GPS Coordinates in Your Photos: How a Single Image Can Reveal Your Home Address
Your smartphone embeds GPS coordinates in every photo by default. Learn how EXIF location data works, real cases where it exposed people's addresses, which platforms strip it, and how to protect yourself.
Published March 19, 2026 · Updated March 19, 2026
In 2012, the technology journalist and programmer Ben Jackson demonstrated something that should have changed how everyone thinks about sharing photos online. He built a website that pulled public photos from Twitter, extracted the GPS coordinates embedded in the images, and plotted them on a map. The result was a real-time feed showing exactly where Twitter users were located when they took each photo, often precise enough to identify the specific building they were in.
The site was a proof of concept, designed to raise awareness. But it revealed a reality that persists today: every time you take a photo with your smartphone, you are likely recording your precise geographic coordinates and embedding them in the image file. When you share that image without stripping this data, you are broadcasting your location to anyone who knows how to check.
This is not a niche concern. Billions of photos are shared online every day, and the vast majority of smartphones record GPS data in photos by default. Understanding how this works, and how to protect yourself, is essential.
How GPS Data Gets Into Your Photos
Every modern smartphone contains a GPS receiver. When you open the camera app, the phone queries this receiver and obtains your current coordinates, typically accurate to within 3 to 5 meters under open sky and within 10 to 15 meters indoors (using Wi-Fi and cell tower triangulation when GPS signals are weak).
These coordinates are written into the photo file as part of the EXIF (Exchangeable Image File Format) metadata. EXIF is a standard that dates back to 1995, originally designed to help photographers record camera settings like aperture and shutter speed. Over the decades, the standard expanded to include far more data, and GPS coordinates became a standard field.
The GPS data stored in EXIF is remarkably detailed. It includes latitude and longitude (typically to six decimal places, which represents sub-meter precision), altitude above sea level, the direction the camera was pointing (compass bearing), the speed of movement if you were in a vehicle, a precise UTC timestamp, and the GPS datum used (almost always WGS 84, the standard used by consumer GPS).
Six decimal places of latitude and longitude resolves to approximately 0.11 meters, or about 4 inches. In practice, consumer GPS accuracy is lower than this theoretical precision, but the coordinates in your photos are routinely accurate enough to identify which room of a building you were in.
What Six Decimal Places of Precision Actually Means
To understand the privacy implications, it helps to think about what different levels of coordinate precision reveal.
Two decimal places of latitude and longitude narrows your location to roughly a 1-kilometer area. That is enough to identify your neighborhood but not your specific building.
Four decimal places narrows it to about 11 meters. That is enough to identify the specific building, and often the specific entrance, you were at.
Six decimal places, which is what most smartphones record, narrows it to about 0.1 meters. That is enough to identify which side of a room you were standing on.
When you share a photo taken at your home, you are sharing coordinates that, when entered into any mapping service, will place a pin on your property with enough accuracy to identify the building. If you share multiple photos taken at home over time, the pattern confirms it as your residence rather than a one-time visit.
Real Cases Where GPS Photo Data Caused Harm
The risk of GPS data in photos is not theoretical. There is a documented history of this data being exploited, sometimes with serious consequences.
Stalking and harassment
Law enforcement agencies have reported cases where stalkers used GPS data extracted from photos posted on social media, dating profiles, and messaging platforms to locate their victims. In some cases, a single photo posted from the victim's home was sufficient to obtain the address. Domestic violence organizations specifically warn clients to disable location tagging on their phones and to strip EXIF data from any photos shared online.
Burglary targeting
Photos posted on social media while on vacation can confirm to a potential burglar that you are away from home. But the risk is more specific than that. GPS data in photos posted from your home reveals the address. GPS data in vacation photos reveals that you are currently elsewhere. The combination is a precise signal that a specific, identified home is currently unoccupied.
Military and intelligence exposure
In 2007, a group of U.S. military helicopters arrived at a base in Iraq. Soldiers photographed the helicopters and posted the images online. The photos contained GPS coordinates that revealed the exact location of the helicopters on the base. Insurgents used this information to plan a mortar attack that destroyed four of the helicopters. The incident led to a Department of Defense directive restricting the use of GPS-enabled devices in operational areas.
More recently, the fitness tracking app Strava published a global heat map of user activity in 2018. The map inadvertently revealed the locations and layouts of military bases, secret facilities, and intelligence outposts in conflict zones, because personnel were using fitness trackers that recorded GPS coordinates during their exercise routines. The same principle applies to photos: GPS data reveals where people are, and in sensitive contexts, that information can be dangerous.
Celebrity and public figure doxing
Public figures, journalists, activists, and anyone with a public profile face targeted GPS extraction from their photos. Fans, stalkers, or adversaries systematically download photos and extract coordinates to build a map of the person's routine locations, including their home, workplace, gym, and frequented restaurants. Several high-profile cases have resulted in celebrities relocating after their home addresses were identified through photo metadata.
Child safety
Parents routinely share photos of their children on social media. If those photos contain GPS data, they can reveal the location of the child's home, school, or regular activities. Child safety organizations have raised alarms about this practice, noting that GPS data in photos provides precisely the kind of information that predators seek.
Which Platforms Strip GPS Data and Which Do Not
Not all platforms handle GPS metadata the same way. Understanding which services strip EXIF data and which preserve it is critical for protecting your location.
