I-330 - Posts

Posted: December 28, 2025 by I-330

A Beginners Guide to Privacy in the Digital Age

The Problem :

In today's digital age individual privacy has degraded so far that it's effectively a joke. Every website you visit, every app you download, every account you create and every message you send is logged, indexed, and analyzed to build a comprehensive digital profile on you. Massive data collection companies like Palantir make a business out of buying as much unique identifiable information as they can about you, then using that data however they (or their clients) see fit. These clients, btw, include federal government agencies who use these data collection services for monitoring immigrants, planning military strikes, and choosing who gets to live and who gets to die.

To put in perspective the amount of data collected by just Palantir and their partners like Meta and Google, here are each of their privacy policies broken down into short lists. This is the bare-minimum information you are giving them to do whatever they'd like every time you use the internet, social platforms, and even your personal device.

Palantir Condensed Privacy Agreement

(link)
Contact Data: Name, address, email address, telephone number, mobile phone number, country of residence and social media handles. We may collect this information directly from you, your employer, from publicly available sources, our third-party partners who provide networking contact information, or indirectly through a third-party partner such as if we have co-hosted an event with them.

Professional Data: Company name, occupation contact details, occupation, employment history, areas of expertise, your experience with Palantir products and services. We may collect this information directly from you, your employer, from publicly available sources, our third-party partners who provide networking contact information, or indirectly through a third-party partner such as if we have co-hosted an event with them.

Transaction Data: Products and/or services purchased, licenses purchased, types of products or services of interest, information provided in the course of the purchase or attempted purchase of Palantir products or services, eligibility information such as whether your company is a customer of Palantir this can be collected when you purchase products and services from Palantir.

Payment Data: Payment or billing information (including tokenized payment details, as necessary). We may collect this information in the course of signing up for a Palantir product or service or through the use of our website to purchase Palantir products or services.

Technical data: IP address, operating system, browser information, user agent. identifiers such as cookie IDs (see Cookies and Tracking Technologies below, and our Cookies Statement), mobile device ID, Wi-Fi data, interactions with Palantir websites, authentication credentials, communications and promotional materials are collected automatically when you interact with Palantir websites or third-party platforms hosting Palantir content. For example, when we send marketing communications, we may collect data on whether you have opened a marketing communication you have received, or whether you clicked on any links in the message.

Training and Educational Data: This can include registrations for courses, assessments signed up for and/or taken, the results of same, and certifications issued. We may collect this information when you sign up for a training or certification program, or it may be generated once you have taken part or completed a training or certification event.

Communication Data: Messages, correspondence and other data created, or generated, by you when communicating with Palantir via post, SMS, e-mail, posts on Palantir or third-party channels, forums, social media platforms, other third-party platforms, or other means of electronic communication. We may collect this information when you interact with Palantir or Palantir employees, contractor, agents, third-party service providers and partners- for example through providing feedback or sharing your experiences of our products and services with us.

Government Identifiers: Government or state issued photographic identification documentation such as passport or driver license – for example when you provide it in the course of verifying your identity.

Audiovisual Data: Image, voice – including photographs, images and audio and video recordings – collected through security and monitoring systems or recorded during events, for example, when you participate in a Palantir or Palantir-affiliated event, visit a Palantir office or present at a seminar hosted by Palantir.

Inferred Data: Preferences, likelihood of interest in Palantir products and/or services. Data generated by combining data (such as Contact Data, Professional Data, Transaction Data, Technical Data and Communication Data) collected by Palantir with information obtained from third parties (such as Contact Data, Professional Data, Transaction Data, Technical Data and Communication Data), including partners and publicly available sources, which assist with the sale of products or services, compliance with laws, and that detect, prevent and otherwise address fraudulent, deceptive, or illegal activity.

Google Condensed Privacy Agreement

(link)
Device Information: We collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google may associate your device identifiers or phone number with your Google Account.

Log information:
▸ details of how you used our service, such as your search queries.
▸ Telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.
▸ IP Address.
▸ Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
▸ cookies that may uniquely identify your browser or your Google Account.

Location Information: When you use Google services, we may collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and cell towers.

