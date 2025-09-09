The Surveillance Feature Nobody Asked For

Meet Facebook’s latest “feature”: a tool that quietly starts combing through every photo on your phone’s camera roll — not just the ones you uploaded, but everything, from last night’s party selfies to the scans of your passport and those… ahem… private pictures you swore you’d never share. In early September 2025, users began noticing a creepy new setting in the Facebook app called “Camera roll sharing suggestions.” According to Meta, this opt-infeature (wink, wink) uses “cloud processing” to let its AI “get creative ideas from your camera roll”proton.me. Translation: Zuckerberg’s AI wants to paw through your personal photos under the guise of making cute collages and memory videos.

Here’s the rub: Meta insists they asked for permission via a pop-up. But many people never saw any pop-up – yet found the scanning toggles mysteriously enabled by default. Plausible deniability, much? It’s the classic play: introduce a silently auto-enabled setting and later claim it was optional. Users were baffled and alarmed to discover Facebook apparently helping itself to their phone’s gallery without explicit consent tomsguide.com. “Allow cloud processing to get creative ideas…” sounds innocent enough until you realize it means piping your entire photo gallery to Meta’s servers on an ongoing basis techcrunch.com bgr.com.

Once granted, this permission is a privacy nightmare. Meta’s AI would effectively scan everything on your phone: your kids’ baby pictures, screenshots of medical records, that PDF from work, and your intimate moments – all hoovered up as training fodder for the machine proton.me. The feature’s benign label is a masterstroke of misdirection; buried in the fine print of Meta’s AI Terms is the acknowledgment that “once shared, you agree that Meta will analyze those images, including facial features, using AI” bgr.com. They even had the gall to include a clause warning you not to upload images of people from Illinois or Texas without consent bgr.com – a sneaky nod to those states’ strict biometric privacy laws that Meta doesn’t want to get sued under. In other words: “We’ll scan everyone’s faces, unless a law might cost us $! So if you break it, that’s on you.”

This surveillance feature that nobody asked for is a stark reminder: if a service is “free,” the real product is you. Meta blurring the line between your private device and their cloud is a huge step into your personal life proton.me. Did anyone request an AI babysitter for their camera roll? No. But Meta went ahead and built one, betting on user complacency and confusion. After all, they framed it as a creative tool – who could object to a helpful AI organizing your memories? Spoiler: Many of us, once we realize the cost is exposing our lives to Meta’s all-seeing eye.

AI: Artificial Intimacy

Leave it to Meta to spin mass surveillance as a personalized perk. They tout “Creative AI” and “personal digital assistant” features with a straight face, implying a benevolent helper that just wants to enhance your experience. In reality, it’s more like a digital vampire invited past your device’s threshold. “Let us process your baby photos to create a fun memory video!”Also: we’ll siphon up every pixel of Junior’s face for our facial recognition database, thanks. Facebook’s cutesy language about “magic recolors” and “restyling” photos is the sugar-coating on a data extraction pill. It’s artificial intimacy: Meta asking to crawl under the covers of your data while whispering that it cares about making you smile.

Consider how Meta described the camera-roll scan: a way to get “creative ideas made for you.” Aw, how thoughtful bgr.com. They neglect to mention the “ideas” are for their AI’s benefit, not yours. The pop-up didn’t even clearly mention “we are uploading your private photos to our servers now” – it just said cloud processing for creative ideas with a link to some nebulous terms bgr.com. Only by digging into those terms would a user learn they’ve agreed to let Meta’s algorithms analyze the faces, places, and objects in every image bgr.com. Surprise! You just handed Zuck the keys to your camera roll because you wanted an auto-generated slideshow of last summer’s BBQ.

Meta isn’t alone in abusing feel-good jargon. I wrote about this before. Big Tech as a whole has become fluent in this Orwellian doublespeak. Apple loves to brag about “on-device AI” that does things like categorize your photos and messages “privately.” In truth, Apple’s latest devices scan your messages and images for content like nudity or explicit material under the banner of safety – but guess what, that means every text you send or even type and don’t send is being read by the AI built into your iPhone (yes, really – I dubbed iPhone 16’s new algorithm “Apple’s Secret Surveillance Platform” for its always-on scanning of your communications). You can find this article here: substack.com. Apple sells this as privacy (“the scanning happens on your phone, so trust us, it’s fine!”). Nice try. On-device or not, an algorithm is still combing through your private stuff. It’s a bait-and-switch: they promised a privacy-focused AI assistant, but delivered a built-in peeping Tom that just does its snooping locally.

