If you\u2019re anything like me, you probably share plenty of photos, videos and documents, and send lots of voice messages and emails every single day too. But how often do you stop to consider the additional data contained in these files? For each of these files\/media contains metadata \u2014 which can reveal a lot of interesting details not meant for prying eyes; for example, a photo\u2019s time and location, a document\u2019s editing history, device information, IP address, geolocation, and much more. So, for example, whenever you post an innocent selfie on social media, you\u2019re also making public a whole ton of extra information that you might not necessarily want others to see.<\/p>\n
In this article, we explore the pros and cons of metadata and how to remove it.<\/p>\n
To put it simply, metadata is additional information about a file\u2019s content. Such data is added to files by applications that create or process them, operating systems, or users themselves. In most cases, metadata is created and updated automatically. For example, for files, this can include the creation date, last modified date, type, owner, and so on. In the case of photos, metadata can include the date and location, exposure settings, camera or smartphone model, and so on, recorded in Exif<\/a> format. Specifically which data is stored depends on the camera\/smartphone model and settings.<\/p>\n Some metadata is \u201cvisible\u201d and easy to edit. For example, audio files contain special tags describing the content \u2014 author, artist, album, track name, genre, etc. \u2014 that can be easily changed in any media player.<\/p>\n Other metadata is less evident. Did you know, for example, that from the metadata of an office document you can easily discover who edited it, when, for how long, and using which programs? In some cases, you can even restore the entire edit history from the first keystroke.<\/p>\n Of course, metadata wasn\u2019t originally designed to be \u201cthe perfect stalking<\/a> tool\u201d, but simply a useful feature. However, you can end up sharing more than you intended; for example, your employer or client could find out how much time you actually spent working on a document, and the Exif data of a selfie you post online can reveal what smartphone you use and where you were at the time. Metadata can also help catch criminals or uncover fraudulent schemes.<\/p>\n For example, in 2019, U.S. law enforcement managed to arrest the fraudster<\/a> Hicham Kabbaj, who\u2019d been sending his former employer invoices for equipment supplies from a shell company called Interactive Systems for four years. Of course, no equipment was actually supplied, but a total of six million dollars was transferred into Interactive System\u2019s accounts. The fraudster was eventually caught out because of simple oversight: four of the 52 invoices were in the MS Word .doc<\/em> format, and the metadata listed the author as KABBAJ.<\/p>\n Besides the police, malicious actors can also use metadata. In 2016, we conducted an experiment<\/a> to try to determine a person\u2019s location from a single photo. For us, this was just a fun exercise, but criminals could have very different motives.<\/p>\n Or consider a slightly more complex scenario: your innocent PDF file somehow ends up in the hands of a malicious actor. How it got there doesn\u2019t matter \u2014 let\u2019s say they introduced themselves as your colleague. In this case, the contents of the file may be of no interest to the criminal. What\u2019s important to them, however, is that you\u2019ve already taken the bait (so the attack can continue) and leaked the PDF\u2019s metadata \u2014 revealing the software and version you used to create it. With this knowledge, the attacker can send you malware specifically designed to exploit a vulnerability in your particular system. Protecting yourself from this kind of scenario requires a combination of measures: ignoring suspicious messages<\/a>, removing metadata, and updating your software promptly<\/a>.<\/p>\n You can remove metadata using built-in tools or third-party programs and services. We recommend the former, as then your metadata won\u2019t end up in the hands of third parties this way. Third-party tools act as an extra layer between you and the \u201ccleaned\u201d file. This layer could potentially retain metadata, which criminals could somehow get hold of.<\/p>\n So now let\u2019s look at how to remove metadata from photos and videos, and DOC and PDF files using built-in tools.<\/p>\n In File Explorer<\/strong>, right-click on the file, select Properties<\/strong>, and go to the Details<\/strong> tab. At the bottom of the screen, click Remove Properties and Personal Information<\/strong>, and in the window that opens, either keep the default option Create a copy with all possible properties removed<\/strong>, or manually select the properties you want to remove, and click OK<\/strong>.<\/p>\n Apple operating systems let you remove or modify the date, time, and geolocation. However, location data is only recorded for photos and videos taken with geolocation services enabled.<\/p>\n To remove or modify metadata on a macOS device, open the Photos<\/strong> app, go to the Image<\/strong> menu, select Location<\/strong>, and click Hide Location<\/strong>. Here you can also Revert to Original Location<\/strong> \u2014 which raises the question of where this data is actually stored \u2014 or Assign Location<\/strong> to one or more photos after you Copy Location<\/strong> from another photo. Additionally, in the Image<\/strong> menu, you can Adjust Date and Time<\/strong> of the capture.<\/p>\n On an iPhone or iPad, open the Photos<\/strong> app, select the photo to edit, and tap the \u24d8 info button, or simply swipe up on the photo. Here, you can Adjust<\/strong> the date, time, and location. For location, you can either select No Location<\/strong> or assign any other location to the photo. (This is useful if you\u2019re posting photos taken in a studio near your home, while pretending to be in, say, Maldives.) To edit multiple photos at once, select them all, tap the three-dot button (\u2026)<\/strong>, then choose Adjust Date & Time<\/strong> or Adjust Location<\/strong>.<\/p>\n On Android devices, you can remove or modify location data using the Google Photos<\/strong> app. Select the photo or video, tap the three-dot More<\/strong> icon, select Edit<\/strong>, and tap Remove location<\/strong>.<\/p>\n If you\u2019re using Word, go to the File<\/strong> tab and select Info<\/strong>. Then click Check for Issues<\/strong>, followed by Inspect Document<\/strong> and Inspect<\/strong>. Under Document Properties and Personal Information<\/strong>, click Remove All<\/strong>.<\/p>\n Windows users can also remove DOC file metadata using File Explorer<\/strong>, just as they would with photos and videos.<\/p>\n If you\u2019re using Adobe Acrobat, go to File<\/strong>, then Document properties<\/strong>, and select Description<\/strong>. In the window that opens, you can manually edit the author, subject, keywords, and title of the document. Clicking Additional Metadata<\/strong> opens a window displaying all the document\u2019s metadata.<\/p>\n You can also remove PDF metadata using File Explorer<\/strong> in the same way as for photos and videos.<\/p>\n So, what\u2019s the main way to protect yourself from malicious actors exploiting your metadata? Two words: exercising caution. In addition, for maximum security, follow these extra precautions:<\/p>\nHow to remove metadata<\/h2>\n
Photos and videos<\/h3>\n
On Windows<\/h4>\n
On macOS and iOS.<\/h4>\n
On Android<\/h4>\n
DOC files<\/h3>\n
PDF files<\/h3>\n
Security Measures<\/h2>\n