More than half of Australian adults — 52 per cent — now believe that AI-driven location tracking is a common misuse of technology. That’s not a fringe concern. That’s the majority of the country waking up to something that has been happening for years, quietly, in the background of every app, every search, and every device in the home.
The dark side of big tech is simple: its business model is surveillance. Not as a side effect — as the core product. Google, Meta, Amazon, Apple, and Microsoft have built some of the most profitable companies in history not by selling you things, but by selling detailed profiles of you to the people who do. Understanding how that works in practice — the mechanisms, the data trails, the algorithmic manipulation — is the first step toward doing something about it.
For the broader picture of how big tech companies operate in Australia and what regulators are doing about it, read our corncerning post on Big Tech companies in Australia This post goes deeper on the mechanics — what is actually being collected, how it’s used against you, and what the real-world consequences look like for ordinary Australians.
It started with a simple observation. If you’re not paying for the product, you are the product. That line is often misattributed — it was first published by media critic Andrew Lewis in 2010, not by any Silicon Valley insider. But the insight has aged better than almost anything written about the internet since.
Every major Big Tech platform is engineered to feel effortless. Single sign-on lets you log into dozens of services with one Google or Facebook account. Recommendations appear before you’ve finished typing. Your devices sync without asking. The calendar knows your flight before you’ve told it. All of this feels like service. It is, in fact, data collection at scale.
A Tech Advisor investigation found that most smartphones upload private user information while you’re sleeping. The phone sitting on your bedside table isn’t resting. It’s reporting. Your location, your app usage, your battery level, your network connections — all of it is being sent back to servers you have no visibility over, by companies whose privacy policies would take 46 hours a month to read in full.
The convenience is real. So is the cost. The more seamless your experience, the more deeply you’re embedded in the data loop. Stepping out of it requires more than adjusting your privacy settings. It requires rethinking the hardware and software you use from the ground up.
Most people assume tracking means location data. It’s far more comprehensive than that.
Every time you open a browser tab, log into a platform, or launch an app, you generate a data trail. That trail includes your IP address, your device type and model, your operating system version, your screen resolution, the time you arrived, how long you stayed, what you clicked, what you scrolled past, and how quickly you moved between sections. This is collected whether you’re logged in or not.
Mobile devices make this significantly worse. iOS and Android apps routinely request access to your camera, microphone, contacts, location, photos, health data, and motion sensors. Research from Duke University has shown that the data trails created by these permissions can be used to determine your political alignment, religious beliefs, relationship status, and purchasing intent — often with higher accuracy than you’d predict from any single data point.
Then there is the Meta pixel — a snippet of tracking code embedded on roughly 20 per cent of the world’s most visited websites. It runs silently in the background of news sites, health portals, e-commerce stores, and government pages, sending behavioural data back to Meta regardless of whether you have a Facebook account. The Electronic Frontier Foundation documented Meta using a new tracking exploit in 2025 that allowed its apps to monitor users’ web browsing by exploiting a technical loophole that bypassed core browser security protections.
And when you connect to a public Wi-Fi network, or walk past a Bluetooth beacon in a shopping centre, or pay with tap-and-go, you add more data points to a profile that is constantly being refined. A Faraday bag is the only way to stop hardware-level signal broadcasting entirely — software alone cannot block what your device is transmitting at the radio layer.
App permissions are the most visible part of Big Tech’s data collection — and the most misunderstood. When an app asks for access to your microphone or location, most people tap “Allow” because they want the app to work. What they’re actually doing is signing a data-sharing agreement with no fixed term and no meaningful limit on downstream use.
The app permissions problem goes deeper than most users realise. Many apps request permissions they have no functional need for. A torch app that wants access to your contacts. A weather app that wants your microphone. A game that wants your precise location. These requests exist because the data has value — either directly to the app developer, or to the data brokers and advertising networks they sell to.
On a standard Android device running Google’s operating system, even apps you’ve never opened can collect background data. Google’s own services — Play Services, Google Mobile Services — run continuously, reporting device state, location, and usage patterns back to Google’s servers regardless of your individual app settings.
