Contents
Usually yes, but in two different ways, and the difference matters. Most social platforms strip EXIF metadata when you upload a photo, so the copy other people see carries none of the camera, date or GPS detail the original held. A screenshot goes further: it is a brand-new file your device creates, so it not only drops the original’s metadata, it replaces it with new metadata describing your device and the moment you pressed capture. “No metadata” and “metadata that points at the wrong device” are different outcomes, and the second one misleads far more often than it reveals.
Why does a photo lose its metadata?
EXIF metadata lives outside the pixel stream. It is a block of tags attached to the file, defined by the CIPA DC-008 Exif standard, holding the make and model, the date and time, GPS coordinates when location was on, and a proprietary MakerNote. As Bellingcat’s Melissa Hanham describes it, metadata is “data that is often included with an image, such as the time it was taken, the type of camera that was used,” and, when you are lucky, the GPS coordinates. Because that block is separate from the image data itself, almost any process that re-encodes the picture can drop it. Saving a copy in an editor, exporting to a different format, or uploading to a platform that re-processes the file will all discard the tags unless the software deliberately preserves them. Most social platforms strip EXIF on upload, partly for privacy and partly as a side effect of re-encoding.
That loss matters more than it first appears. In the Forensics Media team’s review of the major image-forensics toolkits, metadata was the single most widely bundled signal, present in around three-quarters of them, more than any pixel-level method. The cheapest and richest read in the whole discipline is also the first thing the sharing pipeline throws away, which is why so many images reach an investigator already stripped.
Does a screenshot remove metadata?
Yes, and this is the sharper case. A screenshot is not a copy of the original file. It is a fresh capture of whatever your screen is displaying, encoded into a new image by your phone or computer, so it never contained the source photo’s EXIF in the first place. There is nothing of the original camera, timestamp or GPS location inside it.
What the screenshot does carry is metadata about itself: the device that took it and the date and time you took it. That replacement is the trap. An investigator who reads a screenshot’s metadata and treats it as the photo’s origin will conclude the image came from your device, today, when in fact it may be a years-old photo from an entirely different camera. Missing metadata tells you nothing. Misleading metadata tells you something false, and a screenshot manufactures exactly that.
Can you tell a photo was screenshotted or re-encoded?
Sometimes, because re-encoding leaves a physical trace even when the metadata is gone. JPEG compression works on a fixed 8x8 pixel block grid, and in a camera-original file that grid is anchored to the top-left corner of the image. When a picture is cropped, rescaled, screenshotted or otherwise re-encoded after being decoded to pixels, the new compression grid can end up offset from where a native grid would sit. An apparent shift in that block grid is a forensic tell that the file is not a first-generation capture: it was decoded and re-saved at some point, which is precisely what taking a screenshot does. This is a qualitative indicator an analyst reads, not a number a tool prints, and it means the loss of metadata is not always the loss of every clue about a file’s history.
What does missing metadata actually mean for an investigation?
The most important thing to understand is that missing metadata is the normal state of shared images, not evidence that someone is hiding something. Because platforms strip EXIF by default, the overwhelming majority of photos circulating online carry none, and reading anything sinister into its absence is a mistake. A screenshot’s metadata is worse than absent: it is present and wrong, describing the person who took the screenshot rather than the person who took the photo.
When the metadata is gone, investigators fall back on the open-source methods that do not depend on it, the reverse-image-search and geolocation techniques used by open-source research groups such as Bellingcat, an independent collective of researchers and citizen journalists. That workflow, and where it fails, is set out in how to verify if an image is real. The practical reading is that you cannot infer origin from a shared file’s metadata in either direction. Its absence is uninformative, and its presence, especially on a screenshot, can point precisely the wrong way. Whatever survives a strip can still be cross-checked against the image and other signals, but the surviving fields are a claim to test rather than a fact, the same caveat that governs whether EXIF data can be faked. When the fields are intact, what EXIF data actually reveals is the fuller inventory of what they can show. Removing the metadata from your own photos before you share is the mirror problem, a privacy task rather than a forensic one, and it belongs to a different toolkit.
Sources
- CIPA (2023). Exchangeable image file format for digital still cameras: Exif Version 3.0. Standard CIPA DC-008-2023.
- Hanham, M. (2015). Metadata: MetaUseful & MetaCreepy. Bellingcat. Available at: https://www.bellingcat.com/resources/how-tos/2015/04/24/metadata-metauseful-metacreepy/ (Accessed: 29 June 2026).