Klaus Zimmermann's Corner

The battle for privacy implies metadata protections...

I feel lately that the whole discussion about end-to-end encryption and privacy implications are starting to miss the point.

Sure: e2ee is a requirement for privacy of communications (it's the most basic of all of them, actually). However, the next fight for your data lies not anymore on the content of your communications, but rather, on the context. Yes, I'm talking about metadata.

This shift was like the wars to liberate software - that is, code - from proprietary developers back in the 90s and early 2000s. Nowadays, whether the code for and application is open source or not is moot because almost everyone makes it open source. the real money is being made with the data said applications collect about you.

So encryption of content is a no-brainer, a basic requirement that everyone should be implementing as the default. But the next battlefield, our next area of concern, should be metadata. Developers and hackers should take care to make their appplications store as minimum data as possible from users, and to make metadata as hidden as possible.

For now, only a few messengers do this as the default that I know of: the Briar Project, Session and the back-from-the-dead Ricochet. Every other messenger (yes, including Signal and XMPP) will have to implement workarounds to achieve this metadata anonymization, namely running them through Tor.

If we start thinking about metadata first (because, after all, it is practically the only thing that's worth collecting) and by default take actions to avoid it, questions such as the updating of the WhatsApp privacy policy in 2021 could become moot - there would be simply nothing interesting to collect.

What do you do to protect your privacy of metadata when communicating?


Last updated on 01/16/21