The Source

Digital Privacy & Protection

6 min read

Digital Privacy & Protection

verified credible

Folder: 04 - TECHNOLOGY & SURVEILLANCE Source note: SRC - Digital Privacy

What This Note Is

This note is practical. Knowing the surveillance architecture documented across this vault is only useful if it changes what you do.

Perfect privacy does not exist while participating in modern digital society. The goal is not perfection. The goal is raising the cost of surveillance high enough to fall below the threshold of easy automated harvesting.

Most surveillance is automated and passive. Basic hardening puts you outside the easy bucket. verified

Understanding The Threat Levels

Highest risk: verified

  • Meta ecosystem — Facebook Instagram WhatsApp See Meta
  • TikTok — biometric harvesting foreign ownership questions See TikTok
  • Google ecosystem on Android without hardening — 340 location pings per day See Google & Alphabet

High risk: verified

  • Google ecosystem generally — Search YouTube Chrome Gmail
  • X (Twitter) — biometric data employment history Grok training See X & xAI
  • Spotify — voice emotion patents mood profiling See Spotify
  • Discord — not encrypted age verification rollout 2026 See Social Platforms

Moderate risk: credible

  • Apple ecosystem with proper settings enabled — better than most but building its own ad business See Apple
  • Microsoft on Windows — mandatory telemetry cannot be disabled Recall feature monitoring See Microsoft
  • LinkedIn — professional identity layer of Microsoft ecosystem See Social Platforms

Lower risk: verified

  • Signal — open source end-to-end encrypted by default minimal data collection
  • ProtonMail — Swiss servers end-to-end encrypted email

Lowest risk:

  • Local AI running on your own hardware — zero data leaving your machine
  • Open source tools with no cloud dependency
  • Obsidian local vault — your notes stay on your device

Important update on Telegram: Telegram is no longer a lower risk option. Following Pavel Durov’s arrest in August 2024 Telegram amended its policy to share user IP addresses and phone numbers with law enforcement. In Q1 2025 alone Telegram handed over data on 22,777 users globally. Default chats were never encrypted. Use Signal instead. See Social Platforms verified

iPhone Hardening

These steps significantly reduce exposure without breaking functionality: #verified

Do these now:

  • Settings → Privacy & Security → Tracking → Turn off Allow Apps to Request to Track
  • Settings → Privacy & Security → Location Services → Set each app to Never or While Using only
  • Settings → Your Name → iCloud → Turn on Advanced Data Protection (encrypts iCloud backup end-to-end — Apple cannot hand it to anyone)
  • Use Safari not Chrome (Safari blocks trackers aggressively)
  • Use DuckDuckGo or Brave Search instead of Google

For maximum protection:

  • Settings → Lockdown Mode → Enable (some apps will not work properly — use judgment on whether you need this)

iMessage: Genuinely end-to-end encrypted. Apple cannot read your messages — unless you back up to iCloud without Advanced Data Protection enabled. Enable Advanced Data Protection. Problem solved. verified

Apple Maps over Google Maps: Apple Maps is architecturally designed to avoid storing personal location data. Apple has stated it is technically unable to comply with geofence warrants. The EFF confirmed this. This is the single most impactful daily habit change for location privacy. See Map Applications & Location Tracking

Mac and Computer Hardening

Browser:

  • Firefox with uBlock Origin extension kills the Meta Pixel and most trackers
  • Brave Browser as alternative — blocks ads and trackers by default
  • Avoid Chrome — collects 20 data types vs 6 for competitors See Google & Alphabet

VPN:

  • Use a paid VPN — free VPNs sell your data defeating the purpose
  • Mullvad or ProtonVPN are audited and trustworthy
  • A VPN hides your traffic from your ISP and from sites you visit but does not make you anonymous — the VPN provider can see your traffic

Email:

  • ProtonMail — end-to-end encrypted Swiss servers strong legal protections
  • Avoid Gmail for sensitive communication — Google scans content for AI training See Google & Alphabet

Windows users:

  • Use O&O ShutUp10++ to control Windows telemetry settings beyond what Settings allows
  • Do NOT enable Microsoft Recall when prompted See Microsoft

System:

  • System Settings → Privacy & Security → Review every app’s permissions
  • Turn off voice assistants (Siri Cortana) if not used

Communication

For private conversations: verified Signal — gold standard. Open source. End-to-end encrypted by default for all messages calls and group chats. Disappearing messages available. When the US government subpoenaed Signal in 2021 they produced two data points — account creation date and last connection date. That was all they had.

For private notes: Obsidian local vault — not synced to cloud. Your notes exist only on your device.

For private email: ProtonMail — end-to-end encrypted. Based in Switzerland. Strong legal protections.

What to avoid for sensitive communication:

  • WhatsApp — message content encrypted but metadata fully harvested by Meta
  • Telegram — default chats not encrypted now cooperates with law enforcement
  • Discord — not encrypted government requests fulfilled

Local AI

Running AI locally on your own hardware means zero data leaving your machine. No conversation logged. No training on your queries. Complete privacy.

Install Ollama — free and open source. Available at ollama.com Works on Mac Windows and Linux. 8GB+ RAM recommended.

For a cleaner interface LM Studio (free) works on top of Ollama and gives you a chat interface running entirely on your machine.

The best current free local models:

  • Llama 3.2
  • Mistral 7B
  • Phi-4 Mini

The irony: the most private AI models are made by the same companies documented in this vault as surveillance operations. The models run locally. The companies do not receive your queries. The technology is separable from the corporation in this case. verified

The Most Powerful Protection

All of the above is useful. None of it is the most powerful protection available.

The most powerful protection is understanding the system.

A person who understands how the Meta Pixel works makes different choices. A person who understands that Telegram handed over 22,777 users’ data in three months uses Signal instead. A person who understands that their deleted ChatGPT conversations are preserved under federal court order thinks before typing.

Knowledge changes behaviour. Changed behaviour changes the profile. A changed profile is harder to predict. An unpredictable profile is less valuable to the system.

That is the loop this vault exists to interrupt. See Surveillance Capitalism

Linked Notes

Surveillance Capitalism · Meta · Google & Alphabet · Apple · Microsoft · TikTok · X & xAI · Spotify · Social Platforms · Map Applications & Location Tracking · The Managed World · The Planetary Nervous System · Palantir · OpenAI · SRC - Digital Privacy

Graph View

Backlinks