Welcome to Chapter 5 of the Privacy Cookbook, and since you've made it this far, or you are just tuning in, it probably indicates that you are someone who really cares about their privacy! And so you should, so welcome and let's now take a look at cellphone security starting with  the dreaded metadata!

So what is metadata and why is it so potentially harmful to your privacy?

The simplest definition is that it is 'data that describes data' and in the context of mobile telephones this means that metadata can provide as much or more information about you than your text or call.

Each message creates metadata, let's describe it as an electronic callsheet  that details everything about the text. So it lists and records your location, whom you contacted, when, for how long, the composition of groups you may be communicating within and the online status of your  device.

Obviously, all of this information is hugely important, not just to you, the originator, and the party to whom you connected but also to companies, governmental agencies and other 3rd parties. That information has value on a number of levels and explains why the routine monitoring of metadata has been so commonplace for many years. As far back as 2013, the Guardian newspaper in the UK ran a story detailing the collection operations of the USA's National Security Agency (NSA)  amongst others.

The misuse of metadata erodes freedom

Anonymity can empower people to speak out, to organize, to defend and to protest. Freedom of speech is a fundamental and basic human right, it allows people to discuss, to learn, to grow.....remove or threaten that freedom and free societies wither. The collection of metadata and it's misuse poses exactly that form of a threat, it nullifies the very protection  that is provided and protected by anonymity.

However, the collection of metadata is not necessarily a precise science since it effectively only provides an incomplete picture of the interaction, the context and content of the communication may not be known or considered. That opens it up to misinterpretation or even malicious manipulation and there are numerous examples of this over recent years such as several NSA employees using it to stalk their partners or the case of the TV weather woman in the US being falsely accused of being a spy due to her ties to the PRC, all 'discerned' from her metadata history..

Incomplete data leads people to make assumptions to complete the picture, finish the puzzle and fill in the gaps which in turn can lead to erroneous conclusions and accusations.

And whilst you might think that it is unlikely, if not impossible, for the 'watchers' to draw conclusions about you from a few data-points...well, a study, by researchers at MIT analyzed anonymous credit card data from over 1 million people and identified 90% of them through metadata such as location and time of use cross-referenced with other data.

So you have been warned...protecting your metadata also protects the people with whom you communicate...and it holds true that where there is no data, there can be no misuse...by anyone!

Metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content    
Stewart Baker - former NSA General Counsel

In summary, metadata refers to all data related to electronic communication excluding the actual content. The legal protection of data must include both content and metadata. You cannot have the  former without the latter as metadata allows the identification of the parties involved, their behavior, their friends and contacts, their normal physical locations, and their favoured communication methods. It is not hard to see, therefore, how it is easy, along with other data, to draw up an incredibly complete picture of an individual without ever seeing their communications.

So how can you minimize or even rid yourself of metadata?

We'll be looking at just this in the further sections of Chapter 5 as your cellphone is your single greatest point of vulnerability, Your PC may be too, if you have windows installed) but don't get me started on Microsoft! right here and now as we will cross that particular bridge in a later chapter.

For starters, you need to clear from your  phone the usual suspects, namely, Facebook and Google. Sounds tough? Well, we'll do our best to explain this in the next section of the Privacy Cookbook.

Today, as a taster, let's clear the metadata from the pictures & images stored on your device.

iOS claims ihat within iOS 13 there is an option to automatically remove all metadata before sharing...as good as this feature is, we have an even better solution called ViewExif and with it you can remove all the metadata from your pictures as well as from within the Gallery! So all pictures & images are cleansed of metadata before you choose to share! How cool is that?

For Android, you can find Scrambled Exif in the f-droid app store. This does the trick but It works a little  differently since you chosethe app as a sharing option (just like you would chose a  friend on a messenger) so that the sharing options appear again, only this time cleansed and free for you to send to any of your friends.

Clearing your pictures of metadata is a massive step forward. Let's have a closer look at Android devices in our next sub-chapter with a guide to what to remove and/or block on your phones. This guide will not teach you how to root a phone but will actually explain what you can and should deactivate or better still remove completely from the most common phone providers...Samsung, Huawei and any other android based phone!

We will then have a special sub-chapter as well for iOS, followed by help with rooted versions of phones with lineage or other customized android options.

We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element(Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at decentralize.today and at blog@decentralize.today
Share this post