Skip to main content

Why is Logging Metadata Bad? - Knowledgebase / Frequently Asked Questions - PIA Support Portal

Why is Logging Metadata Bad?

Authors list

Why Logging Metadata is Bad

TL/DR: Logging Metadata is bad because it compromises your security and privacy. 

Logging any kind of data, either directly or just metadata will always compromise security and privacy as it allows a person to be identified as well as their usage. 

For example, if a VPN company logs metadata this means they will log: 

  • Server Location 

  • IP Address 

  • Your ISP 

  • What country you connected from 

  • Amount of data transferred per day 

  • Which app you are using (which also reveals OS) 

  • Which version of the app you are using 

Imagine this (hypothetical) scenario: 

  1.  A customer wants to download a copyrighted file. 
  2. A customer can connect to their VPN (which logs metadata) and then the customer downloads a file that is exactly 3,215MB. 
  3. Law enforcement requests the logs from the logging VPN 
  4. The VPN company responds to Law Enforcement with;
    "The customer in question connected to our VPN on that day, from his home connection in America, through his ISP Comcast, and he transferred 3,312MB that day, and his email address is [email protected]". 
  5. Law Enforcement then contacts Google a requests his info. 
  6. Google check their records and on that day, they also connected to Gmail and transferred 53MB in total. 
  7. Law Enforcement also sees an email from his Facebook account, so they request that data and learn that the customer transferred 44MB of data on that day.

 So, now Law Enforcement knows that the suspect used a VPN that day, and transferred 3,312MB, with 97MB going to Gmail and Facebook, which leaves 3,215MB of transfers - the size of the movie in question. 

 The metadata logs from the VPN Provider show he was a Comcast user which is factual. 

The metadata logs from the VPN Provider show that the copyrighted file was downloaded by someone with an IP in Uruguay belonging to the VPN Provider. 

The customer has now been identified through the use of metadata logs which were used to circumvent the security and privacy of the user. 

 Please Note: We strongly suggest you don't break the law and download copyrighted material. If you would like, please review our DMCA policy here and our logging policy here