The Dangers of Email Metadata

Most of us are aware of the importance of taking certain steps to guarantee our safety and privacy online. We (know we should) have ridiculously complicated, impossible-to-remember passwords that are different for every single one of the plethora services that we are registered for and we have antivirus, anti-malware, anti-spam and anti-hijack programs to keep us – and our information – safe. Despite taking all of these wise precautions, your safety and privacy could still be at risk, all because of some seemingly innocuous email metadata.


No, email metadata is not the name of a new geeky, internet-savvy Marvel hero to join the Avengers, it’s the information that surrounds any email that you send: From, To, Cc and Timestamp fields.  Although the actual contents of an email may be protected, its metadata may not be.

You might be thinking, “Well, that doesn’t seem so bad. I don’t mind if someone else finds out I had a 20 email-long chat with Geoff from Accounting about a video of a farting kitten.” And you’re right (although you’re probably fighting the impulse to go and find out if such a video exists - it does, I wouldn’t lie to you about the serious business of farting kittens). If you think about the information that could be gathered from just a couple of emails then it doesn’t seem like a big deal. However, when you look at it from a bigger perspective, the dangers of metadata become a bit clearer.

Why we should be concerned

Metadata can be used to identify who matters to you and how this changes over a period of time. For example, it could be used to identify a blossoming romantic relationship that starts tentatively with a few emails and develops into a flourishing romance where several emails are exchanged each day before it stutters and fades away. This information can also be used to identify you as nobody else has the same communication patterns with that group of contacts. In fact, a team at MIT have developed a tool called Immersion that you can use to see what your metadata reveals about you.

Ethan Zuckerman, an MIT researcher who was involved in the Immersion project, puts it like this in a blog post: “[O]ne of the reasons we might be concerned about metadata is that it shows strong relationships, whether those relationships are widely known or are secret.” John Naughton, a professor at the Open University, extends this thought in his column for the Guardian by stating that “the metadata is what the spooks want for the simple reason that it’s machine-readable and therefore searchable. It’s what makes comprehensive internet-scale surveillance possible.”

Obviously, none of us are involved in the sort of illicit activities that may warrant the attention of certain government agencies, but they can still access it - as can the marketing team at Google, who can use that information to target adverts. Metadata doesn’t seem quite so innocuous anymore does it? When you combine it with browser and mobile phone metadata, it paints quite a detailed picture of relationships, interests and online habits. Fortunately, there are tools out there which all you to remove metadata from files and images.

Want to know more?

If you want more information about this or other issues relating to safety and security online, then get in touch with a member of our team.

Get in touch

Enjoy what you're reading? Then you'll love our blog