Fotos. Privat. — Free EXIF Viewer and Metadata Remover. Strip GPS, camera info, dates and software traces from photos, videos, audio, PDF and Microsoft Office files. 100% in your browser, no upload, fully anonymous.

Correct. Everything runs in your browser. You can verify it by opening the Network tab in your browser's developer tools (F12) and dropping a large photo — you will see no outgoing request that contains your file. After the page loads its own JavaScript and CSS once, the tool can run with the internet disconnected.

For JPEG: all APP1 (EXIF, XMP), APP2 (ICC, MPF), APP13 (Photoshop, IPTC) and APP14 (Adobe) segments. For PNG: tEXt, iTXt, zTXt, eXIf and Adobe XMP chunks. For WebP: the EXIF, XMP and ICCP chunks plus the VP8X presence flags. For GIF: Comment and Plain-Text extensions, plus XMP application extensions (NETSCAPE animation loop is preserved). For MP4/MOV: udta/meta/ilst boxes are neutralized to "free" atoms, and mvhd/tkhd timestamps are zeroed. For MKV/WebM: Tags, Attachments, Title, DateUTC, MuxingApp and WritingApp elements are replaced by Void elements of identical byte length. For AVI/WAV: LIST INFO and bext/iXML/IDIT chunks are renamed to JUNK. For audio (MP3, FLAC, Ogg): full ID3v1/v2/APEv2, Vorbis-comment + PICTURE, and CRC-correct page rewriting respectively. For PDF: DocInfo dict + XMP metadata stream override via incremental update. For DOCX/XLSX/PPTX: docProps/core.xml + app.xml + custom.xml replaced by anonymized stubs. The actual pixel data, audio samples, video frames and document body are never touched.

No. EXIF is a separate metadata block inside the file. Removing it does not re-encode the image — the pixels and the JPEG/PNG/WebP compression are exactly as they were. The file becomes a few kilobytes smaller because the metadata is gone.

Yes. Each file card has buttons to remove only specific categories — e.g. "Remove only GPS" keeps everything except location, "Remove only Camera info" keeps everything except make/model/serial. The default "Remove all" wipes the entire metadata block at once.

Some do, some don't, and the rules change without notice. Facebook, Instagram and Twitter strip most EXIF on public posts but keep some internally for moderation and analytics. WhatsApp, Telegram (when "send as file"), Discord, email attachments, blogs, forums, eBay listings, classifieds, cloud drives — almost all of these keep EXIF intact. The safe rule is: never assume any service removes EXIF for you.

Because the moment we automatically loaded a map tile — even a tiny preview — your browser would send your photo's GPS coordinates to a third-party server (Google Maps, OpenStreetMap, Mapbox) without you doing anything. That third party would silently learn that someone with this IP just opened a photo carrying these coordinates — exactly the kind of side-channel leak this tool exists to prevent. So the tool itself never contacts any map service: latitude and longitude are shown as plain text only. We do, however, offer a clickable «Open in OpenStreetMap» link next to the coordinates — clicking it opens OSM in a new tab and reveals the coordinates to OSM. That request only happens because YOU chose to click; it is your decision, not the tool's, and you can ignore the link or copy the coordinates into any other map service instead.

EXIF can be read from HEIC files in this tool. Stripping HEIC requires re-encoding the image, which most browsers cannot do natively. For full stripping of HEIC, the safest path is to first convert to JPEG using your operating system or photo app, then strip with this tool.

The code is delivered to your browser as plain JavaScript files and is fully readable. Right-click → View Source, or open the .js files directly. There is no minification or obfuscation that hides what the tool does.

There is no catch. The tool is provided as a free service by Midgard MUD — a free Norse-mythology online role-playing game. Some visitors discover Midgard through this tool and try the game, but you are not asked to do so and the tool works fully without any account or interaction with the MUD.

Yes. The tool works in any modern mobile browser — Safari on iOS, Chrome and Firefox on Android. On iOS you may have to choose "Files" instead of "Photos" in the picker to access HEIC originals.

The image dimensions (width × height) and the file size are inherent to the image itself, not metadata — they cannot be hidden without re-encoding. The "Date Modified" timestamp on the downloaded file is set by your operating system at the moment of saving and is unrelated to EXIF. To control that, set the file's modification date manually in your file manager after download.

