The Surveillance Economy
747
Times Your Data Is Shared / Day
$250B
Global Surveillance Industry
4.7B
Internet Users Monitored
71
Countries Use Internet Shutdowns
53%
Global Population in "Not Free" Internet
0
U.S. Federal Privacy Law (Still None)
GDPR
EU: $4.3B in Fines Since 2018
Every click, search, location ping, and purchase is collected, packaged, and sold. Data brokers sell your location history for $0.01 per person. The NSA collects metadata on every phone call in America (revealed by Edward Snowden, 2013). China's Great Firewall censors the internet for 1.4 billion people. Russia blocks VPNs and independent media. Even democracies — the U.K., Australia, India — are expanding surveillance powers and weakening encryption. The right to be left alone is disappearing in every country, from every direction, by every institution.
Your Data × No Consent × No Compensation = $240B Industry
You are not the customer. You are the product. Your data generates $240B/year in revenue. You receive $0. You didn't consent. You can't opt out. And in most countries, it's perfectly legal.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
— Edward Snowden
The Leaderboard
| # | Entity / System | Category | Truth | Value | Coher. | Privacy | Transp. | Labor | Score | Grade |
|---|
| 1 | Signal (E2E Encryption) | Privacy Tool | 82 | 78 | 85 | 95 | 88 | 55 | 80.5 | A- |
| 2 | EU GDPR Framework | Regulation | 65 | 68 | 62 | 72 | 70 | 55 | 65.3 | C+ |
| 3 | Tor Project / Firefox | Privacy Tool | 72 | 70 | 75 | 85 | 78 | 48 | 71.3 | B- |
| 4 | EFF / ACLU (Digital Rights) | Non-Profit | 80 | 75 | 78 | 82 | 80 | 52 | 74.5 | B |
| 5 | Apple (Privacy Stance) | Big Tech | 45 | 40 | 42 | 55 | 38 | 30 | 41.7 | D+ |
| 6 | U.S. Government (NSA / FBI / FISA) | State | 10 | 15 | 5 | 5 | 5 | 35 | 12.5 | F |
| 7 | Google (Data Collection) | Big Tech | 15 | 20 | 8 | 8 | 12 | 40 | 17.2 | F |
| 8 | Data Broker Industry | Industry | 5 | 8 | 3 | 3 | 3 | 20 | 7.0 | F |
| 9 | NSO Group (Pegasus Spyware) | Spyware | 3 | 5 | 3 | 2 | 3 | 15 | 5.2 | F |
| 10 | China (Great Firewall + Social Credit) | State | 2 | 5 | 5 | 2 | 2 | 12 | 4.7 | F |
| 11 | Clearview AI (Facial Recognition) | Surveillance | 5 | 5 | 3 | 2 | 3 | 18 | 6.0 | F |
The Verdict
China (4.7) and NSO Group (5.2) occupy the bottom — state censorship and mercenary spyware. The U.S. government (12.5) operates warrantless mass surveillance revealed by Snowden, rubber-stamped by FISA courts (99.97% approval rate). Google (17.2) tracks your location even when you turn tracking "off" (settled for $392M). Data brokers (7.0) sell your health data, location history, and browsing habits — no consent required, no law preventing it. Signal (80.5) and the EFF (74.5) prove privacy tools and digital rights advocacy work. The EU's GDPR (65.3) — imperfect but the only major framework — has fined Big Tech $4.3B. The U.S. still has no federal privacy law.
Individual Audits
Key Violations
Privacy Inversion (#85, 94)Conscious Betrayal (#104, 100)Policy of Secrecy (#41, 89)Awareness Suppression (#93, 98)Institutional Gaslight (#46, 98)
Coherence: 5. The agency sworn to protect the Constitution conducts warrantless surveillance on the people it's sworn to protect. In 2013, Edward Snowden revealed that the NSA was collecting metadata on virtually every phone call in America (PRISM), tapping undersea fiber optic cables (UPSTREAM), and building a searchable database of global internet activity (XKeyscore). Director of National Intelligence James Clapper lied to Congress under oath, testifying that the NSA did "not wittingly" collect data on Americans. This was false. No charges were filed against Clapper. Snowden — who exposed the lie — was charged under the Espionage Act and forced into exile. The FISA Court, created to provide judicial oversight, approved 99.97% of surveillance requests from 1979–2019 (33,942 approved, 12 denied). Section 702 of FISA was renewed in 2024 with expanded authorities. The NSA's own internal audits found thousands of compliance violations — warrantless searches of Americans' communications — that were never reported to the FISA Court. The Fourth Amendment guarantees protection from unreasonable searches. The NSA's programs search everyone, all the time, without probable cause. The coherence between the Constitutional oath and the surveillance apparatus is zero.
