Who are you sending emails to and how often are they answered? What servers are you using? The answer lies in metadata. It reveals more about us than we may care to imagine.
When we are on the Internet, we are creating data that is being collected and analyzed. A good example is how furniture advertising begins to appear on different websites after we search a cheap couch on Google. That's done through tracking cookies, which are stored in a user's web browser. Tracking cookies store data about what we do on a given website in a browser so that they can inform the website of our previous activities on subsequent visits. This kind of tracking is interesting for the advertising industry because it allows them to get better access to Internet users.
Government snoops not interested in cookies
But the secret services are less interested in cookies. They are more interested in metadata - information that is supplied with certain web content. For example, digital photos show the details of the camera that is used, the image resolution and the aperture. And cameras with smart functions often show the place where the photo was taken, if the user doesn't turn off the tracking feature.
That's the kind of information that the secret services want to get their hands on - who is emailing whom and when? All this information is available in the metadata - the sender, address, date and the server from which the email was sent.
Experts at the Massachusetts Institute of Technology wanted to know how much you could find out about a user when snooping on their metadata. On a page called "NSA Yourself," users with a Google account have the opportunity to see what metadata from their emails alone can reveal about them. A lot.
It's easy to determine the number of times a user has communicated with someone else. Of course this poses a great danger, especially for undiscerning users: are the authorities also keeping an eye on your circle of friends? And all of that, without even opening or reading your emails.
Combing through data
Revelations by former US National Security Agency contractor Edward Snowden that US government authorities have been extensively monitoring users online have gotten people take this issue seriously. Despite the fact that many users have argued that they have nothing to hide, they recognize the fact that authorities may not just be reading emails or listening to telephone conversations.
"At first it's just data collection. The information is then run through a program that retrieves all parameters. This is all done using machines," IT expert Jörg Brunsmann explains.
For example, the machine can then see that Osama Bin Laden sent Jane Smith 30 emails within two years. Bin Laden is dead, but Jane Smith is still alive, so it is interesting. But if it turns out they only discussed domestic cats when the content of their messages are analyzed, it comes to nothing.
Encryption as a solution?
Even though very few users encrypt emails, it has always been possible to do so. Programs like TrueCrypt or GnuPrivacyGuard are very easy to find online, according to computer expert and journalist Burkhard Schröder. The problem, however, is that the encryption can only work if person sending the email and the recipient use the same program. But the metadata isn't encrypted.
"it makes little sense to encrypt the address label of the receiver," says IT-expert Jörg Brunsmann, "how is the [mail program] supposed to know where to deliver the mail?"
The possible solution for users might be to go into the darknet where networks like TOR work with several servers, which constantly change their addresses so that the user is harder to track.
Footprints on the Net
Every day, users are, more or less, leaving a trail of what they do online. Those using social media, like Facebook and Twitter, aren't just giving their data, they are also providing a lot of information about what they like and their recreational activities. The networks, in turn, allow third parties to use that data. Mobile apps on smartphones and tablets access more information than users can imagine.
So, those who happily say they have nothing to hide may be wrong. "In a classroom experiment," says Jörg Brunsmann, "some of the students Facebook messages were printed out and hung on the wall. Many of their jaws dropped when they saw just how much they had revealed about themselves."
Therefore, experts advise users to put more thought into what they put online. But the challenge today isn't just what they put online but the fact that their metadata can be accessed.