Metadata: What Is "Data About Data"?
What is metadata?
Metadata is usually described as "data about data". It's basically a description of a data asset, making it easier to find, manage and use. This info is separate from the main content.
Let’s say you send an email. The message body says, “Meet me at 3 pm.” That’s your data. But the time you sent it, your IP address, the device you used, the location it was sent from, the subject line, and who you sent it to – that’s metadata.
In the digital space, metadata is like a digital fingerprint for a file or resource. It gives you the essential context you need to make raw data useful. If you don't have this descriptive layer, the data loses context. It's like a library full of millions of unlabelled pages – you can't use it.
Why it's everywhere and invisible
This kind of digital exhaust is absolutely everywhere, and it's being generated by every device and application.
It's invisible by design, created automatically to help systems organise, sort and transmit information. Your phone's camera doesn't just take a photo, it also records the GPS coordinates, the make and model of the phone, and the exact time. This is all metadata.
Most people get confused about metadata because they think that if they control the content, they control the story. They don't, as the real story, the one that can be put together and analysed by third parties, is often hidden in plain sight, within the metadata.
The difference between data and metadata
Data is what you consciously create. Metadata is what your technology creates about you.
Why Metadata Is Needed
Despite how invasive metadata feels, it isn’t all evil. In fact, some of it is absolutely essential.
Without metadata, most digital systems wouldn’t function.
- How does your email get delivered to the right person? Metadata.
- How does your smartphone know when a photo was taken? Metadata.
- How does your calendar know what’s next? Metadata.
It's the digital logistics layer, the system of instructions that helps organise, label, transport and process data across networks and devices.
Data management and governance
With the crazy amount of data we're dealing with these days, it's impossible to manage it all without a great metadata strategy. Metadata makes data easier to access and find, so users can get around large data lakes and databases without any hassle.
Gartner says that not using a metadata-driven approach can increase data management costs by as much as 40%.
Digital libraries, content management systems and databases all rely on metadata to function.
Business intelligence and analytics
Metadata is the important link that turns raw data into actionable business information. It provides essential context like data origin and structure, which is key for accurate analysis. For example, an e-commerce business uses metadata to track customer behavior and product performance, enabling personalized recommendations. This contextual layer helps organisations get useful insights and make the most of their data for BI, AI, and ML projects.
Compliance and security
In the regulations we've got at the moment, metadata is a really important part of data governance. It documents data lineage, ownership, and access history, creating transparent audit trails. This is critical for complying with regulations like GDPR and CCPA. For highly regulated industries like healthcare (HIPAA) and finance (Sarbanes-Oxley), these metadata-driven audit trails are a legal requirement.
Interoperability
Standardised metadata is like a shared language that lets different systems and apps exchange data without problems. This is really important for getting data to work across different tech systems, so you can still use it when it's moved between platforms.
So that's how metadata has changed over time. It used to be a passive descriptor, but now it's an active agent in data management and security. A metadata strategy isn't just an afterthought anymore, it's a key part of modern data architecture.
But here’s also the danger: most systems record far more metadata than necessary. And they store it indefinitely. This is where the privacy disaster begins.
That’s why privacy-first tools, such as Atomic Mail, aim to minimise metadata exposure rather than eliminate it entirely (because that is impossible for systems such as email). But we'll talk more about this more later.
What’s Inside Metadata?
Metadata morphs depending on the type of file, platform, or service. Every digital file you interact with contains a hidden layer of extra information, sometimes helpful, often excessive, and almost always unnoticed.
Common types of metadata:
- Descriptive Metadata – Title, author, tags, keywords, description. Useful for organizing.
- Structural Metadata – How parts of a file are organized (chapters, table of contents).
- Administrative Metadata – Technical details, creation date, file type, access rights.
- Geolocation Metadata – Latitude/longitude, altitude, map coordinates.
- Device Metadata – Camera model, phone type, operating system, browser version.
Metadata Embedded in Common File Types
Here’s a look at the kind of metadata you’ll find in common files you use every single day.
Metadata example (from a simple photo):
Take a selfie on your phone. Here’s what the metadata is broadcasting behind your smile:
- Taken at: 4:18 PM
- Date: May 7, 2025
- Location: 52.5200° N, 13.4050° E (Berlin)
- Device: iPhone 14 Pro
- Lens: 1.8f wide angle
- File: IMG_4231.JPG
- Software: Adobe Lightroom for iOS
In an instant, someone could know you own a premium smartphone, you were in Berlin on May 7 at precisely 4:18 PM, and you use professional-grade software to edit your photos. They got it from the metadata.
Email Metadata
Email is where metadata gets especially dangerous. For most of us, email is the main way we communicate online. From sharing sensitive dociments and legal stuff to our most personal conversations. Because it's the hub for so much of what we do, the email metadata it generates creates the richest, most detailed and most sensitive map of our existence.
What’s included in email metadata:
All of this sits in the email headers.
Some headers are added by your email provider. Others by each server the email hops through. It creates a trail – a full delivery receipt that could identify who you are, where you are, and what service you're using.
And yes, Gmail and Outlook keep copies.
The Dangers of Exposed Metadata

Exposed metadata is a big deal for privacy and security, and it's a goldmine of information that can be exploited by all sorts of people.
Information leakage and privacy violations
It might seem like a single piece of metadata is no big deal, but when you combine it with other data, it can paint a pretty detailed picture of what someone or a company is up to, and that can lead to serious privacy violations.
- Personal Identifiable Information (PII): Metadata often contains direct PII, such as author names in documents and email addresses in headers.