And speaking of peeping Toms, TikTok is the reigning champion of “we’re totally not spying, promise” – all while it literally records your keystrokes. Yes, TikTok’s in-app browser can track every tap and key you press when you open links inside the app theguardian.com. Security researchers found TikTok injecting code to monitor anything you type – passwords, credit card numbers, you name it theguardian.com. TikTok says “oh, we only collect keystroke patterns, not the actual text” snopes.com. Sure, and I have a bridge in Beijing to sell you. They also claim it’s just for “performance monitoring and debugging.” Because obviously the best way to debug your app is to log every single character users type. Meanwhile in the real world, TikTok’s hidden web tracker “closely resembles the behavior of keyloggers” (malicious programs that steal what you type) according to cyber experts theguardian.com. The app doesn’t even let users opt out of its in-app browser; it forces you through their monitored window so they can watch everything theguardian.com. Artificial intimacy, indeed – TikTok just wants to get to know you real intimately, one keystroke at a time.

All these intrusions are pitched as features. “Personalized experience” has become code for “intrusive surveillance”. Whether it’s Meta’s “AI-generated memories,” Apple’s device-side scanning, or TikTok’s “enhanced in-app experience,” the story is the same. They’re blurring boundaries and normalizing the idea that nothing on your device is truly private. After all, it’s all in the service of innovation, right? And who could be against innovation? (Never mind that in this case “innovation” means an AI that knows what’s in your underwear drawer.)

Google and Apple: The Other Peeping Toms

Lest you think this is just a Facebook problem, let’s swivel our gaze to the other tech giants perched at the foot of your bed. Google – king of “we respect your privacy” theater – has been caught with its hand in the cookie jar (and the location data jar, and the web history jar…). Remember when Google proudly added a “Location Off” toggle? It was supposed to stop tracking your whereabouts. Spoiler: It did no such thing. In 2023, Google paid a $93 million settlement after investigators found it kept collecting users’ location data even after they opted out, just funneled through other settings. An attorney general summed it up: Google told users one thing – that it wouldn’t track them – and did the opposite, continuing to pinpoint people’s movements for profit theguardian.com. It was also revealed Google deceived users about their ability to opt out of targeted ads based on location. In plain terms: Google gave us a fake “off” switch. Like a hotel thermostat that doesn’t actually control the temperature, it was there just to make us feel in control while the data kept flowing to Google’s servers theguardian.com.

And Meta is not alone!

Then there’s Apple, forever wrapping itself in a privacy flag while quietly doing shady stuff behind the scenes. Apple’s CEO Tim Cook loves to take digs at Facebook and claim “we don’t need to sell your data”. And yet, Apple has built an advertising empire too – and guess what, they’ve been caught tracking iPhone users’ app activity even when those users explicitly told Apple not to techcrunch.com. In late 2022, researchers discovered that turning off Apple’s “Allow Apps to Request to Track” and disabling device analytics did nothing to stop Apple from hoarding data on how you use its own apps. The App Store app, for example, was still logging every tap you made, what you searched, what ads you saw, your phone’s ID number, your screen resolution – all of it – and sending it to Apple. Apple got sued for this “secret, misleading, and unauthorized” data harvesting that blatantly contradicted its privacy assurances techcrunch.com. So much for “What happens on your iPhone, stays on your iPhone.” It turns out it stays on your iPhone… and also gets quietly sent back to Cupertino.

And while Apple markets “privacy-preserving” on-device AI, it’s also hard at work scanning your photos for content. They rolled out nudity detection features to automatically blur “sensitive” images. Ostensibly this is to protect children from unsolicited nudes engadget.com. Noble goal, but here’s the catch – to identify nudity, your iPhone has to scrutinize every photo. Today it’s to shield your eyes; tomorrow the same infrastructure could scan for, say, “extremist content” or anything else Apple or an authority wants, all under the hood and without your knowledge. Apple assures us this scanning is all local on the device and opt-in discuss.privacyguides.net. Yet the mere existence of such a system proves a point: Apple has built a surveillance pipeline into their devices, however they try to euphemize it. They backed off a controversial plan to scan iCloud photos for CSAM (child abuse images) after public outcry, only to reintroduce aspects of it via on-device scanning of iMessage attachments and photo libraries for “safety”wired.com support.apple.com. It’s a privacy shell game: whether the scanning happens on your phone or their server, your content is getting analyzed. The distinction is academic when the algorithm’s verdict (nudity found or not) can trigger actions or could, in theory, be reported or used against you.

