Metadata Removal Tools: Strip What You Can't See

Metadata removal tools address the layer encryption never touched—EXIF in photos, PDF properties, office-document author fields, timestamps. People who nail message crypto still burn themselves on a single image leaking GPS and device model. Strippers like mat2 and ExifTool exist because that data is easy to forget pre-publish and impossible to recall after. Below: what surfaces, what to run, and how to bake removal into your workflow.

Why Metadata Is the Silent Killer — a Real Case

In 2012, Vice Media published a story about John McAfee that included photos taken by a journalist traveling with him while he was a fugitive. Those photos contained embedded EXIF data, including GPS coordinates. They revealed McAfee's location in Guatemala within hours of publication. He was found and detained shortly after.

This wasn't a cryptographic failure. It was EXIF data — the kind every smartphone camera embeds by default. The photos were published unmodified. That's all it took.

EXIF (Exchangeable Image File Format) data in a standard JPEG can include: GPS latitude and longitude accurate to meters, device make and model, software version, creation timestamp with timezone, and — on some Android devices — the serial number of the camera. A single photo can contain enough to locate a person, identify their device, and establish a timeline.

Your threat model determines how aggressively you need to sanitize. A photojournalist publishing to a major outlet has different requirements than a researcher posting to an academic forum. But the default should be: assume metadata is there, and remove it before sharing.

Step 1: Strip EXIF from Photos

mat2 is our recommendation for batch metadata removal on Linux and macOS. It's open-source, command-line first, and handles dozens of file types.

Install on Linux:

sudo apt install mat2

Install on macOS (via Homebrew):

brew install mat2

Strip metadata from a single file:

mat2 photo.jpg

mat2 creates a cleaned copy as photo.cleaned.jpg. The original is untouched. Inspect what was there before cleaning:

mat2 --show photo.jpg

For bulk operations across a directory:

mat2 *.jpg *.png

ExifTool by Phil Harvey is more powerful and handles more formats, including RAW camera files, video, and audio. It's the standard for forensic-grade metadata work.

# Install on macOS
brew install exiftool

# Remove all metadata from a file
exiftool -all= photo.jpg

# Remove all metadata from all JPEGs in a directory
exiftool -all= *.jpg

ExifTool modifies files in place by default and creates a backup with _original suffix. To skip backups: exiftool -overwrite_original -all= photo.jpg.

OS-level tools:

macOS: Right-click a photo in Photos app → Export → uncheck "Include location information." This removes GPS but not all EXIF. For full removal, use mat2 or ExifTool.
Windows: Right-click → Properties → Details tab → "Remove Properties and Personal Information." Better than nothing; not as thorough as mat2.
Signal and WhatsApp strip location metadata from photos before sending — but not other EXIF fields like device model. Don't rely on apps to sanitize on your behalf.

Step 2: Sanitize PDFs and Office Documents

PDFs and Word documents carry their own metadata layer: author name, organization, revision history, tracked changes, comments, and embedded paths that reveal your operating system's username or directory structure.

For PDFs:

# mat2 handles PDFs
mat2 document.pdf

# ExifTool also works
exiftool -all= document.pdf

Check what's in a PDF before stripping:

exiftool document.pdf | grep -E "Author|Creator|Producer|Title|Subject"

You'll often find the author's real name embedded in a document they intended to publish anonymously. This has burned people. A 2010 IRA document leaked by an Irish journalist inadvertently contained the name of a senior member in the Author field.

For Microsoft Office files (.docx, .xlsx): Go to File → Info → Check for Issues → Inspect Document. The Document Inspector lists and removes personal information, revision history, and hidden data. Do this before exporting to PDF as well — Word's PDF export can include metadata from the source document.

LibreOffice: Tools → Macros → or export to PDF with "Remove personal information on save" checked in Options.

Step 3: Check Filenames and Timestamps

Filenames reveal information. IMG_20260415_143022.jpg encodes a date and time. John-passport-scan.pdf is self-explanatory. MacBook-Pro-2023-draft.docx confirms your hardware.

