Surveillance

The Invisible Panopticon: Why Privacy is No Longer the Default

Cynthia Toporowski

Cynthia Toporowski

4 min read
The Invisible Panopticon: Why Privacy is No Longer the Default
Photo by Maxim Hopman / Unsplash

The world has taken a sudden, dark turn over the past several years. Governments are pushing for mandatory digital ID systems and demanding backdoors into encryption. The very institutions meant to serve the public are now openly partnering with billionaires and their corporations to build the largest surveillance dragnets the world has ever seen—and they are just getting started.

None of this should come as a surprise to those of us who have been fighting for online privacy for decades. Organisations like the EFF, thinkers like Cory Doctorow, whistle-blowers like Edward Snowden, and groups like Privacy International have been sounding the alarm for years. They have documented, often in painstaking detail, the steady erosion of our digital freedoms. Yet, until recently, the public has done little to push back.

But those early warnings were just the warm-up—a test of what was politically possible. Now, the machinery of mass surveillance is fully operational, and it is being handed to companies with minimal accountability and little regard for human rights.

For instance, the surveillance giant Palantir has already amassed data on virtually every American and the majority of people abroad. Its systems are used and abused by ICE and have access to sensitive government databases, including the Department of Health and Human Services (HHS). Its AI tools are used to determine whom to target in war (including in Palestine) and to track protestors authorities would rather silence.

When discussing the deployment of his company's technology in active military conflicts, Palantir's CEO, Alex Karp, openly stated, "[...] our technology is used, on occasion, to kill people," and, chillingly, "Feeling safe means the other person is scared." Even within a battlefield context, these words read like a dystopian corporate mission statement.

Meanwhile, people are willingly handing over their entire lives, including confidential information, to AI systems that struggle to secure their own data. AI agents are on the rise, but they are vulnerable to prompt injection, meaning a single malicious message or webpage could let an attacker hijack your device. Your personal AI assistant is fundamentally insecure, yet these products keep being rushed to market for profit.

Take Perplexity's Comet or OpenAI's ChatGPT Atlas browsers as examples. You do not need to dig deep to see how fragile these AI-integrated systems are against indirect prompt injections and local file access exploits. To make the situation worse, the centralized architecture of AI systems means your data is never truly gone. Even when users explicitly delete their information, it remains vulnerable. For instance, OpenAI was recently court-ordered to retain all ChatGPT logs, including deleted chats, to comply with ongoing copyright litigation. While this is standard legal procedure to preserve evidence, it exposes a massive vulnerability: your private conversations are quietly sitting on corporate servers, waiting to be swept up in judicial discovery. This reality normalizes the hoarding of user logs, making it easier for companies to permanently retain vast datasets under the guise of training needs or vague appeals to user safety.

Then there is Flock Safety, a company whose AI-powered cameras are spreading across the US and starting to appear abroad, including in Canada. 404 Media revealed that Flock left its systems completely unsecured, allowing anyone on the internet to remotely access and watch live feeds. Fewer than 100 cameras were exposed, but that does not diminish the impact.

With facial recognition and OSINT tools, an attacker could have aggregated footage from all exposed cameras to identify individuals, their credit scores, marital status, professions, and where they grew up. They could watch children playing unattended. Even if these devices were secured, law enforcement has repeatedly been caught abusing access to these systems, not to protect public safety, but to target dissent.

We know our governments—especially the US—routinely break international law. Read Edward Snowden’s gut-wrenching blog post detailing just a few of the CIA’s atrocities since its founding. Or consider Chelsea Manning, a whistleblower prosecuted for exposing American war crimes.

Big Tech is in bed with surveillance companies. Surveillance companies are in bed with governments. It is a closed loop of power, profit, and control. Even in places like Europe, where surveillance is more strictly regulated, numerous government officials globally are floating the idea of encryption bans, pushing for encryption backdoors, and mandating on-device CSAM scanning that ultimately undermines end-to-end encryption.

The point is this: we are living in dark times for privacy. Users are under siege from corporations, governments, and systems designed to extract and exploit. The only ones pushing back are small nonprofits, independent journalists, and grassroots advocacy groups.

Yes, it looks grim, but these groups are not confined by borders or beholden to national interests. They exist in every country and are connected by shared values and a common mission. They are building tools, spreading knowledge, and defending the right to be left alone—not just for some, but for all. They are proving that resistance is still possible.

Nym, Mullvad, Tor, Proton VPN and Obscura are opening the doors to a free and open internet—one that governments cannot block, thanks to resilient technologies like AmneziaWG and QUIC.

Every day, more users are choosing to opt out of Big Tech, turning instead to encrypted email, calendars, messengers, and notebooks. More companies are beginning to offer privacy-respecting alternatives, finally recognising that trust is not just ethical—it is sustainable.

We are strongest not when we move as one, but when we remain diverse: a distributed network of builders, activists, and users, each advancing privacy in their own way. We innovate in isolation yet converge on the same principles. We build on each other’s work, acknowledge progress, and push further. We work together to oppose any attempt to infringe on our human rights.

This is not a fight that can be won in a single victory. It is a continuous act of creation, defence, and refusal to surrender the ordinary right to disappear.

Read more