There is no hard limit. Practical limits are set only by your device's memory: a typical phone or laptop comfortably handles 50+ photos at 20 MB each. For very large batches (hundreds of files), processing in two or three runs is more responsive than one giant batch.

It depends on what kind of watermark you mean. Visual watermarks — the semi-transparent logo a photographer overlays on the image itself — are part of the pixel data, and removing them would require re-painting those pixels (which we don't do; the tool never re-encodes the image content). Invisible watermarks — steganographic identifiers embedded in the pixels by Adobe Stock, Getty, etc. — are likewise pixel-domain and untouched by metadata stripping. What we DO remove is everything that lives in the metadata block: copyright fields, IPTC author tags, XMP rights statements, "edited in Photoshop" producer strings, embedded Adobe credentials. So if a stock-photo site relies on EXIF-level rights management to identify the licensee, that information is gone after our strip — but the visible logo on the photo and any pixel-level steganography both remain.

When you take a photo with a smartphone or camera, the device automatically writes a "data label" inside the photo file alongside the actual image. That label includes things like exactly where you were standing (GPS coordinates, often accurate to a few meters), the time and date, the device you used, even the device's serial number. The data is invisible when you view the photo, but anyone who receives the file can read it with a free tool — including the recipient of an email, a buyer on eBay, a forum reader, a stalker. EXIF stands for "Exchangeable Image File Format" and is the technical name for that label. Removing it before sharing a photo is a basic privacy habit, similar to closing the curtains before getting changed.

Honest answer: probably yes, especially for photos taken at home. Common scenario: you take a photo of your new puppy in the living room, share it on a Telegram channel or post in a Facebook group. The photo carries GPS coordinates a few meters from your couch. Anyone in that channel/group — even people who don't know you personally — can extract those coordinates with a free tool, paste them into Google Maps, and see your front door on Street View. For photos of your kids at home this is a particularly real concern. WhatsApp strips EXIF when you send a picture as an image, but Discord, Telegram (file mode), email, blog posts and most other places keep everything intact. A 10-second strip before sharing closes that gap.

Three independent ways to confirm. (1) Trust through verification: press F12 in your browser → "Network" tab → drop a large photo into the tool → watch the network log. If we uploaded anywhere, you'd see an outgoing request containing the file. You won't — the only requests visible are the tool's own JavaScript files, loaded once when you opened the page. (2) Disconnect and still works: load the page once with the internet on, then turn Wi-Fi off or enable airplane mode. The tool keeps working perfectly because everything runs locally. A server-based tool would fail immediately. (3) View source: right-click → "View page source", then click on "exif-tool.js" — the code is plain JavaScript, no minification or obfuscation. Search for keywords like "fetch" or "XMLHttpRequest" — you'll only find them in places that load translation files from your own browser, never to send image data anywhere. If you're still uncomfortable, you don't have to use the tool — that's a perfectly valid response to "trust me, it's safe" claims on the internet, and we respect it.

Yes, and across four different audio formats with the same one-click flow you get for photos. MP3 files carry three independent metadata layers — an ID3v2 tag at the start of the file (Title, Artist, Album, lyrics, embedded album art, encoder strings, sometimes private GEOB frames placed there by recording or DJ software), an ID3v1 tag in the last 128 bytes, and occasionally an APEv2 footer used by Foobar2000 and similar players. The tool removes all three at once and leaves the actual MPEG audio frames bit-identical, so the audio quality is unchanged and the file is a few kilobytes (or several megabytes if cover art was embedded) smaller. FLAC files have their Vorbis-comment block (artist, title, replay-gain, copyright) and any PICTURE block stripped, but the STREAMINFO block stays intact so duration and sample rate remain visible to players. Ogg Vorbis and Ogg Opus are the most delicate: the comment payload is wrapped in Ogg pages with strict CRC32 checksums, so the tool replaces the comment packet with a minimal empty one, re-segments it, and recomputes every affected page's CRC32 (polynomial 0x04C11DB7) — strict players like Rockbox and libogg-based tooling continue to validate the file. WAV files get their LIST INFO entries (Artist, Comments), Broadcast-Wave (bext) chunks, iXML, embedded XMP and any inline ID3 sub-chunks turned into RIFF JUNK, which keeps the chunk offsets valid for editors. No audio is ever re-encoded.

