Corporations are spying on us more than ever before. There are the usual suspects such as Google, Facebook, Microsoft and Apple. But these days, corporations spy on us not only in the digital realm, but the physical one as well. Household appliances such as fridges, washing machines and so on send tons of data back to manufacturers. In one particularly egregious case, a Roomba vacuum cleaner recorded a woman in the toilet, with the screenshots somehow ending up on Facebook.

Meanwhile, cars these days are riddled with cameras, microphones and an array of censors to collect all sorts of data. Nissan, for instance, says in its privacy policy notice that it can collect information on users’ sexual activity, health diagnosis data, and genetic information. It can further use the data collected to create a profile of a consumer’s preferences, characteristics, behaviour, intelligence and attitudes. And this is just one of 25 car brands Mozilla points out in its Privacy Not Included Report.

Companies engage in this creepy behaviour to make money. They use the data to profile users for advertising, either directly, or by selling it to data brokers, who then sell it to other companies. Another, more recent way to monetise data is to sell it to AI companies, which use it to train their models.

This is all rather unsettling, and people understandably want governments to step in and impose regulations. Governments, however, violate our privacy in even worse ways, sometimes in collaboration with these same corporations.

Government: A cure worse than the disease

Around the world, governments have instituted mass surveillance programmes to keep tabs on the population. They track everything everyone does on the internet, from social media activity, to what files we download, our browsing histories, and more. They have also covered our cities with cameras, using facial recognition technology to track our every move. In France, the government recently passed a law allowing law enforcement to remotely activate mobile phone cameras and microphones to spy on people.

Additionally, they make laws requiting private companies to spy on customers. For instance, the government of India mandates ISPs, telecommunication providers, VPN services, social media companies and a host of other companies to collect and store user data for at least six months.

The government has also pushed Aadhar into every aspect of Indian people’s lives. Opening a bank account, signing up for a mobile number, getting admisison to school or college, almost everything these days needs to be linked with Aadhar, allowing all pervasive surveillance into our lives. Governments in other countries are in the process of implementing similar schemes, with the help of the UN and the world bank.

Governments in the US, UK, India and other countries have also tried to ban encryption and VPN, two crucial technologies for protecting privacy.

Moreover, while corporations usually spy on us to show us advertisements and make money, governments do so to exert control. They spy on their critics and political opponents, hoping to find something to either discredit or imprison them. This sort of mass surveillance has a chilling effect, causing people to censor themselves in fear of reprisals. It also deters people from joining certain activist groups, or looking at certain websites or articles online.

In the US, governments in some states also use phone location data, search histories, messages and data from period tracking apps to ensure that women are not getting abortions, or to punish them if they do.

It is no wonder that even when laws are made to regulate corporate spying, they give broad exemptions to the government. This can be seen in the case of the EU’s GDPR law, as well as India’s recent data protection law, both of which don’t apply to law enforcement. Both of them, while doing little to protect privacy in ways that matter, act as censorhip tools. In the case of the GDPR, people can make search engines to remove articles that they find unflattering. Politicians in Romania, Hungary and Slovakia have used it to prosecute journalists reporting on government corruption.

Similarly, India’s Digital Personal Data Proteciton Bill allows the government to compel journalists to reveal their sources, and deny RTI claims under the pretext of privacy.

An Unholy Union

In many cases, corporations and governments work together to spy on people. The most famous example of this is the Pegasus software, which governments use to hack into people’s phones. Peter Thiel’s Palantir is another despicable company, that helps the NSA track basically every internet user 24/7.

In other cases, law enforcement agencies use corporations as a means to bypass people’s constitutional protections. For instance, the NSA might need a warrant to spy on someone, but they need no permission to buy data from a corporation that spies in their stead. Until 2024, Amazon Ring would share doorbell camera footage with law enforcement without warrants or user consent.

Similarly, pharmacies share people’s medical records with police without any warrants or court orders. In India, WhatsApp, X, Instagram and other social media platforms gave free access to Jammu and Kashmir police for tracking “anti-national” elements.

Whom can we rely on?

As we have seen, legislation does far more to undermine privacy than it does to preserve it. Rather than relying on politicians, we must instead rely on innovations that will prevent both corporations and governments from prying into our lives.

Chief among these is open source, which allows anyone to study and modify a piece of hardware or software. This has two advantages. First, developers will not usually create backdoors or spyware in their products, because they will be caught immediately. Second, even if they are foolish enough to do so, someone else can quickly release their own version without it.

This is exactly what happened in 2012 when Canonical, the developers of Ubuntu, added an Amazon extension into the operating system. It would send local search queries to Canonical’s servers, which was a big problem for the privacy conscious user base. While the UK government ruled that it was perfectly fine, users simply switched to Linux Mint, Debian, Fedora or other competing distributions. A few years later, Canonical finally got the message and removed it.

We can all replace spyware with open source alternatives. Instead of Windows or MacOS, use Linux. If you absolutely must use social media, use Mastodon and Pixelfed instead of Twitter and Instagram. Ditch Gmail for Protonmail, which offers end-to-end encryption and a private inbox that even Proton cannot access. Use Signal instead of WhatsApp.

Open source often fuels other useful innovation. For example, most Linux distributions today include full disk encryption out of the box. This means that even if my computer gets stolen, the thieves cannot access my files. While Windows got a similar feature later, it costs extra and is difficult to use.

Or think of browsers such as Brave, which block tracking and fingerprinting by default and make it harder for websites to identify users.

Even in the case of hardware, there are steps being taken to create open source computers, phones and even cars and motorcycles. Their open nature ensures that nobody can install spyware on them without being caught.

Fearsome as big tech is for those of us who care about privacy, the unholy union of big tech and government is far more terrifying. Ultimately, innovation, not legislation, will protect our privacy from both corporations and governments.