Did you know that pictures you snap with your smartphone may include sensitive information? Posting them as-is on social media or elsewhere can be risky to your privacy unless you take steps to remove extra data from them. In this article you’ll learn how to do just that on Linux with exiftool.

Back in the days of analog cameras, the only “extra” information you needed to worry about being disclosed alongside them was what you physically wrote on the back of each photo. Fast-forward to modern times, and we’ve got the ability to capture moments instantly in digital form (and even keep thousands of them at a time on a single device). This shift made a lot of folks think about what could augment this new technology to make our lives even easier.

In the mid-1990’s, borrowing from the TIFF standard, research and standards bodies developed a way to embed extra information inside image files themselves. They called this new standard Exchangable Image File Format (EXIF). Now you will see your picture libraries, for instance, using EXIF tags to help search, sort and categorize every image you take.

The amount of data that gets stored in your images depends on manufacturer defaults, features enabled on your device and other factors. Along with basic information like the date/time taken and image resolution, just a small sample of other tags stored with your picture may include:

• The model name of the phone/camera used to take it
• Exposure time
• Whether the camera’s flash was used or not
• A thumbnail, in binary format
• GPS coordinates

That last one is a particular privacy concern as it can be used to locate precisely where you or the subject of the picture were at the time the picture was taken.

The other items are also interesting in that they can be used to enumerate, for example, exactly what type of device you used, right down to the model. This can, for instance, be used to plan a targeted attack on your phone.

If you take a look at all the possible EXIF tags that could be embedded in your images, you’ll start to understand the importance of keeping some (most?) of them away from those who may want to use them for less-than-honest reaasons.

So, with this knowledge, we’ll move forward to protect ourselves with Linux and exiftool!

Installing Required Packages

Exiftool is a platform-independent library and command line application, written in Perl, by Phil Harvey. It’s available from the official exiftool website, which also has a wealth of information, a FAQ and message forum for user questions.

Exiftool is also available via your distribution’s package repositories, which is how we’ll install it in this tutorial.

For Debian based distributions, install the libimage-exiftool-perl package using apt:

sudo apt install libimage-exiftool-perl

For Redhat distros, use dnf to install the perl-Image-ExifTool package:

sudo dnf install perl-Image-ExifTool

For Arch distros like Manjaro, you’ll install the perl-image-exiftool package with pacman:

sudo pacman -S perl-image-exiftool

Here’s a nice picture I took last year of a phone booth. Innocent enough, right? Well, now that we’ve got exiftool in our arsenal, let’s take a look what metadata it’s stowing:

exiftool donor.jpg

Compared to what could be recorded by other smartphones, this is pretty tame. You’ll notice that I didn’t have GPS enabled on my phone when snapping this photo since it was not recorded in the EXIF metadata. Even so, there’s still other info I’d rather not share with just anyone. So let’s just strip it all from the image.

Stripping It All Out

Removing all EXIF metadata is pretty simple:

exiftool -all= donor.jpg

The command above will create a backup of the original, appending “_original” to the end of the filename. If you don’t want this behavior, you can use:

exiftool -all= -overwrite_original donor.jpg

Verifying It’s Removed Before Sharing

Let’s ensure we’ve gotten rid of everything before posting it online, shall we? We’ll use the same command we used above to re-examine the file:

exiftool donor.jpg

Much better! There’s not much here now, besides what’s mandatory as per the EXIF spec.

Posting pictures online has become ubiquitous. Of course, that doesn’t mean you have to share more than you intended to. With exiftool in your arsenal, you can protect yourself and others a bit better. Additionally, along with the power of scripting, you can do much more to manipulate the existing metadata in your image library than what’s described in this tutorial.