Samtalet som förändrade allt
A few years ago, in a programmer forum, someone asked whether the big messaging companies really respected the privacy they promised. The conversation started half-jokingly, with comments about whether they actually encrypted messages or read them behind the scenes. Until someone appeared who said they had worked at a large messaging company whose name I should not mention.
After several exchanges, someone asked them directly. And their answer was surprising: yes, as far as they knew, the commitment to not read message content was scrupulously respected. The code they had written and that of their close colleagues did not touch the text of conversations.
But then they added something nobody expected: "We don't read message content because we don't need to."
Why they don't need to
They explained that trying to read and understand the content of millions of conversations is extraordinarily complex. People speak in dozens of languages, with dialects, family jargon, made-up abbreviations, nicknames, double meanings. Processing all of that requires an enormous amount of memory, processors and electricity. In short: money. A lot of money.
And most importantly: it's not worth it. Because the content of the message, they said, is just smoke. Fog that confuses. The absolute truth lies in the metadata.
Exemplet som förklarar allt
They gave an example. Imagine a man with a partner. We know he has a partner because he posts it on social media. We know they live together because their phone geolocations match: they sleep in the same place, eat dinner in the same place, move together on weekends. All this information is being continuously recorded by their phones, without anyone having to ask for it.
Now imagine this man's phone starts exchanging messages with a new phone. A phone that turns out to belong to a woman who is not his partner. In turn, this woman has her own partner, with whom she also lives — we know from the same geolocation data.
Meddelandena mellan dem följer ett mönster. De sker vid specifika tider. Svaren är nästan omedelbara — det pågår en aktiv, intensiv konversation. Det sammanfaller nästan alltid med stunder då ingen av dem är nära sin riktiga partner. Och ofta är var och en av dem ensam — vi vet det eftersom det inte finns några andra telefoner från deras nära krets i närheten.
And from time to time, with a periodicity that becomes recognisable — a weekday afternoon, a Saturday morning — both phones appear in the same geographic location. A secluded place. It could be a warehouse. It could be a summer apartment. It could be a small hotel on the outskirts.
Solklart.
Has anyone read a single message?
No. Not a single word. There was no need to decrypt anything, interpret anything or process any text. Just metadata: who talks to whom, when, how often, where their phones are at that moment. Data that isn't encrypted. Data that the server has by definition, because it needs it to function.
What is this information used for? To show you advertising. An ad for a nearby hotel that rents rooms by the hour. A getaway package to a spa for two. An offer from a discreet restaurant in the area. Not because someone read your messages. Because the metadata told your story better than your own words.
Vad det betyder
When an app tells you "your messages are end-to-end encrypted", it may be telling the truth. Nobody may read the text of your conversations. But if the server knows who you talk to, at what time, how often and where you are when you do it, content encryption is almost irrelevant. The metadata has already told them everything they need to know.
The only way to protect metadata is for the server not to have it. And the only way for the server not to have it is for messages not to pass through it. For them to go directly from one device to another. No intermediary. No record. No one in between who can note who spoke to whom and at what time.
Because true privacy isn't that nobody reads what you say. It's that nobody knows you said it.