Yes — DOCX, XLSX and PPTX are all supported, and this is actually one of the most under-appreciated privacy use-cases. Microsoft Office stores a surprising amount of personal data inside every document: the author name and "last-modified-by" name, your company name, your manager's name (if set in Office options), the application version (revealing the exact Office build), the total number of minutes you actually spent editing the file, the revision counter, the template path, plus any custom user-defined properties. All of that lives in two small XML files (docProps/core.xml and docProps/app.xml) inside the ZIP container that an Office document really is. The tool unpacks the document in your browser, replaces those two XML files with anonymized stubs that keep the correct XML namespaces (so Office opens the file without a recovery dialog), wipes any docProps/custom.xml entries, and re-packs the ZIP. Crucially, the actual document content — your text, paragraphs, formulas, slides, embedded images, charts — is copied through byte-for-byte, so opening the cleaned file in Word, Excel or PowerPoint shows exactly the same content with no warnings. One thing worth knowing: tracked changes and comments inside the document body contain their own author attribution; those are content-bearing and not removed by the standard strip, so for a fully anonymous document you should accept all tracked changes and delete comments inside Office before downloading.

It is a cryptographic fingerprint of the exact bytes you dropped, computed locally in your browser via the WebCrypto API. Two identical files have the same hash; flipping a single bit produces a completely different hash. We display it alongside the other metadata and include it in the JSON export. Practical uses: confirm that two photos are byte-identical, document chain of custody for forensic work, or record in a report exactly which file you analysed without having to keep a copy.

Yes. Each file card has an "Export JSON" button that downloads a structured .json document containing the file information, every parsed EXIF / IPTC / XMP / ICC tag, the magic bytes, and the SHA-256 hash. The bulk action "Export all metadata (JSON)" bundles every loaded file into a single JSON file. The export is generated entirely in your browser and saved locally — nothing is sent anywhere. Common use cases: feed the JSON into your own analysis script, attach it to a forensic report, or archive the metadata before stripping the originals.

Yes, for reading. TIFF-based RAW formats — Canon CR2, Nikon NEF, Sony ARW, Adobe DNG, Olympus ORF, Pentax PEF, Panasonic RW2 — go straight through our TIFF parser, so the full camera EXIF, lens information, dates and GPS appear as expected. Canon CR3 (ISO BMFF, similar to HEIC) and Fujifilm RAF are recognised as view-only. RAW files are not stripped because removing metadata from a RAW would require re-encoding the proprietary sensor data, which the browser cannot safely do. If you need a clean RAW, develop it to JPEG or TIFF first in your editor, then strip with this tool.

Many photos carry an embedded color profile that tells viewers how to interpret the colors. We parse that profile locally and surface its actual name (sRGB IEC61966-2.1, Display P3, Adobe RGB (1998), a vendor calibration, etc.) along with color space, device class, version and manufacturer — instead of just showing "[present, N bytes]". This is useful when you want to know whether a photo was tagged with a wide-gamut profile (which can change how it looks on different screens), or to confirm that the cleaned output preserves the profile if you opted in to keep it via the "Keep color profile" toggle.

The profiles are one-click presets that match common real-world goals so you do not have to know which checkboxes to tick. "Anonymous" removes everything we can — GPS, camera info, dates, author, color profile, orientation tag, and it cleans the filename — best for posting on a forum, on a marketplace or in a public album where you want zero traceability. "Social media safe" is the same but keeps the orientation tag and color profile so the photo still displays the right way up with correct colors on wide-gamut screens — best for posting on Facebook, Instagram, Reddit, Discord. "Keep camera info" removes GPS, dates and author but leaves Make, Model, lens, ISO, aperture and shutter speed alone — useful for portfolio photographers who want to share technical info but not when or where the photo was taken. "Just remove GPS" makes the smallest possible change: only the location is stripped, everything else stays. Pick whichever matches your situation; you can switch profiles per file via the dropdown on each card before clicking "Apply profile".