Even Amazon isn’t innocent – remember those Echo speakers that employees were found to be eavesdropping on to “improve Alexa”? Or Microsoft with its own telemetry and LinkedIn data slurping? The entire industry has a peeping tom problem. TikTok we already skewered, but let’s not forget Instagram (owned by Meta) has similar abilities – it was caught reading your clipboard constantly (if you copy-pasted something, Instagram saw it) until Apple’s iOS 14 exposed that creepy behavior and forced them to stop. And who could forget when Zoom was found to have an undocumented web server on Macs or when LinkedIn was caught reading your clipboard every keystroke? The list goes on and on. In Big Tech’s view, “privacy” is a PR slogan, not a practice. They design around it with dark patterns and loopholes – all while claiming the mantle of protecting you.

Android Users Tracked Across the Web in ‘Private Mode’

If you’re an Android user thinking, “I’ll just use Incognito mode and a VPN, and Facebook can’t see me” – oh, sweet summer child. Meta had a surprise for you. In mid-2025, researchers blew the lid off a diabolically clever tracking scheme Facebook and Instagram were running on Android bgr.com. It turns out, even if you did everything “right” – cleared cookies, went Incognito, masked your IP – Meta was still linking your web browsing back to your Facebook/Instagram identity eff.org. How? By exploiting a loophole in Android’s design in a way that sounds like a hacker movie plot.

Meta’s apps were acting as clandestine stalkerware, using something called “localhost” communications to skirt around sandboxing eff.org. In plain English, they set up a secret backchannel between your phone’s web browser and the Facebook app itself eff.org techradar.com. Normally, Android (and any sane OS) is supposed to keep apps separate – your Chrome browser shouldn’t be tattling to your Facebook app about what sites you visit. But Meta’s engineers found a way to make them whisper to each other in the dark, using the phone’s own local network interface eff.org techradar.com. It’s like they built a hidden tunnel from the browser to the app. Through that tunnel, Meta’s trackers on websites (the ubiquitous Meta Pixel embedded on ~20% of sites eff.org) would send your browsing data straight into the Facebook/Instagram app on your phone bgr.com. And since you’re logged into those apps, voila – your Incognito porn surfing, that “private” health research or politically sensitive report you did was immediately attached to your real user profile bgr.com.

Think about how insane that is: Even in Incognito mode with a VPN, Meta could see who you are and what you’re doing online eff.org. This technique blew through every privacy barrier – it laughed at incognito, scoffed at VPNs, and tore a hole in Android’s walls. One researcher described it as a “flagrant disregard of core security protections” eff.org. Google, of all companies, actually called Meta out for “blatantly violating” privacy principles with this stunt bgr.com. (When Google – itself a notorious tracker – takes that tone, you know it’s egregious.)

Meta’s response? The usual: “Oops! That was an issue, we’ve paused it.” They claimed it was all a misunderstanding with Google’s policies eff.org. Right. We’re to believe that Meta accidentally built and deployed a sophisticated, cross-app tracking system that functioned for months (if not a year) and vacuumed up who-knows-how-much data, until researchers caught them. Then suddenly it’s an “issue” to be resolved. This is the data equivalent of getting caught with your hand in someone’s pocket and saying, “Oh, I thought this was my pocket. Honest mistake!” Meanwhile, they didn’t apologize or explain to users what happened; they just quietly stopped after being exposed eff.org.

For context, it wasn’t just Meta. The researchers found the Russian tech giant Yandex was doing the same thing (and had been since 2017) techradar.com. Meta apparently picked up the trick starting in late 2024. So this was a deliberate growth of surveillance capitalism’s toolkit: if traditional cookies and tracking were getting blocked, they literally engineered a new kind of super-cookie at the device level. It allowed them to keep targeting you with ads based on your off-platform behavior, even as you thought you’d escaped their gaze. This localhost tracking exploit is now thankfully closed – Google patched Chrome and Firefox is fixing it too bgr.com. But the fact remains: Meta tried to stalk people in the one place they thought they could be anonymous, and only backed off when outed. They just can’t resist the urge to “track you everywhere” (as one tech journalist aptly put it bgr.com).

Remember this episode next time Facebook talks about respecting privacy or gives you any kind of choice in settings. They were literally willing to break fundamental security boundaries to get at your data. If that doesn’t tell you what kind of company Meta is – and how utterly hollow their promises are – nothing will.

The Consent Illusion

“We value your privacy.” “You’re in control.” Big Tech loves these phrases. They’re plastered across privacy policies and consent dialogs everywhere. But at this point, those claims belong next to fairy tales and snake oil in terms of honesty. Consent in today’s tech ecosystem is largely an illusion – a theatrical performance where you’re tricked into thinking you made a choice, when in reality the choice was made for you.

