Why ‘Nothing to Hide’ is the Deadliest Privacy Myth

They’re Watching: How Your Data is Being Exploited Right Now

Your personal data isn’t just a collection of ones and zeros—it’s leverage. Against you. Against your future. Against your right to exist without surveillance. The whole “I have nothing to hide” mindset? That’s a dangerous lie, sold to you by the very entities profiting off your digital footprint.

After 14 years in cybersecurity, I’ve seen exactly how governments, corporations, and opportunistic criminals work together to exploit every single breadcrumb you leave behind. From the apps you mindlessly install to the "smart" devices running in the background of your life, you're being watched, profiled, and manipulated.

This article will completely change the way you see and prioritize privacy.

They Know Where You’ve Been: Warrantless Tracking and the Rise of Commercial Surveillance

Mass surveillance has evolved far beyond the PRISM program exposed by Snowden in 2013. Today, law enforcement agencies and private companies collaborate to create an omnipresent tracking infrastructure—no warrant required.

The Tools of Modern Surveillance

• PRISM 2.0: While the original PRISM allowed the NSA to tap into tech giants’ servers, today’s programs bypass encryption entirely. Tools like FBI’s NGI (Next Generation Identification) aggregate facial recognition data from social media, traffic cameras, and even gym memberships.

• Data Brokers: Companies like Venntel and Babel Street act as middlemen, purchasing location data from apps like weather services, coupon platforms, and games. This data is then repackaged and sold to law enforcement. In 2023, the FBI purchased 500 million location records from brokers to track individuals without court oversight.

The Scary New Software Anyone Can Buy

Most people assume law enforcement needs a warrant to track them. They don’t. The FBI, ICE, and other agencies sidestep that whole process by just buying your location data from third-party brokers. Your privacy isn’t a right—it’s a commodity.

Take LocateX, a tool law enforcement (random private companies can purchase this software too) uses to track movements through "anonymized" data from everyday apps. Think weather apps, prayer reminders, coupon platforms—the stuff you never question.

By analyzing patterns like frequenting the same address or clustering near a protest site, they de-anonymize the data and link it back to individuals. This isn’t hypothetical.

In 2022, the DEA used similar tools to track phones near the U.S.-Mexico border, dodging constitutional protections in the process.

The biggest concern? No oversight. Unlike traditional wiretaps that require court approval, police can just buy LocateX data without a warrant.

A 2023 Brennan Center report found that 73% of U.S. police departments now use these tracking tools, and only 3% require a warrant. That means a single officer, with zero checks and balances, could track your visits to a reproductive health clinic, a mosque, or a political rally.

Who Pays the Price? The People Who Can’t Opt Out

The people who suffer the most from this unchecked surveillance aren’t the ones making the laws. It’s the most vulnerable communities who pay the price.

Domestic abuse survivors are among the most at risk. Stalkers and abusers regularly exploit spyware disguised as "parental control" tools like KidsGuard Pro.

A 2023 study by the National Network to End Domestic Violence found that 85% of shelters had clients being tracked through Internet of Things (IoT) devices, like smart thermostats and doorbell cameras. For them, opting out of data collection isn’t a convenience—it’s a matter of survival.

Immigrants also face massive risks. ICE (chinga la migra) has weaponized everything from utility bills to social media check-ins to hunt people down. A 2021 Georgetown Law investigation exposed how they purchased location data from Venntel, a data broker, to track phones near homeless shelters and immigration advocacy centers.

Protesters and activists are equally targeted. During the racial justice protests in Portland, Facebook’s "friends" list feature was used to link attendees to completely unrelated crimes, applying guilt-by-association algorithms to criminalize them.

Your Health Data Isn’t Private—Here’s Who Profits Off It

The exploitation of health data is just as ruthless. Fitness trackers and health apps have rebranded themselves as wellness tools, but in reality, they are nothing more than Trojan horses feeding your most intimate data to corporations.

Your Fitbit or Apple Watch isn’t just counting steps. It’s logging your heart rate variability (HRV), sleep apnea patterns, and even irregular gym attendance. That data ends up in the hands of third-party brokers like LexisNexis Risk Solutions, where it’s converted into "risk scores" for insurers.

In 2021, a Colorado man was denied life insurance because his gym visits—six times a week—were flagged as obsessive behavior. His insurer had bought data from MyFitnessPal, which had GPS-tracked his workouts. This wasn’t an isolated case.

UnitedHealthcare has openly admitted to purchasing diet logs from apps and adjusting premiums based on what people eat. It’s the same story with reproductive health. A Missouri prosecutor subpoenaed data from the period-tracking app Flo to investigate miscarriages as potential crimes.

Meanwhile, Walmart uses fertility data from these apps to predict pregnancies among employees, passing over women flagged by their algorithm for promotions to avoid the possibility of maternity leave.