ELA is a forensic technique for spotting edited regions in a JPEG. The tool re-saves your photo at quality 90 and shows you the per-pixel difference between the original and the re-saved version, amplified ~20×. In a genuine, untouched JPEG, the entire image has uniform "error noise" because every region was compressed the same number of times. If someone pasted a face from another photo into this one, that pasted region was compressed differently and shows up as visibly brighter or darker than its surroundings in the ELA result. ELA is heuristic — bright regions can also be sharp edges or strong textures, not just edits — but it's the same first-look tool used by photo-forensics analysts. The whole computation runs locally in your browser via Canvas; your photo is never uploaded.

Every JPEG carries a Quantization Table (DQT marker) that defines how aggressively the image was compressed. By comparing your file's DQT against the JPEG-standard reference table for quality 50, the tool reverse-engineers the quality (1-100) the file was last saved at. Quality 95+ is typical for straight-from-camera or lossless export. 80-94 is "saved for web/email" — the most common range. 60-79 means the file was heavily re-compressed (e.g. WhatsApp/Messenger forwarding, 3rd-generation copy). Below 60 is rare except after multiple compression cycles. A photo that claims to be "original from camera" but reports quality 75 is suspicious. Read-only — touches no bytes.

It identifies which software last touched your JPEG by matching the file's quantization tables against twelve known Adobe Photoshop "Save for Web" profiles plus the libjpeg-standard reference, and by inventorying every APP-marker (JFIF, EXIF, ICC, Adobe APP14, Photoshop IRB, MPF, XMP, C2PA, Ducky…). The card combines those signals into a single plain-language verdict like "Almost certainly saved by Photoshop Save for Web at quality 8" or "libjpeg-compatible encoder at quality ≈85", plus a likely pipeline ("Camera capture → Photo editor → Messenger"). All matches are read-only and run locally.

It walks the file end-to-end and lists every JPEG marker, PNG chunk or HEIC/MP4 box as a clickable row, colour-coded by category (container, metadata, image data, trailing, unknown). Each row shows the marker name, byte offset, length and a short hex preview; clicking expands the full hex dump of that segment. The killer use case is finding polyglot files: data sneaked in after the JPEG EOI or PNG IEND marker — a classic steganography trick — surfaces as a red TRAILING row. Also exposes exotic APP-markers from custom OEM tools or steganography software that other inspectors hide.

JPEG Ghost is a forensic technique (Hany Farid, 2009) that re-saves the photo at eight quality levels (50, 60, 70, 75, 80, 85, 90, 95) and finds, for every 16×16 block, the quality at which the pixel difference is smallest. In a genuine, untouched JPEG, almost every block will have its minimum at the same Q — the quality the file was originally saved at. If a region was inserted from a JPEG saved at a different quality, that region will have its minimum at a different Q and stand out on the heatmap. The tool flags the inserted area with a red dashed box. Heuristic — sharp edges and textured areas can naturally pick different Qs without being insertions.

Two pixel-level checks that run together. The Noise variance map measures how much high-frequency noise each 16×16 block contains; suspiciously smooth blocks light up cyan and indicate possible denoising, beauty-retouching, clone-stamp work or a region painted over from a stock photo. The CFA / Bayer pattern map checks whether the image still carries the camera-sensor demosaicing footprint by comparing the four 2×2 sub-sample positions of the green channel; real photos have a strong Bayer signature (score 50–95/100), while AI-generated, fully re-rendered or aggressively denoised images don't (score under 20/100). The CFA score is a defensible, reproducible alternative to black-box AI detectors.

It hashes every 16×16 image block (skipping flat sky/wall areas) and finds groups of blocks that look identical and are shifted by the same amount. That's the signature of a clone-stamp tool: when a retoucher paints a person out by sampling nearby grass or sky and pasting it over the person, the painted-over blocks are exact copies of their source blocks, all displaced by the same vector. The heatmap highlights each cluster in a different colour and draws lines between source and destination blocks; a typical "person painted out" shows up as a cluster of 20–100 paired blocks. Runs in a Web Worker so the page stays responsive. False positives are possible on highly repetitive textures (brick walls, fabric patterns) — always inspect the highlighted regions.

