EXIF metadata isn't proof

What EXIF actually is

EXIF (Exchangeable Image File Format) is a metadata block embedded in image files — primarily JPEG, also TIFF, HEIC, and a few others. The fields cover capture date, GPS coordinates, device model, exposure settings, lens info, and so on. When you take a photo with a camera, the camera writes these fields. When you open a photo in any modern viewer (Photos, Preview, Lightroom), these fields are what you see in “Info.”

Two things are important: EXIF is part of the file itself, not stored separately, and EXIF is plain self-asserted metadata. No signature, no external anchor, no proof of provenance. The file says “I was taken on March 14” because someone wrote “March 14” into the file. That someone could be the camera at capture time; it could equally be a person with a text editor.

How easy is it to edit EXIF?

Three methods, all free, all take less than a minute.

ExifTool (command-line)

ExifTool has been the industry standard for EXIF editing since 2003. It runs on macOS, Windows, Linux. To change the capture date of any photo:

exiftool -DateTimeOriginal="2020:03:14 09:42:31" photo.jpg

That command rewrites the EXIF date to March 14, 2020. The file bytes change (the EXIF block is part of the file). The image pixels don't change. Anyone opening the photo in any viewer will see “March 14, 2020.”

Online EXIF editors

Dozens of free web tools (Verexif, ExifPurge, ImgOps EXIF editor, etc.) let you upload a photo, edit any EXIF field in a form, and download the modified file. No technical skill required; works on phones.

Photoshop / Lightroom / Affinity

Every major editor has EXIF-editing controls. You can change the capture date in the metadata panel and save. The pixel edits are a separate (often more obvious) story; the metadata edits are invisible to anyone who isn't looking specifically for modification-detection signals.

Why forensic examiners don't treat EXIF as evidence

Three reasons.

1. It's trivially editable. The above methods are documented in every introductory digital-forensics course. The defense will be aware; the prosecutor will be aware; the judge will be aware (often via cross-examination on the point).
2. It's often inconsistent with other evidence. Real cameras stamp EXIF with internal clock time, which drifts and may be in the wrong timezone. EXIF dates often don't match the file's filesystem creation date, the email server's timestamp, or the social-media platform's post timestamp. Each inconsistency is a question the examiner has to investigate; the examiner's baseline confidence in EXIF is low to begin with.
3. Most file conversions strip EXIF. Posting a photo on Twitter strips EXIF (Twitter rewrites the image server-side). WhatsApp strips EXIF. Email forwarding through some clients strips EXIF. A file with EXIF dates that “survived” multiple platform hops is either: (a) the original file unedited, (b) a file where someone re-added EXIF after the fact, or (c) a file that traveled through a different (less common) path. Distinguishing these requires investigation; EXIF alone doesn't.

Why the citing pattern persists

Three reasons EXIF gets cited despite being unreliable.

1. It's right there. No tooling required to read EXIF — every viewer shows the date. The activation energy to cite it as evidence is essentially zero.
2. Most people have never used ExifTool. The gap between “EXIF is in the file” and “EXIF is editable in seconds” is invisible to anyone who hasn't looked at the tooling. EXIF feels like a property of the camera capture; it's actually a property of whoever last wrote to the file.
3. The alternative isn't obvious. If not EXIF, then what? Until cryptographic timestamping became accessible (free, browser-only, no signup), the realistic options for non-experts were “EXIF, plus shrug.”

What to use instead

Three options, ordered by ease.

1. Cryptographic seal at capture (receipts.you and equivalents)

Drop the file on receipts.you/seal. Your browser hashes the file with SHA-256 (the hash covers the EXIF too — any edit to EXIF changes the hash and breaks verification). The hash gets signed with ECDSA P-256 and anchored externally via OpenTimestamps within thirty minutes. The receipt timestamp is cryptographically un-editable from that point forward. Free, browser-only, no signup.

2. Camera-side provenance (C2PA)

If you control the camera and it's a C2PA-capable device (Sony A1, Leica M11-P, some Canon and Nikon recent firmware), the camera signs metadata at capture and the credential is embedded in the file. This is stronger than EXIF because the signature is over the metadata; edits to the metadata break the signature. The catch is that you need C2PA-capable hardware and a C2PA-aware viewer downstream — coverage is partial in 2026.

3. Qualified timestamping (eIDAS QTSP)

For EU regulatory contexts where qualified-timestamp status is procedurally required, providers like TrueScreen, InfoCert, Aruba, Namirial issue notarial-grade timestamps. Paid, identity-bound, regulator-recognized. See our vs. TrueScreen comparison for when this is the right choice.

The rule of thumb

Cite EXIF as a hint. Cite cryptographic timestamps as evidence. Never confuse the two.

In an internal photo organization tool, EXIF is fine — you're trusting your own camera's clock and nobody's adversarial. In any context where the date might be challenged, use a cryptographic alternative. The fifteen seconds it takes to seal a file is the difference between evidence and metadata.

For the broader comparison, see receipts.you vs. EXIF metadata. For the related case of why C2PA solves a different problem from receipts, see why C2PA doesn't solve screenshots.