Case in point: When Facebook introduced its camera-roll scanning, it claimed the feature was opt-in. But as we saw, many users never opted in – the switches just showed up on, by default tomsguide.com. So was that consent? Facebook will say, “Well, you agreed to our terms when you signed up, so that covers it.” In other words, somewhere in the bowels of a 80-page Terms of Service, they buried language that lets them do this, and that counts as “informed consent.” Give me a break. If you never saw a clear yes/no about “May we continuously upload and analyze your phone’s photos?”, then you didn’t meaningfully consent. But Facebook’s lawyers will argue you did, because you clicked “I agree” to the generic terms ages ago. This is consent by legal fiction (I know I have used this expression before;-)

They all do it. Default opt-ins are an industry-wide standard now theguardian.com. A recent FTC report on social media and streaming platforms found nearly all of them automatically funnel your personal info into their AI models and ad systems unless you happen to find and toggle off some deeply hidden setting. The report basically said users have no real access, choice, or control – the companies ensured that by design theguardian.com. Consent is reduced to a tiny footnote in the user agreement that no one reads. As a result, your silence or ignorance is interpreted as “yes, please surveil me.”

Big Tech redefines consent on their terms. They A/B test consent prompts to maximize acceptance rates – if a dialog saying “Allow us to use your data to improve our services?” only gets 60% clicks, they’ll tweak the wording (“Allow personalized experiences?”) until 90% click – then claim users overwhelmingly consented. They bundle necessary services with tracking in a “take it or leave it” deal. Look at Meta’s approach in Europe recently: after being forced by regulators, they unveiled a “pay or consent” policy – either you allow personalized ads (consent to tracking) or you pay for a much costlier ad-free subscription. That’s like asking, “Do you want a bullet in the leg or the arm?” and calling it free choice. European consumer groups have filed complaints, rightly arguing that such coerced “consent” isn’t consent at all beuc.eu noyb.eu.

Dark patterns are everywhere in these interfaces. Ever tried to turn off ad personalization on Google? They bury it under layers of menus – deliberately. Facebook’s privacy checkups and dashboards are a convoluted maze. They rely on user fatigue and confusion. If they do offer an opt-out, it’s couched in scary language: “You will still see ads, but they will be less relevant,” trying to spook you into opting back in. Or consider cookie consent banners: many sites give you a giant “Accept All” button but hide “Manage settings” in a tiny link. That’s not a user-friendly choice; it’s a nudge engineered to get compliance.

The consent illusion is perhaps best summarized by that cynical adage: “If you’re not paying for the product, you are the product.” Sure, tech companies ask for permission – but they design the question so that you’ll say yes without even realizing it, or they just take your silence as a yes. The FTC found that most platforms dumped peoples’ data into AI training without any comprehensive way to opt out theguardian.com. In fact, Meta doesn’t even offer U.S. users a true opt-out from having their data used to train AI – only EU users got a (temporary) choice due to regulation theguardian.com. For Americans and most of the world, it’s “consent or leave the platform”; and leaving isn’t really a viable option for many who rely on these networks.

It’s ironic: tech companies preach that “user consent” legitimizes their data collection. But they’ve twisted consent into a crude caricature. It’s no longer “informed voluntary agreement”; it’s a box-checking exercise where the default is “yes, spy on me” and the onus is on the user to figure out how to say no – if that’s even possible. As a result, these corporations can claim everything they do is with your permission, even though that “permission” was obtained through confusion, coercion, or deceit. It’s a sham. We’re essentially living under a regime of manufactured consent: a lie that you agreed to something that you were never truly given a fair chance to refuse.

A Short History of Digital Betrayals

None of this should shock you. Meta (formerly Facebook) and its brethren have a rich history of stabbing user privacy in the back, apologizing with fingers crossed, and then repeating the cycle. It’s their modus operandi. Let’s take a stroll down memory lane of some greatest hits in Big Tech betrayal:

Cambridge Analytica (2014-2018) – The scandal that became a synonym for data abuse. A personality quiz app harvested 87 million Facebook users’ data without consent, which was then used to psychologically profile voters in elections amnesty.org. Facebook’s response? First they denied it (“No breach, just a rogue third party!”), then they admitted it belatedly and Mark Zuckerberg did a public apology tour in Congress with the charisma of a damp sponge. We got the #DeleteFacebook movement, a $5 billion FTC fine later, and lots of promises that Facebook would mend its ways. Spoiler: it didn’t. Instead, Facebook just got more sophisticated at what it does – now they call it “AI-driven engagement” instead of “psychological manipulation with stolen data.”