Almost every JPEG from a smartphone or DSLR contains a small 160-200px preview image embedded inside the EXIF block — the "IFD1 thumbnail". When somebody edits the photo in Photoshop the main image gets the edits, but the embedded thumbnail is often left untouched. The tool extracts both, computes a 64-bit perceptual hash of each, and reports the Hamming distance. 0-3 bits = identical (no manipulation), 4-15 = match (normal compression difference), 16-30 = suspicious (possible levels/curves/retouch), 31+ = the thumbnail and main image visually disagree, which is a near-bulletproof manipulation proof. Hany Farid published this method in 2009 and it still catches most real-world Photoshop edits.

It plots how many pixels each brightness value (0-255) has, separately for the red, green and blue channels. A photograph straight from the sensor has a smooth, continuous histogram — every value from 0 to 255 has at least a few pixels. When somebody applies levels, curves or tone-mapping in Photoshop, the values get redistributed across the 256 bins and certain values become unreachable, leaving characteristic empty bins (gaps). The tool counts those empty bins inside the active brightness range and gives a verdict: under 5 gaps = natural, 5-19 = mild editing, 20+ = strong editing footprint. Native camera output rarely shows more than 5-10 gaps, so a count of 30+ is almost always Photoshop or Lightroom levels.

Hover (or long-press on touch devices) over any forensic heatmap and a small 88×88 pixel zoom-bubble follows your cursor, showing an 8× magnified view of the pixels under the cursor with a yellow crosshair on the centre pixel. The bubble also displays the exact RGB values and hex colour code of that pixel, plus its X/Y coordinates within the image. This is the same workflow Forensically uses and is essential for forensic interpretation: ELA, Noise and CFA heatmaps look very different at 1× than at 8×, and tampering hints often only become visible when you can read individual pixel colours.

Yes. Click "Generate forensic report" in the Pro mode card and a clean print-ready document opens in a new browser tab. It contains the file name, format and size, all cryptographic hashes (SHA-256/SHA-1/SHA-384/SHA-512 plus pHash), key EXIF fields (camera make/model, dates, GPS, software), the compression-fingerprint verdict and every forensic finding you have run (ELA, JPEG-Ghost, Noise/CFA, Copy-Move, Thumbnail-Mismatch, RGB Histogram), each with verdict and heatmap thumbnail. The new tab has a "Print / Save as PDF" button — your browser's standard print dialog produces a PDF you can archive as evidence. Everything is generated in the browser; no upload, no server, no third-party PDF library.

Drop two images into the tool, then in the second file's Pro mode card pick the first one from the "Compare with" dropdown — both images are layered on top of each other and a slider in the middle lets you reveal one or the other by dragging. Classic before/after forensic visualization: handy for spotting Photoshop edits when you have an "original" and a "circulated" version of the same photo, for comparing same-scene shots seconds apart, or for spotting compositing differences. The pixel magnifier works on both halves so you can read pixel values across the slider seam. Drop, drop, compare — that's it.

C2PA is a new industry standard that lets a photo carry a built-in "digital seal" proving where it came from. Big news agencies (Reuters, AP) and camera makers (Sony A7-IV, Nikon Z9, Leica M11-P) use it to mark their photos as real and unedited; AI tools like DALL-E use it to mark images as AI-generated. With this tool you can put your own seal on any JPEG, generated entirely in your browser. Think of it like signing a letter with your own pen: the seal proves YOU produced this exact version of the file at this exact moment. Useful for: photographers documenting their own workflow, lawyers building evidence chains, journalists sharing photos with editors who know their public key, or anyone testing C2PA tools. How it works: your browser generates a fresh cryptographic key pair, signs the JPEG, embeds the signature into the file, and throws the key away — the signed JPEG is offered for download. Nothing is ever uploaded to us. The recipient can verify the signature at contentcredentials.org. Important limitation: this is "self-signed", which means other tools will display "unknown issuer" — that is expected and correct. For Reuters-grade attestation (where the world recognises you as the issuer) you would need a paid commercial certificate authority. The browser self-sign here is the right level for internal evidence and personal use, and it preserves the tool's strict no-upload privacy promise.

