Why Logging Metadata is Bad
Logging any kind of data, either direct or just metadata will always compromise security and privacy as it allows a person to be identified as well as their usage.
For example if a VPN company logs metadata this means they will log:
- Server Location
- IP Address
- Your ISP
- What country you connected from
- Amount of data transferred per day
- Which app you are using (which also reveals OS)
- Which version of the app you are using
Imagine this (hypothetical) scenario:
1. A customer wants to download a copyrighted file.
1. A customer can connect to their VPN (which logs metadata) and they the customer downloads a torrent that is exactly 3,215MB.
2. Law enforcement requests the logs from the logging VPN
3. The VPN company responds to Law Enforcement with;
"The customer in question connected to our VPN on that day, from his home connection in America, through his ISP Comcast, and he transferred 3,312MB that day, and his email address is [email protected]".
4. Law Enforcement then contact Google a request his info.
5. Google check their records and on that day, they also connected to Gmail, and transferred 53MB in total.
6. Law Enforcement also see an email from his Facebook account, so they request that data and learn that the customer transferred 44MB of data on that day.
So, now Law Enforcement know that the suspect used a VPN that day, and transferred 3,312MB, with 97MB going to Gmail and Facebook, which leaves 3,215MB of transfers - the size of the movie in question.
The metadata logs from the VPN Provider show he was a Comcast user which is factual.
The metadata logs from the VPN Provider show that the copyrighted file was downloaded by someone with an IP in Uruguay belonging to the VPN Provider.
The customer has now been identified through the use of metadata logs which were used to circumvent the security and privacy of the user.
Please Note: We strongly suggest you don't break the law and download copyrighted material.