Articles

E2EE: The Metadata Blind Spot

March 15, 2026 4 min read

End-to-end encryption (E2EE) doesn’t actually hide your conversations from the platform providing the service, it just hides them from everyone else on the network path between you and the recipient.

Let’s look at Signal, a service often held up as the gold standard for E2EE. When you send a message, your Signal client encrypts it using a key derived from the recipient’s public key. Only the recipient’s client can decrypt it. This means Signal the company cannot read the plaintext of your messages.

But what can they see?

Imagine you’re sending a message to Alice. Your Signal client has Alice’s public key. It generates a symmetric session key, encrypts your message with that session key, and then encrypts the session key with Alice’s public key. This encrypted message and session key are sent to the Signal servers.

Here’s the crucial part: the Signal servers do see metadata. They see that your account (identified by your phone number, which they have on record) sent a message to Alice’s account (identified by her phone number). They see the timestamp of when the message was sent and received. They see the size of the message. They know who is talking to whom, and when.

Consider this hypothetical interaction:

{
  "type": "message",
  "sender": "+15551234567",
  "recipient": "+15557654321",
  "timestamp": 1678886400,
  "size_bytes": 1024,
  "encrypted_payload": "..." // This is the E2EE part
}

The encrypted_payload is gibberish to Signal’s servers, but the rest of this JSON structure is plain text, or at least, readily available to them. This is the metadata.

What can this metadata reveal?

  1. Communication Patterns: Even without content, patterns emerge. If you message Alice every day at 8 AM, the server knows you have a regular communication. If you suddenly stop, they know something changed. This can be used for analysis, profiling, or even inferring relationships.

  2. Contact Discovery: How does Signal know Alice is in your contacts? When you install Signal, your app can upload a list of hashed phone numbers from your address book to Signal’s servers. Signal’s servers then check which of those numbers are also Signal users and tell your app who among your contacts is on Signal. Signal the company doesn’t see your full address book, but they do see which of their users are connected to your phone number.

  3. Group Chats: In a group chat, the server knows who is in the group and who sent messages to it. While the message content is E2EE between members, the server knows the membership list and the sender.

  4. Message Delivery Status: The server knows when a message has been successfully delivered to the recipient’s device. This is a form of acknowledgment that passes through their infrastructure.

  5. User Online Status (Indirectly): While not explicitly broadcast, a server can infer that a user is "online" or "available" if messages sent to them are being received and processed promptly. This is a weaker inference but still possible through observation.

  6. Account Information: Signal knows your phone number, your username (if set), your profile picture, and when you last accessed the service. This is all tied to your account.

The most significant limitation is that E2EE is only as strong as its implementation and the trust placed in the endpoints. If the device itself is compromised (malware, physical access), the E2EE is bypassed entirely. The platform doesn’t need to break the encryption if it can simply read the decrypted message on your phone before it’s encrypted or after it’s decrypted.

The actual mechanics of E2EE involve the Double Ratchet Algorithm and the Signal Protocol, which establish secure, forward-secret communication channels. But this security applies to the content of the message, not the fact that a message occurred between two known entities at a specific time.

The platform can also see the IP addresses of the connecting clients. While Signal attempts to anonymize this by not logging IP addresses, the initial connection handshake involves IP information.

The real privacy battle isn’t just about encrypting content; it’s about minimizing the metadata collected and understanding what the service provider always knows, regardless of encryption.

The next step in understanding privacy is how these services handle account recovery and data backups.

Want structured learning?

Take the full Cryptography course →