Camera serial numbers — the EXIF fields that link photos to a specific body

Among the dozens of fields in a typical EXIF block, six can pin a photo to one specific piece of hardware. Five are standardised in the EXIF specification and visible to any reader; one hides inside the vendor's private MakerNote section and needs per-vendor knowledge to decode. Together they form the strongest forensic link an unedited photo carries.

BodySerialNumber — the camera fingerprint

Tag 0xA431 in the EXIF SubIFD. ASCII string, usually 6–12 characters, matching the serial number etched on the bottom of the camera or printed inside the battery compartment. Set automatically by the camera firmware on every capture; the photographer cannot disable it without third-party firmware mods.

A real-estate photographer with 8,000 published listing photos has 8,000 receipts pinning every photo to the same body. Buy that camera used five years later, post one photo, and the photo links cleanly to the seller's archive. The 2012 John McAfee Belize incident is the famous parallel for EXIF leaks — though that one rode on the GPS coordinates embedded in a Vice photo, not the serial number; the linkage principle is the same.

LensSerialNumber — paired evidence

Tag 0xA435. Same idea, for the attached lens. Mirrorless and DSLR bodies log the lens serial alongside the body serial on every shot. A photo from a Sony A7 IV with a 24-70 GM II lens carries both BodySerialNumber: "S01 7012345" and LensSerialNumber: "0000026543". Two independent identifiers; matching even one across two photos is suggestive, matching both is decisive.

Smartphone cameras don't have detachable lenses, so this tag is empty or absent on iPhone and Android photos.

CameraOwnerName — the friendly leak

Tag 0xA430, ASCII free-text. Some cameras (notably Canon DSLRs and mirrorless) let the user fill in their name in the camera menu — typically labelled "Owner Info" or "Copyright". Once set, every photo carries the string. People register their full name plus email; the field then ends up in every photo they ever publish. Our viewer surfaces this prominently because it's the loudest privacy leak the field set has.

ImageUniqueID — the fallback

Tag 0xA420, a 32-character hexadecimal string. Specified in EXIF 2.2 (2002) as a globally unique ID for the image. Cameras that bother to write it usually combine the body serial number with a counter, so two photos from the same body share a prefix. Less universally implemented than BodySerialNumber but worth checking — when present, it offers a second linkage signal.

Who actually writes these

• Canon — writes BodySerialNumber on most DSLR and mirrorless bodies since the early 2010s. Also keeps a separate InternalSerialNumber in the Canon MakerNote (factory-burned, harder to spoof) and a ShutterCount on supported bodies.
• Nikon — writes BodySerialNumber on most pro and prosumer bodies. The MakerNote also carries a shutter count under ShutterCount.
• Sony — partial: many bodies write BodySerialNumber, others leave it blank. LensSerialNumber is more consistent.
• Fujifilm, Panasonic, Olympus/OM — write the standard EXIF tags but vary by model.
• Smartphones (iPhone, Pixel, Samsung) — almost never write BodySerialNumber. The phone has a serial, but the camera firmware doesn't expose it in EXIF. Apple writes a build identifier in Software instead, which is less unique but still a soft fingerprint.

How our viewer shows them

The Web Worker walks the EXIF SubIFD and surfaces all six standard tags as a "Camera identification" group when any of them is non-empty. Vendor-specific MakerNote serials (Canon InternalSerialNumber, the encrypted Nikon serial blob, Sony partial fields) are decoded when our metadata reader has the vendor schema, displayed as raw hex when it doesn't. If any of these fields are present and you're about to publish the photo somewhere public, our separate stripping tool can clear them.