We live in a time where ubiquitous data collection meets LLMs, resulting in massively powerful tools to understand each and every one of us - yes, every single human on the planet - individually and intimately. This post is my attempt to organize my thoughts on how personal privacy is eroding - to the point of being non-existent, why this is a problem and what we can do about it.
Privacy in the analog age
Most people have an archaic idea of what privacy and surveillance looks like. A zealous detective, shadowing a suspect. A clandestine task force sitting in a commandeered apartment, listening intently to conversations recorded by microphones places surreptitiously in a house. A command center with a live feed from a satellite, following a car from crime scene to hideout. An old detective bending the law to pressure a witness into giving up information.
It’s quaint, a little romantic perhaps, but above all: deeply personal. What these pictures have in common is the human element - surveillance and invasion of privacy is performed by real people following clues and hunches.
An investigation requires real people working real hours to find the truth. There is a resource cost involved, which puts firm limits to the scope of state and business surveillance. These resources are only marshaled if there is merit.
In the analog age, we were not all constantly shadowed by a team of police officers, our every action and interaction recorded. If people wanted find out things about you, they had to put in the effort. It was targeted and it was difficult. This, to me, is the real difference between then and now.
Privacy in the digital age
Today, businesses have inserted themselves into almost all our interactions with the world and other people.
Person ←→ [Messaging Service] ←→ Person
Person ←→ [Maps Service] ←→ Physical World
Person ←→ [Payment Processor] ←→ Goods/Services
Person ←→ [Social Media] ←→ Community
Person ←→ [Cloud Storage] ←→ Personal Data
It’s truly difficult to think of parts of our lives that are not somehow recorded in one way or another. For example, the following are meticulously surveilled:
what we spend our money on
where we are
what we say
This is the result of the technologies we use on a day-to-day basis and the governments we elect. Let’s get into the how.
What we spend our money on
This is pretty straightforward. Credit and debit cards, and bank accounts are the norm. When you use your card, you’re telling VISA or Mastercard and your bank all about it.
In a capitalist world that attaches prices to pretty much everything, knowing what you spend your money on is extremely valuable as this is a strong indicator of what we truly value. If you will, you “put your money where your mind is”, and this is even better than the proverbial “putting your money where your mouth is”.
Where we are
The phone is our gateway to the social media, interactions and services. Sadly, they are also wildly problematic. Without even using your phone, your location is constantly broadcast to the cell phone operators. Shops collect Bluetooth and Wi-Fi signals your phone emits even when it’s not connected to anything to keep tabs on you.
Of course, apps also happily collect location data available on your phone through aGPS [^1] (along with any other data your share with that app), and send it to the app’s servers and from there aggregate, analyze and sell that data onwards.
Should the phone fail, automatic license plate readers [^2], toll booths and the GPS inside your car reliably records where you drive. Buying a plane, bus, train, or public transport pass usually involves either a credit card transaction and/or identification.
What we say (online)
Most of our spoken and written interactions today are recorded. Emails, discord messages, direct messages on instagram or reddit. Of course, what you say on the platforms of the internet - say reddit or instagram or X is open for the platforms to see and use as they see fit.
Most direct messaging apps, like Apple’s Messages, Meta’s Messenger and Whatsapp encrypt message contents so these companies don’t know exactly what you say, but they know all of your contacts (you did give them access to your Contacts when asked, didn’t you?), who you talk to and when. There are some notable exceptions (Signal [^3]), but it’s not the norm. Worse, in many countries, daily life practically requires being on Whatsapp or WeChat - it’s often the only possibility to contact people and businesses.
These chat programs are tied back to your real world identity because you usually have to use your phone number to sign up. Of note, even the last vestige of privacy in the digital communication space - the message content - is under attack in the form of Chat Control [^4] in the EU and its international equivalents.
