They talk metadata but then were able to get his Google searches? How if they’re encrypted? Unless they got them from referrers on pages that appeared on the results. I would say this is more wiretapping…
It would certainly have been useful to lead with a discussion of what metadata consists of and why each item collected is relevant to this purpose. It does say “URLs” without specifying whether https makes a difference to what the app collects, but I imagine your guess is correct, that the analysis is getting search terms from unencrypted destination pages. Most of the web is unencrypted.
I think what to consider part of the metadata should really be informed by how that term is being used in the ongoing public policy discussion, and I think this is a good match for it. It’s a deceptive term - in addition to URLs, this app includes email subject lines, which I hadn’t thought about in this context before. I suppose URLs felt that way for you.
But the fact that this information - by whatever name - is most easily collected by wiretapping isn’t unexpected, because intelligence agencies are open about the fact that they have tapped the backbone in numerous places. The most-repeated policy argument for why they should be allowed to do this is that their systems see everything, but only store metadata. So we have been talking about MitM threats all along.
I would love to have all this data for myself - i.e. my own data, for myself to use. Trouble is, its just not harvestable ..
yeah! how ironic is that ?