Digital privacy: Is what we say on the Web still safe?

News that the US government had admitted gathering millions of phone records and that it consistently monitors Internet data has come with an acceptance that even the most trivial of Facebook and Twitter messages can be accessed by the National Security Agency - the cryptologic intelligence agency of the US Department of Defense.

The Guardian and the Washington Post revealed that the NSA had tapped directly into the servers of Internet firms Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple to track online communication in a programme known as Prism.

But while US President Barack Obama said that nobody has been listening to telephone calls, he admitted that the US government is "sifting through this so-called metadata" of foreign nationals suspected of terrorism or spying.

But what is metadata? And does it affect non-US nationals who regularly use popular social media platforms like Facebook?

The extent of Prism, undoubtedly an illegal spy operation in most European countries, can be as far as spying on Facebook chats and status updates. Everything surrounds metadata: information generated by your smartphone or PC while you are using email, Twitter, Facebook, your phone... even your camera and Google search.

Using metadata, the NSA can get to know the location from which persons access their email, Web chat or other online services.

Users can limit the information that is collected - by turning off location services on their phone or tablet, for instance - but this is often not enough.

So the question is, Are we safe when transmitting data across so many digital platforms?

For non-US citizens who exchange information digitally with other non-US citizens, their data is probably safe unless there is reason to believe that there is shared knowledge of a crime. Other than that, your correspondence should not be intercepted. In fact, the only form of correspondence that legally cannot be intercepted by anyone is a mail in the post.

But say your recipient may be the subject of police interest:? If that recipient is under surveillance, there is a possibility that any communication of interest to an investigation could be retrieved. In the case of the US, the government would obtain a secret court order to access the correspondence.

Then again, if the sender is a US citizen and the recipient is a non-US citizen who is embroiled in some investigation, it turns out that it is a bit easier for the government to access your data: under US FISA rules, a court is not needed to sign off before surveillance occurs and would review the government's targeting practices only after the data has been collected.

METADATA - what information your everyday digital transactions generate

E-mail

• sender's name, email and IP address
• recipient's name and email address
• server transfer information
• date, time and timezone
• unique identifier of email and related emails
• content type and encoding
• mail client login records with IP address
• mail client header formats
• priority and categories
• subject of email
• status of the email
• read receipt request

Phone

• phone number of every caller
• unique serial numbers of phones involved
• time of call
• duration of call
• location of each participant
• telephone calling card numbers

Camera

• photographer identification
• creation and modification date and time
• location where photo was taken
• details about a photo's contents
• copyright information
• camera make and model
• camera settings: shutter speed, f-stop, focal length and flash type
• photo dimensions, resolution and orientation

Facebook

• your name and profile bio information including birthday, hometown, work history and interests
• your username and unique identifier
• your subscriptions
• your location
• your device
• activity date, time and timezone
• your activities, likes, check-ins and events

Twitter

• your name, location, language, profile bio information and URL
• when you created your account
• your username and unique identifier
• tweet's location, date, time and timezone
• tweet's unique ID and ID of tweet replied to
• contributor IDs
• your follower, following and favourite count
• your verification status
• application sending the tweet

Google search

• your search queries
• results that appeared in searches
• pages you visit from search

Web browser

• your activity, including pages you visit and when
• user data and possibly user login details with auto-fill features
• your IP address, Internet service provider, device hardware details, operating system and browser version
• cookies and cached data from websites