This article is written by guest blogger Geoff Glave, a Decentralist at Manyone.
Several messaging apps claim that their communications are encrypted “end-to-end”—meaning no one can read your messages. So when you use these apps your privacy is 100% guaranteed, right?
While it’s likely true your private messages cannot be easily decrypted on these platforms, it’s important to know that on any centralized messaging platform you do leave a string of breadcrumbs behind. These breadcrumbs are called “metadata.”
What is Metadata?
Metadata is the “data about the data.” It provides the context for the data. The size of the data set. Where it originated. Where it’s going. When it was created, and by whom.
If you’ve ever watched a spy movie where they’ve shown someone being tracked via the cell towers, to which their mobile phone is connecting, then you’ve seen metadata in action, albeit one dramatized for entertainment purposes.
On centralized messaging platforms, your metadata is the information that gets stored on intermediary servers—like your phone number, how long and how often you use messaging apps, other users with whom you’re interacting, your device identifiers like IP & MAC addresses, your mobile operating system, browser details, battery health information, app version, location via mobile network, language, time zone, and more.
Even though your messages are secret, this metadata can be mined and joined to other data sets to determine all manner of things—things you may have considered private.
Why Everyone Wants Your Metadata
As the New York Times demonstrates, it’s amazing what can be discovered from a phone.
Imagine you’re at a protest and you message your friend or a group chat. The platform provider now knows with whom you’ve connected while you were there. Imagine you send your friend some pictures and video of the police at the protest. The provider may not know what the pictures contain, or what you wrote, but it does know that you sent your friend photos and videos at that date and time.
Knowing your IP address doesn’t tell providers exactly where you are, but knowing your IP address and your mobile data provider (Rogers, AT&T, Verizon, Vodaphone et al) tells the platform where you are down to the neighbourhood, and if you’re on WiFi, the MAC address of the access point to which you’ve connected means they know down to within a hundred meters or less. Your MAC address is unique to your device, so by knowing your MAC address, it’s easy to attach a phone number to that specific device—even if you move your SIM over to a new phone.
Furthermore, by connecting this metadata to other data sets—called “joining”—so-called “interested parties” can learn even more. For example, based on a phone number and/or a mobile MAC address, a mobile carrier can be forced to turn over your name and address. If that carrier has a credit card on file for automated payments, then that is another source of information that can be obtained. All because you messaged your friend from a protest, despite thinking it was “private.”
Why is this an issue? It leaves people’s most sensitive information vulnerable to hackers, it highlights concerns as to how authorities are accessing and utilizing this information, and it puts citizens who live under oppressive regimes at risk of being targeted by their government. Everything you do online can be tracked and you should be concerned—privacy no longer exists.
The Only Solution is Decentralization
Decentralization allows users to take charge and monitor their own data. Users can set up their account, take ownership of their data, and control the kind of content they wish to see. User metadata cannot be tracked.
So when a platform claims your messages are “end-to-end encrypted” remember that if it’s not decentralized, there’s still a tremendous amount of information to be mined from the servers through which your messages are passing. All thanks to metadata.
Looking for a decentralized app that will allow you to take control of your metadata? We have it: Manyone is a decentralized, self-sovereign mobile app that offers secure, encrypted connections—no third parties. Therefore, no metadata tracking. Learn more about Manyone.