What is EXIF — the invisible notebook inside every photo
Every photo from a modern camera or phone carries a hidden block of structured data describing how the picture was taken. Camera body, lens, shutter speed, aperture, ISO, white balance, the exact second the photo was captured, often a GPS coordinate, sometimes the camera's serial number. This block is called EXIF — the Exchangeable Image File Format, originally specified by JEIDA in 1995 and updated through the 2010s.
It is invisible. Open the photo in a viewer, you see pixels. Open it in our viewer, you see the notebook the camera kept while you weren't looking.
Where it lives in the file
A JPEG is a sequence of marker segments — two-byte tags starting with FF followed by their payload. The first marker is always FF D8 (SOI, Start Of Image). Right after it, most cameras emit an FF E1 marker — APP1 — whose payload begins with the literal six-byte string "Exif\0\0" followed by a complete TIFF Image File Directory. That TIFF IFD is the EXIF data.
The EXIF block is internally structured exactly like a small TIFF file: an 8-byte header, then a numbered list of tagged fields, each carrying a type (byte, short, long, rational, ASCII string), a count, and a value or offset to the value. Sub-IFDs branch off for camera-specific data (the SubIFD), GPS coordinates (the GPS IFD), and interoperability info.
The fields nearly every photo has
Make/Model— manufacturer and camera body. "Apple / iPhone 14 Pro", "SONY / ILCE-7M4", "NIKON CORPORATION / NIKON Z 8".DateTimeOriginal— when the shutter fired, in the camera's local clock."2024:08:15 14:32:18". Distinct fromDateTime(file-modification) andCreateDate(digitization).FNumber/ExposureTime/ISO— the exposure triangle, stored as rationals: f/1.78 is89/50, 1/120 second is1/120, ISO 100 is100.FocalLength— lens focal length in millimetres at the moment of capture.FocalLengthIn35mmFormatnormalises it across sensor sizes.WhiteBalance/ExposureMode/MeteringMode/Flash— what the camera was doing automatically.Software— firmware version on the camera, or the editing app that last saved the file. A photo withSoftware: Adobe Photoshop 25.5almost certainly went through editing.
Optional but very frequent
- GPS IFD —
GPSLatitude,GPSLongitude,GPSAltitude,GPSDateStamp. Phones write these by default unless the user has explicitly disabled location for the camera app. - Lens info —
LensMake,LensModel,LensSerialNumber. Mirrorless and DSLR bodies log the attached lens; phones identify which of the three rear cameras shot the frame. - Serial numbers —
BodySerialNumber,InternalSerialNumber. Unique per camera body. Forensically relevant. - Embedded thumbnail — a 160×120 JPEG rendered at capture time, stored inside the EXIF block. Survives crops and filters in some apps.
How our viewer reads it
You drop a file onto the page. The browser hands it to a Web Worker that runs a WASM-bundled metadata reader entirely on your device. The worker walks the JPEG marker chain, finds APP1, parses the embedded TIFF IFD, walks any sub-IFDs (EXIF, GPS, Interop, MakerNotes), groups the results, and posts them back to the main page where they fill the table you see. The original file never leaves your browser.
The same reader handles HEIC, PNG, WebP, AVIF, GIF, MP4/MOV, and PDF — each of those formats has its own container, but the metadata structures inside (TIFF-style IFDs, XMP packets) are largely the same once you find them.
Why any of this matters
EXIF is harmless when you control where the photo goes. It is sensitive when you don't. A real-estate photographer's portfolio leaks the camera's serial number with every upload — every photo you've ever published is linkable to every other through that number. A "leaked" anonymous source's screenshot reveals their phone model, OS version, and timezone. A protest photo carries the GPS coordinate of the moment it was taken. None of this is hypothetical — see the OSINT literature for case studies.
Reading what's there is the first step. Stripping what shouldn't be there is the second; we have a separate tool for that.