The Metadata Problem and Why I Now Use Tor

https://mestik78.com/en/blog/2026/06/28/metadatos-y-tor/

The Metadata Problem and Why I Now Use Tor

Cover

If you've been reading my posts, you'll know I like to compare the internet to the telephone network. Both your home network and the server you connect to have an IP address, equivalent to a phone number, and making a connection is equivalent to calling their address. Unlike a traditional phone, IPs change over time, but it's still enough to get a good idea of who you are and where you are. You both know who the other is. From this site you can see your address and the location you broadcast to the rest of the world. This alone is somewhat uncomfortable to think about, although it can be solved using a VPN. But that's not the worst information they can get from you.
European legislation allows storing client IP addresses for a while for purely technical purposes, but forbids doing so for long periods and, above all, for analytical purposes. Unless you have given consent, of course. This is part of what you accept when you want to dismiss the typical annoying cookie banner; think about it next time you do.
What is legal is collecting analytics anonymously, and that's exactly what I do on this site. I have set up an Umami service that just logged that you entered this post. This way I can see how many visits my blog gets or if it has none and I'm just talking to the void.
In principle, there shouldn't be anything weird or worrying about this; due to how the internet is designed, the server you connect to knows you are doing it—someone has to answer that call. But yesterday I started noticing some slightly weird things.
I'm used to seeing sporadic visits from Google crawlers and other services. Bots that explore the internet to index it in their search engines. But suddenly those fleeting connections started to multiply, several times a day instead of around once a week. And they also stopped coming from places like the United States or Russia and started coming from Galicia or Castilla la Mancha.
screenshot

I've investigated a bit and I think it's quite terrifying. I believe they are phones and computers belonging to legitimate readers of my site.
I want you to look at your mobile browser. Chances are you currently have dozens of open, forgotten tabs that you visited weeks ago and don't intend to return to. If you have your desktop browser configured to save tabs between sessions, the same might be happening to you, dragging several along for days. Apparently, leaving them open is more convenient than typing the URL again.
It turns out your browser, intending to prevent your device from exploding when you open so many sites at once, suspends the ones you have most abandoned. But since it's also unacceptable for you to sit through loading screens, it anticipates you and restores the ones it thinks you'll want to use. By doing this, it resends information about your statistics, and the site owner ends up being able to measure exactly how you use your browser.
It might seem like an exaggeration, but thanks to this, one can measure if you grab your phone right after waking up, if you looked at it in the middle of the night, which days of the week you work and use it less, which ones you are on vacation and use it less predictably... And remember that services like Umami do not allow tracing the original user, but others like Matomo or the typical Google ones do. Furthermore, these telemetry systems are not limited to websites. Many apps you use, or even your operating system if you use Windows or MacOS, are constantly spying on you.
This might not worry you too much, especially if it can't be directly linked to you. In that case, I recommend watching the documentary Tamayo made about this topic.
If, on the other hand, I have your attention, you might be wondering what we can do to avoid it. The truth is I'm still in the process of finding a solution, but I already have some ideas.
In my case, since all the tools I use for work require the internet by design, I self-host them on my own server (as I describe in this post). This allows me to filter all my devices' traffic so they can only connect to it and a couple of trusted URLs. On the other hand, for surfing the web, whether for research or entertainment, I am starting to use Tor Browser. You might have heard of it because it earned a somewhat controversial reputation as the gateway to the deep web, although there is nothing to fear; it is actually a very simple browser.
Tor's logo is an onion, and both work like an ogre: in layers. As I said earlier, the internet works like a telephone network and you can always tell who is calling you. The solution, then, is to have someone else make the call for you. When you visit a site through Tor, you don't connect directly to it; instead, between you and the server, the connection passes through three intermediate nodes that change constantly. This creates a sort of broken telephone game where the only information lost is your own address. Every time you connect to a site, to them you are a different person in entirely different parts of the world. Tor works analogously to a VPN, but it is also decentralized, so you don't have to trust any single company not to be identified. (Remember to always use https anyway so no one can snoop on your traffic)
tor

Besides this, it takes care of making you untraceable by many other systems. I imagine you already knew that cookies were used to track you, but did you know they also identify you by your hardware, screen resolution, or installed fonts? This is known as Browser Fingerprinting. Tor takes care of spoofing this data to camouflage you with the rest of the users, making it impossible to identify you.
It's this extreme security that has made it popular for illegal activities and earned it that bad reputation, but as always, you can see that the problem is not the tool but how it is used.
If you liked this post, I invite you to leave a comment below and keep reading my blog, but please, when you're done, close this tab.

I will keep testing different tools to improve privacy and writing about my new findings. If you want to keep an eye out for new posts, you can follow my RSS.