Every time you press a shutter button, your camera writes two things: the image, and a report about the image. The report — EXIF metadata — records what device you used, how it was configured, when you shot, and very often where you were standing. Most people know EXIF exists in the abstract. Far fewer could tell you what's actually in it, field by field, or which fields are harmless and which ones can identify you. That's what this article is for.
By the end you'll know where EXIF physically lives inside a JPEG file, what the major field groups contain, and — via a table toward the bottom — how much each notable field matters for your privacy. Field names appear the way tools display them, like DateTimeOriginal, so you can match them against what you see in any inspector.
A quick history: 1995, Japan, and a standard that never died
EXIF — Exchangeable Image File Format — was published in 1995 by JEIDA, the Japan Electronic Industry Development Association, back when digital cameras were exotic and a megapixel was a lot. The idea was interoperability: cameras from different manufacturers should record capture information in a common structure so software could read it uniformly. The standard is maintained today by JEITA together with CIPA (the camera industry association), and it has been revised repeatedly — version 2.31 added timezone offset tags in 2016, and version 3.0 arrived in 2023, finally allowing UTF-8 text in fields that had been stuck with ASCII since the nineties.
EXIF also has a sibling you interact with constantly without knowing it: DCF, the Design rule for Camera File system, from the same Japanese standardization effort. DCF is the reason every camera on earth names files IMG_1234-style and puts them in a folder called DCIM — that folder name is the DCF spec, verbatim, and it has outlived several of the companies that helped write it.
Thirty years on, essentially every smartphone and digital camera writes EXIF. Almost nothing about your daily life is governed by a 1995 spec — this is one of the exceptions.
Where EXIF lives inside a JPEG
A JPEG file is a sequence of segments, each introduced by a two-byte marker. EXIF rides in an APP1 segment (marker 0xFFE1) placed near the very top of the file, right after the start-of-image marker. The segment begins with the ASCII signature Exif\0\0, followed by what is structurally a little embedded TIFF file: a header, then linked lists of tagged entries called IFDs — image file directories.
The layout matters because it explains things you'll observe in real files:
- IFD0 holds general image info —
Make,Model,Orientation,Software— and pointers to the other directories. - The Exif IFD holds capture settings: exposure, aperture, ISO, lens data, the original timestamps.
- The GPS IFD is a separate directory just for location — which is why some tools can strip GPS alone without touching the rest.
- IFD1 holds a small embedded thumbnail of the image — more on why that's a problem below.
One structural quirk worth knowing: an APP1 segment maxes out at 64 KB, which is why EXIF blocks are compact and why sprawling metadata (like Adobe's editing history) goes into a different format, XMP, instead.
JPEG isn't the only host, either. TIFF files carry the same tag structure natively — EXIF is essentially TIFF tags to begin with. HEIC, the iPhone's default format since 2017, stores EXIF inside its own container boxes, and PNG gained an official eXIf chunk in 2017 after years of ad-hoc workarounds. The containers differ; the fields are the same. That's why a competent metadata tool has to understand file formats, not just tag names.
Camera and device fields: the fingerprint group
Make and Model are the headline fields — "Apple / iPhone 16 Pro", "Canon / EOS R6". Mildly revealing on their own, they become interesting in combination with everything else. Software records the firmware or app that wrote the file, which can reveal your OS version or that you edited in Lightroom.
The sleeper fields in this group are the serial numbers. BodySerialNumber and LensSerialNumber are written by many dedicated cameras (phones generally skip them), and they're a genuine identity risk: the same serial number appearing in photos posted by your public account and your anonymous one links the two, full stop. Photographers who sell a used camera body have have discovered this the hard way when the buyer's photos matched their old uploads. Then there's MakerNote — a proprietary blob where manufacturers stash undocumented data, sometimes including serials and internal settings that generic tools don't even parse.
Capture settings: mostly harmless, occasionally telling
This is the group photographers actually like. ExposureTime (shutter speed, stored as a rational like 1/250), FNumber (aperture), PhotographicSensitivity (ISO — older files call it ISOSpeedRatings), FocalLength, Flash, WhiteBalance. None of these identify you. At most they leak context — a high ISO and no flash says the photo was taken in low light, which occasionally matters in disputes about when something happened.
