Since Edward Snowden revealed internal secrets about the NSA’s spy programs in 2013, much attention has been paid to exactly what the agency was collecting, and why. Sometimes it was able to collect full records of everything you did – for example, your Facebook posts and emails. In other instances, it just collected metadata.

The distinction here is important. The NSA and the online platforms it partners with try to claim that metadata collection isn’t a violation of privacy and use the old – and incorrect – adage, if you’ve got nothing to hide, you’ve got nothing to be afraid of.

We’ll take a look in this article at what metadata is and why it’s important.

Meta-what?

Simply put, metadata is data about data. A simple example is a text message conversation.

The data here is the actual messages: last night, they asked if I was playing World of Warcraft, and I said I was doing a raid with my guild. (If you’re Alliance on a US realm, let’s do some battlegrounds for fun.) Today, I let them know I was going to sit in the back yard and write some articles. Because this is an iMessage conversation, that data is encrypted – meaning it can’t be read by anyone but myself and the other person in the chat.

The metadata in this example includes who I was talking to and the dates/times of the messages. This might not seem like a big deal if I’m just checking in with my partner, but imagine what a company – or government agency with practically unlimited computing power – could do with this information! Very quickly, they could create a map of who I’m talking to, then figure out when we’re talking. If there’s an increase right before or after a political event, they could use this information to build networks of who’s organizing with who.

Let’s use email as an example: The data is the subject and content of your message. The metadata is who you’re sending it to and when you’re sending it. While it’s possible to encrypt the text of an email, that still leaves plenty of information about who you’re emailing with and when.

Phone calls are another good example. If we’re to believe them, the NSA has stopped their phone metadata collection program because it didn’t work and cost too much. They weren’t collecting the actual recordings of conversations, but they were monitoring the metadata of calls: Who was calling whom, when they were calling, and how long the calls were.

Good, Bad & Ugly

Metadata isn’t always bad. Check out this sunset picture I took last night:

The original of this photo from my phone has a ton of metadata – data about the picture itself – that’s helpful for photo editing!

Make                            : Apple
Camera Model Name               : iPhone XS
Orientation                     : Rotate 90 CW
X Resolution                    : 72
Y Resolution                    : 72
Resolution Unit                 : inches
Software                        : 13.5.1
Modify Date                     : 2020:06:27 20:45:23
Y Cb Cr Positioning             : Centered
Exposure Time                   : 1/60
F Number                        : 2.4
Exposure Program                : Program AE
ISO                             : 250

I took this with my iPhone XS running iOS 13.5.1, rotated 90 degrees. Photographers might be interested in the Exposure Time, F Number and ISO of the photo.

But the metadata also includes GPS coordinates of where I took the picture. Combine that with when I took it and it’s pretty clear where I was and when. This is how your phone shows you memories of your trip to a specific place. (Before you go looking, I wiped most of the metadata from the uploaded version.)

Other types of documents also have metadata: Word, PowerPoint, PDF files and more can store who created them and more.

Facebook Uses Metadata for Tracking Images

About a year ago, we discovered that Facebook – that master of data collection – was adding metadata for tracking image uploads and shares. It added two special fields to the file’s metadata: “Original Transmission Reference” and “Special Instructions.”

It’s not clear what Special Instructions are for, but Original Transmission Reference is a code for the post where the image was originally shared. So if you download and re-share an image, Facebook knows.

This spreads further than Facebook. Let’s say you downloaded a picture from Facebook and then posted it on an anonymous site. Law enforcement working with Facebook could use the metadata to track down who saw and downloaded the photo, potentially identifying you.

Protecting Yourself

As shown above, metadata isn’t always bad, but we need to be aware of when it could harm us.

Our favorite app Signal comes in handy here. It strips metadata from photos you send automatically! And Signal’s servers don’t track your messages – including any metadata about them. Apple, Facebook, cell phone providers and others can’t say the same.

If you’re sending a photo somewhere else, you can use a website like EXIF Remove or an app like EXIF Purge on your computer. I am not endorsing either of these tools, just sharing resources.