Americans are submerged in the digital world. According to a 2015 Pew Research study, over 70% of Americans use the Internet on a daily basis with 21% saying that they’re online “almost constantly.” The Internet has made it so we are frequently connected to the people we care about and the information we want to know, but the dark side of this is that all of our activity is traceable and can potentially be used to identify us in the real world. How? Metadata makes it possible. Continue reading below to learn about the information our devices produce when we use them and how people – from hackers to law enforcement – can use this information.
What is metadata?
Metadata is generally summed up as “data about data,” but while such a description is technically accurate, it’s ambiguous at best. Generally speaking, metadata refers to information devices and programs produce when being used. For example, when you save a word processing document, you can often view the name of the document’s author, the date it was created, the last time it was modified and related details. The program stores this information so that file can be sorted or searched for on your computer. Typically, metadata exists to provide both users and developers with information for managing and troubleshooting files or making improvements to programs down the line. In some cases though, the production of metadata is simply inherent to the way some systems were designed. For example, computer networking requires identifiers to be assigned to every device on a network so that they can connect.
While metadata might seem abstract and confusing, you may already be somewhat familiar with the concept, as we’ve written about it before. From wearable devices that are always on to the entire Internet of things, people’s homes and bodies are now producing information that can become vulnerable to hacking or tracking. Over the last decade though, the biggest debate about metadata came not over hackers’ usage of it, but about how governments have been using it. Edward Snowden’s revelation of PRISM and other intelligence programs showed us that security agencies around the world collect or monitor massive amounts of metadata, both on citizens and government officials. The debate around this practice, which continues today, is at the very heart of issues like the Apple vs. FBI and will have consequences for how secure our technology will be down the line.
What are examples of metadata?
Metadata is extremely hard to qualify, as there are many different types of it. To help you understand the different types, we listed just a few examples of items that collect metadata, what this metadata reveals about you, as well as how you can hide these items from prying eyes:
What is it? Your browsing history is the collection of all the sites you’ve visited on your Internet browser. For example, if you visit an online store, that store will be part of your browsing history.
Can it identify me? Maybe. There’s been a growing tension over the last decade about the balance between Pattern of Life analysis (also known as big data) and privacy. A number of companies collect anonymized data on web visitors — sometimes this data is aggregated to include other sites that visitors might go to. The concern is that aggregated browsing activity, like pieces of a puzzle, may provide a precise snapshot of who you are. Aside from the concern generated by extensive online tracking, simply having your browsing history stored on your device means that if it’s lost, stolen or hacked, strangers can view your web history in its entirety.
How can I hide it? If you want to protect your browsing history, you’ll have to take a two-pronged approach. Many browsers have a “do not track” or “incognito” option you can activate, and others are specifically designed with tracking prevention in mind, meaning they opt to track the minimum amount of information. Taking advantage of these will prevent websites from installing cookies, or tracking codes, onto your computer. Next, you’ll want to make sure you avoid storing passwords in your browser — consider a password manager if you want help remembering passwords — and that you’re regularly deleting your Internet history. For more information on how to delete your history or any other private-browsing features it has, consult your specific browser’s manual.
Internet Protocol address (IP address)
What is it? An IP address is the single most important piece of information a device needs to connect to the Internet. It’s assigned to your device the moment you access a network, and it lasts until your Internet session ends. Anytime you go on a website or use a program online, such as logging into your cloud storage account, in the background, your IP address is being shared. This is such an integral part of using the Internet that even search engines like Google will show you your own IP address if you ask.
Can it identify me? Not always. There are services that can use geolocation on IP addresses to reveal where the users’ device was physically located when it accessed the Internet. These geolocation tags aren’t always accurate and usually reveal the location of your Internet Service Provider’s (ISP) equipment, but law enforcement can subpoena IP addresses in online investigations and ask an ISP to reveal the exact router (and its location) associated with a specific IP address. Again, even this isn’t always an accurate method of determining a criminal’s identity, as some weird and downright depressing stories reveal. Even so, it’s still important to know who is accessing your Internet connection, as all activity coming from a network can only be traced down to the router, so if an IP address associated with your router is subpoenaed, you’re likely the one who will be on the hook, regardless of it was the actions of a guest or mooching neighbor that got your IP address flagged. The best way to protect your Internet connection (and IP address) is to know who you provide your Wi-Fi password to and change your password frequently, as this will kick anyone you don’t want using the network off.
How can I hide it? Despite the fact that IP addresses cannot directly identify individuals, many people choose to hide theirs using a VPN or proxy server for the sake of having complete privacy online. It’s worth noting that these solutions aren’t always friendly to those who aren’t tech savvy and, furthermore, people often wonder about the legality of such services. Proxies and VPNs themselves aren’t illegal, but they can be used to do illegal things, like access the dark web. As such, the best course of action for the average consumer is to simply allow their IP address to be revealed and avoid engaging in illegal online behavior.
EXIF data (photo geolocation)
What is it? EXIF data (Exchangeable Image File) is metadata embedded into photos. It includes things like the name of the camera that took the photo, the shutter speed on the camera, the exposure on the photo and potentially, detailed GPS coordinates that reveal the exact location where the photo was taken.
Can it identify me? Short answer, yes. If you take photos close to where you live, and your camera supports geotagged EXIF data, your location could potentially be given away and revealed to anyone who can access a photo. In a rather bizarre example, John McAfee, the former owner of the antivirus company that bears his name, was purportedly arrested due to EXIF data contained in a photo taken by VICE, who interviewed him while he was a fugitive in South America.
How can I hide it? EXIF data can be scrubbed, and the good news is that most social media sites like Twitter and Facebook remove this information when you share pictures. However, if you simply transfer these photos from your phone or camera to other devices like your computer, the EXIF data might not be removed, which means if you email them to someone (e.g., if you’re trying to sell an item or just share the images), the recipient will be able to see the EXIF data. To remove EXIF data on your images, you can search for a program or mobile app that will help you do so. You can also remove EXIF data from your Windows PC by right clicking on a photo, clicking on Properties and then navigating to the Details tab of the Properties menu. The process isn’t quite as easy for Mac users.
Are there other types of metadata?
The entirety of the metadata created on a daily basis is far more extensive than we can list here. To give you some examples, it includes things like smartphone call logs, which a Stanford University study demonstrated could compromise your privacy if a government insists on collecting them. It also includes things like your phone’s location services system, which works in tandem with any map-based applications on your phone. To see just how extensive the presence of metadata can be, one Australian journalist gave readers a year’s worth of his own metadata to see what kinds of insights they could make into his life, and the results were astounding.
What’s the general takeaway?
As frightening as this might all seem, the truth is good privacy and cybersecurity habits can limit the misuse of your metadata by third-parties, most specifically by hackers. Keep in mind that your own Internet usage plays a role in how much metadata you generate, which is why you should avoid oversharing online about you or your family. You should also be selective about the types of apps you install on your phone; both fake apps and legitimate apps might want access to metadata for the purposes of advertising to you or profiling you. If you’re truly concerned about the extensiveness of the metadata you produce, consider limiting your Internet time and use programs and mobile apps only when necessary.