What is Metadata?
In computing, metadata provides additional information about a file type and its contents. One purpose it serves is to better describe a file by adding identifiable information to it, so it can be found easily at a later time. Metadata does not contain the actual contents of a file. Using the picture above as an analogy, the cream coloured binder is a computer file. We are unable to see its contents as it is hidden from view. However, its metadata may describe which shelf it is located on, its position and its colour. Using only that information we can uniquely identify it from the others.
Most files contain metadata in varying degrees of descriptiveness. A Microsoft Word file’s metadata can state the name of its author, file title, number of characters, number of paragraphs, number of links and even the time spent on editing. Image files metadata can be more intrusive as they contain the camera manufacturer, model, GPS location and serial number .
Plus, when combined with time and date stamps it is possible for someone to accurately deduce your movements and possible motive. Metadata is also collected when we use email, instant messaging and telephones and can give someone a high level of insight into our conversations without actually hearing or seeing them.
Privacy, by its very nature, is less of an issue when our files are within our complete control. Problems arise when we share our files to third parties who may not share our interests. Once our files are shared on the Internet, it is best to assume they are no longer private, even if appropriate security measures are taken. In any case, the Internet is a collection of privately owned networks to which the public is granted access to the World Wide Web. There can be no realistic expectation of complete privacy on a public infrastructure. Having said that, it is possible and easy to limit the amount of metadata you disclose, if it is essential.
How Can I Remove My Metadata?
Two tools I recommend from experience are ‘exiftool‘ and ‘MAT‘. The former is cross-platform and specializes in image files (.jpeg, .bmp etc.) with the latter, Linux-only, capable of handling audio, documents and archive files too. I have used ‘Photo Metadata Remover‘ on Android to achieve the same goal and there is an option on F-Droid (a Free and Open Source Software app store) called ‘Scrambled Exif‘.
These tools should be used to remove metadata from files (especially if they are sensitive) before sending them online. Doing so before uploading files to cloud storage, social media or email, minimizes your digital footprint and is proactive in terms of damage limitation. I recently had to provide proof of identity via email by providing a screenshot of a utility bill (I wasn’t scammed, honest). Before doing so, I used the exiftool which removed my operating system details along with the specific application and version used to create the image.
In this case the third party was trustworthy but it gives me peace of mind knowing that if/when they are subject of a data breach then as little of my information is revealed as possible. The steps taken in my example may sound pointless or trivial but when we look at the bigger picture in relation to British privacy law, they are in fact proactive steps (especially when used with other tools such as VPN’s) at combating intrusive mass-surveillance on the average citizen.
How Does it Relate to Privacy?
The European Court of Human Rights found the British Government had violated Articles 8 and 10 of the United Nations Declaration of Human Rights, in the September 2018 case ‘Big Brother Watch and Others v. the United Kingdom’  . Article 8 grants an individual the
“right to respect for private and family life, his home and his correspondence”
The government department responsible for our safety (GCHQ) was found to be at fault in its ‘wide net’ approach to collecting metadata from ISPs Internet exchanges and having unrestricted access to it.
Essentially they could access metadata about an individual without having to obtain a court issued warrant. It seems to me the government has tried to justify its collection of metadata by arguing it does not look at a file’s actual content and this therefore ‘protects’ an individual’s privacy. This is true to an extent, however when enough sources of metadata are compiled (without a warrant) they can paint an accurate picture about us. A simple argument may be ‘we don’t ask for or know your name, therefore you remain private’. But using only metadata it is possible to determine:
- what you look like
- what car you drive
- what phone you have
- your postcode
- your IP address
- your operating system
- how many people live at your address
- their relationship to you
All of which can be used to find out your name. So in that respect the argument is weak. The major difference in approach is the number of hoops the government must jump through to obtain the same information, one requires a warrant, the other does not. With that being said, I recognize the duty of government to protect its citizens from legitimate threats but I also recognize when the pendulum of checks and balances has swung too far in one direction.
Minimalist Approach for Maximum Value
At the end of every blog post I will publish a summary section, where I give the main benefits of following the advice in the article in five points or less. Today I answer,
how can removing file metadata add value to and simplify your life…
- Removing excess personally identifiable information from files – providing peace of mind
- Reduces or stops your information being caught up in a data leak
- You have more control over your own information
- You are taking a very small but important step in advocating for stronger privacy rights
- Making us more selective by considering who we share information with and questioning the value of doing so
 Bazzell, M. (2018). Hiding From the Internet: Eliminating Personal Online Information. 4th ed. Amazon: Great Britain, pp.218-219.
 Ruiz, D. (2018). UK Surveillance Regime Violated Human Rights. [Online] Electronic Frontier Foundation. Available at: https://www.eff.org/deeplinks/2018/09/uk-surveillance-regime-violated-human-rights. [Accessed 2 Oct. 2018].