An ‘invisible’ layer of all our technology is a gold mine for scammers – and most people have never heard of it.
All digital content – every text you send, photograph you take and file you upload -has underlying information embedded in it called metadata.
As much as that sounds harmless, these digital fingerprints can be used by hackers to connect the dots of your life story, cyber experts told Metro.
Yet, almost three-quarters of people (72%) in the UK surveyed by the cybersecurity firm NymVPN said they do not know what metadata is.
Only a quarter of people (27%) are worried about metadata, according to the survey findings shared exclusively with Metro.
What is metadata?
If data is treasure, metadata is the treasure map, explains Harry Halpin, CEO of NymVPN.
‘Imagine you’re sending an email to a friend. What you write to them in the email is, in fact, the second form of information,’ says Harry.
‘Since this is personal, you hope it’s protected and that no one except your friend can read what you write.’
Harry said that emails are encrypted by default, making it hard for snoops to read what you’ve said.
An email’s metadata, however, isn’t, leaving people open to privacy breaches, profiling and tracking.
If hackers break into your email account or gain access to your phone using malicious software, they can use this information to identify targets and create social engineering scams – fraudsters pretend to be someone else to trick victims into divulging personal information.
‘It could be your or your friend’s email addresses, the time you sent it, or even the location it was sent from,’ Harry added.
‘If enough metadata is collected, a very detailed picture of your entire digital life can be discerned: who your contacts are, when you contact them, what sites you visit and how often.
‘It could tell people if you’re ill (such as visiting hospital websites and pages visited), or what your sexual preferences are (adult content you access regularly).’
For librarians, software developers or researchers, none of this is new. It’s part of their day-to-day work, mining metadata to help organise things.
But it’s new information for some people in the UK, with less than a quarter (24%) of people believing that a text message’s metadata includes who’s in their contact book. Only a third (36%) said a message’s timestamps are in the metadata.
Six in ten people (61%) are worried that this hidden information can be used to track them without their consent, while 27% of people were worried about its potential for mass surveillance by malicious users.
Fewer than 27% of the people surveyed, however, worry that hackers or government officials may use it to keep an eye on them.
In the UK, officials and regulators tend to consider metadata as less sensitive, Harry adds. Even if a digital asset is deleted, the metadata can leave behind a breadcrumb trail.
‘Metadata is the raw material of mass surveillance, and artificial intelligence [AI] systems are making it more and more refined,’ Harry added.
In 2018, academics were able to use metadata of posts on X, then Twitter, to pick out individual users out of 10,000 accounts 96.7% of the time.
Another study found that it’s possible to identify someone by rifling through the metadata of their nameless credit card transactions – the purchase data, amount charged and name of the store.
The uniqueness of a person’s shopping habits makes them easy to single out, the researchers said, which can be combined with social media posts to put a name to the transactions.
The Massachusetts Institute of Technology ran an online programme in 2014 that could create a spider web of personal information out of the metadata in someone’s emails.
If you sent yourself emails from your work, school or other personal accounts, the programme would be able to use the tucked-away data to figure out where you’ve worked and which school you attended.
For those wary of metadata, Harry recommended people look into VPN (or virtual private network) services.
A VPN creates a secure tunnel between your computer and a service at another location, with some able to ‘scramble metadata and generate “noise” that makes it extremely difficult for anyone to trace your activity’, Harry added.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.