Who’s Collecting Your Data—And How They’re Using It

Surveillance isn’t just something that happens in authoritarian regimes.

It’s not limited to intelligence agencies spying on dissidents or law enforcement tracking criminals.

Today, surveillance is the foundation of the modern internet.

Every time you browse a website, open an app, or make a purchase, your digital fingerprint is logged, analyzed, and sold. Your online activity isn’t just being watched—it’s being monetized. And it’s not just governments tracking you.

A vast, interconnected network of corporations, data brokers, and law enforcement agencies work together, feeding off the same data streams.

The result? Your every move is collected, stored, and weaponized—from the ads you see to the financial opportunities you’re given.

Think privacy doesn’t affect you? The reality is, even if you have ‘nothing to hide,’ your data is being used to make decisions about your insurance rates, job opportunities, and financial access—without your consent or knowledge.

Corporate Surveillance: The Backbone of the Tracking Economy

Every free service comes at a cost. You just don’t see the price tag.

Google, Facebook, Amazon, and nearly every major tech company built their business models on mass data collection.

They don’t just track what you click on. They build psychological profiles on you—predicting what you’ll buy, how you’ll behave, and even what emotions make you more likely to spend money.

• Google logs everything—not just your searches, but every website you visit that runs Google Analytics (which is most of the internet), your email content, and your location history—even when you turn location tracking off.

• Facebook tracks you even if you don’t have an account. Shadow profiles—built from scraped data, public records, and your friends’ contact lists—ensure that even those who actively avoid social media are still in its system.

• Amazon doesn’t just track what you buy—it tracks hesitation. If you hover over an item, compare prices, or revisit a product before purchasing, Amazon logs and analyzes those behaviors. Meanwhile, its Alexa devices record audio even when you don’t say the wake word.

Even if you’ve never signed up for these services, your data is still in their system.

Google Maps tracks your location, even when you disable tracking.
Fitbit and Apple Health share user health data with third parties—often without clear disclosure.
Smart TVs have been caught recording private conversations and transmitting the data back to manufacturers.

This data isn’t just collected—it’s sold and repackaged in ways that directly impact your life.

How Data Collection Becomes a Tool of Control

Most people assume targeted ads are harmless. But behavioral tracking goes far beyond advertising.

The algorithms don’t just predict what you want—they shape your behavior.

Insurers have used pregnancy-related searches to assess financial risk before a woman has even told her family she’s expecting.
Employers have rejected job applicants based on inferred personality traits from their social media activity—without ever meeting them.
Banks and credit agencies flag users as “high risk” based on online behavior—raising their insurance premiums, reducing their credit limits, or blocking them from loans altogether.

Once your data is collected, you don’t control it anymore. It can be sold, repackaged, and used against you in ways you’ll never see coming.

Your online behavior isn’t just tracked—it’s sold.

Governments don’t need to build massive surveillance programs anymore because Big Tech already did it for them. When corporations collect data for profit, law enforcement and intelligence agencies buy it, bypassing legal oversight entirely.

How Your Data Becomes an Open Book

You don’t have to be a criminal to end up in a government database. You just have to exist.

If you’ve ever used the internet, intelligence agencies already have a record of your activity. Your emails, phone calls, search history, and location data are collected, stored, and analyzed—whether you consent to it or not.

The U.S. government’s mass surveillance programs, exposed by Edward Snowden, revealed that agencies like the NSA collect billions of phone calls, emails, and messages every day—not just from suspected criminals but from ordinary citizens, journalists, and even world leaders.

One of the most revealing programs, PRISM, gave the government direct access to the servers of Google, Facebook, Apple, and Microsoft.

Intelligence agencies didn’t need to hack these companies—they were given a backdoor pipeline to user data, bypassing legal oversight entirely.

And this isn’t just happening in the U.S. Governments worldwide are expanding their surveillance capabilities, often working with private corporations to sidestep legal restrictions.

The Pegasus spyware scandal revealed that governments secretly hacked the phones of journalists, activists, and political opponents. Pegasus can access everything—messages, calls, passwords, location data, even a phone’s microphone and camera—without the target ever knowing.

Even law enforcement agencies that aren’t supposed to conduct mass surveillance simply buy their way in.

• The FBI has used Google location data to track people near crime scenes, leading to wrongful arrests.

• Local police departments purchase access to massive private databases, containing location history, social media activity, and even facial recognition matches.