Selling you shit
All of this information is collected by companies with a single goal: to sell you shit. Really, that’s it. Your most precious photo memories, that angry outburst at your partner, that post on instagram about a protest in your neighborhood, your interactions with others’ content. It’s aggregated, bundled, analyzed, classified, and then sold to an advertiser. They then try to show ads to you that you’re likely to click on. That’s it. That’s how the modern internet works. That’s how Meta and Alphabet make billions each year and why their products are “free” for us to use.
But it’s not just the platforms themselves - there’s an entire ecosystem of data brokers [^5] that exist solely to aggregate and sell personal information from multiple sources, creating detailed profiles of individuals.
Okay, so we trade away most of what there is to know about us away to save perhaps $20/month [^6] on at-cost subscriptions [^7]. Maybe ill-advised but where is the harm in seeing some ads?
The tip of the iceberg
So far, businesses have used the data we freely share with them for commercial gain. Yes, there is manipulation, but the goal is usually a basic one: they want you to spend your money buying their products.
The really frightening scenario is a different one. What happens when this data is instead used for political purposes? This story started with the Edward Snowden revelations that the US (and likely every other country that is able to), is collecting whatever data they can on you. This is the equivalent of the team of police officers shadowing your every move and recording your every interaction for posterity, without you being suspected of any crime.
The last few years have shown that technology companies, however well intentioned at the outset, eventually cave to political and economic pressures. Mark Zuckerberg, once a proponent of connecting the world and building inclusive communities, has recently shifted Meta’s content moderation policies to find synergies with changing political winds. Apple is facing political pressure from the UK to turn off encryption in its services and while the US government has their back in this encryption fight, what will they do their interests no longer align?
This is not a political piece. I’m not trying to advocate for one political doctrine or another, my point is simply: companies might espouse certain values regarding privacy, freedom of speech, inclusivity or objectiveness. However, they operate within the confines of nation states and thus will always have to bow to regulation and political pressure, whatever direction that pressure takes.
I want you to perform a thought experiment with me: imagine your least-favorite political leader coming to power in your country and enacting laws to further their views and values. Now, imagine them taking over the machine the technology companies have been building with our tacit approval over the last decades. All our thoughts, wishes, habits, vices, opinions, hopes are laid bare in our online activity, and are perhaps just an executive order away from being scrutinized by that exact person: your least-favorite political leader. And this person is not interested in selling you things. This is the one who wields executive power and can ask the police to break down your door for wrong-think.
This machine has and is being built. It exists for whomever to wield that sits in control. Some politicians may choose not use it, but for others it will be too tempting. It’s only a matter of time. “I have nothing to hide” you may say. And that might be true. However, with this blasé attitude, you are robbing everyone else around you of the possibility to enact change. How do you protest or resist if you can be automatically and granularly targeted because all about you is known? How could the Civil Rights movement, anti-apartheid, the Arab spring - hell, any popular revolutions to build a better future - happen in a world where these movements can be nipped in the bud before they take off? We see how repression using technology works in Hong Kong (pdf) and Iran.
With the advent of usable AI, it’s becoming vastly easier to comb through the treasure trove of data we’ve been handing over to anyone who asked over the last decades. You can be sure that enemies of personal freedom and expression all over the world are slavering at the bits to get their hands on a product that will tell them exactly who might oppose them and how best to exert influence and power over them.
What can we do about it?
Privacy is not an all-or-nothing proposition. Just because absolute privacy online is not feasible does not mean we should give up. Every decision - small and big - you make to strengthen your privacy tilts the balance of power away from big tech companies and the surveillance industry and towards autonomy and democracy. Think of it as a spectrum: each step you take moves you further along toward greater privacy, and even small improvements matter.
To be clear, there is no practical way to be completely anonymous when you’re online. The hard truth is that when you’re online, you’re being tracked - from the collection of location information, to the websites you visit to the hardware you use through browser fingerprinting [^8]. Your data is being aggregated and sold to the highest bidder.
