ExifTool

ExifTool is a free, open-source command-line application that reads, writes, and strips metadata from virtually every file format in existence — photos, videos, PDFs, Office documents, audio files, and hundreds more. Every digital file carries hidden metadata: a photo from your iPhone contains the exact GPS coordinates where it was taken, the device serial number, the time zone, the camera model, and sometimes the owner's name. A Word document contains the author name, organization, editing history, and the computer name. ExifTool lets you see and remove all of it.

For crisis privacy, metadata is one of the most overlooked attack surfaces. People carefully encrypt their messages and browse through VPNs, then share a photo that contains the GPS coordinates of their current location embedded in the EXIF data. Journalists have been located through photo metadata. Whistleblowers have been identified through document metadata. If you are sharing any files during a crisis — photos, documents, PDFs, evidence — stripping metadata first is a non-negotiable OPSEC step.

ExifTool is the gold standard for metadata management. It is used by digital forensics professionals, newsrooms, human rights organizations, and intelligence agencies. If you are going to share or transmit any file, ExifTool should be the last thing that touches it before it leaves your device.

ExifTool is not an encryption tool — it is a metadata management tool. It does not encrypt files; it reads and removes the metadata embedded within them. The concept of "encryption architecture" does not directly apply. However, ExifTool is a critical companion to encryption tools: encrypting a file that still contains identifying metadata protects the file in transit but does not protect you when the file is eventually decrypted and viewed by the recipient.

ExifTool operates entirely locally on your machine. It does not transmit any data over the network. Files are read and modified in place (or written to a new file), and no external service is involved. The tool makes no network connections whatsoever. From a security perspective, ExifTool's attack surface is limited to the file parsing code — it reads complex binary formats, which historically has been a source of vulnerabilities in media libraries. The developer has been responsive to reported parsing issues and maintains a regular update cadence.

ExifTool requires no account, no registration, no internet connection, and no personal information. You download the executable (or install via package manager) and run it from the command line. There is no telemetry, no analytics, no crash reporting, and no update checking. The tool is completely offline and stateless.

Because ExifTool runs locally and never connects to the internet, there is zero identity exposure from using it. No one can determine that you are using ExifTool, what files you are processing, or what metadata you are removing. It is as private as a tool can possibly be.

ExifTool is fully open source, written in Perl by Phil Harvey, and distributed under the same terms as Perl itself (GPL or Artistic License). The source code is published on GitHub and on the official ExifTool website. The codebase has been continuously developed since 2003 — over two decades of active development and community scrutiny.

ExifTool is one of the most widely used metadata tools in the world, and its source code has been reviewed by thousands of developers, forensics professionals, and security researchers. The tool is included in the default repositories of most Linux distributions and is a dependency of many digital forensics frameworks. Its extensive use in law enforcement and intelligence communities (for reading metadata) provides ironic but powerful validation of its completeness and accuracy (for removing metadata). No formal security audit has been published, but the practical validation through two decades of professional use is substantial.

ExifTool is a personal project maintained by Phil Harvey, a researcher at Queen's University in Kingston, Ontario, Canada. It is not a commercial product and there is no corporate entity behind it. Canada is a Five Eyes member, but this is irrelevant for ExifTool because the tool runs entirely on your device and never communicates with any external server.

There is no jurisdiction to worry about because there is no service, no server, and no data transfer. ExifTool is a piece of software that runs on your machine — it is as jurisdictionally neutral as a text editor. The only theoretical legal consideration is in jurisdictions that might regulate metadata removal tools, but no such regulation currently exists in any major country. Metadata stripping is a standard practice in journalism, human rights documentation, and legitimate business use.

ExifTool has been continuously developed and maintained since 2003 by Phil Harvey. In 21+ years of operation, it has become the de facto standard for metadata operations across every industry that handles digital files. It supports over 400 file formats and can read, write, and remove thousands of distinct metadata tags. No other tool comes close to its breadth.

The tool has never been involved in a security controversy or a trust incident. Phil Harvey has maintained it as a labor of love alongside his academic career, with no commercial pressure to compromise the tool's integrity. The ExifTool community is active and reports format support gaps and parsing issues, which Harvey addresses in frequent updates (new versions are released approximately monthly). The tool's inclusion in professional forensics toolkits and its recommendation by organizations like the Freedom of the Press Foundation speak to its reliability.

ExifTool's primary interface is the command line, which is a barrier for non-technical users. The basic commands are straightforward — exiftool -all= photo.jpg removes all metadata from a photo — but the command-line requirement means you need to be comfortable opening a terminal and typing commands. The documentation is comprehensive but dense, reflecting the extraordinary breadth of supported formats and metadata tags.

For users who are uncomfortable with the command line, several GUI wrappers exist: ExifToolGUI for Windows, ExifCleaner (a cross-platform Electron app), and jExifToolGUI (Java-based, cross-platform). These provide point-and-click metadata viewing and removal. However, the core ExifTool command line is worth learning because it is scriptable — you can set up a one-liner that strips all metadata from every file in a folder, which you can run as a habit before sharing anything.

ExifTool runs on Windows, macOS, Linux, and any other system that supports Perl (which is essentially every Unix-like system). The macOS and Linux versions can be installed via Homebrew (brew install exiftool) or the system package manager (apt install exiftool). The Windows version is a standalone executable that requires no installation.

There is no native mobile app, but metadata can be stripped on mobile using GUI tools that wrap ExifTool's functionality, or by using apps like Scrambled Exif (Android) or Metapho (iOS) that perform similar metadata removal. For a thorough metadata workflow, process files on a desktop or laptop where ExifTool's full capabilities are available, and transfer the cleaned files to your phone for sharing.

ExifTool is completely free. There is no paid version, no premium features, no subscription, and no donation requirement. The tool has been free for its entire 21-year existence. Phil Harvey accepts donations through the ExifTool website, but the software is fully functional without any payment.

The zero-cost model means there is no financial relationship between you and the developer, no payment record, and no identity exposure. You can download ExifTool from the official website, from GitHub, or from your operating system's package manager. All distribution channels are free and require no account creation (beyond whatever account your package manager uses).

On macOS, open Terminal and run brew install exiftool (requires Homebrew; if you do not have Homebrew, install it from brew.sh first). On Linux, run sudo apt install libimage-exiftool-perl (Debian/Ubuntu) or the equivalent for your distribution. On Windows, download the Windows executable from exiftool.org, extract it, and rename exiftool(-k).exe to exiftool.exe. Place it in a folder that is in your system PATH, or navigate to its folder in Command Prompt.

To verify installation, open a terminal and run exiftool -ver. You should see the version number. Now test it: take a photo with your phone, transfer it to your computer, and run exiftool photo.jpg. You will see all the metadata embedded in the photo — GPS coordinates, device model, timestamps, camera settings, and potentially your name. This is what anyone who receives your unprocessed photos can see.

To strip all metadata from a single file: exiftool -all= photo.jpg. To strip metadata from every file in a folder: exiftool -all= -r /path/to/folder/ (the -r flag processes subdirectories recursively). To strip metadata while preserving the file's original date: exiftool -all= -overwrite_original -P photo.jpg. Make this a habit: before sharing any file — photo, document, PDF, video — run it through ExifTool. For convenience, create a shell alias: add alias cleanmeta='exiftool -all= -overwrite_original -r' to your shell profile, then simply run cleanmeta filename or cleanmeta foldername before any file leaves your device. In a crisis, this three-second step can prevent catastrophic location exposure.