ExifTool Review: The Scalpel for Your Digital Artifacts

You post the holiday photo to a forum, proud of the sunset. What you don’t see is the line riding along underneath it: the exact latitude and longitude where you stood when you pressed the shutter — which, on a photo taken in your back garden, is your front door. You shared a sunset. You also shared your home address, your phone model, and the minute you were standing there. Nobody warned you, because the file does the talking on your behalf, quietly, every single time you send it.

The short version: ExifTool is a free, open-source command-line program by Phil Harvey that reads and removes the hidden metadata baked into your files — GPS coordinates, device IDs, timestamps, author names. It handles over 150 formats: photos, videos, audio, PDFs, Office documents. One command, `exiftool -all= photo.jpg`, wipes the lot; `exiftool -gps*= photo.jpg` surgically removes only location. It runs on Windows, Mac, and Linux, costs nothing, and has no telemetry. The trade-off is the terminal — there’s no point-and-click window by default. If you process files in bulk or need to keep some fields while killing others, ExifTool is the most capable option there is. If you clean one phone photo a month, a simple GUI tool is gentler.

What is file metadata, and why does it expose you?

Metadata is data about your data — the invisible margin notes every file writes about itself. Take a photo on your phone and the image carries far more than pixels: the GPS coordinates of where you stood, the exact camera model, the timestamp down to the second, often a unique device identifier. PDFs embed author names, creation dates, and the software that made them. Office documents tuck editing history into their XML. Every file is a small confession of its own origins.

Here’s where it stops being trivia. That vacation photo you upload to a forum leaks your home via its GPS tag. A journalist’s document metadata can betray a source’s location. A remote worker’s exported file quietly reveals their system configuration to whoever receives it. None of this is hypothetical — advertisers and data brokers buy this layer by the terabyte, precisely because most people don’t know it’s there to remove.

The reach is wider than photos, too. A PDF you email a client carries the name of whoever authored it, the exact software version that produced it, and often a creation timestamp that contradicts the date on the page. A screenshot can embed the device it was taken on. Even a “clean” Office document hides revision data in its XML — earlier wording, deleted names, the comments you thought you’d removed. Every file you share is quietly narrating its own history to anyone curious enough to read the margin.

Your files are autobiographical whether you want them to be or not — the only question is whether you get to edit the autobiography. Most people never realise there’s an autobiography to edit at all, which is exactly why the leak is so reliable and so quiet.

The real problem isn’t the data. It’s that you never get asked.

Most privacy advice tells you to lock down the obvious doors: the account, the password, the app permissions. Meanwhile, the leak with the longest reach is the one nobody mentions — the data your files emit after they leave you, on a forum, in an email, in a shared drive, long after you’ve forgotten you sent them.

That’s the design flaw worth naming. Your camera, your phone, your word processor all default to maximum disclosure. They embed everything they know, silently, and the burden of un-saying it falls entirely on you — but only if you know it’s happening. The software industry calls this “rich metadata.” From where you sit, it’s a tracking layer you never opted into and were never shown how to strip.

ExifTool’s whole point is to flip that default. It hands you the editing pen: see exactly what your file is saying, then decide — keep the timestamp, kill the GPS; keep the EXIF, wipe the XMP. The reframe is small but total. Metadata isn’t something that happens to you. It’s something you’re allowed to control — the moment you have a tool that shows it to you.

How does ExifTool work, and what can it actually do?

ExifTool is command-line software written in Perl by Phil Harvey, maintained for over twenty years. You give it a file path and a command; it reads the metadata structure, edits it, and rewrites the file — or, better, writes a clean copy and leaves your original untouched. It understands over 150 formats natively: JPEG, PNG, GIF, TIFF, MP4, MOV, WAV, FLAC, PDF, Office documents, and a long tail of obscure ones.

The first move is almost embarrassingly easy. Before you change anything, you look:

• See everything a file is carrying: `exiftool photo.jpg`
• Strip all metadata into a new clean file: `exiftool -all= -o cleaned.jpg photo.jpg`
• Remove only GPS while keeping camera info: `exiftool -gps*= photo.jpg`
• Clean an entire folder recursively: `exiftool -all= -r /path/to/folder/`
• Verify a cleaned file is actually clean: `exiftool cleaned.jpg`

That verify step is the one most people skip and shouldn’t. Stripping metadata you can’t confirm is gone is just hope with extra steps — always re-run ExifTool on the output before you share anything sensitive. Save your common commands to a small script file and you never have to memorise the syntax; the official documentation has over a hundred worked examples to copy from.

