Managing the Exif Data on Your Photos From the Command Line [Linux]

ImageMagick is a suite of tools for Linux which allows you to manipulate images from the command line. The “convert” command allows you to perform image conversions and image transformations; however, there are several other tools included in the suite, some of which allow you to work with the Exif data in JPEG photos.

Your Linux distribution probably has ImageMagick already installed, but if it doesn’t, you can add it on Ubuntu, Debian and Raspbian using:

sudo apt-get install imagemagick

On RPM based distributions you can use:

su -c 'yum -y install ImageMagick'

Exchangeable image file format (Exif) data is often inserted into JPEG images made by digital cameras and smartphones. This data includes information about the photo including the date and time when it was taken, what settings the camera used and even the GPS location of where the photograph was taken.

To view some basic information about the image, use ImageMagick’s “identify” command:

identify IMG_1312.JPG

identify-simple

Unfortunately, the resulting output won’t tell you much beyond the filename, its dimensions and the filesize.

To see more, use the “-verbose” flag:

identify -verbose IMG_1312.JPG

Now we have the opposite problem; there is too much output!

You can use “grep” to find just the Exif data:

identify -verbose IMG_1312.JPG | grep exif

You can find an individual Exif field by specifying it as part of the “grep” search:

identify -verbose IMG_0312.JPG | grep exif:Make:

The output will be just the make of the camera which took the photo, e.g. Canon.

You can search for multiple fields at once using the “\|” operator in grep. So to search for the date, the make of camera, the camera model, file size, the number of megapixels and information about the flash use:

identify -verbose IMG1.JPG | grep "DateTime:\|exif:Make:\|exif:Model\|Filesize\|Flash:\|pixels:"

identify-verbose-and-grep

You might be wondering what “exif:Flash: 16″ means. This field can have several different values and is made up of a set of flags where different bits in the number indicate the status of the flash. Bit 0 indicates the flash firing status (1 means fired), bits 1 and 2 indicate if there was any strobe return light detected, bits 3 and 4 indicate the flash mode, bit 5 indicates whether the flash function is present, and bit 6 indicates “red eye” mode. 16 in binary form is 001000 which means flash didn’t fire + strobe return detection not available + flash suppressed. Or in other words, the flash didn’t fire and couldn’t anyway since it was closed/switched off.

The full list of values is as follows:

0=Flash did not fire
1=Flash fired
5=Strobe return light not detected
7=Strobe return light detected
9=Flash fired, compulsory flash mode
13=Flash fired, compulsory flash mode, return light not detected
15=Flash fired, compulsory flash mode, return light detected
16=Flash did not fire, compulsory flash mode
24=Flash did not fire, auto mode
25=Flash fired, auto mode
29=Flash fired, auto mode, return light not detected
31=Flash fired, auto mode, return light detected
32=No flash function
65=Flash fired, red-eye reduction mode
69=Flash fired, red-eye reduction mode, return light not detected
71=Flash fired, red-eye reduction mode, return light detected
73=Flash fired, compulsory flash mode, red-eye reduction mode
77=Flash fired, compulsory flash, red-eye reduction, no return light
79=Flash fired, compulsory, red-eye reduction, return light detected
89=Flash fired, auto mode, red-eye reduction mode
93=Flash fired, auto mode, no return light, red-eye reduction
95=Flash fired, auto mode, return light detected, red-eye reduction

Although having the make and model of your camera embedded into the photos probably isn’t much of a privacy problem, having the GPS location of where the photo was taken certainly can be.

At the end of 2012, John McAfee – famous for starting the McAfee anti-virus company – went on the run after the murder of his neighbor in Belize. He fled to Guatemala but gave an exclusive interview to reporters working for Vice. Unfortunately McAfee was photographed by one of the reporters using a smartphone that stored the GPS information in the Exif data. When the photo was subsequently uploaded to the Internet, his location was revealed and he was later arrested. Additionally, the recent documents leaked by Edward Snowden show that the NSA analyses photos to extract their Exif data.

As a result, it is sometimes useful to remove all the Exif data from a JPEG. This can be done using ImageMagick’s “mogrify” tool. To remove the data, use:

mogrify -strip IMG_0312.JPG

Now run “identify -verbose” against the image, and you will notice that all the Exif data has been removed.

If you have any questions about the commands, please ask in the comments below.