TECHNOLOGY

Metadata: How This Can Secure Messenger Services

Crime fans know the scene from many films: suspects are caught with the tracing of telephone calls. The investigators use metadata for this, which provides information on who is communicating with whom and when. These are more easily accessible for secure communication than expected.

Metadata is structured data that describes other data – in a sense, data about data. They contain important information about websites or even pictures and videos, including the place and time of a recording. Metadata is also used in software development, for example. There you can describe various processing rules and programming instructions, which can be used to implement more complex applications. In the example of telephone usage, metadata describes who communicated with whom and when. It is important to note that they alone do not provide any information on the exchanged content.

No Protection Through End-To-End Encryption

Depending on the area of ​​application, it can make sense to capture metadata. In the case of messaging services, among other things, they secure the functionality. Many therefore assume that the services can be encrypted and thus protected to a similar extent as the message content itself. However, this is often a fallacy since the end-to-end encryption often used does not cover metadata. Therefore, both messaging providers and, in some cases, third parties can read and analyze them.

Such analyzes can be interpreted in many ways, for example, to reconstruct groups of friends and acquaintances. Daily routines can also be traced. The time of the first sent message of a day provides information about when to get up. If a messenger logs in from Monday to Friday via the IP address of the same company, this is almost certainly the employer. This is no illusion, but backed up with scientific evidence: In a study, researchers from Ulm reconstructed daily routines, including deviations, from the presence status on WhatsApp alone, and at the same time disclosed who was in contact with whom at what time.

The obvious question is: How can such conclusions be prevented from the outset? Specific critical data in chat messaging are essential. This includes the sender, recipient, and the times for sending and receiving. Can metadata be dispensed with here? No, but the amount of metadata can be reduced. Furthermore, access to them can be limited, and their combination with other (meta) data can be prevented.

Approaches To Protecting Metadata

There are several approaches to protecting metadata. First and foremost, “Sealed Sending” should be mentioned here. Messages can be sent without the sender being identified – practically a digital equivalent of a letter with an empty sender address. However, even with this method, metadata can be read out under certain circumstances – conclusions about the person cannot be completely ruled out. If the IP address is read out, it can be traced to who is communicating with whom. For example, if IP 1 sends 5,372 bytes to a messenger server and forwards 5,372 bytes to IP 2 directly at the connection, IP 1 is likely in contact with IP 2.

But this is not the only reason why IP addresses are problematic. In addition, they can often be assigned to a fixed geographical area and thus restrict the potential whereabouts to a certain extent. Messenger services pass this information on to the provider – possibly also to service providers.

If the metadata protection provided by “sealed sending” is insufficient, further measures can be taken. These include messenger services that anonymize the IP address involved when exchanging messages. However, this variant does not offer absolute security either but instead harms the user experience. The reason? To communicate with each other, both the sender and the recipient must be online simultaneously with this method.

The Key: Shredding Metadata

So-called metadata shredding is recommended if neither content nor metadata is to be recognized. This procedure protects by mixing metadata in “anonymity sets” and makes them unrecognizable. As a result, service providers and third parties can neither analyze activity patterns nor connect senders with the respective recipients.

In this way, the privacy of both sender and recipient is fully protected. Conclusions about the respective persons are no longer possible due to the anonymity sets. So far, providers have mainly implemented this concept for messenger services. Potential future application scenarios can also be payment systems. In any case, this technology has the potential to prevent conclusions from being drawn from metadata finally.

ALSO READ: Digital Marketing: This Is How SMEs Implement Effective Measures

Techno Rumours

Technorumours.com is an internationally renowned website that publishes tech-based content exclusively. We are a team of dedicated and passionate souls who thrive to provide innovative content on the technology niche to our global audience.

Recent Posts

What Google Threat Horizons Suggests To Businesses Using The Cloud

The Google Threat Horizons report is a document that should be consulted by those involved…

3 months ago

Julius AI, The New Artificial Intelligence For Data Analysis

Julius computer-based intelligence is an artificial brainpower ideal for investigating information from Succeed. An instrument…

5 months ago

CA Technologies: Businesses Enter The Era Of The Software Economy

For CA Technologies, agility, DevOps, feedback, and security constitute the strategic pillars of business development.…

6 months ago

From Hybrid Cloud To Multi Cloud: The Three Steps To Take

The migration from hybrid Cloud to multi-cloud is of interest to the vast majority of…

7 months ago

The New Digital Marketing Professions: What You Need To Know

The Internet has made the world an actual global village. Its advent broke down physical,…

8 months ago

When Should We Post On Social Media In 2024?

With the blast in the notoriety of virtual entertainment, it is progressively challenging for a…

8 months ago