ExifTool strengths and trade-offs: an honest verdict

The case for it is straightforward, and it’s a strong one.

• Format coverage: 150+ types. Most GUI tools handle images only. ExifTool strips metadata from videos, audio, PDFs, and Office files in the same breath.
• Precision: you’re never forced into all-or-nothing. Keep what’s harmless, remove what identifies you. Selective removal is built in, not bolted on.
• Batch speed: one command cleans hundreds of files, recursively, in seconds on ordinary hardware.
• Auditable: the source is open Perl you can read, verify, or fork. No black box to trust on faith.
• No cost, no ads, no upsell: free under Perl’s Artistic License, with no telemetry and no premium tier dangling features.

Now the honest other side, because the version of this review that pretends there’s no downside isn’t worth reading. ExifTool has a real learning curve — there is no window, you type commands, and if you’ve never opened a terminal it feels cold at first. That same power can bite: write to the wrong tag or skip the `-o` flag and you can corrupt or overwrite a file. Third-party GUI wrappers exist for Windows and Mac, but they vary in quality and rarely expose every feature.

So the verdict, plainly: if you handle files in bulk, work across formats, or want to keep some fields while removing others, ExifTool is the right tool and nothing else comes close. If you clean one phone photo a month and the terminal makes you wince, a simple GUI stripper is the kinder choice — you’re trading a little control for a lot of comfort, and that’s a fair trade for low-stakes files.

How do you install ExifTool and clean your first file?

The setup is short, and you should do it on a copy before you ever touch a file that matters. Download only from the official source, exiftool.org, to avoid tampered builds. On Windows, extract the ZIP and either add the folder to your system PATH or run it from the folder directly. On Mac, the cleanest route is `brew install exiftool`; on Linux, your package manager will have it, or you extract and move it into `/usr/local/bin`. Confirm it’s live by opening a terminal and typing `exiftool -ver` — a version number means you’re ready.

Then the workflow is three calm steps. Look first: `exiftool filename.jpg` prints everything the file is carrying, so you see the GPS line, the device string, the timestamps before you decide what to cut. Clean to a new file: `exiftool -all= -o cleaned.jpg filename.jpg` writes a stripped copy and leaves your original untouched. Verify: `exiftool cleaned.jpg` should come back empty or near-empty. For a whole folder, `exiftool -all= -r /path/to/folder/` handles it recursively in one pass. Save your three or four common commands into a small script file and you never have to memorise the syntax again — the official documentation has over a hundred examples to lift from.

There’s one trap worth naming up front. ExifTool clears the standard fields — EXIF, IPTC, XMP — and most awkward ones, but a handful of proprietary or newer formats hide data in places it doesn’t reach: some Office documents tuck it into XML, some PDFs into object streams, some videos into codec-specific blocks. For anything genuinely sensitive, verify the output rather than trusting it, and for a stubborn Word file, opening and re-saving it in LibreOffice usually clears whatever survived.

Frequently asked questions

How do I know ExifTool removed all the metadata?
Run `exiftool cleaned_file.jpg` on the output. If the metadata section is empty or shows only minimal system fields like file type, you’re clean. For peace of mind on sensitive files, check a second time with an independent metadata viewer, or inspect the file in a hex editor.

Can ExifTool damage my files?
Yes, if misused — its flexibility is also its risk. Always write to a new file with the `-o new_filename` flag so your original survives, and avoid `-overwrite_original` until you’re confident. Test on a copy first, every time.

Does ExifTool work on videos and audio, not just photos?
Yes. It handles MP4, MOV, AVI, MKV, WAV, FLAC, MP3, and many more. The command is identical: `exiftool -all= video.mp4`. Some video codecs store data in non-standard places, so verify the result afterwards.

Is ExifTool safe to run, or could it carry harmful software?
It’s open-source and has been reviewed by the security community for over twenty years. Download only from the official source, exiftool.org, and if you’re cautious you can audit the readable Perl yourself. No telemetry, no phoning home, no tracking.

You started reading because a file did something behind your back. Now you can see exactly what it says before it leaves your hands — and decide, field by field, what the world gets to know about where you were and what you used. That’s the whole shift. You’re not the person whose photos quietly narrate their own GPS history any more. You’re the one holding the scalpel.

Related reading: Mullvad VPN Review and Umbrel Review 2.0.

📚 More in Digital Sovereignty