A common assumption is that if the content of a communication is private, encrypted, for example, then the communication itself is private. Metadata breaks that assumption.

Metadata can reveal as much as content, sometimes more. A list of who you've been calling and when can tell a story about a relationship, a medical condition, a political affiliation, or a personal crisis, without a single word of conversation being read.

Former NSA director Michael Hayden put it plainly, "We kill people based on metadata."

That's an extreme example. For most people, the concern is lower-stakes but still real, metadata collected by apps, platforms, and service providers is used to build profiles, target advertising, and make inferences about behaviour that individuals never explicitly shared.

The specific type depends on what you're doing, but common examples include

Messaging and calls
- Who you communicate with and how often
- When conversations happen (time of day, frequency, gaps)
- Rough message length
- Which devices were used
- Location data if your phone is connected to a network

Email
- Sender and recipient addresses
- Subject lines
- Timestamps
- IP addresses
- Which mail servers handled the message

Web browsing
- Which websites you visit and when
- How long you spend on them
- What you click on
- Your approximate location via IP address

Files and photos
- When a file was created or modified
- What device created it
- In photos, the camera model, settings, and often GPS coordinates of where the photo was taken

Understanding metadata matters most for

• Knowing why encryption alone isn't sufficient privacy protection
• Making informed decisions about which services to use and what data they hold
• Thinking clearly about what a service can infer about you even when your content is private
• Choosing tools that are designed to minimise metadata collection, not just encrypt content

Even tools designed to minimise metadata leave some footprint.

• Network-level observers can often see that you're communicating with a specific service, even if they can't see the content
• Metadata you've already generated doesn't disappear when you change tools
• If someone has access to the devices on both ends of a communication, metadata protection at the network level may not help
• Some metadata (like who you're communicating with) is fundamentally hard to hide without tools specifically designed for it, like Tor

Most messaging apps that offer end-to-end encryption still collect metadata. Signal, for example, encrypts message content but can see who is messaging whom and when, though it's designed to collect as little of this as possible and has demonstrated this in legal proceedings.

Services that offer to minimise metadata often involve some tradeoff in convenience, speed, or functionality. Tor, for example, routes traffic through multiple servers specifically to obscure who is communicating with whom, but it's slower than a direct connection.

There's also the aggregation problem, individually, a piece of metadata seems harmless. Combined with other pieces, it becomes something more revealing. Your location at 8pm on weekday evenings, combined with the medical clinic you called that afternoon, combined with the pattern of who you've been messaging, can build a detailed picture of your life.

• Be aware that "encrypted" doesn't mean "no metadata", ask what a service collects beyond the content of your messages
• Check photo metadata before sharing photos that contain location information, most phone cameras embed GPS coordinates by default
• Use services that are transparent about what metadata they hold and how long they keep it
• Understand that browser history, search history, and app usage patterns are all forms of metadata that can be collected and retained

Why metadata-minimising design is hard. For a message to reach its destination, the network needs to know where to send it. Hiding that routing information while still delivering the message reliably is a genuinely difficult engineering problem. Tor solves it by routing through multiple servers, so no single point knows both who sent a message and who received it, but this comes at a cost in speed and complexity.

Sealed sender. Signal uses a technique called sealed sender, which hides the sender's identity even from Signal's servers. This is one example of a technical approach to metadata minimisation that goes beyond encryption.

Traffic analysis. Even without reading metadata directly, an observer who can see patterns of network traffic, volume, timing, frequency, can often draw conclusions about what's happening. This is called traffic analysis, and it's one of the harder problems in communications privacy.

Legal access. In many countries, service providers can be required to hand over metadata to law enforcement without the same legal threshold required for content. This is one reason why the distinction between content and metadata matters in practice, not just in theory.

• What is privacy, the broader context
• Encryption, what it protects and where metadata sits outside that protection
• Threat modeling, helps clarify how much metadata exposure matters for your situation
• Signal, a messaging tool designed with metadata minimisation in mind
• Tor, a network tool designed specifically to address metadata and traffic analysis