I know it's preaching to the choir and even to me it seems like the gazillionith time I've written about it but we really must convince our friends and neighbors that metadata isn't some harmless bit of information that's on our phone bills anyway. After all, if metadata really were harmless and unrevealing, the NSA wouldn't be so eager to collect it, would they? A recent article in The Guardian describes a study which shows that sensitive data about your life is easily discerned by examining metadata.
The study's participants installed an application on their phones that recorded who they called and the duration of the call. Given that these were all volunteers, there's some self-selection bias here but you'd think people with something to hide wouldn't be signing up (although one participant was pretty clearly growing pot, so maybe they would). Another person was found to be almost certainly suffering from Multiple Sclerosis and a third to have just discovered that she was pregnant.
There were calls to Alcohol Anonymous, NARAL, gun shops, divorce lawyers, STD clinics, and strip clubs. Notice that with the possible exception of the pot grower, none of these activities are illegal or even particularly exceptional. They are, however, private matters that most people wouldn't care to have made public and that's the point. We hear over and over that “if you're not doing anything wrong you have nothing to fear.” This study shows just how wrong that is.
The Guardian article is useful to point at when you're trying to educate your less security-savvy friends about the dangers of metadata.