I so hate when people put words "only" and "metadata" in the same sentence...
They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.
They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don't know what was in the email or what you talked about on the phone.
They know you received an email from a digital rights activist group with the subject line “Let’s Tell Congress: Stop SESTA/FOSTA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.
They know you called a gynecologist, spoke for a half hour, and then called the local abortion clinic’s number later that day.
You're using the internet afterall which isn't your network- it's someone else's! When you send a packet there is a header w/ information required for routing. Some call this the "outside of the envelope" if using the mail analogy. We can pass the buck by using a VPN but this also adds a VPN org that we need to trust. On the other hand, it's not your network! Why do you think you have a right to absolute secrecy and anonymity on someone else's network?
No, it's just a case of facing reality. The internet is built by other people and we have to trust (or not) that they are going to honor the responsibility that entails, from security to ethics. The internet is also funded by learning as much as possible about users in general so using the internet is accepting that you will be tracked. Increasing personal security is good, but no silver bullet.
I'm not saying things shouldn't change, just that the reality we live in right now is that using the internet means you are tracked. Of course we shouldn't just accept that and not push back, and of course we should build things like the internet we had before social media "became the internet".
Being aware of the tracking and risks means people can make efforts to reduce the tracking, but it's almost becoming impossible to use the internet if you don't AGREE to the tracking in many cases, such as websites that won't risk GDPR violations and chooses to deny access to people blocking cookies entirely.
People who remember the old internet want it back, people who grew up with social media don't know what they're missing, and there's not much we can do to convince people to care about changing the DNA of the internet so that it's no longer perversely gobbling up all data.
This requires legislation, and a court system that upholds the law.
In the US, the courts just decided there's no right to privacy (despite what the 4th amendment says) as part of rolling back Roe v. Wade.
So, the path forward is to vote in legislators that respect basic human rights, followed by court packing (or just impeaching the judges that have been publicly accepting bribes and failing to recuse themselves on cases where they have a clear conflict of interest).
Since the above is supported by way more than 50% of the US population, the main obstacles are gerrymandering and ending the currently common practice of appointing blatently corrupt judges to state supreme courts (and also restoring recently stripped powers to state governors, since they're elected via simple majority).
Exactly, and all of that is hard and slow. We live in the now, with the internet tracking our every move by current design. Pretending it isn't tracking us doesn't mean it actually isn't.
People are generally keeping themselves monitored as they use the internet. It's a panopticon with more steps. So it's no surprise governments are using the plaintext of anything they can find to track people.
And if people don't care about that because they are more focused on their pet political issue, it will never change, and silently get worse.
Push notifications don't signal an active line of communication like that though nor do they connect who's talking, only the means. In all your examples the equivalent would be "They know someone called you."
I don’t agree with them plagiarizing the EFF’s blog post[0] but I think it is a mistake to use “only”. Both can be damaging and neither is clearly more or less bad since so much depends on the circumstances – like if the police have compromised one party in a conversation, they already have the payload so the real risk would be things like location data. We should probably treat both of those as equivalent risks until enough specific details about a situation are available to say which is riskier.
But my intention was to point out that actual content wasn't being transmitted and that "only" meta data was gleaned since some people seem to think that chat messages are being scooped up. Other people have rightly pointed out that meta data is bad and why and I didn't feel the need to reiterate that.
But my intention was to point out that actual content wasn't being transmitted and that "only" meta data was gleaned since some people seem to think that chat messages are being scooped up. Other people have rightly pointed out that meta data is bad and why and I didn't feel the need to reiterate that.