NEWS FROM THE LAB - Wednesday, August 20, 2014

Data vs. Metadata Posted by Sean @ 13:10 GMT

Google uses HTTPS for all search queries. That's good, because it means that all of the questions you ask (a.k.a. your data) will be encrypted. However… regardless of HTTPS, inferences about your searches can still be made by somebody with access to your network traffic. For example:

Network Traffic Analysis, Google to AA

In the screenshot above, a popular "packet analyzer" displays DNS queries (a.k.a. metadata). We first connected our test device to google.com and performed a search — and then we clicked on the top search result link — and connected to aa.org.

The deductive reasoning skills of Sherlock Holmes aren't required to figure out "alcoholics anonymous" was searched for. And even if aa.org used HTTPS encryption (it doesn't), using DNS metadata, we can still infer the contents of the search data. The connections made offer all the evidence needed.

And that's why metadata matters.