Key Violations
Awareness Suppression (#93, 98)Privacy Inversion (#85, 94)Conscious Betrayal (#104, 100)Fear Farming (#36, 97)Division Engineering (#37, 99)Intentional Harm (#31, 100)
Privacy: 2. Truth: 2. The most comprehensive censorship and surveillance system in human history. The Great Firewall blocks Google, YouTube, Facebook, Twitter, Wikipedia, and thousands of other sites. WeChat (1.3B users) is fully monitored — messages, payments, location, and social connections are accessible to state security. The social credit system assigns scores to citizens based on behavior: jaywalking, "unpatriotic" social media posts, associating with low-scoring individuals, or criticizing the government all reduce scores. Low scores restrict travel, employment, education, and housing. In Xinjiang, the Uyghur minority is subject to what the UN has called "serious human rights violations" — mass surveillance using facial recognition, forced biometric collection, internment camps documented by satellite imagery, and predictive policing algorithms that flag "suspicious" behavior like praying or growing a beard. An estimated 1–1.8 million Uyghurs have been detained. Surveillance cameras in China: 626 million (1 for every 2.3 people). The system is not broken. It is the most technically sophisticated censorship and control apparatus ever built, and it works exactly as intended.
Key Violations
Intentional Harm (#31, 100)Privacy Inversion (#85, 94)Conscious Betrayal (#104, 100)Exploitation (#33, 96)
Privacy: 2. Mercenary spyware sold to governments that used it to target journalists, dissidents, and murder victims. NSO Group's Pegasus spyware can silently take complete control of a smartphone — reading messages (including encrypted ones), activating cameras and microphones, tracking location, and extracting all data — without the user clicking anything (zero-click exploit). The Pegasus Project (2021), a collaboration of 80+ journalists, revealed that NSO's clients had selected 50,000+ phone numbers for potential surveillance. Targets included: journalists investigating corruption (including associates of murdered Saudi journalist Jamal Khashoggi), human rights activists, opposition politicians, lawyers, and heads of state (including France's Emmanuel Macron). NSO claims it only sells to "vetted governments" for "fighting terrorism." The evidence shows it was used against the very people who hold governments accountable. Apple sued NSO Group. The U.S. Commerce Department blacklisted them. WhatsApp won a lawsuit against NSO for hacking 1,400 users. Yet the spyware industry continues to grow — Intellexa, Candiru, and others fill the gap. The mercenary surveillance industry is worth $12B+ and operates with virtually no international regulation.
Key Violations
Privacy Inversion (#85, 94)Compression Theft (#21, 97)Exploitation (#33, 96)Algorithmic Opaqueness (#42, 93)Conscious Betrayal (#104, 100)
Transparency: 3. A $240B industry that most people don't know exists, built entirely on data they never consented to share. Data brokers collect, aggregate, and sell personal data from hundreds of sources: purchase history, location data from apps, public records, social media, web browsing, health app data, and financial transactions. Acxiom alone has profiles on 2.5 billion people. A 2023 Duke University study found data brokers selling the location data of U.S. military personnel, including movement patterns near sensitive facilities. The FTC found that data broker Kochava sold geolocation data precise enough to track visits to reproductive health clinics, addiction treatment centers, and places of worship. Your data is sold for as little as $0.01 per person — but generates $240B in aggregate. You receive no compensation. In most U.S. states, you have no right to see what they have, no right to correct it, and no right to delete it. Vermont and California require broker registration; most states have zero regulation. The EU's GDPR gives citizens the right to access, correct, and delete their data. The U.S. has no equivalent federal law — the most significant regulatory gap in the world's largest economy.
