5 signs your current chat app is leaking metadata
Metadata is the data about the data. Not what you said — but the envelope your message traveled in. It can reveal who you talked to, when you talked, and how often.
Former NSA and CIA director Michael Hayden put it bluntly:
“We kill people based on metadata.”
Most popular tools leak this data in the name of convenience. Here’s how — and how Qaxa is designed to handle it differently.
1. The "Online Now" status
That green dot feels harmless. But in many apps, it exists because your device constantly reports presence to a central service.
The leak
Every time you open the app, it can create a timestamped record: online, idle, offline. Over time, that becomes a pattern-of-life map — when you wake up, when you work, when you disappear.
You aren’t just chatting. You’re generating a behavioral timeline.
How Qaxa handles it
Qaxa can show who’s active without building a “timesheet of your life.” Presence is treated as a live signal — useful in the moment, meaningless after. We design it to avoid turning your availability into a long-term database.
2. The "Typing..." Indicator
Those three bouncing dots are cute. They’re also data.
The leak
To show typing in real-time, many apps relay signals through their servers. That can reveal interaction patterns: how quickly you respond, how long you hesitate, and what hours you’re most active. That’s not communication. That’s instrumentation.
How Qaxa handles it
Typing indicators should be a momentary nod — not a recorded metric. In Qaxa, typing signals are meant to exist only while you’re both present, and not as a stored timeline to analyze later.
3. Granular Read Receipts
“Read at 10:04 AM.”
The leak
This is high-resolution surveillance of attention. It’s not just “seen.” It’s proof that a specific person looked at a specific screen at a precise moment — and that moment can become another entry in a permanent log.
How Qaxa handles it
In Qaxa, read receipts are intentionally coarse. We show who has visited the thread, not which exact message they read.
That means there’s no per-message audit trail. It answers one practical question — have they been here — without turning attention into a timestamped compliance system.
Because the moment you log reads per message, you’re not building collaboration. You’re building surveillance.
4. Rich Link Previews
You paste a link, and a pretty card appears: title, image, excerpt.
The leak
Someone has to fetch that link to generate the preview. In many systems, the server does it for you — meaning your chat provider can learn exactly what you’re reading and sharing.
Worse: the website you linked to may now learn that someone (your provider) just requested that page — turning a private conversation into a visible request.
How Qaxa handles it
In Qaxa, previews are designed to be generated on your device — or not shown at all. We don’t want to be the middleman proxy that quietly builds a record of your links.
(And yes: client-side fetching can still reveal the request to the destination website. That’s why previews should be optional.)
5. The "Subject line" loophole (why email fails)
Even “encrypted email” has a blind spot.
The leak
With PGP-style email, the message body can be encrypted — but routing still needs headers. Subject, sender, recipient are typically not end-to-end encrypted across the email ecosystem. That means the most revealing parts often remain visible.
Someone intercepting traffic might not read the body — but they can still learn who you contacted and what the topic is.
How Qaxa handles it
Qaxa isn’t SMTP. It’s not a message bouncing across public mail servers. It’s a closed environment built for encrypted collaboration — where communication isn’t wrapped in email-style headers that must stay readable for routing.
Reality check
You can reduce metadata. You can’t erase it from physics.
Networks still reveal some information (like that two devices exchanged traffic). The goal is to make sure your collaboration tool doesn’t add surveillance layers — and doesn’t store what it doesn’t need.
Conclusion
True privacy requires a metadata-minimal mindset.
It means building systems that know as little about you as possible.
It means refusing “convenient” features that quietly become tracking.
It means collaboration without a shadow profile.
Look at your current chat app.
How much is it telling the world about you?
—
Now that you’ve seen how metadata leaks happen, it helps to understand the encryption philosophy behind Qaxa. We don’t rely on “trust us” promises — we rely on battle-tested cryptography from 1991. Read the story of Why we chose PGP, and why “old” encryption is still the safest kind.