GrapheneOS, which we install on every deGoogled phone at FreedomTech, removes Google’s underlying data collection infrastructure entirely. Permissions are granular, revocable, and scoped to individual use — you can grant an app access to your location only while it’s open, for example, rather than permanently in the background. This is not a tweak to Android. It is a fundamentally different relationship between your device and the data it generates
Once data is collected, it enters a pipeline most Australians know nothing about. Data brokers — companies with names like Quantium, LiveRamp, Experian, and Illion — buy, aggregate, and resell personal information at industrial scale. The ACCC’s investigation into Australian data brokers found that Australians renting a property, getting an insurance quote, or shopping online are routinely profiled and targeted without their knowledge.
The individual data points collected by Big Tech become significantly more powerful when combined. Your age bracket from a loyalty card. Your suburb from a delivery address. Your political leanings inferred from your reading habits. Your health concerns inferred from your search history. Individually, these are fragments. Combined by an AI system trained on hundreds of millions of records, they become a profile accurate enough to predict your next purchase, your next vote, and your next major life decision.
One Australian data broker claims to hold data on 85 per cent of the Australian population. Another traced by an ANU researcher had sold and resold a single phone number through at least four different brokers over nine years before it ended up in the hands of a political campaign. Political parties in Australia are exempt from privacy laws. They don’t have to tell you how they got your data. They don’t have to let you opt out.
Under Australian Privacy Principle 3.6, collecting personal information from third parties for profiling is technically illegal without justification. According to UNSW law researchers, this provision has almost never been enforced. The data enrichment industry operates largely in the open, in plain breach of a law nobody enforces.
The reason data collection has become so much more dangerous in recent years is not that more data is being collected — it’s that AI has made it actionable in ways it never was before.
It used to be possible to hide in the noise. Billions of data points, no way to connect them to individual people at useful speed. That window closed. AI systems can now cross-reference your browsing history, purchasing behaviour, location patterns, and social connections in real time, building predictive models of who you are and what you’ll do next. Research from Ohio State University has shown these models actively distort users’ perception of reality by selectively surfacing content that reinforces existing biases.
The same AI infrastructure that decides which advertisement to show you is used by lenders to assess credit risk, by insurers to set premiums, and by employers to screen job applicants. Your digital profile — assembled without your knowledge from dozens of sources you’ve never directly interacted with — is influencing decisions that affect your financial life, your career, and your family.
Meta has announced plans for fully AI-automated advertising by 2026, where every element of ad creation, targeting, and optimisation will be generated and deployed autonomously — fed by an ever-expanding pool of behavioural data that now includes your conversations with Meta’s AI chatbots across Facebook, Instagram, and WhatsApp. The FTC has described this system as “vast surveillance”. Meta calls it personalisation.
Every major social media platform runs on a recommendation algorithm. These systems are not designed to show you the most accurate, balanced, or useful content. They are designed to maximise the time you spend on the platform — because more time means more data and more advertising revenue.
The content that maximises engagement is emotionally charged content. Outrage. Fear. Tribal affirmation. The algorithm doesn’t choose these because they’re good for you. It chooses them because they work. Repeated exposure to this kind of content reshapes your sense of what is normal, what is threatening, and who is to blame.
This is not a side effect. It is the system working as designed. Platforms have known this for years. Internal research at Facebook, leaked in 2021, showed the company’s own researchers had identified the harm their algorithms caused to teenage girls’ mental health. The response was not to fix the algorithm. It was to manage the public relations.
Australia’s response has been the world’s most aggressive regulatory intervention: a legislated social media ban for under-16s, which took effect on 10 December 2025. Platforms face fines of up to $49.5 million for non-compliance. It is a significant step. It is also an acknowledgement that the platforms themselves will not change voluntarily.
Abstract surveillance becomes concrete harm when data is breached, misused, or weaponised. Australia has had no shortage of examples.
In September 2022, Optus disclosed that the personal information of approximately 9.5 million Australians had been accessed without authorisation. Names, dates of birth, home addresses, phone numbers, passport numbers, and Medicare details. The OAIC filed civil penalty proceedings against Optus in August 2025, alleging the company failed to take reasonable steps to protect customer data for years before the breach occurred.
The Medibank breach in October 2022 was worse. Approximately 9.7 million customers had their health records stolen — data including diagnoses, treatment history, and sensitive personal details. Cybercriminals used the stolen Medibank data in over 11,000 known fraud incidents. The Latitude breach in 2023 affected 14 million customers. The MediSecure breach in 2024 affected 12.9 million Australians. The Sydney Tools breach in 2025 exposed 34 million online orders.