These are datasets that would normally require a warrant—but by buying them from private companies, law enforcement sidesteps legal barriers completely.

The more data these institutions collect, the more power they have over society.

If your name accidentally ends up on a watchlist, good luck getting it removed. If an algorithm flags you as a risk, you may never know why—or how it affects you. And because corporate surveillance feeds into government systems, there’s no escaping it.

But governments aren’t the only institutions making decisions based on hidden data profiles. Financial institutions use this exact same system—except instead of deciding if you’re a security risk, they decide if you’re financially “trustworthy.”

Your Credit Score Is Just the Beginning

Most people assume credit scores only matter when applying for loans. That hasn’t been true for years.

Today, financial institutions don’t just look at credit scores—they use massive datasets of behavioral and spending data to decide who gets access to financial opportunities. And unlike a normal credit score, you don’t get to see these scores—or challenge them if they’re wrong.

Insurance companies analyze transaction history to assess financial risk.
Employers check financial histories before making hiring decisions.
Data brokers compile detailed "financial stability scores" that influence who gets approved for housing, loans, and even certain jobs.

And this system isn’t built to be fair.

Miss a single bill? Your score drops.
Apply for a loan too many times? You look financially desperate.
Spend money in a way that seems unusual for your income level? You might get flagged as a fraud risk.

None of this is regulated. There’s no appeals process. You can’t opt out.

Financial surveillance has evolved into a system that controls access to basic economic opportunities. And like government surveillance, it’s built on the data pipeline that starts with corporate tracking.

The Bottom Line: It’s All Connected

Most people think of corporate surveillance, government surveillance, and financial tracking as separate issues. They’re not.

They feed into each other. The data collected by corporations is sold to data brokers. That data is bought by law enforcement. Financial institutions tap into the same datasets to assess “risk.”

Once your information is out there, it moves through these systems indefinitely.

And this isn’t just about privacy—it’s about power.

The more control corporations and governments have over your data, the less control you have over your own life.

Practical Privacy Toolkit: How to Reclaim Your Digital Life

Privacy isn’t about disappearing—it’s about limiting risk.

You don’t need to quit the internet or erase your online presence. But you do need to stop feeding the surveillance economy more than it already takes.

Most tracking happens in layers—and each layer of friction you add makes it exponentially harder for corporations, governments, and threat actors to profile or exploit you.

The best part? You don’t have to do everything. You only need to protect yourself based on your actual risk level.

Level 1: The Lazy Person’s Guide to Privacy (Everyday Threats, Maximum Impact)

For people who just want to reduce corporate tracking, limit exposure to identity theft, and lock down their accounts.

Core risks:
Corporate surveillance, data brokers, phishing attacks, accidental data exposure, and petty cybercrime.

Strategic focus:
Fix account hygiene, stop feeding advertising profiles, and create a buffer between you and the data economy.

Your must-do list:

• Ditch Chrome and Safari: Switch to Firefox (hardened settings) or Brave, and install uBlock Origin, Privacy Badger, and LocalCDN.

  • Note: Firefox has recently changed their data privacy, so make sure you’re comfortable using Firefox.

• Use a private search engine: Startpage or Brave Search over Google. Avoid DuckDuckGo if you want better independence from Microsoft tracking.

• Switch to encrypted messaging: Use Signal for daily conversations. Enable automatic disappearing messages for 1 week.

• Lock down your phone:

  • iPhone: Disable ad tracking, limit app access to mic/camera/location, enable App Privacy Report.

  • Android: Use Privacy Dashboard, revoke background activity, and restrict Google access where possible.

• Use a password manager + 2FA:

  • Tools: Bitwarden, 1Password, or Proton Pass (NO LASTPASS)

  • Use TOTP apps (like Aegis) instead of SMS for 2FA.

• Opt out of data brokers: Start with DeleteMe (what I personally use). Manually request removal from Spokeo, Whitepages, etc.

• Audit social media:

  • Lock down privacy settings (limit visibility, disable search engine indexing).

  • Delete old posts or switch to private mode.

• Don’t feed the algorithm: Avoid quizzes, loyalty programs, and signing up for newsletters using your real email—use burner emails instead (SimpleLogin, AnonAddy).

Level 2: Moderate-Risk Privacy (Privacy Without Breaking Your Life)

For journalists, activists, whistleblowers, and others who face targeted monitoring but still need functionality.

