If you've ever worked for an agency or a small web shop, I'd be willing to bet you've coded a fair amount of photo galleries. You've probably also uploaded photos to social media, sent photos to friends and family, and so on. Photos seem fairly innocent but, as is the case with just about everything on the web, there's a slightly sinister side to images on the web -- a privacy, even security issue with EXIF data.
EXIF data is metadata added to an image file by the device taking the photo and trust me -- there's quite a bit of data that goes along with it. Sure, most of the metadata is innocent but many devices add GPS latitude and longitude to the EXIF metadata, as well as date the photo was taken, providing a savvy person a way to find out where a photo was taken and when. The idea that someone could learn where your family loves to go out for dinner or do any other activity based on a photo is unsettling to say the least. As developers who may handle and publish your client's photos, we have a responsibility to those clients to make sure sensitive EXIF data is wiped clean before published for the world to see.
Let's take a look at how you can retrieve and then remove EXIF data from photos using exiftool.
Installing exiftool
You can install exiftool using a utility like Homebrew:
$ brew install exiftool
You can also get the utility or contribute to it on the exiftool website.
Get EXIF Metadata
The default action of exiftool is simply returning an image's EXIF data:
$ exiftool my-image.jpg
You'll see a listing of metadata like:
File Size : 1723 kB File Modification Date/Time : 2017:01:10 15:22:50-05:00 File Access Date/Time : 2017:01:10 15:22:49-05:00 File Inode Change Date/Time : 2017:01:10 15:22:50-05:00 File Permissions : rw-r--r-- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg Exif Byte Order : Big-endian (Motorola, MM) Make : Apple Camera Model Name : iPhone 6 Orientation : Horizontal (normal) X Resolution : 72 Y Resolution : 72 # .... and much more
It's frightening how much information can be stored in a photo without most of the population having a clue about it. Most people see a nice photo but a villain sees an opportunity to learn more about you than you'd like them to know.
Removing EXIF Metadata
To protect yourself or your client, you can use exiftool to remove specific EXIF metadata:
$ exiftool -gps:all= -xmp-exif:all= my-image.jpg
exiftool will make a copy of your original file and then strip the GPS data out of the original image, thus preserving your or client privacy.
To remove all EXIF metadata, use the following:
exiftool -all= my-image.jpg
Most server side languages feature a library for reading, modifying, and removing EXIF metadata from photos, so there's no excuse for you not to take advantage of them to protect yourself or your clients. Realize that most social media sites also remove this data to protect their users (...meanwhile exploiting them in other ways, but that's beside the point...). EXIF metadata isn't inherently bad but, if you don't protect photos, can become a privacy nightmare!