Unique application numbers: Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

Local storage: We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Cookies and similar technologies: We and our partners use various technologies to collect and store information when you visit a Google service, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services we offer to our partners, such as advertising services or Google features that may appear on other sites. Our Google Analytics product helps businesses and site owners analyze the traffic to their websites and apps. When used in conjunction with our advertising services, such as those using the DoubleClick cookie, Google Analytics information is linked, by the Google Analytics customer or by Google, using Google technology, with information about visits to multiple sites.

Meta Condensed Privacy Agreement

(link)
App, Browser and device information
▸ What you’re doing on your device, like whether our app is in the foreground or if your mouse is moving
▸ Identifiers that tell your device apart from other users’, including Family Device IDs.
▸ Signals from your devices (i.e. GPS, Bluetooth signals, nearby Wi-Fi access points, beacons and cell towers.)
▸ Some location-related information, even if Location Services is turned off in your device settings. This includes using IP addresses to estimate your general location.

Information from partners, vendors and other third parties:
▸ Your device information
▸ Websites you visit and cookie data, like through Social Plugins or the Meta Pixel
▸ Apps you use
▸ Games you play
▸ Purchases and transactions you make off of our Products using non-Meta checkout experiences
▸ Your demographics, like your education level
▸ The ads you see and how you interact with them
▸ How you use our partners’ products and services, online or in person

Simply by agreeing to any of the above policies, three of the largest data brokers in the world can record nearly everything you do, everywhere you go, and everything you say online. On top of that, they can use that personal information however they see fit because you clicked that little "I agree" box when making your first Google/Facebook account. Do you really want your face, habits, and online activities to be used to train military AI, push more advertisements and destroy long-standing careers ? (Sorry, but not everybody wants to be a Data Scientist or a Farmer).

These agreements alone only cover a small fraction of the data these companies collect. Google, Palantir, and Facebook all aggregate data from thousands of smaller companies, often paying them for bits of your personal information. Even if you're browsing a page completely unrelated to one of these companies, if they have ads there is a good chance that your activity on the site has been recorded. Most of the time, smaller websites and businesses don't even realize that they sell your data because they click through terms and conditions just as quickly as anyone else.

So What Can You Do? :

Realistically the limiting factor to personal privacy is on the individual level. Corporations and data brokers pray on people being willing to trade privacy and security for convenience. Companies like Google and Facebook go out of their way to make user experiences more and more unbearable until people cave to their terms. While commonly-advertised services like NordVPN and Incogni like to market the idea of a one-click fix for online privacy, they often share just as much data as every other site.

To put how prevalent this issue is into perspective, you could have the latest phone with security protection on, an active VPN, all in incognito mode, and you can still easily be uniquely identified. Sites like amiunique.org are a great tool in emphasizing this issue. The sheer number of ways that websites can track users is almost overwhelming.

Probably the best thing you can do before delving into technical solutions to this issue is limit the amount of information you willingly give to apps, social platforms, and companies. This means don't give your email out every time you're asked, opt out of data sharing whenever and wherever you can, and limit the things you share. Every "private" message not encrypted can be used by these companies effectively however they'd like. Once you sign their ToS, you are giving full rights for said company (and any partnered companies) to do whatever they'd like with every piece of info you upload.

Even if you think "Oh but {example} company is different; their ToS says they won't read my messages or share my data." while that may be true when you first sign, all a company has to do is add one new clause giving them the right to change their ToS or one pop-up asking you to "Accept our new privacy agreement" for all of that trust to be retroactively erased.

This isn't limited to just apps & websites; if you give the Domino's employee your email, even that data will likely be sold. If you buy a plane ticket from Delta, expect all of the information you enter to either be sold or made availabe to goverment organizations. Corporations are not required to act ethically with your information.

Despite the absurdity of this issue, maintaining good privacy practices is possible with the right mental and technical approach. The important thing is to think about the information you share and whether you really want the world to have it. Little things can add up fast, and the biggest way to stop it is by not giving away everything that makes you you.

