How to Protect From MetaData Retention

Many countries around the world such as United States, Australia, and European Union have Mandatory Data Retention laws and policies as a backdoor to privacy in necessary times of calamity. Although at first it might seem a good strategy to tackle cyber crime and keep tabs on suspects but at the same time such metadata retention jeopardizes the privacy of all the other people as a whole. And where it is necessary to have a probable cause and a warrant from the judiciary to access stored data, every government agency silently follows different practices of surveillance to access such metadata indirectly.

Think about stored confidential data as silos of information and what power it might give you when you have complete control over it. Hackers around the world are always in search of such gold mine of stored data either to gain personal benefits or cause harm for their personal agenda.

Since you have control over your devices therefore you can always minimize or protect your information by following few security measures listed on our How to Protect from Metadata Retention guide.

Gain Knowledge of Metadata Retention in Your Country

Just like common laws in your country, you should also know the regulations that affect your digital privacy and communication. You can access the website of governmental institution responsible in your country or consult a lawyer to acquire the vast knowledge. Keep on checking our Metadata Retention list of countries to get updated knowledge on the matter.

Get a VPN Subscription

Since our lives are so integrated with the online Internet we cannot consider a life without it. We generate more information online than we can imagine and every query we search our Internet service provider can tap into it anytime of the day. Metadata Retention laws bind all the communication providers to store such information to allow government authorities access in their investigation and although they require probable cause and a search warrant from the judiciary, every government silently follows the practice of surveillance to avoid such requirements anyway.

To prevent ISPs from tapping into your information you should opt for a VPN subscription to encrypt your Internet data packets and make it inaccessible even for your Internet service provider. Another function of a VPN is that it cloaks your IP address with its own server IP which protects your Identity over the web and prevents IP tracking carried out by numerous websites including social media networks. But why VPN matters? Mainly because VPN encryption renders Metadata Retention useless as any of your data is not stored by eavesdroppers.

Some of the VPN providers trusted by the people online are ExpressVPN, NordVPN, and PureVPN because:

  1. They follow strict NO LOG policy and are not bound to follow metadata retention as they are based outside such jurisdiction.
  2. They encrypt your Internet data with 256-bit AES encryption and OpenVPN security protocol.
  3. They maintain Net Neutrality by unblocking websites and redirecting traffic through servers spread around the world.
  4. Protect your online identity by changing your IP address.
  5. Have exclusive features such as Split Tunnel (PureVPN), TOR-over-VPN (NordVPN), Core VPN service (ExpressVPN).

Moreover, try your utmost best to avoid free VPN providers as they exchange your information with third party advertisers to earn their revenue.

If Not VPN Get to Tor

If you are not willing to entrust your information to a paid VPN service provider then you can move to a more secure volunteer-based TOR network which works through a Tor browser similar to other browsers in functionality. Once you connect to a Tor network your web browsing traffic passes through different exit gateways or nodes which make it harder for your Internet service provider or any other eavesdropper to track and access your data.

However, with Tor browser your encrypted Internet data is only limited to the browser level only and rest of your Internet data is still unencrypted by means of other system applications that requires Internet connectivity thus some data remains stored for Metadata Retention. Additionally, Tor network is most of time gets slow as your web browsing data passes through different nodes.

If you want TOR network protection but you are not willing to use TOR browser then you can use NordVPN that provides TOR functionality over its TOR-over-VPN servers.

Protect Mobile Calls and SMS

Tapping on your mobile calls and SMS is an old practice of government surveillance. You must have heard an old adage of ‘Big Brother Is Watching’ is actually true when there are intelligence agencies like the NSA and GCHQ. When it comes to Metadata Retention, blame is not limited to the agencies because some of the mobile carriers are not sincere too. Unfortunately you cannot protect your mobile calls and SMS but you can circumvent such a situation by moving your communication to end-to-end encryption.

There are many secure messaging apps such as Signal, WhatsApp, Wickr Me, and Telegram that provides the functionality of end-to-end encrypted calls and messages for free. Since, none of your communication is being stored therefore Metadata Retention becomes useless here.

Protect Your Email Communication

Since Metadata Retention includes the summary of your email communication e.g. sender and recipient email addresses, and timestamps therefore protecting it should be your utmost priority. If you are flexible then you should move to end-to-end encrypted email services like Tutanota or Protonmail. Other services like Outlook and Gmail do not provide such encryption out of the box therefore you can use third party extensions like Mailvelope that encrypts your emails with openPGP encryption.

Use HTTPs Everywhere

One great thing about Google is that it tells you which website is secure and which is not. HTTPs ensure that data exchange while browsing a website is encrypted. Many websites on the web still uses unencrypted HTTP or provide limited support for encryption over HTTPs but make it harder to use.

For example, the website is default on unencrypted HTTP or redirects their encrypted HTTPs pages to unencrypted ones. The HTTPs Everywhere extension – by EFF & Tor Project itself – fixes these problems by rewriting these requests to HTTPs. However, all the communication before successful HTTPs encrypted communication is monitored by your ISPs with timestamps under metadata retention requirements. So it is necessary to use a VPN along with HTTPs Everywhere extension.

Prevent Social Media Tracking

Social media profiles tell more about us than ourselves; it is like the silo of information ideal for mandatory Data Retention practice. It can show our psychological behavior, what we are doing, our likes and dislikes, shopping patterns, etc. Such information is valuable not only for marketing analytics purpose but also for keeping tabs on people’s activities. Social media websites such as Facebook, Google Plus, and Twitter track you via scripts which you can block using extensions like Privacy Badger or Disconnect that sends ‘Do Not Track’ requests to the websites to prevent social tracking.


Although there are only a few countries that follow mandatory data retention regimes but after the extreme invasive Investigatory Powers Act in the UK and Congress vote to allow ISPs to sell metadata has left precedent for other countries to follow. Where digital privacy is facing threats by such metadata retention laws the idea of encrypt everything is gaining strong roots online. To protect your own digital privacy you must follow the security measures described above to mitigate the risks of exposing your sensitive information online.

2 thoughts on “How to Protect From MetaData Retention”

  1. yeah i think protonmail, fastmail and tutanota are the only ones that provide encryption over emails. The only real advantage gmail has over others is its ability to sync with pretty much everything, every service, every account, every website and every app. And that it offers decent enough cloud storage for free. About VPNs, yes, tor itself is a reliable solution to the problem along with tor-powered option like nord. in terms of encryption, i do believe most of the options out there offer it, including nord, express, ivacy and pure. the only thing that really matters here is that these providers can be helpful if the aren’t operating from australia or registered from australia. because from what ive read, most of the providers operating from the said nation are actually bound by Section 187A(3)

Leave a Comment