How to Protect From MetaData Retention? Qucik and Easy Tips

Last updated: May 7, 2024 Reading time: 6 minutes

Many countries worldwide, such as the United States, Australia, and European Union, have Mandatory Data Retention laws and policies as a backdoor to privacy in necessary times of calamity. Although at first, it might seem a good strategy to tackle cybercrime and keep tabs on suspects, such metadata retention jeopardizes the privacy of all the other people as a whole. And where it is necessary to have probable cause and a warrant from the judiciary to access stored data, every government agency silently follows different surveillance practices to access such metadata indirectly.

Think about stored confidential data as silos of information and what power it might give you when you have complete control over it. Hackers worldwide are always in search of such a gold mine of stored data either to gain personal benefits or cause harm to their agenda.

Since you have control over your devices, you can always minimize or protect your information by following a few security measures listed in our How to Protect from Metadata Retention guide.

Gain Knowledge of Metadata Retention in Your Country

Like common laws in your country, you should also know the regulations that affect your digital privacy and communication. Keep checking our Metadata Retention list of countries to get updated knowledge on the matter. You can access the website of the governmental institution responsible in your country or consult a lawyer to acquire vast knowledge.

Get a VPN Subscription

Since our lives are so integrated with the online Internet, we cannot consider a life without it. We generate more information online than we can imagine, and for every query we search for, our Internet service provider can tap into it anytime. Metadata Retention laws bind all communication providers to store such information to allow government authorities access in their investigation. Although they require probable cause and a search warrant from the judiciary, every government silently follows the practice of surveillance to avoid such requirements anyway.

To prevent ISPs from tapping into your information, you should opt for a VPN subscription to encrypt your Internet data packets and make them inaccessible even to your Internet service provider. Another function of a VPN is that it cloaks your IP address with its server IP, protecting your identity over the web and preventing IP tracking carried out by numerous websites, including social media networks.

But why does VPN matter? Mainly because VPN encryption renders Metadata Retention useless as eavesdroppers do not store any of your data.

Some of the VPN providers trusted by people online are ExpressVPN, NordVPN, and PureVPN because:

  1. They follow a strict NO LOG policy and are not bound to follow metadata retention as they are based outside such jurisdiction.
  2. They encrypt your Internet data with 256-bit AES encryption and OpenVPN security protocol.
  3. They maintain Net Neutrality by unblocking websites and redirecting traffic through servers spread around the world.
  4. Protect your online identity by changing your IP address.
  5. Have exclusive features such as Split Tunnel (PureVPN), TOR-over-VPN (NordVPN), and Core VPN service (ExpressVPN).

Moreover, try to avoid free VPN providers as they exchange your information with third party advertisers to earn their revenue.

If Not VPN Gets to Tor

Suppose you are unwilling to entrust your information to a paid VPN service provider. In that case, you can move to a more secure volunteer-based TOR network that works through a Tor browser similar to other browsers in functionality. Once you connect to a Tor network, your web browsing traffic passes through different exit gateways or nodes, making it harder for your Internet service provider or any other eavesdropper to track and access your data.

However, your encrypted Internet data is only limited to the browser level with the Tor browser. The rest of your Internet data is still unencrypted by other system applications requiring Internet connectivity; thus, some data remains stored for Metadata Retention. Additionally, most of the time, the Tor network gets slow as your web browsing data passes through different nodes.

If you want TOR network protection but are unwilling to use the TOR browser, you can use NordVPN, which provides TOR functionality over its TOR-over-VPN servers.

Protect Mobile Calls and SMS

Tapping on your mobile calls and SMS is an old practice of government surveillance. You must have heard an adage of ‘Big Brother Is Watching’ is true when there are intelligence agencies like the NSA and GCHQ. When it comes to Metadata Retention, blame is not limited to the agencies because some of the mobile carriers are not sincere. Unfortunately, you cannot protect your mobile calls and SMS, but you can circumvent such a situation by moving your communication to end-to-end encryption.

Many secure messaging apps such as Signal, WhatsApp, Wickr Me, and Telegram provide the functionality of end-to-end encrypted calls and messages for free. Since none of your communication is being stored, therefore Metadata Retention becomes useless here.

Protect Your Email Communication

Since Metadata Retention includes the summary of your email communication, e.g., sender and recipient email addresses and timestamps, therefore, protecting it should be your utmost priority. If you are flexible, you should move to end-to-end encrypted emails services like Tutanota or Protonmail. Other services like Outlook and Gmail do not provide such encryption out of the box; therefore, you can use third-party extensions like Mailvelope that encrypts your emails with OpenPGP encryption.

Use HTTPs Everywhere

One great thing about Google is that it tells you which website is secure and which is not. HTTPs ensure that data exchange while browsing a website is encrypted. Many websites still use unencrypted HTTP or provide limited support for encryption over HTTPs which make it harder to use.

For example, the website defaults to unencrypted HTTP or redirects its encrypted HTTPs pages to unencrypted ones. The HTTPs Everywhere extension – by EFF & Tor Project itself – fixes these problems by rewriting these requests to HTTPs. However, all the communication before successful HTTPs encrypted communication is monitored by your ISPs with timestamps under metadata retention requirements. So it is necessary to use a VPN along with the HTTPs Everywhere extension.

Prevent Social Media Tracking

Social media profiles tell more about us than ourselves; it is like the silo of information ideal for mandatory Data Retention practice. It can show our psychological behavior, what we are doing, likes and dislikes, shopping patterns, etc. Such information is valuable not only for marketing analytics purposes but also for keeping tabs on people’s activities. Social media websites such as Facebook, Google Plus, and Twitter track you via scripts that you can block using extensions like Privacy Badger or Disconnect that send ‘Do Not Track requests to the websites to prevent social tracking.


Although only a few countries follow mandatory data retention regimes after the extremely invasive Investigatory Powers Act in the UK and Congress’s vote to allow ISPs to sell, metadata has left a precedent for other countries to follow. Where digital privacy is facing threats by such metadata retention laws, the idea of encrypting everything is gaining strong roots online. To protect your digital privacy, you must follow the security measures described above to mitigate the risks of exposing your sensitive information online.

Share this article

About the Author

Rutaba Rais is Editor at Be Encrypted with focus on Technology and Internet Security. Apart from her Healthcare background, she has interests in Lifestyle, Journalism, and expressing her opinion by her writing. You can follow her on Twitter.

More from Rutaba Rais

Related Posts