Winter September 1, 2015 7:03 AM

We already know the meta-data don’t lie and this example shows again that the meta-data is all you need.

Take an extreme case. What would be more important to know?

What a person says during the night in her/his hotel room (Data), or whom is in the room with that person during the night (Meta-data)?

z September 1, 2015 7:13 AM

Interesting experiment.

I’m perhaps more concerned by what intelligence agencies get wrong based on metadata than what they get right. If the people looking at this guy’s metadata think he’s a party animal when he isn’t, it’s harmless. If the government thinks you’re involved in terrorist activities when you aren’t, it’s a serious problem.

It’s easy to look at data and see what you want to see. And a government looking for terrorists everywhere will start seeing them everywhere.

Riccardo Cabeza September 1, 2015 7:52 AM

What we’ve learned from meta data is, if deep government feels the need to steal it, then meta data is the only thing needed to find and kill you 🙂

Mark September 1, 2015 9:00 AM

Interesting article. I’m against this bullshit “it’s just metadata” and “it’s not surveillance unless s human looks at it”.

However… if the government is your main concern:

I’m sure the government knows where he lives because he has a mortgage and a title deed (or with Sydney house prices, he rents… but still gets his mail sent there, has Internet, a cellphone contract… whatever, they know). I’m sure they know where he works because he pays tax. Maybe not the exact location or office.

His route to work is hardly surprising. Most people go from A to B in the most direct way. They know where his parents live because of the above.

His contacts are a bit more revealing.

Winter September 1, 2015 9:04 AM

@Ricardo Cabeza
“What we’ve learned from meta data is, if deep government feels the need to steal it, then meta data is the only thing needed to find and kill you 🙂 ”

My lesson is different. If I think I need some “extra” privacy, I will forget to take my phone on a charger. Now my phone is clearly marking itself as being elsewhere.

But how can you be reached? If you have to be reachable, and cannot use some fixed landline in a pub, buy a burner phone (second hand, SIM separately and wear a cap and old cloths), remove the battery, wrap it into a lot of tin foil, and power it up much later at another place. That phone itself will be a big red cross on the map, but maybe you can prevent anyone from connecting that burner phone to you?

But just not carrying your phone should do a lot of the tricks. And it is plausible deniability. To forget your phone on a charger is not exactly “strange and suspicious behavior”.

Daniel September 1, 2015 9:54 AM

The real lesson to me is how much of this information we give up voluntary. One billion people might be on Facebook but that means six billion people were not. No one forces you to have a social media account, or to keep your phone on all the time, or even to live in a home–buy an RV.

The truth is that many (most?) want to be found because in being found it gives them a sense of security.

The Infidel September 1, 2015 10:19 AM

Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life.

But I can find out everything I’d ever want to know about Mr. Ockenden by visiting his twitter and facebook pages.

There’s something wonderfully arch about people who worry about their metadata, will blabbing the details of their life on the internet for all to see.

Surely such behavior must define a new psychological disorder…

Michael Reid September 1, 2015 10:59 AM

I would suggest that the loss of privacy online has been slow and gradual along with limited options. At this point if you want to connect, share and communicate and store information online, you are juggling a bunch of solutions (with many of them being beyond the capacity of average citizens.) Normal people want easy and quick.

Plus there has been little value placed upon both the personal data by the user nor an understanding of what this data can mean. I am sure that as we continue to see incidents of both data breaches along with online companies becoming more and more intrusive, the public will become more and more wary, but it wont mean anything unless there are viable, simple options available to the user that give them the results they are used to.

Sancho_P September 1, 2015 11:02 AM

@z: ”It’s easy to look at data and see what you want to see.”

Good point.
(… How often did I chase a bug on the wrong end of the chain?)

Because metadata is generally deemed to be true we will learn the hard way it is not.

  1. The metadata may bei intentionally altered.
    1.1 The “owner” could intentionally tamper their metadata.
    1.2 Someone else could intentionally alter metadata to shift the blame.
  2. The producing machine (phone, computer) is not secure (badBIOS, SMM).
  3. The collection chain (pick up, transfer, processing, …) is not secure:
    3.1 The equipment and software are not secure (trusted computing).
    3.2 The procedures are not standardized, transparent and traceable.
    3.3 The involved personnel is not trustworthy (often outsourced, not gov).

Usually the amount of pseudo-evidence should point at the truth.
However, repeating a lie doesn’t make it true.

Fazal Majid September 1, 2015 3:05 PM

The bigger issue is when unwarranted conclusions are drawn from metadata to traffic analysis. Maher Arar was renditioned to Syria because he had a conversation with the relative of a terrorist, who asked him where to find cheap printer cartridges.

Tanterei September 1, 2015 6:39 PM


The question whether metadata per-se is true is imho somewhat relative. As long as different sources of (meta)data can be cross-correlated it should be possible to detect and ignore attempts of “deliberate tampering”. Google & co. are very active in this field.

There is an assumption here, that no one can alter all of his data. I would like to see a documented attempt to do that.

Wesley Parish September 2, 2015 2:45 AM

@Fazal Majid

There’s nothing more indicative of pterorist leanings than cheap printer cartridges.

Fsckwits. If brains were dynamite they wouldn’t have enough to blow the snot out of their noses.

latsot September 2, 2015 7:27 AM

@Ricardo Cabeza

Depending where you are, burner SIMs aren’t always very easy to use anonymously. You often need to activate them using some sort of identification (usually a credit card) and it’s often difficult in doing so to obscure your identity in a way that can’t be routinely traced. Anonymous credit cards aren’t often especially anonymous, after all.