- Location Data: This is a major privacy risk. GPS coordinates in photos can reveal homes, workplaces, or other sensitive locations. IP addresses in email headers can be geolocated to a user's city and network.
- Internal Processes and Confidential Information: Metadata in collaborative documents can be particularly dangerous. "Track Changes" and comments in Word can expose deleted contract clauses, internal debates, and negotiation strategies that were thought to be removed.
A vector for malicious actors
For cybercriminals, metadata is a goldmine of threat intelligence, giving them the info they need to profile targets and create sophisticated attacks.
- Reconnaissance and Intelligence Gathering: Attackers can get info by looking at the metadata of public files, which lets them map out how an organisation is set up and what tech they use.
- Targeted Phishing (Spear Phishing): Information from metadata (such as colleagues' names or project details) is perfect for creating highly personalized and convincing phishing emails.
- Vulnerability Discovery: Metadata can reveal the exact software and version number used to create a file. An attacker can cross-reference this with known vulnerabilities to craft a malicious document that exploits it, bypassing perimeter defenses.
- Social Engineering: Metadata provides context for social engineering. Knowing a document was authored by a specific manager allows an attacker to impersonate that manager with greater authority.
Even with end-to-end encryption (E2EE), email remains vulnerable from a metadata perspective. Key header information like To, From, and routing data cannot be encrypted for the email system to function.
Is it Possible to Remove Metadata? Management and Protection
Now that you know what metadata is and how dangerous it can be, the next question arises: can you remove metadata? The answer is somewhat yes. You can clean it from certain files, but it requires deliberate action, and it's not a complete solution.
Proactive metadata removal from files
The most effective principle is to "scrub" files of all non-essential metadata before they are shared externally.
Windows built-in tool
For quick removal of properties from common file types on Windows:
- Right-click the file, select Properties, and go to the Details tab.
- Click Remove Properties and Personal Information at the bottom.
- Choose to create a copy with all metadata removed or selectively remove properties from the original.
Microsoft office document inspector
For a more thorough cleaning of Office files, use the built-in Document Inspector.
- Save a copy of your document, as removal is irreversible.
- In the copy, go to File > Info > Check for Issues > Inspect Document.
- Select the content types to scan for.
- Click Inspect, then Remove All for each category of metadata you wish to purge.
PDF metadata removal (Adobe Acrobat)
In Adobe Acrobat, you can manually remove metadata.
- Open the PDF and go to File > Document Properties.
- In the Description tab, you can edit or delete core metadata fields.
- For more extensive metadata, click Additional Metadata.
- Save the document to commit the changes.
Third-party tools
For bulk processing or a wider variety of file types, third-party tools like Adarus and PDF24 can remove metadata from Office documents, PDFs, images, and more, often with advanced features like batch processing.
Securing email communications and attachments
This brings us to email, the biggest challenge. The manual, file-by-file approach is simply not enough. True email security requires a more robust strategy.
- Use end-to-end encrypted services for messages and attachments
- Avoid mainstream email clients that inject tracking or log device info
- Strip metadata from attachments before sending (especially images/docs)
- Use aliases to mask your real identity and address
- Enable encryption at rest for stored data
- Stay within the same secure platform when messaging (e.g., Atomic Mail to Atomic Mail)
- Use a VPN (Virtual Private Network) that can hide your true IP address
- Beware public Wi-Fi – avoid sending sensitive emails from cafes or airports, where your traffic can be more easily intercepted
- Review your client settings. Some email clients have settings that can reduce the amount of information shared, but these are often limited
But even the most diligent user can’t fully control email’s architecture. Which leads us to the only sustainable solution: use a privacy-focused email provider that minimizes metadata by design.
Get Real Privacy with Atomic Mail
Atomic Mail exists for one reason: to give people real control over their digital privacy – without gimmicks or compromises. We are not an afterthought to a massive tech company; we are security engineers and privacy advocates.
Our entire platform is designed to aggressively minimize your digital footprint and protect your communications with an uncompromising suite of features:
- End-to-End Encryption (E2EE): We believe your right to privacy shouldn't depend on your recipient's email provider. With Atomic Mail, you can send an end-to-end encrypted email to anyone.
- Between Atomic Mail Users: Encryption is automatic and seamless with our Atomic Encryption technology.
- To Any Other Provider (Gmail, Outlook, etc.): You can easily send a password-protected, end-to-end encrypted message. Your recipient gets a secure link to view the email, ensuring the content remains completely confidential and unreadable by their provider.
- Zero-Access Architecture: Your encrypted emails are stored on our servers using zero-access encryption. This means we don't have the keys, and we have no technical ability to decrypt your data. We can't be forced to turn over what we don't have access to.
- Anonymous Sign-Up: We don't require your real name, phone number, or any other personally identifying information to create an account.
- No Tracking, No Ads: Our business model is simple: we sell privacy. We don't scan your emails to sell you ads or build marketing profiles.
- Aliases: Create multiple email aliases to protect your real email address when signing up for services, newsletters, and online accounts. Or use them for better organization.
- GDPR Compliance: We are fully compliant with the GDPR, the gold standard for data protection, ensuring your rights are legally protected.
It is crucial to be honest about the limits of technology. Even the most secure email providers cannot defy the fundamental mechanics of the internet's email protocols. While we cannot encrypt the essential routing headers for emails sent to external users, Atomic Mail provides a powerful suite of tools to minimize the overall metadata footprint.
It’s time to switch from a service that treats you like the product to one that protects you by design.
➡️ Create Your Free, Secure Atomic Mail Account