Platforms that strip EXIF data on upload
Most major social media platforms remove EXIF metadata, including GPS coordinates, when you upload a photo. This includes Instagram, Facebook, X (formerly Twitter), TikTok, Snapchat, LinkedIn, and Reddit. These platforms strip the EXIF data from the version of the image that other users can download.
However, there is an important caveat: the platform itself typically reads and stores the GPS data before stripping it. Facebook, for instance, has used photo location data for ad targeting and content recommendations. Stripping EXIF data from the public copy does not mean the platform has not ingested the location information.
Platforms and methods that preserve EXIF data
Several common methods of sharing photos do NOT strip GPS coordinates. Email attachments preserve all EXIF data. The recipient can extract your GPS coordinates from any photo you email. Messaging apps, when sending photos "as a file" or "as a document" rather than as a compressed photo, typically preserve EXIF data. This includes WhatsApp's "send as document" option, Telegram's file sharing, and Signal's document attachment mode. Cloud sharing services such as Google Drive, Dropbox, and OneDrive preserve the original file including all metadata when you share a link. Forum uploads on many forums and community platforms do not strip EXIF data. Personal websites and blogs typically serve images as-is, with all metadata intact. Direct downloads from any site that hosts the original file will include the original EXIF data.
The distinction matters. Sharing a photo on Instagram strips the GPS data. Sending the same photo as an email attachment to a mailing list does not. The same image, shared two different ways, has two very different privacy profiles.
How to Check Your Photos for GPS Data
Before sharing any photo, especially one taken at a private location, you should verify whether it contains GPS coordinates.
On iPhone
Open the photo in the Photos app and swipe up on the image. If the photo contains GPS data, you will see a map showing where the photo was taken. You can also tap the info button (the "i" icon) to see detailed EXIF data.
On Android
Open the photo in Google Photos, tap the three-dot menu, and select "Details." The location section will show GPS coordinates and a map if the data is present. In the default Samsung Gallery app, swipe up on the photo to see location details.
On Windows
Right-click the image file, select "Properties," then go to the "Details" tab. Scroll down to the GPS section, which will show latitude, longitude, and altitude if present.
On macOS
Right-click the file and select "Get Info." The "More Info" section will show GPS coordinates if they exist. For more detail, open the image in Preview and select Tools, then "Show Inspector," then the GPS tab.
Using browser-based tools
If you want a more thorough EXIF inspection, browser-based metadata viewers can display every field in the EXIF data without uploading your photo to a server. This is important because the photo you are inspecting for sensitive location data is exactly the kind of file you should not be uploading to a third-party service. Tools like Fileza process files in your browser, meaning the image stays on your device while you inspect its metadata.
How to Protect Yourself
There are several layers of protection you can apply, from preventing GPS recording in the first place to stripping it before sharing.
Disable location tagging at the source
The most effective protection is to prevent GPS data from being recorded in the first place.
On iPhone, go to Settings, then Privacy and Security, then Location Services, then Camera, and set it to "Never." On Android, open the Camera app, go to Settings, and disable "Location tags" or "Save location." This prevents GPS coordinates from being written into future photos. Existing photos will retain their GPS data.
Be aware that this is a trade-off. Location data is genuinely useful for organizing your personal photo library. Disabling it means you lose the ability to browse photos by location in your Photos app. A middle-ground approach is to leave location tagging on for personal use but strip the GPS data before sharing any photo publicly.
Strip EXIF data before sharing
If you want to keep location tagging for personal organization but share clean photos publicly, strip the EXIF data before sharing. There are several ways to do this.
Converting the image to a different format using a browser-based tool like Fileza strips EXIF metadata during the conversion process. The output file contains the image pixels but not the original metadata. Because the conversion happens locally in your browser, you are not uploading the GPS-tagged photo to a server in the process of removing the GPS data.
On iPhone, you can strip location data when sharing by tapping the share button, then tapping "Options" at the top of the share sheet, and toggling off "Location." This removes GPS data from the shared copy while preserving it in your library.
On Windows, you can right-click the file, select "Properties," go to "Details," and click "Remove Properties and Personal Information." You can choose to create a copy with all possible properties removed.
Use the "send as photo" option in messaging apps
When sharing photos through messaging apps, use the standard photo-sharing option rather than "send as file" or "send as document." Most messaging apps compress the image and strip EXIF data when sending as a photo, but preserve all metadata when sending as a file.
Audit your existing online presence
If you have previously shared photos online without considering GPS data, it is worth auditing your existing posts. Check photos shared on platforms that do not strip EXIF data, such as personal blogs, forums, and cloud storage shared links. For any photos taken at your home or other sensitive locations, consider replacing them with versions that have had GPS data stripped.
The Broader Pattern
GPS data in photos is part of a larger pattern in which digital devices record far more information than users realize, and that information persists in files long after the moment it was captured. The same principle applies to document metadata, browser fingerprints, and analytics data. The common thread is that the data exists because it was useful for some legitimate purpose (organizing photos, improving camera settings, tracking device performance) but becomes a privacy risk when the file leaves your control.
The practical defense is consistent across all of these risks: process your files locally before sharing them. When you convert, resize, or compress an image using a browser-based tool, the output contains the visual content you intended to share and nothing else. No GPS coordinates, no device serial numbers, no timestamps, no camera model. The metadata is stripped as a natural consequence of the conversion process, and because it happens in your browser, the GPS-tagged original never leaves your device.
Your photos tell a story. The question is whether you are the one deciding what story they tell, or whether your phone's GPS receiver is adding chapters you never authorized.