It’s theoretically possible in the UK but it takes a bit of work and physically being in at least two of relatively few and sparse locations which are certain to have CCTV. I haven’t tried it and my instinct is to assume that something I haven’t thought of would trip me up if I did.

Are properly anonymous burner phones easier to get in other places?

Sancho_P September 2, 2015 10:44 AM


What is truth versus what is hearsay?
The sheer amount of pseudo evidence may help but does it produce truth?

I think @z’s point was:
If, after all, there is a visible pattern AND it fits our mindset – who is going to ignore that?

My point is: There is no single evidence from insecure IT and opaque procedure.
Insecure pixels, regardless how many, do not make a valid picture.

“Your Honor, just ignore these 11 data points of innocence and look at the 20 points of guilt!” – or reverse?

a September 2, 2015 1:26 PM


in Germany the large telcos won’t give you a pre-paid/pay-as-you-go sim card without ID. They say they’re not allowed to by law, but I suspect they want it that way so they have you in their customer database, because you can (still) get very cheap pre-paid sim cards in drugstores and food discounters, with no questions being asked. And no credit card needed for the online unlock procedure.

albert September 2, 2015 2:14 PM

Forgetting your phone might be deemed suspicious if you do it often. Keep a totally dead battery in it and carry it with you.
Waiting in the wings (if it’s not already here:): RFID devices in the phone. They can be totally passive until interrogated and require no power. They can be tiny and easy to conceal.
I’m often accused of having a negative outlook:) Sometimes what you don’t do can be more important that what you do do. For example, if you friends know they can always talk to you between noon and 1PM, if your phone is off (straight to voice mail), that could be a strong signal to someone.
. .. . .. o

John Frazer September 2, 2015 2:55 PM

@Mark: Good point. That experiment first was done in Western Germany, thereafter in Switzerland by a Swiss politician, and now – as it seems – in Australia. I guess all these people, certainly the Swiss politician have got a quite clear stance on privacy. Me too. I just wonder what they think about bank secrecy or the use of cash. These politicians are all hypocrites.

John Frazer September 2, 2015 2:57 PM

@a: “you can (still) get very cheap pre-paid sim cards in drugstores and food discounters, with no questions being asked.” I did not know that. However, I guess that after a few months, the SIM will get blocked by the operator. That is what happens in my contry.

John Frazer September 2, 2015 3:10 PM

@albert: Switching off your phone or keeping a dead battery in the pohone does not prevent your cell to contact the next tower. You can see that if you check out your cell’s time after switching it on. The time is correct, since the cell has a small back up battery (that contactet the tower). What you should do is buying a Faraday cage for your cell (a kind of pouch). Obviously, before putting the cell into the pouch, you should switch it off. Otherwise, it will always search for a tower and the battery will run down pretty fast.

“Forgetting your phone might be deemed suspicious if you do it often”: That is an interesting thought! Will try to google the implications.

JimmyW September 2, 2015 5:12 PM

Any crypto nerds want to hazard a guess at how the phone # data has been hashed?

The CSV file is found on the page referenced in Bruce’s post, with the top hashes as follows:

My guess is SHA1 with some kind of seed – any other ideas?

albert September 3, 2015 10:11 AM

@John Frazer,
I was not aware that a battery-less cell phone could communicate with a tower. Mine has to fetch time and date whenever I remove the battery, then replace it. Battery-backed clock chips have been around for a while. I don’t think they are powerful enough to do that. They would have to be rechargeable, as well, otherwise they could be totally discharged and rendered useless. It’s not really necessary to keep the time stored when the device is off.
. .. . .. o

ER September 3, 2015 1:57 PM

@z “It’s easy to look at data and see what you want to see. And a government looking for terrorists everywhere will start seeing them everywhere.”

…or when seemingly nonviolent but actually real terrorist advisors set up and rat out lesser “threats” to distract from selves and even make selves look good

albert September 3, 2015 4:05 PM

Indeed. There are so many options terrorists can (and will) use. All it takes is someone in the IC to sit and think about it for a while. The IC would have us believe that no one anticipated 911 (granted the most brilliant terrorist act to date). And folks wonder why there are so many conspiracy theories around.
Personally, I think the era of large, highly organized physical terrorist attacks on the US is over (if it ever started). 911 provoked (or excused) the most draconian US ‘involvement’ in the ME ever. It wouldn’t surprise me if that was Bin Ladens original intent. If so, then it succeeded beyond his wildest dreams. With ISIL running wild, the ME is most unstable. Look at Lebanon. It’s a vicious circle. To what end?
. .. . .. o

Roland September 4, 2015 3:55 PM

@John Frazer, albert: there is no magic power source to allow radio communication with the cell base station when your mobile’s battery has been removed or it is completely discharged. That time is kept is no proof of ongoing communcation and sycronization, just that the phone’s RTC has a tiny backup battery – which is entirely inadequate for radio contact with the base stations. This is not to say that your mobile may never communicate with the network while ‘apparently off’, but it needs a reasonable power source for that.

albert September 5, 2015 10:16 AM

That’s reasonable, and as I expected.
Re: (passive) RFIDs. They are ubiquitous in manufacturing (y’all remember that’s where you make stuff?). For small devices, they are on the pallet or carrier holding the device, but they could be IN the device as well. It has come to be known as ‘plausible deniability’. “It’s just used in manufacturing and testing, we didn’t know…”
An RTC chip with some extra memory would be an ideal place to store data, all the while occupied with mundane tasks.
. .. . .. o

Paul Martin September 20, 2016 9:29 PM

If there is a way to charge the collector of metadata for each byte/bit of data collected and then redistributing the money to the provider of the data or to a worthy cause, I think that meta data collection would really slow down … good luck. Paul

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.