Metadata
Also known as: communication metadata, metadata privacy, metadata protection
Communication metadata is the data about a message rather than its content: who contacted whom, when, how often, for how long, from what location, and over what size of message. Even when the content is end-to-end encrypted, this surrounding data is usually visible to servers and networks. Aggregated across many messages it can reveal relationships, routines, and intent as clearly as reading the words themselves.
Encryption protects what you say. Metadata is everything around what you say — and it is often left in the clear because the network needs some of it to route traffic. A phone company may never hear your call, yet it records the two numbers, the timestamp, the duration, and the cell towers. Stack thousands of those records and a picture emerges: your contacts, your schedule, your movements, your associations.
The danger is that metadata is structured, machine-readable, and easy to aggregate, whereas content is messy and expensive to analyze. In 2013 the EFF illustrated this with examples like a call to a suicide-prevention hotline at 2:24 AM lasting 18 minutes — the content is private, but the metadata alone is devastating. German politician Malte Spitz turned six months of his own retained phone records into an interactive map of his life. Former NSA General Counsel Stewart Baker put it plainly: "If you have enough metadata you don't really need content."
This is why metadata is a first-class threat, not an afterthought. A messenger that encrypts content but leaks the social graph has solved the easier half of the problem. Real metadata privacy means hiding the sender (see sealed sender), the route (via onion routing), and the timing and volume (against traffic analysis).
How it works
Metadata leaks at several layers at once. At the application layer, a cleartext "from"/"to" field exposes the social graph. At the network layer, your IP address reveals who and where you are. At the transport layer, the timing and size of packets — even fully encrypted ones — let an observer correlate two endpoints. Defending metadata therefore requires defenses stacked at each layer; no single trick covers all of them, which is why privacy-focused systems combine sender-sealing, anonymity routing, padding, and traffic mixing.
How RVNT uses Metadata
RVNT treats metadata as a primary threat. Sealed sender strips the cleartext sender; an embedded Tor (arti) client hides IP and route; a mixnet batches, delays, shuffles, and pads traffic so timing and length leak little; and identity needs no phone number, email, or KYC, so there is no real-world identifier to correlate in the first place. See sealed sender and the mixnet docs.
Frequently asked questions
If my messages are end-to-end encrypted, why does metadata still matter?
Encryption hides the content of each message but not the pattern of your communication — who you talk to, when, how often, and from where. That pattern is often enough to infer relationships, routines, and sensitive associations without ever reading a single word. Metadata is structured and easy to aggregate, which makes it especially revealing at scale.
What counts as communication metadata?
It is the data describing a message rather than its content: sender and recipient identifiers, timestamps, frequency and duration of contact, message or packet sizes, IP addresses, and approximate location. Networks need some of this to route traffic, which is why it tends to be visible even when the content is encrypted.
Can any messenger fully eliminate metadata?
Not entirely. A delivery system must know where to send a message, so a recipient identifier and some timing information always exist. The realistic goal is to minimize and obscure metadata — hiding the sender, the route, and the timing — rather than claiming it disappears completely. Honest products say so.
Every definition here describes something RVNT actually ships — a post-quantum, end-to-end-encrypted, peer-to-peer messenger with no phone number and no servers.