Facial Recognition Fiasco (2010s) – Facebook built an auto-tagging feature that scanned every photo for faces and learned what you, your friends, and your family look like. They did this without asking, creating one of the world’s largest face databases by stealth. Hello, Illinois! That state’s biometrics privacy law (BIPA) led to a class-action suit where Facebook had to pay $650 million to settle claims it violated privacy by collecting face prints without consent newswest9.com jurist.org. Years of denying it was a problem, then a massive payout and an agreement to turn it off – at least for a while. Facebook shut down its face recognition system in 2021 with great fanfare (“we care about privacy now!”), only to slip elements of it into new products later. Meanwhile, we learned that even photos you never posted (but maybe just took on your phone and it synced) could have been scanned proton.me. The cycle: do it without consent, get sued, settle, “oops, we’ll do better,” then quietly repurpose the tech elsewhere (Meta’s VR and AR efforts are surely salivating over that face data).

Onavo “VPN” (2013-2018) – A lesser-known betrayal but a juicy one. Facebook literally paid users (including teens) to install a “VPN” app that spied on all their phone activity . The app, Onavo Protect, was marketed as a security/privacy app, but in reality it funneled user data to Facebook – letting them see which apps and usage patterns were popular (that’s how Facebook knew WhatsApp was a huge threat, leading to the WhatsApp acquisition; and how they spotted Snapchat’s rise, leading to the Instagram Stories clone). Apple eventually banned Onavo from the App Store in 2018 for being the opposite of what it claimed. Classic bait-and-switch: “Use our VPN to be safe!” (Meanwhile, in the backroom: “Hehe, we’re logging everything they do.”) Wired

WhatsApp Promise and U-Turn (2014–2021) – When Facebook bought WhatsApp, they swore up and down that they’d keep WhatsApp data separate and respect user privacy. Jan Koum, WhatsApp’s founder, even told users: “Privacy is coded into our DNA. We wouldn’t have partnered with Facebook if we had to change our values.” Fast forward a couple years: Facebook starts pressuring WhatsApp to share user phone numbers and usage data with Facebook for ad targeting. By 2021, they pushed a new privacy policy forcing users to agree to data sharing with Facebook or lose their accounts. So much for promises. Koum quit in disgust. Users raged, some fled to Signal. Facebook delayed the policy a bit, added clarifications, but ultimately, WhatsApp is now just another data source feeding the Meta borg. Broken promise, rinse, repeat. The Verge, We Live Security, Wired

Giphy and GIFs Surveillance (2020) – Facebook acquired Giphy, the GIF-sharing platform used widely in messages on Twitter, iMessage, Telegram, etc. Why would Facebook want a library of cat GIFs? Because Giphy was a surveillance goldmine . When you search for and send a GIF in other apps, that request can be logged – revealing what platform you’re on, what you’re talking about (context clues from GIF keywords), etc. It could match your usage across apps. The UK antitrust regulator later forced Meta to divest Giphy, not just on competition grounds but also noting risks to user data if Meta kept itprivacyinternational.orgprivacyinternational.org. It turned out Facebook basically tried to buy an eye into every other app’s conversations under the guise of “just GIFs.” They won’t stop at text, images, faces – hell, if there’s a way to exploit animated memes for data, they’ll do that too. Wired,

“We’re Meta now!” Rebrand (2021) – Perhaps the most laughable betrayal is the notion that changing the company’s name to Meta magically resets their reputation. The Meta era since 2021 has actually accelerated the privacy invasions: pushing into AR/VR with devices that map your environment, launching “Meta AI” assistants that encourage you to pour even more personal data into their hands, integrating data across Facebook, Instagram, and now Threads. The pattern is so consistent: launch something invasive, deny and obfuscate, get caught, issue half-apology, then rebrand or rename the feature and do it again . Remember how Facebook’s surveillance-based ad targeting was called “Partner Categories” then “Custom Audiences” then when regulators cracked down, they shifted strategies but still track you just as much via “AI models”? Same game, new jargon. The Guardian

In a move that screams “here’s how not to win press trust,” Uber’s infamous “God View” feature enabled employees to track journalists’ movements without their consent. One chilling instance involved a New York general manager using God View to monitor the location of a BuzzFeed reporter—a flagrant breach of privacy. Meanwhile, senior executives mused about deploying opposition researchers and even journalists to dig into critics’ personal lives, publicized during a controversial leadership dinner in 2014. Reporters were also reportedly warned that Uber could easily access their rider logs—a subtle nod that “we’re watching, don’t cross us.” The Guardian TIME WIRED Vanity Fair

