What about apps like Mail or another photo uploading service which never even ask for location information? How are they supposed to know when to strip out EXIF data?

If you want the system to manage that metadata properly you need to give the users better controls than the existing coarse grained per app location preferences. I think they should, but the suggestions most people are making to fix this on HN are very narrow.

You could have scrubbed the location data from your photo before you shared it with path, but you chose not to either through neglect or malice.

My issue was not with Path knowing where I am, but with Path publishing where I am to my contacts.

Path, of course, knows where I am due to the geolocation of the IP from which I post.

My intent was communicated to the app through the disabling of location services. Posting my location uncovered through parsing EXIF is the opposite of my configured intent.

When I post pictures to Twitter, Twitter receives the EXIF-tagged photos, too. They, however, don't serve them with the geotags, as I have disabled geotagging for my account. I haven't tested if they just strip all photo EXIF, or only for accounts that disabled geotagged tweets.