Yes — for JPEG photos. Click the "Edit tags" button on a file card to open a form with the most useful editable fields: Make, Model, Software, Artist, Copyright, ImageDescription, DateTime, DateTimeOriginal and Orientation. Whatever you type is written into the EXIF block; leave a field blank to keep its current value. The image pixels are not re-encoded — only the metadata changes. Use cases: scrub a previous photographer's name out of an image you are reusing, set a generic camera maker so the photo cannot be linked back to your specific body, set the date to "1970:01:01 00:00:00" to fully obfuscate timing, or set a copyright notice on photos before sharing. Note: editing PNG, WebP and other formats is not supported yet — for those, use the strip buttons.

Yes, on JPEG. Click "Set fake GPS" on a file card and either pick a famous landmark from the preset dropdown (Eiffel Tower, Statue of Liberty, Brandenburg Gate, Sydney Opera House, Taj Mahal, Great Wall, Machu Picchu, or "Null Island" at 0,0) or type your own latitude and longitude. The fake coordinates replace the real ones in the EXIF block, so anyone who later inspects the photo sees the spoofed location instead of yours. Why not just remove GPS? Because some platforms or AI moderation systems flag photos with no GPS as suspicious, while photos with "any" GPS are treated as normal. Spoofing also lets you keep the data shape intact for archival purposes.

Phil Harvey's ExifTool (https://exiftool.org/) is the de-facto standard command-line metadata tool used in forensics, OSINT and photo workflows since 2003. Its `-j` mode emits a flat JSON array that countless scripts and pipelines already know how to consume. We provide an export option that mimics that format — group-prefixed keys like "EXIF:DateTimeOriginal" or "GPS:GPSLatitude" — so you can drop our exports into any existing ExifTool-aware pipeline without writing a translator. Our coverage is not 100% identical (we do not parse every obscure tag), but for the standard EXIF / IPTC / XMP / GPS fields the output is interchangeable. Switch the export format with the "Export format" dropdown above the file list.

Camera manufacturers reserve a special EXIF tag called MakerNote (tag 0x927C) for their own proprietary data. Each maker uses a different binary format that they document only sparsely (or not at all). When Deep Inspection is off, we report the MakerNote as one opaque blob — "[binary data, 12345 bytes]". When you turn Deep Inspection on, we decode the MakerNote for the three biggest manufacturers (Canon, Nikon, Sony) and surface a curated list of high-value tags: lens model and serial, body internal serial number, shutter count (Nikon DSLRs — useful when buying used), firmware version, picture-control settings, AF info, and many more. This is the same information forensic and OSINT tools use to fingerprint cameras and correlate "anonymous" photos back to a specific device.

Because filenames themselves leak metadata. Smartphones often save photos as IMG_20240315_142233.jpg or PXL_20240315_142233_AbsolutePath.jpg — that filename alone tells anyone receiving the file the exact second the photo was taken, and on some phones even the GPS-encoded coordinates. Stripping the EXIF block but keeping the filename leaves that channel wide open. Our tool optionally scrubs date-/time-/coordinate-looking patterns out of the downloaded filename — the contents of your custom filename are kept ("vacation-paris-2024.jpg" stays untouched), only the auto-generated camera prefixes get cleaned. You can disable this with the "Clean dates & coordinates from filenames" toggle if you prefer the original filename.

It's a 0-100 number plus a traffic-light badge that summarises how identifiable your file is — without you having to read every tag. Each privacy-sensitive piece of data adds points: GPS coordinates +30, embedded thumbnail with its own GPS +15, hardware serial number +20, camera make/model +10, exact capture date/time +10, author/copyright +15, editing software +5, and so on. Below 30 you're "low risk", below 60 "caution", above that "high risk". Click "Why this score?" to see the exact breakdown, so you understand WHICH metadata items pushed you over the threshold. The score is heuristic — actual risk depends on context (who you are, who sees the file) — but it's a fast first read of "is this file dangerous to share publicly as-is?"