Privacy: 95. The highest privacy score in any FairMind audit. Signal is a non-profit, open-source messaging app with end-to-end encryption by default. When served with a federal subpoena in 2021, Signal could provide only two data points: the date the account was created and the date it was last used. That's all they have. No message content. No contacts. No group memberships. No profile information. Because Signal doesn't collect it. The protocol — developed by Moxie Marlinspike and now used by WhatsApp, Google Messages, and Facebook Messenger — is the gold standard of encrypted communication. Signal is funded by donations (Signal Foundation, established with $50M from WhatsApp co-founder Brian Acton). No ads. No tracking. No data mining. Open-source code auditable by anyone. The coherence (85) reflects that Signal says it protects privacy, and the technical architecture makes privacy violations structurally impossible — not a policy choice, but an engineering decision. This is the FairMind model: you can't violate what you don't collect.
Privacy: 72. The only major legal framework that treats data as belonging to the individual. GDPR established: the right to access your data, the right to correct it, the right to delete it ("right to be forgotten"), the right to data portability, mandatory breach notification within 72 hours, and fines up to 4% of global revenue. Major fines: Meta ($1.3B for transferring EU data to U.S.), Amazon ($887M), WhatsApp ($267M). The coherence (62) is reduced because enforcement is uneven — Ireland, where most U.S. tech companies are based, has been criticized for slow enforcement. But GDPR's structural innovation is foundational: it shifts the default from "your data is ours unless you opt out" to "your data is yours unless you consent." This single principle — consent as default — is the architectural fix that the U.S. lacks entirely. Every privacy advocate worldwide uses GDPR as the baseline. It's imperfect. It's also the only thing standing between 450 million Europeans and the $240B data broker machine.
Privacy: 85. Anonymous browsing at scale — proof that surveillance is a choice, not a necessity. The Tor Project routes internet traffic through multiple encrypted relays, making it nearly impossible to trace. Used by journalists, activists, whistleblowers, and millions of ordinary people in censorship-heavy countries. Tor is open-source, non-profit, and audited by independent researchers. Firefox (Mozilla) blocks third-party cookies by default, offers Enhanced Tracking Protection, and is the only major browser made by a non-profit. Mozilla's annual transparency report details government data requests. Together, Tor and Firefox prove that private, anonymous browsing is technically achievable — the reason other browsers don't offer it is a business model choice, not a technical limitation. Chrome tracks everything because Google's $224B ad revenue depends on it.
Coherence: 78. The organizations that fight for your digital rights when no one else will. The Electronic Frontier Foundation (EFF) and ACLU are the primary legal defenders of digital privacy in the U.S. EFF fought against NSA mass surveillance (Jewel v. NSA), defended encryption rights, created the "Surveillance Self-Defense" toolkit, and publishes annual transparency reports grading tech companies. The ACLU has litigated against warrantless wiretapping, facial recognition, and government hacking. Together they've blocked facial recognition bans in multiple cities, challenged Section 702, and forced disclosure of government surveillance programs. The coherence is high because these organizations exist to protect rights — and they do, consistently, against powerful state and corporate interests. Labor score (52) reflects nonprofit compensation. But these two organizations have done more to protect your digital privacy than any government agency.
Key Violations
Narrative Colonization (#40, 95)Institutional Gaslight (#46, 98)
Coherence: 42. "Privacy is a human right" — except in China, where Apple stores user data on government servers. Apple's App Tracking Transparency (ATT) genuinely disrupted the ad-tracking ecosystem, costing Meta $10B+ in revenue. On-device processing for Siri and Face ID is real privacy engineering. But the coherence gap is significant: Apple complies fully with Chinese censorship and data laws, storing Chinese users' data on servers run by a state-owned company. iCloud backups were not end-to-end encrypted until 2023 (and still aren't by default). Apple's 30% App Store commission is the highest in the industry, enforced through a closed ecosystem. Foxconn suicide nets. Cobalt mining supply chain. Apple's privacy marketing is partially genuine and partially a competitive weapon against Google's ad model — it protects users when convenient and cooperates with authoritarian governments when profitable.
Key Violations
Privacy Inversion (#85, 97)Awareness Suppression (#93, 98)Narrative Colonization (#40, 95)
Coherence: 8. "Don't be evil" — removed from the code of conduct in 2018 because the business model requires it. Google collects data from: Search (92% market share), Chrome (65% browser share), Android (72% mobile OS), Gmail (1.8B users), YouTube (2.5B users), Maps, Drive, Photos, Nest, Fitbit, and Waze. A 2018 AP investigation found Google tracks your location even when you turn off "Location History." In 2023, Google settled for $5B over incognito mode tracking. Google's $224B ad revenue is entirely funded by surveillance — the free products are the surveillance infrastructure. The privacy score (8) reflects that Google's business model is the inversion of privacy: maximum data collection fuels maximum ad targeting. The labor score (40) is the highest dimension because Google pays engineers well — but the product those engineers build is the most comprehensive civilian surveillance system ever created.
