Which Social Media Networks Remove EXIF Data?
Privacy, Technology
The Test
I uploaded a photo and video to a number of social media and blogging sites and then checked to see if the metadata was present or removed using Exiftool.
As shown below, the EXIF data within the test video file contains not only the time and date the clip was taken, but also the GPS location and the software version of the iPhone that took it:
steven@stevens-mbp: exiftool IMG_0183.MOV
...
GPS Coordinates : 51 deg 18' 39.60" N, 0 deg 0' 9.72" E, 145.068 m Above Sea Level
Make : Apple
Model : iPhone 11 Pro
Software : 14.0.1
Creation Date : 2020:10:10 10:03:17+01:00
Image Size : 1920x1080
Megapixels : 2.1
Avg Bitrate : 7.9 Mbps
GPS Altitude : 145.068 m
GPS Altitude Ref : Above Sea Level
GPS Latitude : 51 deg 18' 39.60" N
GPS Longitude : 0 deg 0' 9.72" E
Rotation : 90
GPS Position : 51 deg 18' 39.60" N, 0 deg 0' 9.72" EResults
| Social Network | Photo (Mobile) | Video (Mobile) | Photo (Web) | Video (Web) |
|---|---|---|---|---|
| Discord | ✔️ | N/A | ✔️ | ✔️ |
| GitHub (Comments) | N/A | N/A | ❌ | N/A |
| GitLab (Comments) | N/A | N/A | ✔️ | N/A |
| Google Chat | ✔️ | ❌ | ❌ | ❌ |
| Imgur | ✔️ | N/A | ✔️ | ✔️ |
| ✔️ | ✔️ | ✔️ | ✔️ | |
| Medium | ✔️ | N/A | ✔️ | N/A |
| Microsoft Teams | ✔️ | ❌ | ❌ | ❌ |
| ✔️ | N/A | ✔️ | N/A | |
| Signal | ✔️ | ✔️ | N/A | N/A |
| Slack | ✔️ | ❌ | ✔️ | ❌ |
| Strava | ✔️ | N/A | ✔️ | N/A |
| Telegram | ✔️ | ✔️ | ❌ | ❌ |
| Tumblr | ✔️ | ✔️ | ✔️ | ✔️ |
| ✔️ | ✔️ | ✔️ | ✔️ | |
| ✔️ | ✔️ | ✔️ | ❌ | |
| Wire | ❌ | ❌ | ❌ | ❌ |
| Yammer | ✔️ | ❌ | ❌ | ❌ |
Conclusion
Overall, 11 out of the 18 tested applications successfully removed the location data from the test files. Interestingly there was a noticeable difference between the mobile and web results. For example, Telegram scrubbed the EXIF data from the photo and video when uploaded from the app, but failed to remove the location data when uploading the same files through the web interface.
Discord, GitLab, Imgur, LinkedIn, Medium, Reddit, Signal, Strava, Tumblr and Twitter all managed to remove the location data. However, the worst performer was the encrypted messenger app Wire, which didn't scrub metadata.