However, the best way to regain your privacy is to simply not share your life and thoughts with companies. This is applicable to many parts of life:
pay with cash (huge!)
turn off your phone (huge!)
don’t use clouds (huge!)
don’t use social media (huge!)
If you do the inverse of the above, change is required and change is always a little bit difficult. However, there is a lot you can do with small tweaks to curtail what information you willingly give up. And some changes might even have unintended upsides.
Pay with cash
Privacy regained from: banks, payment processors
This depends on what country you live in, but it is usually still possible to pay in physical stores with physical cash. Paying for digital services is a different story. For the big brands, gift cards that you buy with cash at the supermarket could be an option [^9]. While the headlines around cryptocurrencies have (rightfully!) been focused on scams and fraud, you can pay for goods and services with Bitcoin or Ether.
Turn off your phone
Privacy regained from: external trackers (cellular, Wi-Fi, Bluetooth), snooping apps
If you don’t want to turn off your phone completely, just put it in airplane mode, turn off Wi-Fi calling for 90% of the gains. If you need to connect, use Wi-Fi hotspots.
There are offline maps apps, offline music apps, offline podcast apps, offline games. The biggest hurdle is probably reachability because we’ve normalized the expectation that anyone can reach us at any time. It’s at least as much an internal problem (your own FOMO) as an external problem (your friend getting mad that you didn’t answer immediately).
Don’t use clouds
Privacy regained from: big tech companies
It’s totally possible to simply not put all of your data on some company’s servers where it’s going to be analyzed and pored over by our new AI overlords. For instance, you can sync your iPhone directly with your mac - no iCloud necessary! Try to use plain old files instead of a proprietary cloud service and sync them between devices with something like Syncthing. Is it as seamless as iCloud? No. Is it possible? Absolutely.
Don’t use social media
Privacy regained from: big tech companies
Don’t feed the hate and rage machine. Just step away. Read a book, talk with friends. If you want to engage with strangers on topics that interest you, find a good Lemmy community (a federated, open-source alternative to Reddit). To communicate with people, use a secure messenger like Signal.
An unintended benefit might be that you feel happier, calmer and more connected to the world around you.
1. Assisted GPS combines cell tower triangulation with satellite data, making location tracking more precise and faster than GPS alone, while also working better indoors. GPS by itself is A* privacy, because your device determines its location by itself, while aGPS shares that position with other actors.
2. Automatic License Plate Readers are increasingly common not just on highways, but in shopping center parking lots, residential areas, and even mounted on police vehicles that continuously scan plates while driving.
3. Signal goes to extraordinary lengths to minimize data collection. They use techniques like Sealed Sender to hide metadata, don’t store message history on their servers, and have been transparent about their inability to provide user data even when subpoenaed.
4. The EU’s Chat Control proposal has been attempted multiple times under different names, each time facing resistance from privacy advocates but continuing to resurface. 2006: Data Retention Directive (annulled in 2014 by the CJEU), 2017: Going Dark Initiative (work-in-progress), 2021: Chat Control 1.0 (expired in 2023), 2025: Chat Control 2.0 (likely won’t pass).
5. Companies like Acxiom, Experian, and Epsilon aggregate data from thousands of sources to create detailed profiles containing thousands of data points on individuals, which they then sell to marketers, insurers, employers, and others.
6. Estimated based on equivalent paid services: Еmail, contacts, calendar ($5/month at Tutanota, Proton, Posteo), social media ($1/month ‘at-cost’ for mastodon), cloud storage ($10/month for 1TB at Tresorit), Search ($5/month at Kagi). That’s $20/month.
7. Of course, there are some services that simply don’t have a private alternative you could pay for. If you have a mobile phone, there is no “private” option for you to choose that turns off the tracking beacon in your pocket.
8. Browser fingerprinting uses information about your browser configuration, installed fonts, screen resolution, and dozens of other factors to create a unique identifier that can track you across websites even with cookies disabled.
9. Note that many gift cards still require activation that can be traced back to the purchase location and time, and using them online often requires providing personal information.