Core risks:
State surveillance, doxxing, corporate retaliation, legal subpoenas, invasive spyware, targeted phishing.

Strategic focus:
Compartmentalization, encrypted systems, secure backups, operational security (OpSec).

Your must-do list:

• Compartmentalize identities:

  • Separate work vs. personal phones/emails/devices.

  • Use pseudonyms and alternate accounts for high-risk communication.

• Use end-to-end encrypted email: ProtonMail, TutaNota, or Skiff. Don’t use Gmail for anything sensitive.

• Switch devices or use burner gear for risky activity:

  • Travel with a clean laptop and burner phone (ideally factory reset + limited accounts).

  • Avoid biometrics—use strong passcodes only.

• Encrypt devices completely:

  • Always power off your phone/laptop when not in use—full disk encryption only protects when the device is off.

• Threat model your workflows:

  • Who are your adversaries? What data do they want? How might they try to get it? Adjust tools accordingly.

• Install Tor Browser for research and whistleblowing:

  • Use Tails OS if maximum anonymity is required.

• Avoid traceable purchases:

  • Use cash, Monero, or prepaid cards. Never use your personal credit card for anything sensitive.

• Conduct no-phone meetings:

  • In high-risk spaces, leave devices off or store them in Faraday bags.

• Isolate communications:

  • Never message sources or whistleblowers from your personal accounts.

  • Use Signal with safety number verification, or set up isolated, disposable ProtonMail addresses.

Level 3: High-Risk Privacy (Life-or-Death OpSec)

For dissidents, vulnerable minorities, undocumented migrants, or anyone under constant surveillance.

Core risks:
Nation-state surveillance, imprisonment, violence, deportation, espionage, coercion.

Strategic focus:
Air-gapped operations, total identity separation, zero-trust environments, plausible deniability.

Your must-do list:

• Assume everything is compromised.

  • Use air-gapped devices for sensitive content.

  • Never use real identity or home internet for high-risk activity.

• Run Tails OS exclusively:

  • Route traffic over Tor, use encrypted USBs, store nothing locally.

  • Shut down between use—Tails leaves no trace.

• Use Faraday bags for phones and trackers:

  • Better yet, leave them behind entirely when doing sensitive work.

• Adopt layered encryption and deniability:

  • Use PGP layered over Signal or Matrix.

  • Store data with decoy folders or hidden containers (e.g., VeraCrypt with plausible deniability features).

• Avoid facial recognition and biometrics:

  • Alter your appearance in public cameras.

  • Use masks, makeup tricks, or occlusion strategies when necessary.

• Practice border security protocol:

  • Wipe devices before travel.

  • Use clean iCloud or Google accounts.

  • Avoid unlocking devices with biometrics at checkpoints.

• Use code words or euphemisms in speech:

  • Even if intercepted, your language should be context-obscured.

  • Communicate like you expect the channel to be compromised.

• Never reveal personal info—even in safe spaces:

  • Assume surveillance and infiltration are possible, even in activist or NGO circles.

Border Crossings: How to Protect Your Data

Crossing a border temporarily erases your digital rights. In countries like the U.S., customs officers can search, seize, or copy your devices without a warrant—and ask for passwords, social media handles, or even access to cloud accounts. And this is definitely happening right now.

If your device contains anything sensitive, you need to prepare before you travel. Once you're in line, it's too late.

Step-by-Step Protection Plan

1. Travel With Minimal Data

• Bring a clean device if possible (aka a burner phone or wiped laptop).

• Remove all unnecessary apps, accounts, and personal data.

• Upload sensitive files to an encrypted cloud (ProtonDrive, Tresorit, Skiff) and delete them locally.

2. Log Out of Everything

• Sign out of all email, messaging, and cloud apps.

• Better: uninstall apps entirely so they can’t be accessed during a search.

3. Encrypt and Power Down

• Enable full-disk encryption on all devices.

• Before you reach the border, fully shut down your device—not just lock it. Encryption is only effective when powered off.

4. Disable Biometrics

• Switch from Face ID/fingerprint to a strong passcode.

• In most jurisdictions, agents can compel biometrics but not passwords.

5. Use Temporary Accounts

• Create travel-only logins (email, cloud, etc.) that don’t expose your full digital identity.

• Use these accounts on your clean device instead of logging into your real ones.