Even DNA data isn’t safe. In 2023, 23andMe suffered a breach that exposed 6.9 million users’ genetic profiles. That data was later sold on RaidForums, where gig economy employers use it to screen potential hires for genetic predispositions to costly illnesses.

What this means in practice is that if an employer thinks your DNA shows a high risk of developing a chronic condition, they could reject you before you even get an interview.

Data Breaches Aren’t Accidents—They’re Business Decisions

None of this is accidental. Data breaches aren’t just unfortunate security failures. They are inevitable in a system where corporations cut cybersecurity budgets while lining executive pockets.

When Equifax leaked 147 million Social Security numbers in 2017, the company was fined $700 million, which amounted to just three days of revenue. T-Mobile, which was hacked five times in four years, still paid its executives $25 million in bonuses while slashing its security budget.

Hackers know this and take full advantage. Stolen logins, which sell for as little as $4 per account on Genesis Market (yes, really $4), get fed into credential-stuffing bots that test them across banking, healthcare, and government portals.

For $300, a hacker can hijack your phone number through SIM-swapping, bypassing two-factor authentication to drain your accounts. But sometimes the damage is far worse than financial theft.

Your Secrets Are for Sale—And Hackers Know How to Use Them

After an AI girlfriend app leaked 1.9 million users’ intimate chats in 2024, (many of these chats discussed illegal themes… like customizing their bots to behave like children for them to abuse) hackers cross-referenced the data with LinkedIn profiles and sent blackmail emails: “Pay $5,000, or we’ll send your expose your underage roleplay logs to everyone you know.” 

These people were doing something shady, but I’m sure they never expected their information to be exposed using a platform like this. It could happen to any platform.

And the worst part was that the AI girlfriend platform knew of this vulnerability, yet they decided to do nothing to stop it from leaking information.

The rise of these leaks has fueled an entire stalker economy. The moment these leaks hit the dark web, they are weaponized to destroy careers, relationships, and lives.

Your Data Will Be Exploited—It’s Just a Matter of When

This is the real cost of a data economy that prioritizes profits over privacy. If you’re not actively protecting your information, you’re a sitting target. The question isn’t whether your data will be exploited. It’s when.

When Data Destroys Lives: How Algorithms Decide Your Fate

The dangers of mass data collection aren’t theoretical—they’re ruining lives in real time.

Take James, a father in Texas, who lost custody of his children in a bitter divorce after his ex-wife’s legal team submitted a so-called “mental health risk assessment” from data broker Arbitrix.

The report labeled James as “unstable” based on his Spotify history. His love for emo bands like My Chemical Romance and lyrics referencing heartbreak were flagged as signs of emotional volatility.

The judge, with no understanding of how these opaque algorithms worked, accepted it as evidence. James’ story isn’t unique. Across the U.S., unregulated data brokers are feeding “risk scores” into courtrooms, hiring decisions, and insurance claims—without transparency, accountability, or any chance for rebuttal.

Then there’s Lina, a nurse in Ohio, who downloaded a prayer app to track her Ramadan prayers. What she didn’t know was that the app was selling her location data to a broker called SafeGraph, which bundled it into “mosque visitation logs” and sold it to ICE.

Months later, her husband—an undocumented immigrant—was arrested in a targeted raid at their home. “They knew exactly when we’d be together,” she later told reporters. “They used my faith against us.”

Even military security has been compromised. In 2018, a U.S. Special Forces member’s fitness tracker data ended up on Strava’s public heatmap, exposing jogging routes around a classified military base in Syria. The layout of the base and patrol patterns were immediately visible to anyone who knew where to look.

Foreign adversaries downloaded the data and used it to plan a mortar attack that left three personnel injured. The military has since banned wearables in conflict zones, but the reality remains: your data doesn’t just belong to you—it’s a national security liability.

Your Smart Home Is Spying on You—And Selling the Footage

Smart homes and IoT devices are marketed as seamless, convenient, and futuristic. In reality, they’re just surveillance portals disguised as luxury.

Take Amazon’s Alexa. In 2022, a Pennsylvania man discovered that Alexa had been recording private conversations about his divorce and uploading them to a third-party transcription service. Amazon dismissed it as a “glitch,” but leaked internal documents later revealed that voice data was being shared with more than 40 advertising partners.

Even baby monitors aren’t safe. Brands like Owlet and Nanit collect detailed biometric data on infants—heart rates, sleep patterns, and breathing irregularities. That data doesn’t stay private.

A 2023 Consumer Reports investigation found that Owlet was sharing these logs with Google, Meta, and third-party brokers like Experian. One parent summed up the outrage: “This isn’t just creepy—it’s a blueprint for denying my child healthcare later in life.”

Hackers are also exploiting the security failures of IoT devices. In 2021, a ransomware gang hijacked a hospital’s smart thermostats, cranking the heat to 100°F until administrators paid a $5 million ransom.