Key Violations
Privacy Inversion (#85, 97)Awareness Suppression (#93, 98)Intentional Harm (#31, 100)
Privacy: 2. Scraped 30 billion photos from the internet without consent and sold facial recognition to police. Clearview AI scraped billions of images from Facebook, Instagram, LinkedIn, and other platforms — violating every platform's terms of service — to build a facial recognition database. The company then sold access to 3,100+ law enforcement agencies, including ICE and the FBI. A single photo can match against the entire database in seconds. No consent was obtained from any individual. Studies show facial recognition has higher error rates for Black and Asian faces (MIT research). Clearview has been fined or banned in the UK ($9.4M), Australia, France, Italy, and Greece. The ACLU sued and won a settlement restricting sales to private companies. The coherence (3) reflects that Clearview claims to help law enforcement while building a surveillance infrastructure that could be used by any government against any person, anywhere, at any time. The company is the logical endpoint of unchecked surveillance capitalism.
The Universal Pattern
Surveillance Is Bipartisan
Every Government Wants More
The NSA's mass surveillance was expanded under Bush, continued under Obama, and renewed under Trump and Biden. The UK's Investigatory Powers Act. Australia's Assistance and Access Act. India's IT Act amendments. France's Intelligence Act. Every government, left or right, is expanding surveillance powers. The ratchet only turns one way.
Encryption Is Under Attack
The "Going Dark" Lie
Governments claim encryption helps criminals "go dark." They demand backdoors. But backdoors can't be built for good guys only — they are vulnerabilities exploitable by anyone. The FBI admitted it inflated "going dark" statistics by 500%. Every cybersecurity expert agrees: weakening encryption makes everyone less safe. Yet the EARN IT Act, the UK Online Safety Act, and the EU Chat Control proposal all threaten E2E encryption.
Your Data, Their Profit
$240B from $0 Consent
The data broker industry generates $240B/year from data you never consented to share and receive zero compensation for. A 2024 study found the average American's data is shared 747 times per day. Location, health, financial, browsing, purchasing, and social data — all collected, packaged, and sold. The U.S. has no federal privacy law. Congress has failed to pass one for 30+ years.
Privacy Tools Work
Signal, Tor, GDPR
Signal proves E2E encryption at scale is possible. Tor proves anonymous browsing works. GDPR proves legal frameworks can impose accountability. The EFF proves advocacy changes policy. Every high-scoring entity in this audit shares one trait: they treat privacy as a right, not a feature. The technology exists. The law (in the EU) exists. The U.S. just hasn't chosen to use either.
What Would an Honest Privacy System Look Like?
- Truth: Mandatory disclosure of all data collection. No hidden tracking. Plain-language consent forms. If you can't explain what you collect in one paragraph, you can't collect it.
- Value: Data ownership: your data generates revenue, you receive a share. Data dividends. Right to sell or withhold your own data. Compensation for breaches.
- Coherence: If you say "your privacy matters," your architecture must enforce it. Privacy by design, not privacy by policy. Signal's model: can't violate what you don't collect.
- Privacy: Federal privacy law with GDPR-equivalent rights. Right to access, correct, delete, and port your data. Opt-in as default. Data minimization requirements. Ban on selling location data.
- Transparency: Open-source algorithms. Published surveillance statistics. Warrant requirements for all government data access. End FISA Court secrecy.
- Labor: Protect whistleblowers (Snowden should be pardoned, not exiled). Shield journalists' sources. Encrypt by default. Fund privacy tools as public infrastructure.
The FairMind Standard
Signal proves privacy at scale is technically possible. GDPR proves legal frameworks work. The EFF proves advocacy changes law. Tor proves anonymity can be built. Privacy is not a feature. It is a right. The 108 Truth Violations applied to surveillance read like a checklist of current government and corporate practices: Privacy Inversion (#85), Awareness Suppression (#93), Policy of Secrecy (#41), Institutional Gaslight (#46). Every violation has a structural remedy. The question is whether institutions will choose to implement them — or whether citizens will have to force the choice.