"We kill people based on metadata." — General Michael Hayden, former Director of the CIA/NSA.

This chilling quote reveals a stark truth about modern surveillance: the content of your messages often matters less than the context. While end-to-end encryption protects the body of your message, it leaves a trail of digital breadcrumbs that can be just as revealing.

What is Metadata?

If an encrypted email is a sealed letter, the content is the letter inside. The metadata is everything written on the outside of the envelope to ensure it gets delivered:

The Metadata Trap Infographic
  • Sender: Who entered the void?
  • Recipient: Who stared back?
  • Timestamp: Exactly when did the exchange happen?
  • Size: How long was the message?
  • Subject Line: Often unencrypted in standard PGP setups.

The Social Graph

Metadata builds a graph of your life. It maps your social network, your habits, your political affiliations, your medical status, and your daily routine. Algorithms can infer intimate details—like an affair, a disease, or a whistleblower's identity—without reading a single word.

Why Context is King

Imagine an observer knows you called a suicide prevention hotline at 2:00 AM, then called your health insurance provider at 9:00 AM. They don't need to record the call to understand exactly what you are going through.

Or consider a journalist communicating with a known government source. The mere fact that they communicated at a specific time is often enough evidence for an investigation, even if the content is "Let's meet for lunch."

How PAAVS Protects Metadata

Protecting metadata is significantly harder than protecting content because the network needs some metadata to route the traffic. However, we employ several advanced strategies to minimize leakage:

1. Encrypted Headers

Standard email protocols send Subject lines in plaintext. At PAAVS, we encrypt the Subject line, Sender name, and Recipient name within the encrypted envelope whenever possible. This ensures that only the bare minimum routing information (email addresses) is exposed to our servers.

2. Minimal Logging Policy

We design our infrastructure to be amnesic. We do not store IP access logs for longer than strictly necessary to prevent abuse (DDoS mitigation), and we never permanently link these transient logs to your user identity.

Payment Privacy

We support crypto payments to sever the link between your financial identity (credit card) and your digital identity (email account).

3. Future: Tor Onion Service

For the ultimate metadata protection, we are building a dedicated .onion address. When you access PAAVS via Tor:

  • Your ISP cannot see you are using PAAVS.
  • PAAVS cannot see your IP address.
  • The entire connection is routed through three layers of encryption.

Privacy is holistic. It's not just about what you say, but the freedom to associate with whom you choose, without being constantly mapped and analyzed.

Step into the shadows.

Join PAAVS