is a significant privacy risk because Discord is widely used for communities where members share photos casually, often without realizing that GPS coordinates are embedded.

Telegram

Telegram strips EXIF data from photos sent as compressed images (the default behavior). However, like WhatsApp, if you send a photo as a file/document, the original metadata is preserved.

Email

Email services (Gmail, Outlook, etc.) do not strip metadata from image attachments. Photos sent as email attachments retain all original EXIF data.

What GPS coordinates in photos actually reveal

A photo's EXIF data can contain GPS coordinates accurate to within a few meters. This data is embedded automatically by smartphones unless the user has explicitly disabled location services for the camera app.

GPS coordinates in a shared photo can reveal:

  • Home address — photos taken at home pinpoint the precise location
  • Workplace location — photos taken at work reveal the office address
  • Daily patterns — multiple photos over time reveal routines and frequented locations
  • Travel destinations — vacation photos reveal travel schedules and hotel locations
  • Sensitive locations — photos taken at medical facilities, legal offices, or other sensitive places reveal visits

The photographer rights angle

EXIF metadata is not exclusively a privacy risk. For photographers, EXIF data includes valuable information: copyright notices, creator names, contact information, and usage terms stored in IPTC and XMP fields.

When platforms strip EXIF data, they also strip this copyright and attribution metadata. This has been a point of contention between photographers and platforms, as it makes it harder to identify the original creator of an image once it has been shared and re-shared across the platform.

Some organizations, including the IPTC (International Press Telecommunications Council), have advocated for platforms to preserve copyright-related metadata while stripping privacy-related fields. Most platforms have not implemented this distinction.

What to do before uploading

Remove metadata before the platform

Do not rely on the platform to strip metadata. Remove EXIF data yourself before uploading:

  1. Check your phone settings — both iOS and Android allow you to disable location embedding in camera settings. This prevents GPS coordinates from being written to photos in the first place.
  2. Review before sharing — on iOS, you can view and remove location data from the Photos app before sharing. On Android, Google Photos shows location data in the Details view.
  3. Use a metadata removal tool — for batch processing or for photos that have already been taken with GPS enabled, use a tool that strips EXIF data at the file level.

Be aware of the "send as document" trap

On WhatsApp and Telegram, sending a photo as a document bypasses the platform's metadata stripping. If you are sending a sensitive photo, make sure you send it as a photo (with compression) rather than as a document.

Consider the platform's data retention

Even platforms that strip metadata from public-facing files may retain the original metadata internally. If your threat model includes the platform itself having access to your location data, stripping metadata before upload is the only way to prevent this.

Batch processing for organizations

Organizations that publish photos regularly — marketing teams, news organizations, real estate firms — should integrate metadata removal into their publishing workflow rather than relying on individual employees to remember to strip metadata before each upload.

Purgit strips EXIF metadata from images before you share them — GPS coordinates, device identifiers, timestamps, and software information. No platform dependency, no assumptions about which fields get removed.

[Scan a File Free]

Scan before you share.

Try Purgit free — no account required.

Scan a File Free