You use Signal. You encrypt your hard drive. You use a VPN. You think you are invisible. But you are forgetting the one thing that has taken down more hackers, whistleblowers, and privacy advocates than any weak password: Metadata.
The Envelope vs. The Letter
Think of digital communication like a physical letter. Encryption scrambles the letter inside so nobody can read it. Metadata is the information written on the outside of the envelope.
Even if the NSA or Google can't read your message, they know:
- Who you sent it to.
- When you sent it.
- Where you were when you sent it.
- How large the message was.
Often, knowing that you spoke to a journalist or a competitor at 2:00 AM is enough to incriminate you, even if they don't know what was said.
Your Photos Are Snitching on You
The most common metadata leak comes from images. Every time you take a photo with a modern smartphone, it embeds EXIF data into the file. This can include:
- GPS Coordinates: Accurate to within a few meters of your home or hideout.
- Device Model: "Taken on Samsung S24 Ultra" (helps narrow down suspects).
- Shutter Settings: Technical details about the exposure.
If you upload that photo to a blog or send it via email without scrubbing it first, you are broadcasting your exact location to the world.
The Solution: ExifTool
As with most things, the best solution is a command-line tool. ExifTool is the gold standard for reading and manipulating metadata. It works on Linux, macOS, and Windows.
1. Check a File
To see what a file knows about you, run:
exiftool image.jpg
2. Nuke It All
To completely strip all metadata from a file (safe for public upload), use:
exiftool -all= image.jpg
This command replaces the original file with a clean version (and saves the original as image.jpg_original just in case).
A Note on PDF and Office Docs
It's not just images. PDF files and Word documents often contain the "Author" name (usually your actual name registered in the OS), creation dates, and edit times. Always scrub your documents before sharing them publicly.
Privacy isn't a product you buy; it's a process of cleaning up the digital breadcrumbs you leave behind.