Metadata
Updated 1 May 2026
Metadata is data about data. In the context of communications, it is everything except the content of a message: who you contacted, when, for how long, from where, and how often.
You can encrypt words and still leak patterns.
The former NSA director Michael Hayden: “We kill people based on metadata.” The point is not hyperbole — it is that metadata reveals patterns of behaviour, relationships, and intent more reliably than content.
What metadata reveals
- Social graph: who you know and how frequently you interact with them
- Location: where you were when you sent or received a message
- Behavioural patterns: sleep schedule, work hours, relationships, health concerns (from the timing and frequency of communications with certain contacts)
- Device fingerprint: what hardware and software you use
Where metadata leaks
| Channel | Metadata exposed |
|---|---|
| To, From, Subject, IP addresses, timestamps, mail servers | |
| SMS / phone calls | Numbers, duration, cell tower location, carrier |
| Signal | Minimal — phone number, timestamp of last connection to server |
| HTTPS traffic | Destination domain (via DNS and SNI), data volume, timing |
| Encrypted messaging with cloud backup | Full message graph to backup provider |
Reducing metadata exposure
- Use Signal for sensitive communications (minimal metadata)
- Use a VPN or Tor on untrusted networks to mask destination metadata — see vpn-comparison
- Be aware that reference/concepts/end-to-end-encryption protects content, not metadata