Consumer Privacy & Opsec
What surveillance actually looks like in 2026, what data is collected about you, and what you can do about it.
17 posts in this cluster
How 200 Companies Learn Everything About You in 100 Milliseconds
Real-Time Bidding broadcasts your browsing data to hundreds of companies in under 100ms per page load. A deep dive into browser fingerprinting, cross-device tracking, and online profiling with data privacy implications.
Your Ring Doorbell Gave Police Your Footage 11 Times Without Asking
Amazon Ring's integration with Axon and 2,500+ US police departments turned consumer doorbells into a warrantless surveillance grid. A data privacy and consumer cybersecurity investigation with opsec guidance.
Facebook Built a Profile on You Even If You Never Signed Up
Facebook maintains detailed shadow profiles of non-users through contact uploads, pixel tracking, and data broker feeds. You can't opt out of profiles you never agreed to create. A data privacy and consumer cybersecurity investigation.
20 Billion Scans a Month: The Camera Network Watching Every Car
Flock Safety ALPR networks cover 4,000+ US municipalities. Your car's movement is logged without a warrant and shared across jurisdictions. A data privacy and surveillance explainer with opsec guidance.
Your Car Knows Where You Went Last Tuesday at 3:47 PM
Modern cars collect driving data, location history, voice recordings, and biometric data. Insurance companies buy it through telematics brokers. A consumer cybersecurity and data privacy deep dive into automotive surveillance.
Your Smart TV Takes a Screenshot Every Half Second
Smart TVs run Automatic Content Recognition (ACR) that fingerprints every frame on your screen, including content from HDMI inputs. Samsung, LG, Vizio, and Roku all face lawsuits over this surveillance. A consumer cybersecurity and data privacy explainer.
VPN Reality Check: Who Actually Logs, Who Actually Protects
VPN marketing claims "military-grade encryption" and "complete anonymity." The reality is much narrower. A ranked breakdown of audited providers (Mullvad, Proton, IVPN, OVPN), providers caught lying in court, sketchy parent companies, and what a VPN can and cannot protect against in your actual threat model.
Encrypted Messengers Ranked: Signal vs WhatsApp vs iMessage vs Telegram vs Matrix
Not every 'encrypted messenger' is actually encrypted. A practical comparison of Signal, WhatsApp, iMessage with ADP, Telegram, Matrix, Session, and SimpleX — including metadata exposure, jurisdiction, open-source status, and E2EE default behavior for data privacy decisions.
Seven Government Surveillance Powers You Have Never Heard Of
Geofence warrants, keyword warrants, tower dumps, Stingrays, NSLs, and Section 702 are the surveillance mechanisms that don't require a classical warrant. A comprehensive data privacy and opsec investigation into modern government surveillance.
ICE Built a $300 Million Surveillance Machine
ICE's $22 billion surveillance apparatus integrates DMV records, utility data, Palantir Gotham, and data broker feeds. A data privacy and surveillance investigation with consumer cybersecurity implications.
Digital Forensics: Exactly What They Can Pull From Your Devices
Cellebrite and GrayKey extract every message, location, authentication token, and deleted file from your phone — when the device is in AFU state. A digital forensics deep dive into mobile security, BFU/AFU extraction, and GrapheneOS hardening.
What Police Can Actually Extract From Your Phone in 2026
Cellebrite and GrayKey extractions pull every message, photo, location, and authentication token from your phone. A digital forensics and consumer cybersecurity guide with opsec hardening tips.
Your iPhone Remembers Your Signal Messages Even After You Delete Them
Signal notifications on iOS expose message previews that survive device extraction even with disappearing messages enabled. A mobile security and digital forensics hardening guide.
Apple's Secret Feature That's Breaking Police Forensic Tools
Apple's iOS 18.1 Inactivity Reboot feature automatically returns iPhones to BFU state after 72 hours, blocking Cellebrite extractions. The biggest blow to mobile forensics since Secure Enclave. A mobile security and digital forensics analysis.
Your Government Buys Your Data Instead of Getting a Warrant
When the Fourth Amendment doesn't apply, government agencies buy your data from brokers. A comprehensive investigation into government surveillance workarounds and data privacy.
Passkeys vs Hardware Keys vs SMS 2FA: The Real Comparison
SIM swap attacks have stolen over $200 million from SMS 2FA users. Passkeys and hardware security keys are unphishable. A ranked comparison of every 2FA option: SMS, email, TOTP, push, passkeys, and FIDO2 hardware keys — for consumer and enterprise authentication security.
MinIO: When Your S3-Compatible Storage Lists Everything
MinIO is S3-compatible object storage widely used in self-hosted cloud deployments. Misconfigured anonymous access policies expose entire buckets to listing and download. We walk through detecting and remediating this during S3 and object storage penetration testing.
Jump to another topic
Apply this research to your environment
Our engagements apply the same research methodology surfaced in these posts to your specific stack. Start with a free security check.