Most people know that photos can reveal your location. But very few realize how much else is embedded in a single image file before it ever reaches the internet.
Camera model. Exact timestamp. GPS coordinates precise to a few meters. Software versions. Color profiles that fingerprint the device. All of it sitting quietly in the file, invisible to the eye, readable by anyone who knows where to look.
The Problem
I was working on a privacy-related project and started pulling EXIF data from images I found online, just to understand what was there. Profile photos with home coordinates. Freelance portfolios with exact device fingerprints. Personal photos shared publicly, broadcasting far more than the image itself.
I wanted a tool that was fast, zero-friction, and genuinely private. So I built one.
What It Does
Untrace strips metadata from images before you download them. Drag in a photo, get back a clean file. No server upload, no account, no tracking and processing happens entirely in the browser.
It handles JPEG and PNG. For JPEG, it removes EXIF, IPTC, and XMP. For PNG, it clears the tEXt and iTXt chunks. The pixels stay untouched.
How It Works
The whole thing is client-side vanilla JavaScript, no build step, no framework. I wanted it auditable and easy to fork.
The JPEG strip parses the binary file structure, identifies marker segments (EXIF in APP1, IPTC in APP13), and reconstructs the file without them. PNG uses a chunk-based format, so it walks the chunks and drops the metadata ones.
Design Decisions
The file never leaves the tab. There's no API, no backend, no retention policy, not because of compliance, but because the architecture doesn't require one. That constraint shaped every other decision: no accounts, no server to maintain.
Untrace is live at untrace.uxtim.com and open source on GitHub.
