Goddy Ray Devoted online security and privacy advocate 8 min read

“Somebody stole your metadata!” sounds scary… but then you remember that you don’t know what it is or why it is significant. This article will tell you what metadata is and why it’s important for your privacy as an internet user.

What is metadata in general?

In the most basic term, metadata is information about data. It’s like a legend of a map that describes what all the lines, dots, and other markings mean. Generally, metadata describes an object (in this case, data) so that you wouldn’t need to spend time checking it out yourself.

It is handy for sorting and cataloging stuff. This increases the speed and accuracy of countless processes around the world. Let’s learn about a few examples.

What are the different types of metadata?

Metadata is used almost in every area of life you can imagine:

Images: if you have a database of photos, art, advertisement designs and so on, metadata allows you to tell a machine to sort it by date, size, author, location, or any other criteria that was recorded.

Library catalogs: they live and die on metadata. Even the old physical card catalogs had a fairly sophisticated way of labeling books according to author, language, and other bits of metadata..

Archeology: as archeologists take an object from the location it was found at, they remove it from its context. That’s why it’s important for them to record as much data on it as possible for future reference.

Search engines: outside of text that appears when you open a page, there are bits of data invisible to you that describe it to the search engine. Author, data, subject, and various other tags allow Google (to use the most popular example) understand whether the page is relevant to you without having someone read it and understand what’s going on.

Digital marketers: if marketers have browsing metadata, they can decide whether you fit their target demographic for ads. Metadata may not tell them what you’re doing on a surfing-related forum, but the fact that you spend half an hour there is a good indication that you’re a good target for water sport-related ads.

Surveillance: The types of websites and forums you visit can tell them about your leanings. Knowledge of whether or not you accessed pornography websites (and for how long) can always be used for leverage. The list of possibilities is endless.

You probably want to know how metadata looks like as well.

What does metadata look like?

Imagine a print edition of the novel “Harry Potter and the Philosopher’s Stone.”

The story of a young orphan being invited to a secret school of magic is data. The stuff printed on the cover – the name of the author (J.K. Rowling), the title of the book (“Harry Potter and the Philosopher’s Stone”), the publisher’s mark (let’s say Puffin Books) – is metadata. It all describes the book – it’s all information about “data” in the book.

It is useful as it tells you about the book for you without making you read it. Of course, the author, the title, and publisher isn’t the full extent of the metadata. There’s a lot more of it, and books dedicate a page to it – it’s called a colophon. This allows businesses, government institutions, and libraries to know what they need to know about the book to handle it properly.

Another example would be digital photos. They exist as files, and they can have a bunch of data attached to them.

Exif is one of the most common metadata standards for digital photos. It records the camera model and settings used to take the picture, the time and location where it was taken, the author, and so on.

Cleaning Exif data is one of the things that security cautious people do before posting photos online to protect their privacy.

But photos are files that you can manipulate manually. You can’t do that with data packages that are involved in your online activities. After all, that data gets recorded away from your device, and you have no control over it. Read on to find out how your metadata is collected.

What does metadata have to do with browsing?

When you go online, everything you do gets routed via servers maintained by your internet service provider (ISP). They can monitor and track what you do by recording logs of your online activities.

Here’s what the Australian ISPs were told to record in 2017 when collecting metadata on communications:

The account holder’s name, address, date of birth, email addresses and other identifying information of the person carrying out the communication

The medium of the communication (voice, SMS, email, chat, forum, social media)

The person’s geographical location at the start and end of the communication

Details of the receiver of the communication

The technology channel used for the communication (Wi-Fi, VoIP, cable, and so on).

That is a lot of (meta)data, especially when you consider that it’s possible to construct people’s profiles by using a lot less than that.

Why should I care about metadata?

Remember the Harry Potter book example? Imagine that you’re sitting down to read it. Meanwhile, your ISP acts as an observer looking at you.

He may not know which part of the book you’re reading. However, they can still collect data on you: they know what book you’re reading, how much time you send reading it, at what time you do your reading, and so on. It’s revealing your hobbies and your daily schedule.

This is already painting a portrait of your life – and that’s just from looking at you reading a book. A lot more can be done with a lot less.

Now think about the wealth of data that your ISP has access to. It knows how much time you spent on every website you visited in the past, which ones you visited, and in which order.

Metadata is very important to governments and advertisers. Although it is not as sensitive or as hard to get as real data (i.e. the contents of your email), it allows them to construct a profile of you that is good for surveillance or advertising.

Alarmingly, the ISPs can be interested in collecting this information even without the government telling them to do so as they can sell it to advertisers. For example, this became legal in the US in 2017. But there is a way to be protected.

A VPN hides your metadata

The quickest and easiest way to hide your metadata is to get a VPN. How does it do it? By using encryption that masks the information you send and receive.

Once you have a VPN up and running on your device, the app encrypts all of the data used in online activities. This means your ISP can’t read it, losing their ability to tell what websites you visited, when, and for how long.

At most, the ISP can say that you were using a VPN. But that’s not always the case, as – Surfshark can hide even that.

This means no ISP spying, no government going after your secrets, and no hyper-targeted ads that follow you around. And if you choose a good, no-logs policy-following VPN, no records of your online activities will be kept!

What is a No-Logs VPN?

Get a VPN that has a “no-logs” policy – meaning that they don’t keep records on your online activities.

When your encrypted data reaches the VPN server, it is decrypted in order to be forwarded to the final destination online. This gives the VPN provider the opportunity to collect your information. It wouldn’t make sense to get a VPN to protect your metadata only to have the VPN itself collect and sell it.

In conclusion

Metadata may seem like an obscure and hard to explain subject, but it isn’t. This “information about information” allows organizations to construct an accurate file on you even without going into your emails and messages. Luckily, you can hide your tracks and protect your privacy by getting a VPN.