Rename files before sharing. On Linux:

mv IMG_20260415_143022.jpg photo-01.jpg

Timestamps on files — creation time, modification time, access time — are also metadata. Your OS stores these and file transfer tools often preserve them. On Linux:

# Set timestamps to a specific date
touch -t 202601010000.00 photo-01.jpg

mat2 zeroes timestamps as part of its cleaning process. If you're using ExifTool, do timestamp cleanup separately.

Step 4: Beware of Cloud Auto-Backups Re-Attaching Metadata

Cleaning metadata and then uploading to Google Photos, iCloud, or Dropbox can reintroduce location and device information. Cloud providers often process your uploaded files and can add their own metadata layers, or restore metadata from their own databases if they've previously indexed the same device or location.

The safest approach: clean the file offline, share it directly, don't route it through cloud storage. If you must use cloud storage, use an encrypted volume (Veracrypt, or Proton Drive end-to-end encrypted) rather than a mainstream photo service.

For Tor-based file sharing, OnionShare is worth knowing — it lets you share files directly over a Tor onion service, bypassing cloud providers entirely.

Step 5: Test Before You Publish

Before publishing anything that could be sensitive, verify the cleaning worked.

# Check what remains
mat2 --show cleaned-photo.jpg

# Or with ExifTool
exiftool cleaned-photo.jpg

Open the cleaned file in a clean environment — ideally a sandboxed container or a fresh Tails OS session — and examine it with a hex editor or metadata viewer. Some obscure metadata fields survive mat2 in certain file formats; always verify, don't assume.

For PDFs, Dangerzone converts suspicious documents through a sandboxed pipeline that produces clean PDFs. It was built by Freedom of the Press Foundation. The conversion process strips metadata completely because it renders the content as an image and then rebuilds the PDF from scratch.

Threat Model — What Metadata Hygiene Protects Against

Metadata removal protects against:

Geolocation via EXIF — the most common real-world failure mode.
Device fingerprinting — camera make/model/serial visible in file metadata.
Author identity leak — name embedded in Office or PDF files.
Timestamp correlation — linking a document to a specific time and date pattern.
Revision history — changes, deletions, and comments that reveal the drafting process.

It doesn't protect against:

Stylometric analysis — your writing style is a fingerprint that persists after metadata removal. Language pattern analysis has deanonymized writers even when all other metadata was clean.
Steganography — information deliberately hidden inside file content (pixel values, whitespace) is not metadata and won't be removed by these tools.
Network metadata — your IP address when you upload or send a file. Combine metadata cleaning with Tor Browser for network-layer anonymity.

For a complete privacy posture, metadata hygiene is one layer. Pair it with a solid threat model and appropriate tools for the network layer. See our PGP encryption guide for protecting file content — not just metadata — when you need both.

Frequently Asked Questions

Does sending a photo through Signal remove its metadata?

Signal strips GPS/location data from photos before sending, but it doesn't remove all EXIF fields. Device model, timestamp, and software information may persist. If complete metadata removal is important, clean the file with mat2 or ExifTool before attaching it, regardless of which app you're using to send.

Is mat2 or ExifTool better for removing metadata?

mat2 is simpler and safer for general use — it handles multiple file types, creates clean copies, and is less likely to be misconfigured. ExifTool is more powerful and handles more formats, including RAW camera files. For routine document cleaning, mat2. For forensic-grade work or unusual file types, ExifTool.

Can metadata be recovered after it's removed?

With mat2 or ExifTool, metadata is removed from the file's binary data — it's not just hidden, it's gone. Recovery from the cleaned file isn't possible. However, the original unmodified file on your device still contains the metadata. Secure delete the original after cleaning if that's a concern (on SSDs, secure deletion is complicated — consider full-disk encryption instead).

Do PDFs always contain author metadata?

Most PDFs created from Office documents or design software embed author information by default. PDFs created by printing to PDF from a browser are often cleaner, but still carry creator, producer, and timestamp fields. Always check with ExifTool or mat2 before sharing any PDF document you didn't explicitly sanitize.