These are not isolated incidents. They are the inevitable consequence of a system built on collecting and centralising vast quantities of personal data. Where data is concentrated, it will be targeted. The organisations holding it are not always equipped to protect it. And once it’s gone, it’s gone.
Beyond breaches, data is being used in ways its subjects never consented to. Both Bunnings and Kmart were found by the Office of the Australian Information Commissioner to have scanned the faces of every customer entering their stores — without consent, without adequate notice, and in breach of the Australian Privacy Principles. If it’s happening at Bunnings, it’s happening elsewhere.
he most effective changes are not behavioural — they are architectural. Adjusting your privacy settings within a surveillance-built platform doesn’t remove you from the surveillance. It reduces visibility at the margins while leaving the underlying infrastructure intact. Real privacy protection means changing the hardware and software you use, not the preferences within systems designed to extract your data.
A deGoogled phone running GrapheneOS removes the data collection layer at the operating system level. Google’s Play Services — the background infrastructure that continuously reports device state, location, and usage back to Google — are absent entirely. Permissions are granular and revocable. The bootloader is relocked after installation. You own the device in a way that simply isn’t possible on a standard Android or iOS device.
A Linux laptop pre-installed with Linux Mint removes Windows telemetry, Microsoft’s usage reporting, and the constant background processes that send your activity data to Redmond. Combined with a hardened version of Brave for daily browsing and LibreWolf for sensitive activity, you eliminate the most aggressive tracking vectors that affect most users every day. Read more about why Australians are switching to Linux laptops.
A Faraday bag addresses the hardware layer that software cannot reach. When your phone is in a Faraday bag, it is not broadcasting cellular, WiFi, Bluetooth, or GPS signals. It cannot be passively tracked by towers, beacons, or proximity sensors. For situations where you want genuine signal isolation — sensitive meetings, travel, high-security environments — this is the only reliable method.
And if you’re managing cryptocurrency or other digital assets, a dedicated crypto computer separates that activity entirely from your everyday digital life. Blockchain transactions are irreversible. The security of the device you use to make them is not a detail.
The evidence for continuous microphone monitoring is limited, but the question misses the more important point: Big Tech doesn’t need to listen to your conversations to know what you’re thinking. Your search history, location data, app usage, and purchase patterns give advertisers a more accurate picture of your intentions than eavesdropping would. That said, many apps do request microphone access they have no functional need for. Reviewing and revoking app permissions regularly is worthwhile. For a deeper look, read our post on how to stop your phone listening to you.
First-party data is collected directly by the platform you’re using — Google collecting your search history, Meta collecting your likes and shares. Third-party data is collected by companies you’ve never interacted with directly, usually through tracking pixels, data-sharing agreements, or purchases from data brokers. Both types end up in the same advertising ecosystem. The distinction matters legally but makes little practical difference to your privacy exposure.
Deleting an app removes it from your device but does not delete the data already collected and stored on the platform’s servers. Under Australian privacy law, you can request deletion of your data, but enforcement is inconsistent and the process is deliberately cumbersome. Data shared with third parties before deletion may be retained by those third parties indefinitely.
Private browsing prevents your browser from storing your history locally. It does not hide your activity from your internet service provider, from the websites you visit, from Google (if you’re using Chrome), or from network-level tracking. It is useful for preventing others with physical access to your device from seeing your history. It is not a privacy tool in any meaningful sense beyond that.
Replace your smartphone with a deGoogled phone running GrapheneOS. Your phone is the most intimate surveillance device most people carry. It knows your location, your contacts, your health, your finances, your relationships, and your daily routine. Removing Google’s data collection from that device has a larger impact on your overall privacy than any number of browser extensions, VPN subscriptions, or settings adjustments on a standard device.
The dark side of big tech won’t stop because people are uncomfortable with it.
It will stop — for you personally — when you change the hardware and software through which it operates.
At Freedom Technology and Services, we build and supply devices that are designed from the ground up to keep your data out of the hands of Big Tech. Not through clever settings. Not through promises. Through architecture.
Start with our deGoogled phones and tablets, explore our privacy computers and Linux laptops, or protect your devices at the hardware level with our range of Faraday bags. Questions welcome at [email protected] or on Telegram.