Device Fingerprinting :

So you've changed how you use the web; you're using trusted platforms, and you're careful about what info you share with apps and websites. How could you still be tracked? Well thanks to a wonderful technology called device fingerprinting, figuring out what you're doing online is surprisingly easy. Even when you're in incognito mode, searching Google from your ★cool secure VPN service★ you can be de-anonymized by something as simple as a font installed on your computer or by the unique selection of apps you have installed on your phone. Hell, even the way you type can identify you.

Thankfully, there are some ways you can get around this sort of fingerprinting. The easiest is to find yourself a browser with ideally both fingerprint-resistance and a strict cookie policy. While this on its own may not be enough to make you completely private, by just using a decent VPN, a secure browser, and a trusted device, you can block most online website fingerprinting.

App Security :

Another way in which companies are able to record your data is through app trackers. These are small services inside apps that record all of the interactions you make while you use a mobile application. This may include the links you clicked, how long you looked at a video, the things you like, and the content you upload yourself. You can use sites like Exodus Privacy to see what default trackers and permissions an app has before installing it. You'd likely be surprised by how many inconspicuous apps contain trackers from some major data brokers.

It's also important to remember that when you give an app permissions to access something like your location, your camera, or your files, you are also giving the trackers within that app permission to view this data. If you don't want Facebook Ads to have access to your location 24/7, don't enable always-on location in apps that include their trackers. That goes with all permissions; consider when you press allow for certain permissions and apps if it really needs them. Do you really want TikTok to view your entire contacts list, and do you really want Instagram to have access to your exact location when you're scrolling reels?

System Security :

Admittedly, this section is a bit more difficult to write about because every person is going to have different needs regarding their devices. Some "secure hardware/operating-systems" can actually make you stand out more than you would by default. Some Android operating systems like /e/os have added privacy and security protections that other OEM distributions of Android do not. While this does provide the ability to block trackers much more easily, it also makes a device much easier to fingerprint by default. This is because the fonts, rendering pipelines, and firmware differ ever so slightly from OEM installs of Samsung/Google Android.

This isn't to say that using a security-focused OS is a bad thing, but rather if you aren't using it in conjunction with other tools like a VPN and a secure browser, you may actually identify yourself more than you normally would. Educate yourself and do research into the sites, services, and devices you use on a daily basis.

The same applies to desktop operating systems. If you're using the latest MacOS on an Apple computer, you will likely blend in much better online than the FreeBSD + CWM + Thinkpad user would. Just like with custom Android versions, be mindful that unless you are also using anti-fingerprinting tools, switching to an atypical OS like Linux or BSD may actually expose you more than you were before.

Speaking of Linux, if you want to avoid the built-in Microsoft/Apple telemetry that ships with their operating systems, Linux does provide a much more private desktop experience. Unlike Windows which sends a lot of identifiable information, most Linux distributions send little-to-no telemetry data from your system. This means companies like Microsoft don't get a "backdoor" into your browsing and application habits.

If you do decide you want to make the switch away from Windows, be wary of Linux/BSD recommendations you see online. For a quality beginner-friendly desktop experience, try out distributions like Mint or ZorinOS. These distros work out of the box with easy-to-use app stores and pre-installed apps.

Location and Laws :

The country/state in which you live arguably plays the largest role in the level of power companies have over your data. For example, if you live in the European Union, you are covered by the GDPR. This law heavily limits the amount of information companies can collect, share, and sell from users living in the EU. While not all companies respect GDPR, most major tech companies follow it.

If you live in the US, digital privacy laws are a bit more vague. Depending on the state you live in, you may have more or fewer rights regarding the collection of your data as well as the types of content you are allowed to see. The IAPP has a helpful page that covers the protections afforded in each US state. Sadly as a whole, the United States has a long way to go in order to catch up with many European nations when it comes to online privacy and consumer rights.

Conclusion :

While there are many technical rabbit holes you can go down to decrease your digital footprint and tracking, the biggest changes you can make are individual ones. Think about the information you willingly provide to these data brokers; every small drop in the bucket adds to the greater profile these companies build around you. At the end of the day, when you use these platforms and services, consider what you're willing to share. Would you want your current government and corporations to have access to the things you say, the places you go, and the searches you make?