Even the least invasive surveillance tools can provide a detailed look at a person’s life, according to a new study published today in the Proceedings of the National Academy of Sciences. The study looks at telephone metadata, which shows who a person called and when. Most courts treat that information as less sensitive than the contents of a call or email, and investigators can often obtain it without a warrant. But today’s study shows how investigators can use that information to infer where a person lives, who their friends are, and even specific hobbies or health problems they might have.

A team of researchers at Stanford conducted the study by gathering phone metadata from 823 participants, collected through a custom-built Android app called MetaPhone. Once installed, the app collected each user’s recent call history and showed which businesses they could be connected to. With the small database in place, researchers dug through to see how much they could learn about each user, checking conclusions against data available on Facebook.

Using Google Search and paid databases like Intelius, researchers were able to collect names for the vast majority of phone numbers, making it clear that, despite its legal status, the data is far from anonymized. They were also able to make educated guesses as to where each subject lived, triangulating from the businesses they called most often. The most revealing data were health clinics, religious organizations, or other sensitive organizations, which could often be identified in a subject’s call history. Seven percent of the subjects had made calls to a firearms sale or repair shop, while another 4 percent could be linked to a specific political officeholder or campaign.

Before November 2015, the NSA routinely collected metadata from every phone in America, a controversial program first made public by Edward Snowden. The USA Freedom Act deauthorized that program and bulk collection of telephony metadata phased out in November. Telephony metadata is now held by phone companies, but is available to the NSA through FISA orders.

According to Patrick Mutchler, a Stanford computer scientist who worked on the paper, the end result is more or less the same. "The NSA still has the legal authority to query this data and telecoms are not able to reject NSA queries," Mutchler told The Verge. "Where the data is physically stored doesn't change the fact that telephone metadata can be used to infer sensitive information."

The Freedom Act also imposed a new restriction on how broadly the NSA can explore metadata, although the new research casts doubt on power of that restriction. For each given query, the NSA is now limited to metadata within two "hops" of the requested number — that is, a person who called a person who called the target. According to the paper, that scope would typically produce metadata for 25,000 different people from a single queried suspect.