#FediTip for those used to mainstream sites and are now trying open source platforms (social, blogging, etc): if you upload photos from your phone, you're used to the site compressing it and stripping the metadata out of it so you don't end up exposing your location etc. Not all open source platforms do that or not by default. A lot do, but keep in mind that taking a photo at home and uploading it may expose your home address. Or taking a screenshot of a site exposes the url with potentially account information in it.
I believe Mastodon is safe in this regard, or at least mastodon.social is. Wordpress is not. Others depend on the admin.
There's an Android app on f-droid called #ImagePipe that can strip metadata from photos before sharing.