The GPS data embedded in a photo isn’t just a location. It’s a pattern.
A single photo with GPS coordinates tells you where someone was once. A few dozen photos — the kind anyone accumulates over a few months of normal social media use — tells you where they live, where they work, where they go on weekends, what time they leave home in the morning, and which coffee shop they visit on Fridays. All of this, extractable in minutes, from files that look like ordinary images.
This is not a theoretical privacy concern. It’s a documented, ongoing problem. And most people are still sharing photos with full GPS data attached.
How GPS gets into your photos
When you take a photo with location services enabled, the camera app queries the device’s GPS receiver and embeds the coordinates directly into the EXIF metadata of the image file. This happens silently, automatically, every time — unless you have specifically disabled it.
The coordinates are stored as decimal degrees: latitude and longitude, often to five or six decimal places. That level of precision resolves to roughly one to two metres. Not “near the CBD.” Not “in this suburb.” Your exact front door.
Some phones also embed altitude. Some embed the compass bearing — the direction the camera was pointing when the photo was taken. Combined with GPS coordinates, this can reconstruct not just where you were but what you were looking at.
What GPS metadata reveals over time
The danger of GPS metadata isn’t in a single photo. It’s in the pattern across many photos.
Research has demonstrated that a relatively small number of geotagged photos — sometimes as few as 25 — is sufficient to predict someone’s home location with high accuracy. Home is where most photos originate, particularly in the evenings and on weekends. The same logic applies to workplaces, regularly visited locations, and travel patterns.
A social media profile spanning months or years of geotagged posts creates a comprehensive movement record. The person sharing those photos never intended to share a movement profile. They were sharing moments. The metadata was doing the rest.
Where the real-world harm has happened
This isn’t abstract. GPS metadata in photos has caused documented harm across several categories:
Stalking and domestic abuse. Survivors who fled and established new addresses have been located through GPS data in photos shared on social media or sent directly. The photo itself showed nothing identifying. The metadata contained the exact address.
Journalist and source exposure. Photographers working in sensitive environments have had locations exposed through metadata in transmitted images. In high-risk contexts, this is a physical safety issue, not just a privacy one.
Whistleblower identification. Photos shared with reporters have in some cases carried metadata identifying the capture location, narrowing the pool of potential sources before the story was even published.
Child safety. Photos of children shared online with GPS intact expose home addresses, schools, and daily routines to anyone who examines the file rather than just the image.
How to check if your photos carry GPS data
GPS is one of the first fields a forensic analysis reads. Run any photo through snapWONDERS’ analyse tool and the GPS section will show exactly what coordinates are present — or confirm they’re absent. Most people are surprised by what’s there, particularly in older photos taken before they thought about this.
How to stop it
Before taking photos:
- iOS: Settings → Privacy & Security → Location Services → Camera → Never
- Android: Camera app settings → Location tags → Off
These settings persist. You configure them once.
Before sharing existing photos:
- Windows: Right-click → Properties → Details → Remove Properties and Personal Information — removes GPS and other metadata fields
- macOS: Built-in options are limited; use a dedicated metadata stripping tool for reliable removal
- Mobile: Several apps handle metadata stripping before sharing — verify the app actually removes GPS rather than just hiding it in the interface
The important nuance
Disabling GPS in your camera settings prevents coordinates from being embedded going forward. It does not strip metadata from existing photos, and it does not remove other metadata fields — device model, timestamp, software fingerprint. Those remain regardless.
For everyday privacy purposes, turning off GPS is the right first step. For genuinely sensitive situations — sharing documents in a professional or legal context, photos taken in locations you don’t want associated with your identity — stripping the full metadata layer before sharing is the correct approach.
The broader point
GPS metadata in photos is the clearest example of a general problem: what a file reveals and what an image shows are two different things. The image shows your surroundings, your face, your moment. The file can show your coordinates, your device, your time, and across enough files, your entire daily pattern.
Most people only think about the image. Anyone who wants to know more only needs to look at the file. Understanding that gap — and knowing how to close it — is what digital privacy actually requires.