Guest article by Jaime Escuder
If you read the Threema blog, you’re probably someone who understands the value of end-to-end encryption to protect your communication and your messages. But did you know that metadata can reveal more about you than the actual message content?
Every message that you send leaves a trail of so-called metadata. This can include a record of extensive information of who you talk to, your online status, and the composition of your groups. It can even be used to determine where you are when your messages are sent.
Not only companies and social networks know that this information is of utmost value. Also governments and hackers know that metadata can be used to learn intimate things about you, which is why metadata surveillance has become routine. In fact, in 2013 the Guardian reported on the United States’ National Security Agency’s massive metadata collection program.
Anonymity is a useful way to empower people to disseminate ideas, communicate freely, and make critical remarks. The collection and analysis of metadata strips away the protection that anonymity provides.
In a recent study, researchers at MIT analyzed anonymous credit card data of 1.1 million people and were able to uniquely identify 90% of them through metadata such as the location and timing of purchases.
As reporter James Risen knows from his own experience, metadata can also reveal the identity of who you are messaging. Metadata collected from Risen’s communications with Jeffrey Sterling, a leak in the CIA, caused Sterling to be convicted of sharing government secrets, despite Risen’s dogged refusal to identify his source.
In fact, as this online game shows, revealing a source is really no more difficult than following the trail of a person’s contacts.
Protect your metadata to also protect the people with whom you communicate.
Metadata can be abused or lead to false accusations
Where metadata is generated, this metadata can be misused. Those who work in the government are just people, and sometimes people make bad or even malicious decisions. A dozen NSA employees were caught using that agency’s tracking features to spy on their lovers.
Leaving a metadata trail opens one up to being falsely accused of misdeeds. Metadata is particularly susceptible to bias since, by definition, it’s incomplete information. This incomplete data requires people to make assumptions to fill in the gaps, which can easily lead to mistakes or false accusations.
This was the case for Sherry Chen, a weather forecaster who was falsely accused of being a secret agent due to her ties with China.
How does Threema protect metadata?
In contrast to conventional messengers, Threema only uses the information that’s absolutely necessary to run its service. Metadata restraint is one of the main tenets of Threema’s business model. The protection of privacy, message contents, and the metadata generated during communication is one of Threema’s main goals.
- Threema can be used anonymously (without providing a phone number) and saves as little data as technically possible.
- There is no log that records who communicates with whom. Messages are immediately deleted after successful delivery (the content is end-to-end encrypted, which means that messages can’t be read by anyone while they’re on the server)
- Contact lists and groups of Threema users are managed locally, on users’ devices, not on a central server.
- Threema servers don’t know which group chats exist and don’t save any chat information such as which ID (user) communicates with whom.
The underlying idea is that where there is no data, no data can be misused — neither by corporations, hackers, or surveillance authorities.