The graveyard of user trust is littered with tombstones: Google’s aborted “Don’t be evil” motto (quietly dropped as they built the most omniscient ad machine ever), Amazon’s Alexa recordings (oops, humans were listening), Microsoft’s LinkedIn data scraping, Yahoo’s epic data breaches, Uber’s spying on journalists… one could go on for pages. The bottom line: whenever a tech company says “we’ve changed” or “we care about your privacy,” history shows you should laugh and then immediately check your settings – and perhaps your bank account – to see what they’re really doing.

Why You Should Care (Even If You Think You Have ‘Nothing to Hide’)

At this point, a resigned shrug might be tempting. “So what?” you might say. “They have all my cat photos and know I like Thai food. I have nothing to hide.” Oh, my friend, it’s not about hiding. It’s about how utterly naked you truly are in front of these companies – and the very real harms that can result.

First off, the “nothing to hide” line is a fallacy. You may not be a criminal or a celebrity, but that doesn’t mean mass surveillance can’t hurt you. Do you have anything personal or sensitive in the digital realm? Messages venting about your boss, intimate photos with your partner, financial documents, medical information, evidence of that wild night in college? Of course you do. We all do. Now consider that your phone is constantly uploading and analyzing all that. Even if Meta or Apple or Google aren’t currently using your nudes and medical records to sell you ads… the data exists on their servers or algorithms. It’s one breach, one leak, one unscrupulous employee away from exposure. Private photos get scanned and suddenly a database glitch or hack leaks them – congrats, your most intimate moments could end up on some dark web forum. Think it can’t happen? Facebook has had data leaks affecting millions. If they’re pulling in your entire camera roll, that risk extends to everything on there.

Consider stalkers and abusers. If an abusive partner can gain access to your accounts (say, by coercing your password or through some phishing), these troves of data allow them to spy on you in depth. Maybe Meta’s AI noticed you take a lot of photos at a certain park every Wednesday and started suggesting content related to that – tipping off your stalker about your routine. Or perhaps you thought you deleted all traces of a past relationship, but “camera roll suggestions” resurfaced an old photo on your feed at the worst time, giving an abuser ammo to harass you. When companies casually mine your personal content, they can inadvertently surface things you had chosen to keep buried.

How about blackmail and extortion? In 2023, Facebook’s own Messenger was at the center of a horrific case where a teen’s messages (obtained by police via warrant) led to her being prosecuted under abortion laws. Now imagine if some AI system flags “illegal” content on your device and quietly reports it. That’s not fantasy, read my article about it. You didn’t think you had anything to hide… until that off-hand text about something becomes evidence against you. Or until a hacker steals a cache of your “private” Facebook-scanned images and threatens to share them unless you pay up. These aren’t dystopian hypotheticals – they’re realistic scenarios in a world where our data is collected faster than we can secure it.

Even in the mundane sense: algorithmic profiling is affecting you. You might not see it, but behind the scenes, your data helps train AI models that will not only judge you, but predict your behaviour. All those years of posts, likes, photos – they feed machine learning models to predict everything about you: your personality, your political leanings, your health status, your purchasing power, maybe even your sexual orientation or gender identity – characteristics you might not have explicitly shared. These predictions can be used in insidious ways. Insurance companies, lenders, employers are absolutely interested in this kind of data. Perhaps you have no criminal record and a good credit score, but some big data concoction flags you as a “high risk” for depression (because your late-night browsing and language in posts match patterns of people who later filed mental health disability claims). Your mortgage application comes back denied with no explanation. You won’t even know it was an AI trained on masses of personal data (from people just like you) that silently judged your “risk.”

The troves of intimate data fuel AI systems that will increasingly make decisions about you – whether you get that loan, that job interview, or that apartment. Think about hiring algorithms that comb social media: do you want that slightly off-color joke you made in 2016 (which Facebook dutifully saved) to knock you out of contention for a job? What about health AI: maybe an algorithm decides you’re likely to develop diabetes in 5 years (it noticed lots of late-night fast food orders in your Gmail receipts). Suddenly you start seeing higher insurance premiums or — worse — your insurer quietly drops you. These are the very real implications of feeding the surveillance beast. You are training the AI that will one day sit in judgment of you, even if indirectly.

