luna, friend of eggbugif i had a nickel for every time i've seen someone's self-hosted blog with unredacted geolocation exif in the images, i'd have three nickels from today alone
four. i'd have four nickels.
five nickels.
i'm at a point now where if i'm reading your self-hosted blog and i see a photo that looks like it was taken on a smartphone i immediately get worried
(and then i check the exif tags and if they're leaking your address i email you)
cliffleif, like me, you've been following Luna's comments on this and getting increasingly nervous, here is a command for removing all location metadata from JPG/WEBP images (the usual offenders) in a directory tree on Unixy platforms, assuming your paths don't contain spaces.
for file in $(find . -name "*.jpeg" -or -name "*.jpg" -or -name "*.webp"); do exiftool -gps:all= $file; done
miniBill (Leonardo)
Shadow53
Varbin 
@luna In a digital safety course for kids we show a video back from the days when big social media networks did not strip metadata on upload.
In the video, the camera person approaches seemingly random people on the street whose current location they extracted from the metadata in posted pictures. The interviewer then asks personal questions derived from the profile or the location metadata like "how was your last holiday in ...? Your name is ..., isn't it?" and at one person "You work at <secret agency>, don't you?" You can visibly see the shock in the face of the people, especially the secret agent.
Kevin Karhan 
@varbin @luna also never ever rely on #AntisocialNetworks to do that!
- Instead use @tails_live / @tails / #Tails' built-in #MetadataCleaner as first step (ingestion on one's editing rig) and last step (before upload)...
Agnieszka R. Turczyńska@luna Flirting attempt by publishing selfies with email in exif. Hypothetically.
Melissa Santos@luna you're making ME worried. which I guess is the idea.
Iker@luna Years ago, when I found out EXIF data can contain location info, I immediately disabled any access to Location that any camera app requested. It's so dangerous to just have stuff like this easily accessible online.
dxzdb@igimenezblb @luna I did too - but don’t most social media apps strip this information out?
@dxzdb If the past few years of nightmare social media stories have taught me anything, it's to not trust them on their word that they are doing what they claim to be doing.
@igimenezblb sounds wise.
I do sometimes wish I had a record of location in my photos - but I know I’d forget sometimes
@dxzdb @igimenezblb yes, but the key word is "most" i.e. "not all"
vriska, thief of light 
@luna i reflexively strip exif data from images i take on my phone even if it shouldn't have geolocation in the first place or is being copied to sites that i know strip it on upload
Rasmus Kaj 🎼🦀@luna
I use a photo service (that I wrote and host myself) to scale the images for suitable sizes, and that also removes exif. But that is not mainly for security but as a size optimization. There is a metapage on my blog stating my email address and full physical address (and some old pages that show photos and includes a map that pinpoints where they were taken).
I use a photo service (that I wrote and host myself) to scale the images for suitable sizes, and that also removes exif. But that is not mainly for security but as a size optimization. There is a metapage on my blog stating my email address and full physical address (and some old pages that show photos and includes a map that pinpoints where they were taken).
LiteralGrill@luna Okay, I'll get a Polaroid camera and start scanning them into the computer instead.
...
Okay, actually that sounds amazing, I may not be joking anymore.
Marco "Ocramius" Pivetta@luna looking at my old posts: OMG, I messed this up myself so much, in the past ;_;
Gaelan Steele@luna how many blogs do you read, luna
Mx Rey 💜 🏳️⚧️@luna *starts sweating and looks around for her laptop*
λTotoro@luna ... which isn't a lot, but it's weird that it happened ... fource.
Will 💜@luna that browser extension sure is the gift that keeps on giving, huh
@luna don't worry according to automattic's hackerone tumblr having an esoteric way to leak exif data is working as intended
@luna i'm so mad about this
Tóth Gábor Baltazár
plastic taste tester@luna jokes on you, my camera doesn't have gps so the best you get is the date 
Hakan Bayındır@luna Sometimes I leave them in there so people can know where I took that photo?
I scrub it if I don't want to share the location.
@bayindirh sorry, perhaps i should rephrase:
if i had a nickel for every time i've seen someone's self-hosted blog with unredacted geolocation exif in the images *exposing their home address*, i'd have three nickels from today alone
@luna Oh, that kind? My favorite. It'd have paid all my debts if I had a nickel like you. :)
I don't share the location of my workbench, either. That's too much.
🌈 Andrew ☄️@luna are you just downloading them to check? A browser extension to show certain fields on hover could be cool
i eat beees 
@luna oh god
mage_of_dragons@luna Almost enough for an exif-metadata remover!
Martin Hamilton@luna I had the same thought a couple of days ago and managed to crank out a quick Mayke post on how to use exiftool to strip GPS location data. With Jelly Babies, because why not... https://martinh.net/hacks/jellybaby-opsec/
Feels like Jekyll and Hugo (the main culprits?) should do this by default. And maybe someone has already submitted PRs - but that's a rabbithole for another day!
@m interestingly the browser extension I use still alerts that there's GPS data present (even though it's just null island); you could also use
exiftool -gps:all= <filename> which removes the fields outright
dfug@luna i always crunch the shit out of my blog photos because modern smartphone cameras output ridiculous 23000pixels pictures and i was on DSL internet not that long ago
i should recheck if mspaint still strips geoloc exif though god knows what microsoft did to it
David@luna I sometimes find those on larger websites as well, like pinknews. I emailed them, but never got a response.
erk@luna Another bad one is in video files, especially iPhone, at least last I checked it was not scrubbed by for example Discord.