6. Consider a Faraday Bag

• If you’re concerned about remote access or geolocation, carry devices in a signal-blocking bag during travel.

Legal Reality

• U.S. citizens can legally refuse to unlock devices, but they may be detained or have the device seized.

• Non-citizens can be denied entry for refusal.

• If you’re logged in to cloud apps, agents can access that data on-site—even if the device is encrypted.

Best practice: Never travel with data you can't afford to have copied. If you're carrying sensitive info, design the device to be searched and find nothing.

The Privacy Paradox: Why We Struggle to Protect Ourselves

Most people say they care about privacy—but do nothing to protect it. They complain about Google tracking, but still use Gmail. They hate targeted ads, but never change their settings. They cover webcams while exposing personal data across dozens of accounts.

This isn’t apathy—it’s conditioning.

Tech companies have made privacy feel inconvenient, confusing, or already lost. The easiest digital experiences are built to extract data by default, and opting out requires effort most people don’t even realize is necessary.

Even in cybersecurity, privacy divides opinion. Some say it’s personal responsibility. Others argue that surveillance is no longer optional—it’s built into everything.

People don’t ignore privacy because it’s unimportant. They ignore it because they’ve been taught it doesn’t matter.

The Most Common Misconceptions About Privacy

“Privacy is dead. They already know everything.”

Wrong. While mass data collection is widespread, most tracking happens in layers. The more friction you add—blocking trackers, using encryption, and reducing your digital footprint—the harder it becomes to build a complete profile on you. Privacy isn’t all-or-nothing. Small actions matter.

“I’m not important enough to be hacked.”

Hackers don’t care who you are—they care what they can get from you.

If your email or password gets leaked in a breach, attackers can:

• Break into your other accounts (if you reuse passwords).

• Launch phishing attacks on your contacts.

• Sell your identity on the dark web.

You don’t have to be a target for your data to be valuable.

“Only criminals use privacy tools.”

Surveillance advocates have spent years pushing this narrative.

Journalists, whistleblowers, activists, and everyday users need privacy tools to protect themselves. Even businesses rely on encryption to protect trade secrets.

Privacy isn’t suspicious. It’s necessary.

The Psychology of Privacy: Why People Willingly Give Up Control

Surveillance isn’t just about collecting data—it’s about shaping behavior. Studies show people censor themselves when they feel watched, avoiding protests, sensitive research, or open conversations. Over time, this creates a culture of silence.

Tech companies fuel this by making privacy inconvenient. Data-hungry defaults are seamless; privacy settings are hidden. The path of least resistance always leads to more tracking.

Then there’s the “nothing to hide” myth—the idea that only the guilty need privacy. But privacy isn’t about hiding; it’s about autonomy. No one would accept a government camera in their home, yet we carry surveillance devices in our pockets every day—because we’ve been convinced that’s normal.

Why Privacy Risks Aren’t Theoretical

Weak privacy protections have real-world consequences—and they happen constantly.

Equifax leaked data on 147 million people. T-Mobile exposed 50 million more. Governments used Pegasus spyware to secretly hack journalists and activists.

These aren’t rare cases. Over 90% of Americans have had personal data breached. The average person’s info lives in 4,000+ databases. Even “no-log” VPNs have been caught selling user data.

Trusting companies isn’t enough. Their failures will still expose you.

Privacy Isn’t About Hiding—It’s About Control

Privacy isn’t about going off the grid. It’s about deciding who gets access to your data—and when.

It’s not all or nothing. Small steps—like using encrypted messaging or limiting app permissions—make a real difference.

The worst choice is doing nothing.

If you’ve read this far, you care. Now take one step. Start today.

Want the Full Technical Breakdown? Join My Research Vault

This newsletter is the simplified version of 45 pages of deep technical research. If you want the full, unfiltered deep dive—including advanced research, case studies, and technical details—you can access the full research report in my Research Vault.

What’s inside?

• A 45 page technical breakdown of this week’s topic.

• Straight-to-the-facts analysis for cybersecurity professionals, privacy advocates, and tech enthusiasts.

• A new deep research report every week, covering everything from data breaches to cyber warfare tactics.

If you’re serious about understanding cybersecurity, privacy, and digital freedom beyond surface-level content, this is for you.

👉 Join My Research Vault for $10/month

Privacy isn’t dead. But understanding how it works—and what to do about it—requires real research.

Stay Curious,

Addie LaMarr