Metadata

Metadata is data about data: the timestamp of a message, the length of a call, the IP address of a sender, the location embedded in a photo, the author field of a document, the recipient of an email. The content is what was said. The metadata is everything else. In intelligence and law-enforcement work, metadata often produces more actionable intelligence than content because it is structured, queryable, aggregatable across millions of records, and (in the US) reachable on a lower legal standard than content.

What it means in practice

The 2014 General Michael Hayden quote captures the operational reality: “We kill people based on metadata.” A metadata record of who called whom, when, for how long, from where, repeated across months, builds a social graph more revealing than the content of any single call. The same logic applies civilian-side. Metadata captured by your phone (location history, app usage timing, network connections), your messaging apps (who you message, when, group memberships), your email provider (sender-recipient pairs, timestamps, IP at composition), and your browsing (DNS queries, TLS SNI, even with HTTPS) builds an exhaustive picture of your life that no single content disclosure could match. The structural defense is metadata minimization, not just content encryption.

Where it shows up

Captured at every layer of the stack. Photos: EXIF embeds GPS, timestamp, camera serial, sometimes the device unique ID. PDFs: author, original creation path, revision history, sometimes deleted prior versions. Word docs: author, last editor, all of the above, often the comments and tracked changes from earlier drafts. Emails: full headers (sender, recipient, all servers traversed, timestamps at each hop, originating IP often). Phone calls: who, when, how long, cell tower (carrier records), increasingly precise location (cell-site simulator era). Messaging: even E2EE platforms produce metadata (Signal protects content but the carrier sees you connected to Signal’s servers; WhatsApp protects content but Meta sees the sender-recipient graph). The cumulative metadata signature is what nation-state and commercial-intelligence operations actually run on.

What you can change today

Audit metadata leakage in three categories. Files: install ExifTool and run `exiftool -all=` on photos and PDFs before sending sensitive ones; Mac and Windows have built-in “Remove Properties” options for Office and image files. Communications: route sensitive contact through Signal (minimizes metadata at the provider level), use Proton Mail with Proton-to-Proton (no external email metadata trail), separate operational identities so the metadata graph for one operation does not link to your personal graph. Network: route through a no-log VPN (Mullvad, Proton VPN, IVPN) so the local ISP does not see the destinations; for the highest tier, route Tor over VPN so even the VPN cannot correlate.

Related articles