Pretty much everyone has posted a photo online at some point. Images are everywhere — woven into social media, ID systems, and even surveillance. But here’s the question: why should you care about your photos floating around online?
Because photos carry more than just memories.
Stolen photos can be misused for identity theft, scams, or deepfakes. Kids’ photos are especially sensitive: a stolen identity might not be discovered until years later, when that “first bank account” moment turns into a nasty surprise. And even if no scammer is involved, platforms and data brokers are eager to mine your pictures for more than smiles.
So yes, scrubbing data from your photos is smart. And so is rethinking when and where it’s worth posting them at all.
Active vs. Passive Data in Photos
In our article Your Data Footprint: The First Step to Staying Safer Online, we broke data down into:
Active data: what you mean to share — the visuals in the frame. The funky thrift store find, your dog asleep on the couch, or the funny sign you spotted downtown.
Passive & Metadata: what you don’t mean to share — the information baked into the file itself. This includes your camera or phone model, GPS location, and the date and time the picture was taken. Collectively, this metadata is called EXIF data.
Platforms handle this differently. When you upload to Facebook or Instagram, they strip out EXIF before publishing, but they still keep some of it. A 2019 Consumer Reports article quoted a Facebook representative saying they collect “information like the make and model of the device used to take the photo, the camera settings, and the date the photo was taken… to make your experience better and to keep people safe.”
When you store photos with Apple or Google, EXIF is preserved. Google in particular scans every photo uploaded, and reserves the right to use that data to personalize services, improve products, and build detailed profiles. They may not serve you ads based on EXIF — but that doesn’t mean they’re not quietly using (or sharing) the data.
And it’s not just about big platforms. Selling a kid’s bike on Craigslist and emailing extra photos to a buyer? You could also be handing them the GPS coordinates of your driveway.
A note about OSINT
OSINT (open-source intelligence) is the practice of piecing together data trails. Something as innocent as a parent posting “Happy 6th Birthday to Emily!” gives away names, ages, and relationships. And people often recycle that same info into their passwords. Sharing photos = sharing puzzle pieces, and you can’t always control who’s putting the puzzle together.
What can you do?
For Active Data (what you choose to share)
Think before you caption: “Me and my brother Mike!” gives away names and relationships attackers love.
Crop carefully: Check the background for mail, street signs, or anything that reveals more than you intend.
Set boundaries with friends & family: Make sure grandparents and cousins know not to overshare photos of your kids or your home, and that they know good metadata cleaning techniques (more on that below).
For Passive Data / EXIF Metadata (what your device adds automatically)
Scrub the metadata: Use a tool like PrivMeta to wipe EXIF data before posting. It works offline and is open source. Bonus: it’s free to use.
Use the screenshot trick: Take a screencap of the photo before sharing — screenshots don’t carry EXIF data.
Be cautious with direct sends: Remember, emailing or texting photos often sends EXIF too.
Platforms are not posterity
A friend once told me their family treats Facebook like a scrapbook. The idea is sweet — but risky. Platforms monetize your history, and they can rearrange, block, or delete it at any time. If you want a real archive, store photos on external drives (or go old-school and print them into an actual scrapbook).
ADVERTISEMENT
Posterity without the peeping.
If you’re stashing photos in the cloud, you don’t want Big Tech pawing through your pictures. Proton Drive keeps your memories locked down with end-to-end encryption—meaning not even Proton can peek. Share albums with a link that you control (passwords, expiration dates, the works), and skip the whole “data-mined for ad targeting” vibe. Your photos stay yours.
Get 5 GB free (roughly 1,000 photos, depending on how trigger-happy your camera roll is). Or level up with 200 GB, enough for about 40,000 photos, at 60% off the annual plan.
Join us for tea!
CybersecuriTea is a free, plain-English guide to digital safety, designed for families, friends, and the folks you love. Subscribe today and get weekly tips to help keep your digital life secure.
Or, if you’d like to support our work and keep the kettle warm for everyone:
Issue # 18
This content may contain affiliate links. If you choose to sign up or make a purchase through them, we may earn a small commission, at no additional cost to you. Thank you for supporting CybersecuriTea.
