ExifTool is software that reads, writes, and removes metadata from files, particularly photographs. Digital photos contain embedded metadata (Exif data) that can include GPS coordinates, device model, date and time, camera settings, and in some cases, software information.
GPS coordinates embedded in a photo can reveal the exact location where it was taken. This has been used to identify the location of safe houses, the position of personnel, and the whereabouts of sources.
Stripping Exif metadata before sharing photos is a basic OPSEC measure. Most smartphones offer an option to disable location tagging in the camera app. This should be the default for anyone in a sensitive situation.
What it means in practice
ExifTool reads and removes EXIF metadata from image files in a single command: exiftool -all= filename.jpg. A photo taken in the field contains GPS coordinates, a precise timestamp, camera model, and sometimes device serial number — none of it visible in the image but all of it embedded in the file. Sending a geotagged photo through an unencrypted channel to an organisation’s email server is a record that places a specific person at a specific location at a specific time.
Related articles
How to secure communications in the field. — Digital privacy guide for NGO workers abroad. — Border agents seized a journalist’s laptop.