Metadata Stripping: How to Remove Hidden Data from Files

Every file you create contains more information than you can see. A photograph you share may contain the exact GPS coordinates where it was taken, the serial number of the camera that took it, and the precise timestamp down to the second. A Word document may contain the names of every person who edited it, revision history showing deleted text, and the organisation name from the software licence. This hidden layer of data is called metadata, and it has exposed sources, compromised identities, and undermined privacy in ways that content inspection alone never could.

What metadata is and where it lives

Metadata is data about data — information embedded in a file that describes the file itself rather than its content. Different file types carry different kinds:

• EXIF in photographs: Camera make and model, serial number, lens information, shutter speed, aperture, ISO, GPS coordinates (latitude, longitude, altitude), timestamp, and sometimes the name from the camera's owner settings.
• Document metadata: Author name, organisation, creation date, modification date, total editing time, revision number, names of previous editors, and in Microsoft Office formats, tracked changes including deleted text that is not visible in the document.
• PDF metadata: Author, creator application, producer, creation and modification timestamps, and sometimes embedded document properties that survive from the source file.
• Audio and video: Recording device, encoding software, GPS data if recorded on a mobile device, artist/album fields, and creation timestamps.

Real cases where metadata caused serious harm

In 2012, John McAfee, the software entrepreneur, was a fugitive from Belizean authorities. He gave an interview to Vice magazine and allowed them to publish a photo of him taken on an iPhone. The iPhone embedded GPS coordinates in the EXIF data of the image. Vice published it without stripping the metadata. Journalists examining the published image extracted the coordinates and determined his location in Guatemala within hours. McAfee was found and detained.

In earlier WikiLeaks releases, documents published with tracked changes intact revealed edits and comments that pointed toward the identity and institutional location of sources. The content was sensitive; the metadata was potentially identifying. Stripping metadata before publication is now standard practice in responsible investigative journalism.

These are documented public cases. For every one that becomes public, there are many more that don't.

Tools for stripping metadata

Several reliable tools exist for removing metadata before sharing files:

• ExifTool: The most comprehensive metadata tool available. Cross-platform (Windows, macOS, Linux), command-line based, capable of reading and removing metadata from hundreds of file formats. A single command strips all EXIF from a photo: exiftool -all= filename.jpg. It can process entire directories recursively.
• MAT2 (Metadata Anonymisation Toolkit 2): A Linux tool specifically designed for privacy-conscious metadata removal. Supports PDF, Office documents, images, audio, and video. Included by default in Tails OS.
• Tails OS: The Tails live operating system includes MAT2 and integrates metadata stripping into its file manager — right-clicking a file offers a "Remove metadata" option. Files shared from Tails via its onion services integration are stripped automatically.
• mat2 via command line: mat2 filename.pdf produces a cleaned copy alongside the original, never modifying the original in place.

Stripping metadata from photographs

Modern smartphones embed substantial metadata in every photo. Both iOS and Android offer some built-in stripping capability, but with limitations. iOS "Share" functions offer an option to remove location data when sharing, but this does not remove all EXIF — camera model, timestamp, and other fields often remain. Android behaviour varies by manufacturer and app.

For reliable stripping, process photos with ExifTool or MAT2 before sharing. After stripping, verify the result by running ExifTool in read mode (exiftool filename.jpg) to confirm no residual fields remain. Note that stripping metadata does not remove embedded thumbnails in some formats — ExifTool handles these, but verify explicitly.

Stripping metadata from documents

Microsoft Word documents are among the most metadata-rich files in common use. Beyond author and date, .docx files in XML format contain revision history in their XML structure, comments (including resolved and deleted ones), and tracked changes. "Accept all changes" removes visible markup but does not remove the underlying XML history.

The correct approach: export to PDF using a tool that strips metadata (not "Save as PDF" in Word, which preserves much of it), then process the PDF through MAT2 or ExifTool. Alternatively, copy the text content into a fresh document started in a privacy-conscious text editor, eliminating the history entirely. LibreOffice has a "Remove Personal Information" option under Tools that strips some fields, but is not comprehensive — external tools are more reliable.

Audio and video

Audio and video files recorded on smartphones often contain GPS data, device information, and timestamps. FFmpeg, the open-source multimedia tool, can strip metadata from most audio and video formats: ffmpeg -i input.mp4 -map_metadata -1 -c:v copy -c:a copy output.mp4. This removes metadata while re-muxing without re-encoding, preserving quality. Note that some codec headers (like H.264 HRD parameters) may contain indirect timing information that cannot be easily removed without re-encoding.

What metadata stripping cannot do

Removing metadata does not remove content. A photograph taken at a recognisable location still shows that location in its pixels. A face in an image is still a face. Content analysis by image recognition systems operates on the image itself, not its EXIF fields. Similarly, metadata stripping has no effect on network metadata — the fact that you sent a file to someone, at what time, from what IP address, is recorded at the network layer regardless of what the file contains.

A practical workflow for sensitive file sharing

For any file you share that could have privacy implications: strip metadata with MAT2 or ExifTool before it leaves your device, verify with a read pass that fields are gone, and transmit over an encrypted channel. For the most sensitive cases, do this from a Tails session on a Norypt Live USB — Tails includes MAT2 by default, strips metadata from shared files automatically, and leaves no trace on the host machine when you're done.