What Your Metadata Looks Like
What Your Metadata Looks Like
January 8, 2014
We keep hearing about how the NSA “only gets metadata.” That’s not a big deal, right? Wrong. Let me show you what exactly metadata is, and why it should stay private.
The photo you’re looking at is my email metadata. If you click on it, you can see different colors and sizes of dots. Each dot is someone I’ve exchanged emails with. I’ve stripped the labels, but in the original image each person’s name or email address is listed below their dot. Keep in mind that the NSA sees the names and email addresses.
You can also see lines between some of the dots. This means that the contacts I emailed, also emailed each other. This shows relationships, groups, networks. The color codes, by the way, also matter, because they show that those three contacts not only emailed me about a specific subject matter, but they also emailed each other about the same subject matter. The thicker the line, the tighter the relationship between those contacts. The bigger the dot, the more emails were exchanged.
Why is all of this important? Well, the huge blue dot doesn’t email anyone I do, and yet I send that address more email than anyone. Probably safe bet that I’m either related to, involved with, or employed with that address. Since the NSA can see all the labels, they can find my family, my friends, my networks professional and personal, and what I email about. They also can see how many of my friends know each other, and who in my contacts emails each other. A lot of the single orange dots are merchants I buy from, accounts I hold on the internet, or newsletters I’m subscribed to.
This is a drill-down of one of my contacts. It shows when we started emailing, when we stopped, how often we talked, when we talked, and who I ended up getting introduced to because of them. It also shows how many of those emails I was one of several recipients of, and how many of them were sent privately to me. Now they match up other information they may have on me. Is there a public record showing a bought a house during that time? They just found my loan officer. Now let’s check to see where that realtor is to narrow down where I may have purchased that house. Next, we check the public records of homeowners in that area. Guess who pops up? Me, with my actual physical address (if they didn’t already have it). Did I email a gun dealer to inquire about a firearm? Did I write them often? I probably own firearms.
Keep in mind that there are actual people’s names redacted there. This is an actual person’s contact information. If you emailed me in March of 2012, this could be your contact information. Since the NSA can do three hops worth of analysis, this means they can now come look at your metadata (if they didn’t already have it), and the two names at the bottom, and look at everyone that all three of you talk to. Then they can go to everyone on their contact list, and do it again.
Do you know every single person that the people you talk to are in contact with? And what about those people? Do you know everyone they talk to? Of course not. But through this tool, it’s not a stretch to make it look like you do.
Let’s say you are talking to your friend John, who really can’t stand Obama. You guys exchange forwards and memes and jokes about the government, but it’s no big deal; just a little free speech among friends on Gmail. John also talks to a guy named Mark. He forwards your jokes to Mark, because Mark thinks the same way John does. Mark’s part of a militia, but John doesn’t know that. They don’t really do anything though, mostly just get together and shoot at the range sometimes. Mark has a friend named Tom. Tom is part of the militia group, but Tom hangs out on websites about fertilizer. He reads about building structures and checks out books on demolition. Tom has a Gadsden flag as his Facebook profile picture and talks about Thomas Paine and personal liberty a lot.
Tom has all kinds of emails forwarded to him that Mark got from John…that have your email address on them.
Do you really think the NSA won’t dig into your stuff further? Install a keylogger trojan? Send you a friend request on Facebook acting like someone you may want to get to know? They already know everyone you email, including cheaperthandirt.com or OathKeepers. They know you.
Now, before you reply that “it’s okay with me if they have to go through my stuff to get to that right-wing freak, Tom, before he hurts someone,” let me just tell you that Tom is actually a demolition engineer who likes to read shop stuff. He’s also starting to get into gardening in his free time. Sure, he’s into American Revolutionary Era literature and subscribes to Paine’s philosophies on liberty and tyranny, but so what? You’re spending an hour every Tuesday watching porn while your spouse is at bowling league. Which one of you really has more to hide?
The simple point is this: Metadata is enough to identify you. It is enough to build a very detailed profile about what you do, where you go, who you see, and who is important to you. Information is power. We now know that the NSA keeps far more than just that metadata. Now that you know how dangerous even that is, shouldn’t you be far more worried about everything else they have?
If you want to see your own metadata, check out the MIT Immersion tool…just remember to log out and delete—and if you’re a Gmail user, deauthorize Immersion in your Google account settings afterward.
Become a Victory Girl!
Follow Us On Twitter!