If you've ever wondered how photo-sharing sites display "shot at f/1.8, 1/120s, ISO 400" under an image, this is where it comes from. It's also the group people mourn when a platform strips everything — which is a fair complaint, and an argument for stripping selectively when you only need the sensitive parts gone. A couple of oddities live here too: Orientation tells the viewer which way to rotate the image (delete it carelessly and photos display sideways), and UserComment is a free-text field that apps occasionally use as a junk drawer — always worth a glance.
Timestamps and GPS: the fields that can place you
EXIF stores three timestamps: DateTimeOriginal (shutter press), DateTimeDigitized (usually identical), and DateTime (last file modification). Since EXIF 2.31, companion fields like OffsetTimeOriginal record the timezone — a small detail that turns "when" into "roughly where on the planet" all by itself.
The GPS IFD is the big one. GPSLatitude and GPSLongitude store coordinates as degree/minute/second rationals, paired with GPSLatitudeRef and GPSLongitudeRef for hemisphere. Add GPSAltitude, a UTC GPSTimeStamp, and on many phones GPSImgDirection — the compass bearing the camera was facing. A modern phone's fix is typically accurate to within a few meters. That's not "which neighborhood"; that's "which side of which building." We've written a full guide on checking a photo's GPS location before you post it if you want the practical follow-up.
And don't forget IFD1's embedded thumbnail. It's a miniature copy of the image generated at capture time, and buggy or lazy software has been known to update the main image while leaving the old thumbnail behind — meaning a "cropped" photo can still contain what you cropped out, in miniature.
Twelve fields, rated for privacy impact
| Field | What it stores | Privacy impact |
|---|---|---|
GPSLatitude / GPSLongitude | Coordinates, to a few meters | Severe |
GPSTimeStamp | UTC time of the GPS fix | High |
BodySerialNumber | Camera body serial | High — links photos across accounts |
LensSerialNumber | Lens serial | High — same linking risk |
DateTimeOriginal | Moment of capture | Medium |
OffsetTimeOriginal | Timezone of capture | Medium |
MakerNote | Proprietary vendor blob | Medium — opaque, may hide serials |
Make / Model | Device manufacturer and model | Low–medium |
Software | Firmware or editing app | Low |
Artist / Copyright | Name, if configured in-camera | High if set — it's literally your name |
ExposureTime / FNumber | Shutter speed and aperture | Negligible |
| IFD1 thumbnail | Embedded preview image | Medium — can survive edits to the main image |
EXIF's siblings: IPTC and XMP
EXIF isn't the only metadata block a photo can carry. IPTC is the older newsroom standard — captions, credit lines, keywords — designed in the early nineties for wire photos and still used by news agencies. XMP is Adobe's XML-based format from 2001, and it's where modern editing software writes its data: Lightroom develop settings, edit history, ratings, and increasingly the C2PA provenance records that mark AI-generated or AI-edited content. A single JPEG can carry all three blocks at once, plus vendor extras, and they can disagree with each other — which is why "I checked the EXIF" is not the same as "I checked the metadata." Removal, mechanically, is straightforward: rewrite the file without the metadata segments while leaving the compressed image data untouched. Done properly — the way our photo metadata remover does it — the operation is lossless: the pixels aren't re-encoded, and the file simply gets a few kilobytes lighter. Done badly, by re-saving through an image editor, you degrade the image along the way for no reason. The full spec is published by CIPA if you enjoy that sort of reading; it's freely available from cipa.jp.
A JPEG is never just pixels. It's pixels plus up to three overlapping filing systems, written by the camera, appended by every editor, and read by anyone who bothers to look.
The practical upshot: when you want to know what a specific photo is carrying, look at the actual fields rather than guessing from this or any other article. Our metadata viewer parses EXIF, GPS, and XMP right in your browser — the file never leaves your machine — and once you've seen your own photo's dossier laid out field by field, you'll understand this standard better than any explainer can manage.