Many cameras and editors save a small preview image (often 160×120 pixels) inside the EXIF block, separate from the main photo. It's called the IFD1 thumbnail. Most photo viewers ignore it, but it persists when you "remove EXIF" with naive tools because they only strip the main IFD0 / EXIF-IFD / GPS-IFD and forget about IFD1. Worse: the thumbnail can have its OWN GPS coordinates that survive the strip — the classic "ghost GPS" leak that has burned more than one journalist. Our tool detects the thumbnail, warns you when it carries its own GPS, and removes it as part of the standard "Remove all" / profile flow. If you only do a selective strip ("Remove only GPS"), the thumbnail stays, so check the warning and use the full strip when in doubt.

When the tool inspects a file, it cross-references several timestamps and identity fields that should be consistent in a genuine photo straight from a camera. If they disagree, the file was probably edited, re-saved, or had its metadata partially modified. Examples: DateTimeOriginal says 2024-03-15 14:22 but GPSDateStamp says 2010-08-12 — somebody backdated the photo. Software field is "Adobe Photoshop 2024" but the photo also has Make/Model from a Canon — the file was edited after capture. Camera Make is "Canon" but the MakerNote inside is recognisably Sony — the file was forged or recompressed in a tool that left the wrong vendor blob. These are heuristic flags, not proof of tampering, but they're the same red flags forensic analysts look for. They give you (and the recipient of your file) a fast smell-test for authenticity.

A typical photo has 3-5 different date fields (DateTime, DateTimeOriginal, DateTimeDigitized, GPSDateStamp, file modification time, sometimes more for video). In a genuine, untouched file they're all within seconds of each other. The timeline plots all of them on a single chronological axis so you can SEE that — or see at a glance that one of them is years off, which is a strong tampering hint. It's the visual companion to the inconsistency-detector. Useful for journalists verifying source photos, eBay buyers checking "as-new" claims, and anyone curious about a file's full history. The view is collapsed by default; click "Timeline view (N dated tags)" on a file card to expand.

For power users: under each file card there's a collapsible "Show equivalent ExifTool command" section that prints the exact command line that would do the same operation in Phil Harvey's ExifTool (https://exiftool.org/) — the de-facto standard CLI metadata tool used in forensics and OSINT since 2003. Two reasons we expose it: (1) Learning. If you want to start scripting metadata operations across thousands of files in a nightly cron job, ExifTool is the right tool, and our snippet shows you the syntax for the operation you're already doing manually here. (2) Verification. If you don't trust our re-implementation, you can copy our snippet, run it locally with ExifTool, and compare byte-for-byte. The snippet updates live when you change the privacy profile in the dropdown, so it always matches what we'd produce.

Click any "?" icon in the tag list to see a plain-language explanation of what that EXIF tag actually means, why it's sensitive, and what someone could do with it. The names like "GPSLatitudeRef" or "ExifVersion" are not exactly self-explanatory — and many people remove or keep tags without really knowing what they're choosing. The explanations are short (1-3 sentences each), focused on the privacy angle, and available in your selected language. They cover the ~30 most common privacy-relevant tags. We deliberately do NOT pull explanations from a server; everything is bundled in the page so the privacy guarantee ("no server contact") still holds.

Short answer: no — the tool itself records absolutely nothing about your usage. Which files you drop, which buttons you click, which tags you remove, which privacy profile you pick, which GPS coordinates you spoof, what your photos contain — none of that ever leaves your browser. The strip operations, the tag editor, the GPS spoofer, the JSON / CSV / ExifTool exports, the Risk-Score breakdown — all of it runs locally and is invisible to any server, including ours. Your tool usage is 100% anonymous. What we DO record, like virtually every other website, is an anonymous pageview counter shared across the whole midgardmud.de site: one ping when you land on the page, a follow-up after 60 seconds, and a duration ping when you leave. The pings contain only the URL path you're on, the referrer header your browser sent, your screen size, your browser language, and a randomly generated hit ID. They do NOT contain any file content, any tag names, any actions you took, any cookies, any fingerprint. We do not associate the pings with you across visits and we do not retain raw IPs. If you don't want even that, append ?notrack to the URL once and the tracker stays off across all later visits (a localStorage flag is set). Tools like Brave, Firefox strict mode and uBlock Origin block the analytics endpoint by default. The privacy boundary that actually matters — your files and what you choose to do with them — is fully on your device.