The photo you just uploaded has your home address in it

The GPS Image File Directory is a sub-block of EXIF that camera phones write by default whenever location services are enabled for the camera app. It records latitude, longitude, altitude, heading, and the timestamp from the satellite fix at the moment the shutter fired. The block is small — under 200 bytes — and undetectable from looking at the photo. Forensic investigators, OSINT researchers, stalkers, and curious strangers all read it the same way.

How the coordinates are stored

EXIF doesn't use signed decimal degrees. It stores latitude and longitude as three rational numbers — degrees, minutes, seconds — and a separate one-letter reference tag declaring hemisphere. London's Trafalgar Square at 51.5074° N, 0.1278° W comes out as:

GPSLatitudeRef:  "N"
GPSLatitude:     51/1, 30/1, 265/10     (51 degrees, 30 minutes, 26.5 seconds)
GPSLongitudeRef: "W"
GPSLongitude:    0/1,  7/1, 399/10      (0 degrees,  7 minutes, 39.9 seconds)

The conversion to decimal is straightforward: deg + min/60 + sec/3600, then negate if the reference is "S" or "W". Our viewer does this automatically and shows both the raw rational form and the decoded decimal.

The other GPS fields

• GPSAltitude + GPSAltitudeRef — height above (0) or below (1) sea level, in metres. Indoor photos still report altitude — the GPS chip uses barometric or assisted-GPS estimates.
• GPSDateStamp + GPSTimeStamp — the satellite-clock UTC time. Independent of the camera's local clock, useful for catching a wrong timezone or a deliberately altered DateTimeOriginal.
• GPSImgDirection + GPSImgDirectionRef — compass bearing the camera was facing, in degrees. "T" means true north, "M" means magnetic.
• GPSSpeed, GPSSpeedRef — speed at the moment of capture, useful for distinguishing photos taken from a moving train, car, or plane.
• GPSDestLatitude, GPSDestLongitude — historical, almost never written by phones. Cameras with route-planning software write them.

Reverse geocoding takes about 30 seconds

Given decimal coordinates, an OSINT researcher does the following:

1. Paste lat/lng into a reverse-geocoding API — Nominatim (OpenStreetMap), Google Maps, Mapbox. Returns a structured address: street, city, country.
2. Compare with the timestamp: was this taken at 02:00 local time? At a residential address? That's likely a home.
3. Cross-reference multiple photos from the same source. A pattern of GPS pins clustered around one address, with timestamps spread across many days, identifies a residence.
4. Use GPSImgDirection + Street View to visually confirm the building. The compass bearing tells you which façade was photographed.

What our viewer shows for GPS

When the GPS IFD is present, our viewer lists every tag in the standard table — GPSLatitude, GPSLongitude, GPSAltitude, and the rest — alongside the decoded values ExifTool produces. Copy the latitude/longitude into any map and you'll see exactly what the file is broadcasting. If your goal is privacy, this is the worst-case preview — anyone who downloads the file sees what we just showed you.

How to stop it (briefly — see the strip-EXIF article)

Three places to act, in order of effectiveness:

1. At capture: turn off location services for the camera app. iOS: Settings → Privacy → Location → Camera → Never. Android varies by manufacturer. The photo simply has no GPS IFD to begin with.
2. Before sharing: strip the file. iOS Share Sheet has an "Options → Location" toggle since iOS 13. Android's Files app has metadata-strip on most modern builds. Or use a dedicated stripper.
3. Trust the platform: most large social networks strip GPS from public images on upload — but some (Telegram in "send original" mode, file-sharing CDNs, Discord attachments) preserve it. See the social-media article for the full table.