1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Metadata reveals a lot

Silke Wünsch / jlwJuly 11, 2013

Who are you sending emails to and how often are they answered? What servers are you using? The answer lies in metadata. It reveals more about us than we may care to imagine.

Image: Fotolia/Gina Sanders

When we are on the Internet, we are creating data that is being collected and analyzed. A good example is how furniture advertising begins to appear on different websites after we search a cheap couch on Google. That's done through tracking cookies, which are stored in a user's web browser. Tracking cookies store data about what we do on a given website in a browser so that they can inform the website of our previous activities on subsequent visits. This kind of tracking is interesting for the advertising industry because it allows them to get better access to Internet users.

Government snoops not interested in cookies

But the secret services are less interested in cookies. They are more interested in metadata - information that is supplied with certain web content. For example, digital photos show the details of the camera that is used, the image resolution and the aperture. And cameras with smart functions often show the place where the photo was taken, if the user doesn't turn off the tracking feature.

That's the kind of information that the secret services want to get their hands on -  who is emailing whom and when? All this information is available in the metadata - the sender, address, date and the server from which the email was sent.

Experts at the Massachusetts Institute of Technology wanted to know how much you could find out about a user when snooping on their metadata. On a page called "NSA Yourself," users with a Google account have the opportunity to see what metadata from their emails alone can reveal about them.  A lot.

A Google sign is seen at a Best Buy electronics store in this photo illustration in Encinitas, California, in this April 11, 2013 file photo Google Inc reported consolidated first quarter revenue, including its Motorola Mobility business, of $13.97 billion, up 31 percent from the year-ago period. REUTERS/Mike Blake/Files (UNITED STATES - Tags: BUSINESS)
Google is not the only company collecting user dataImage: Reuters

It's easy to determine the number of times a user has communicated with someone else. Of course this poses a great danger, especially for undiscerning users: are the authorities also keeping an eye on your circle of friends? And all of that, without even opening or reading your emails.

Combing through data

Revelations by former US National Security Agency contractor Edward Snowden that US government authorities have been extensively monitoring users online have gotten people take this issue seriously. Despite the fact that many users have argued that they have nothing to hide, they recognize the fact that authorities may not just be reading emails or listening to telephone conversations.

"At first it's just data collection. The information is then run through a program that retrieves all parameters. This is all done using machines," IT expert Jörg Brunsmann explains.

Bildnummer: 50544696 Datum: 01.08.2004 Copyright: imago/Seeliger Website der NSA, Objekte; 2004, Screenshot, Screenshots, world wide web, Websites, Webseite, Webseiten, Webadresse, Webadressen, Internetseite, Internetseiten, Internetadresse, Internetadressen, Domain, Domains, Internetauftritt, Internetpräsenz, Internet, online, amerikanisch, amerikanischer, amerikanische, Geheimdienst, Geheimdienste, Nachrichtendienst, Nachrichtendienste, National Security Agency, Schriftzug, Computer; , hoch, Kbdig, Einzelbild, Deutschland, , Behörden, Staat,; Aufnahmedatum geschätzt
Those wanting to try it out can log-on to "NSA Yourself"Image: Imago

For example, the machine can then see that Osama Bin Laden sent Jane Smith 30 emails within two years. Bin Laden is dead, but Jane Smith is still alive, so it is interesting. But if it turns out  they only discussed domestic cats when the content of their messages are analyzed, it comes to nothing.

Encryption as a solution?

Even though very few users encrypt emails, it has always been possible to do so. Programs like TrueCrypt or GnuPrivacyGuard are very easy to find online, according to computer expert and journalist Burkhard Schröder. The problem, however, is that the encryption can only work if person sending the email and the recipient use the same program. But the metadata isn't encrypted.

"it makes little sense to encrypt the address label of the receiver," says IT-expert Jörg Brunsmann, "how is the [mail program] supposed to know where to deliver the mail?"

The possible solution for users might be to go into the darknet where networks like TOR work with several servers, which constantly change their addresses so that the user is harder to track.

Footprints on the Net

Bildnummer: 59224949 Datum: 15.02.2013 Copyright: imago/Schöning Soziale Netzwerke Apps, Smartphone Soziale Netzwerke Apps Smartphone Gesellschaft Medien Kultur Objekte Symbol x0x xub 2013 quer Iphone Applikation Application Kleinprogramm Anwendung Oberflaeche Oberfläche Signet logo Icon Ikon Programm Appllikation App Smartphone Telefon Handy I-Phone Apps Icons Ikons Programme online Internet digital Soziale Netzwerke gabi linked in twitter xing google plus google + Facebook networks network Social 59224949 Date 15 02 2013 Copyright Imago Schöning social ones Networks Apps Smartphone social ones Networks Apps Smartphone Society Media Culture Objects symbol x0x 2013 horizontal iPhone Application Application Application Surface Surface Signet emblem Icon IKON Program App Smartphone Phone Handy I Phone Apps Icons Programs Online Internet Digital social ones Networks Gabi Linked in Twitter Xing Google Plus Google + Facebook Networks Network Social
Mobile apps divulge more information than many users' realizeImage: imago/Schöning

Every day, users are, more or less, leaving a trail of what they do online. Those using social media, like Facebook and Twitter, aren't just giving their data, they are also providing a lot of information about what they like and their recreational activities. The networks, in turn, allow third parties to use that data. Mobile apps on smartphones and tablets access more information than users can imagine.

So, those who happily say they have nothing to hide may be wrong. "In a classroom experiment," says Jörg Brunsmann, "some of the students Facebook messages were printed out and hung on the wall. Many of their jaws dropped when they saw just how much they had revealed about themselves."

Therefore, experts advise users to put more thought into what they put online. But the challenge today isn't just what they put online but the fact that their metadata can be accessed.