And it’s not just you. Your kids’ futures are at stake. If you’re a parent, consider that these systems are tagging and cataloguing your children from birth. Facebook’s face recognition (before it was nominally shut down) probably knows what your kid looks like from all the baby photos you posted. Now Meta’s scanning camera rolls, which might include all those candid toddler bathtub pics and silly faces – ostensibly innocent, but does Meta now have a “profile” of your child in some training model? The idea is chilling. We’ve seen egregious cases where platforms scanning for abuse imagery mistakenly flagged parents’ photos of their own kids (Google famously locked a father’s account after he sent photos of a rash on his toddler to a doctor – an algorithm flagged it as child porn). It was a false positive, but the damage was done. If AI is combing through your family photos, what happens when it makes a mistake? Are you prepared for the knock on the door because an algorithm thought something was amiss in your private life?

Finally, the democratic implications. The Cambridge Analytica saga taught us that our personal data can and will be used to manipulate our opinions and behavior on a mass scale amnesty.org. That harmless personality quiz you took helped psychographic targeting that might have swung an election. Now imagine far more advanced AI, trained on the totality of our shared private lives, able to craft disinformation or propaganda tailored to each individual’s fears and desires. That’s what we’re feeding when we give these companies everything. We are training the beast that will sell to us, judge us, and yes, even politically influence us with uncanny precision. What don’t they know about your body, schedule, and soul at this point? Very little. They probably know your sleep patterns (from phone usage data), your menstrual cycle (from app data or even purchase history), your anxieties (from messages or search queries), your friend network’s dynamics, your beliefs. With that kind of omniscience, these companies (or whomever can access the data) can push your buttons in ways you won’t even realize.

So, why should you care? Because privacy isn’t about hiding wrongdoing; it’s about preserving your dignity, autonomy, and safety in a world increasingly hungry to exploit your personal life. If you wouldn’t stand naked in Times Square, why let Big Tech strip you bare in the digital realm? The harms may not be immediate or obvious, but they are accumulating – a slow drip of erosion of your rights, your opportunities, and your security. By the time you feel the impact, it might be too late to reverse. In short: you should care because the stakes are nothing less than your freedom to be an unobserved, unmanipulated human being.

What You Can (Almost) Do About It

Alright, deep breath. By now you might feel an urge to chuck your smartphone into the ocean. That’s a rational feeling. Unfortunately, for most of us, going completely off-grid isn’t practical. The sad truth is individual actions are like a bucket of water on a raging forest fire of surveillance – but that doesn’t mean you have to just sit and burn. There are steps to reclaim slivers of privacy and send a message, however small, that you’re not entirely complicit.

1. Prune the Big Tech tentacles. Start with the obvious: uninstall or stop using services that egregiously spy on you. Ditch the Facebook app (at least use their mobile website if you must check it – the app is a data vacuum in the background). Same for Instagram. If you need Facebook for certain groups or contacts, consider using it in a web browser that’s locked down with privacy extensions. Every few major scandals, there’s a #DeleteFacebook wave – maybe it’s time you actually did (I did!), or at least “Deactivate” to put it in coma. Will it solve everything? No. But if enough people walk, it does send a message (or at least gives Zuck cold sweats about user numbers). Think of it as refusing to drink polluted water from the well – if millions do it, maybe the well owner is forced to clean up.

2. Tame your settings (and keep taming them). If you haven’t already, do a thorough audit of your privacy settings on every app and device. Turn off camera roll access for apps that don’t absolutely need it (Facebook having access to your photos? Hell no – remove that permission!). On iPhone, you can go to Settings -> Privacy and see what each app can access. On Android, same deal: Permissions manager. Strip away whatever isn’t necessary. Go into Facebook’s settings and opt out of any feature that sounds remotely like “face recognition,” “continuous sync,” “ad personalization,”etc. Be ruthless. And don’t trust defaults – they’re almost always set to benefit the company, not you.

3. Use privacy-focused alternatives. Big Tech counts on you feeling like there is no alternative. But there often is. Hate Google’s tracking? Try ProtonMail for email (I do!), Signal for messaging (I do!), DuckDuckGo or Brave (I do - sometimes) for browsing. These are tools built by folks whose business model isn’t selling your data. For cloud storage, maybe use Proton Drive or another end-to-end encrypted service, so at least your backups aren’t feeding the beast proton.me. Ditch WhatsApp for Signal or Telegram for truly private chats (no, Telegram isn’t perfect either, but at least it’s not Facebook). If you’re feeling extra spicy: consider a de-Googled Android phone (like GrapheneOS or LineageOS) or even Apple with lots of lockdown (though Apple has its own issues as we discussed). On desktop, use browsers like Firefox with Privacy Badger and uBlock Origin to nuke trackers eff.org. It’s not foolproof, but it cuts a lot of tentacles.