Meanwhile, dark web marketplaces have turned hacked smart home cameras into a business. Stalkers can pay as little as $10 a month for access to compromised Ring doorbell cameras, watching families in real time without them ever knowing.

The throughline in all of this? Tech companies don’t actually care about security.

They care about scaling fast, dominating the market, and selling your data while leaving you vulnerable.

The Global Surveillance Machine—And Why No One Is Safe

Western democracies aren’t innocent. The EU markets its General Data Protection Regulation (GDPR) as the gold standard for digital privacy, yet enforcement remains weak.

In 2022, Meta was caught continuing to share EU user data with U.S. intelligence agencies—despite a court ruling explicitly banning the practice. The penalty? A $1.3 billion fine, which was nothing more than a slap on the wrist, equating to roughly 4% of Meta’s quarterly revenue.

Even Switzerland, often viewed as a privacy haven, has its own loopholes. Swiss banks now use AI tools like Apateo to analyze client emails and calls for “risk indicators.” If you mention “Bitcoin” or “tax optimization” in a Zoom meeting, you might wake up to find your accounts frozen while the bank launches an “investigation.”

How to Fight Back—And Make Surveillance Costly

You can resist the surveillance state and reject techno-feudalism by caring about your privacy—one small step at a time. You don’t have to be perfect, and you don’t have to overhaul everything overnight. Every action you take—blocking trackers, using encrypted tools, cutting off data brokers—throws a wrench into the system.

The goal isn’t to disappear completely; it’s to make mass surveillance more expensive, chaotic, and less profitable. Don’t let all this overwhelm you. Just start where you can, and keep pushing back. Here’s how.

1. Cut Off the Data Brokers

The less data you feed the system, the harder you are to track. Swap Google Search for alternatives like DuckDuckGo or Brave Search, which don’t log user behavior. Use encrypted email services like Proton Mail or Tutanota, which operate under strict Swiss and German privacy laws. When signing up for accounts, generate burner emails through SimpleLogin to keep your real address out of marketing databases.

2. Block the Trackers Watching You Right Now

Your browser is leaking data constantly. Install uBlock Origin and Privacy Badger to block tracking scripts, fingerprinting, and hidden ad tech. On mobile, disable Advertising IDs (Android) or enable Lockdown Mode (iOS) to prevent apps from harvesting background data. A VPN won’t make you invisible, but using a no-logs provider like Mullvad or ProtonVPN can keep your IP address out of corporate databases.

3. Secure Your Identity Like a Pro

Security questions are a joke. Instead of using real answers, treat them like passwords—generate fake responses like Mother’s maiden name: Targaryen1984! and store them in a password manager like Bitwarden or 1Password (NO LASTPASS or I will cry!). For phone verification, use MySudo to create disposable numbers that protect against SIM-swapping attacks.

4. Erase Your Data from Broker Sites

Your personal info is being sold right now, but you can fight back. Services like DeleteMe (which is what I use) automate removals from over 50 major data brokers. Even if you’re outside the EU, you can submit GDPR deletion requests to global companies—many comply just to avoid legal trouble.

5. Get Loud—Because Individual Action Alone Isn’t Enough

No one is coming to save us, but collective action can force change. Support legislation like the Fourth Amendment Is Not For Sale Act, which would ban law enforcement from purchasing data without a warrant. File complaints under the CCPA (California) or GDPR (EU) against companies caught selling your data.

Organizations like the Electronic Frontier Foundation (EFF) and Fight for the Future are constantly pushing for stronger privacy protections—back them, donate, and use their resources to stay ahead of the surveillance machine.

Privacy Myths That Keep You Complacent—And The Truth

The biggest reason people don’t take action? Misinformation. Let’s break down some of the most common myths.

• "VPNs make me completely anonymous." False. VPNs hide your IP address, but the provider itself can still log your activity. Choose one like Mullvad that accepts cash payments and requires no personal information.

• "Incognito mode keeps me private." Incognito only stops your browser from saving history—it does nothing to block trackers, your ISP, or your employer from seeing what you’re doing. If you need real anonymity, use Tor.

• "I’m not important enough to be targeted." Wrong. Surveillance isn’t about targeting individuals—it’s about mass data harvesting. Data brokers don’t care who you are; they care about selling datasets like “10,000 pregnant women in Texas” to anyone with a credit card.

• "Strong passwords are enough." Only if you pair them with two-factor authentication (2FA). But ditch SMS-based 2FA—it’s easily bypassed with SIM-swapping. Use hardware security keys (Yubikey) or authenticator apps (Aegis) instead.

Final Word: Privacy Isn’t About Hiding—It’s About Power

Privacy is autonomy and resistance. Every step you take to obscure your data, disrupt tracking, or demand accountability shifts power away from the surveillance economy and our techno-feudal overlords.

The fight won’t be won overnight, but it’s one worth having. Because your data isn’t just numbers on a screen—it’s your life. And it’s worth protecting.

Stay Curious,

Addie LaMarr