4. Avoid In-App Browsers and Free VPNs. Did the Facebook or TikTok app just offer to open a web link inside their app? Don’t do it! That’s the in-app browser that can track you more easily. Instead, copy the link and open it in your separate web browser (one that blocks trackers). Likewise, beware of “free VPN” apps – many are data scams. If you need a VPN, go for reputable paid ones like Proton VPN or something like the Tor browser for serious anonymity. Ironically, using a privacy tool from a shady source can backfire (Onavo taught us that). So stick to well-known privacy tools (EFF’s Privacy Badger is great on desktop eff.org, and things like DNS-level blockers (Pi-hole) can help at home).

5. Turn off that damn microphone and camera access. Check which apps have mic permission. Does Facebook or Instagram really need constant microphone access? No. There’s a persistent (though unproven) rumor that these apps listen to conversations for ad targeting – whether or not that’s true, why give them the chance? Revoke it. Use camera access only when you’re actively taking a photo in-app. Also, periodically purge your device of apps you don’t use – each one is a potential spy hole eff.org. Fewer apps, fewer leaks.

6. Lobby for real change. The above steps are proverbial sandbags in front of a tidal wave. The real fix has to be collective and regulatory. Support legislation for privacy (GDPR in Europe, or push for similar laws in your country). Write to representatives about needing strong privacy protections, not the watered-down nonsense lobbyists push. Support groups like EFF, Privacy International, NOYB – the folks fighting legal battles on your behalf. Big Tech won’t change out of the kindness of its heart; it needs to be dragged kicking and screaming by law or public pressure. If you’re in the EU, exercise your GDPR rights – request your data, file complaints when you see abuse. In the US, back calls for a federal privacy law (the patchwork of state laws is a start but not enough).

7. Educate and agitate. Talk to friends and family about these issues – not in a preachy way, but highlight real stories (like how Meta tracked people even in Incognito bgr.com, or how Amazon’s home cameras have been accessed by rogue employees). Public opinion can shift corporate behavior. Remember how Apple backed off its plan to scan iCloud photos? That was because the public outcry was enormous and they feared the backlash. We need more of that. When a new outrage comes (and it will), don’t let it fade in a day. Keep the pressure on with your wallet and usage patterns.

Now, for a reality check: Even if you do all the above, can you completely avoid surveillance? Honestly, no. Unless you want to live in a cabin writing manifestos, some data collection will happen. If you carry a smartphone, there’s always some tracking (cell tower logs, etc.). If you use email, metadata is unavoidable. This is why I say “What You Can Almost Do.” You can’t fully win as an individual. But you can mitigate harm and send a signal. Think of it like recycling – one person’s effort won’t fix climate change, but if millions do it and policy supports it, it can move the needle.

Also, consider employing obfuscation as protest: give wrong data where you can. Mislabeled your birthday on Facebook, scramble your ad interests by randomly clicking some stuff, use browser extensions that feed bogus data to trackers. It’s not a fix, but it can make their profiles on you less accurate.

In the end, the most important action might be to remain angry and aware. Don’t succumb to the numb acceptance that “this is just how it is.” The biggest victory for Big Tech is our complacency. If we treat privacy invasions as normal, they’ll keep pushing further. But if we keep raising hell – in articles like this, in conversations, in courtrooms and Congress – then perhaps we can tame this beast.

So uninstall that shady app, tighten that setting, and support those who fight the good fight. You have the right to privacy, even if the Zuckerbergs of the world wish you’d forget that. It’s high time we remind them, in deeds and words, that we’re not okay with carrying spy devices for the sole benefit of corporate advertising empires. It’s not about having something to hide; it’s about having everything to protect – our autonomy, our dignity, and the simple human right to a life not under constant observation.

Will these steps completely stop Meta/Google/Apple from snooping? Nope. Let’s not kid ourselves. But it’s like putting locks on your doors knowing a determined thief could still break in. You do it because it lowers the risk and sends a message: I value my house, don’t try me. Digital privacy is worth fighting for, even if the odds are dim. Each bit of friction we create is a reminder to Big Tech that we’re not naive. They may have the data on us, but we have our eyes on them. And with enough eyes, even the biggest behemoth can be kept in check – or brought down a peg.

References

Last accessed for validity: Sept. 9th, 2025