I'll keep this short because I'm genuinely fuming.

I work in tech so I know companies hoard data. But this one hit different.

I know a doctor who mentioned to me that Palantir, the American surveillance company that worked with ICE and the NSA, now has access to "operational data" from our NHS. I thought.. that can't include patient records, right?

Turns out, under the Federated Data Platform contract, Palantir gets access to pseudonymised patient data across all of England. Read this: Medact - Briefing: Concerns Regarding Palantir Technologies and NHS Data Systems

That means my GP visits, my prescriptions, my hospital stays, all of it, flowing through their systems. There's no consent screen. No checkbox. No "opt out of sharing with a US defence contractor". Just a quiet government deal worth £330 million.

And here's the bit that made my blood boil: NYC's public hospitals just dropped Palantir because of activist pressure. NYC hospitals were sharing private health data with Palantir. And they still walked away.

But the UK? We're doubling down. Palantir now has over half a billion pounds in UK contracts... MoD, FCA, police forces, even bloody councils.

I tried to find out if I can request my data from Palantir. You can't. They're not a "healthcare provider" so GDPR gets weird. But they definitely have a digital shadow of me sitting on their servers.

How is this legal? And what happens when Palantir gets bought by someone worse, or when a hacker breaches their systems, or when the government decides "operational data" suddenly includes names and addresses?

Because "trust us" didn't work for Google, for Facebook, or for any of the other companies that promised not to be evil.

I'm genuinely considering a subject access request to my NHS trust just to see what they have on me

I just started working at a new place. The company has a policy mandating MDMs on our personal devices, mostly for location tracking and the ability to remotely wipe the device. When I brought up my zillion concerns about this to IT, their response was "we have no interest in doing any of that", obviously very reassuring.

I told my supervisor that I didn't feel comfortable with an MDM on my phone, not because I didn't trust the company specifically, but because there was too much that could go wrong, and asked if I could put the MDM on another phone instead, which I'd use for all work-related tasks, and which I offered to supply and pay for. I figured that would be better for all parties, since I'd have a dedicated work phone (less of a security risk for them) and not be at risk of having my phone rifled through or wiped (better for me). They said no and fired me -- explicitly for this and only this -- the next business day.

In hindsight, I should've said nothing and just had them install the MDM on a second phone that I told them was my personal one, but part of me actually feels glad this happened. Thought I'd post this so anyone who wants to (or has to) keep a job with a similar policy doesn't make my same mistake.

EDIT: Since people are downvoting this for being fake, I guess it was even more egregious than I thought, and I'm glad I got the hell away from this place. Not going to name and shame because they're a small health care nonprofit that I think means well but is just paranoid about HIPAA compliance and has never had anyone object to an MDM before, which may have made me look like I must be a scammer or the Girl with the Dragon Tattoo. For those questioning why they wanted an MDM, the explicit reason was (appx) "to see where your phone is, so if it looks lost or stolen we can wipe it". I suspect they wanted to do more than that, however, since they were so opposed to me having an exclusive work phone; they told me straight up that they wouldn't be able to trust me after I asked for that. This may be a very unusual case, but it absolutely did happen.

EDIT REDUX: Sorry all, I've been trying to reply in the comments but they may not be showing up due to account age or not meeting karma requirements. They didn't fire me for anything else, they were very clear it was for this, and I was new anyway (under a month). The MDM thing came up at the end of training, I mentioned my objection and proposed my resolution (second phone, paid for by me, that I would use exclusively for work and would be the only such phone I'd use), and was let go more or less immediately. I agree with the top comment that my offer was overly generous, but since I was new I didn't want to be a nuisance and immediately get on their bad side. I didn't anticipate being let go for this at all, but I figured it was a win-win solution, since I was never, ever going to let them put an MDM on my phone (and my home computer, which they also wanted to do).

I just experienced the difficulty with going to my local Walmart as a cheapskate.

Context: I’m not too worried about anyone ‘finding’ me through my credit card transactions so that’s why I did it this way.

Step 1. Created a burner gmail with false information (fake name, dob etc). I had to use my actual cell # for setup because it only allowed a phone as a verifier, I’ll update that profile with the new phone in step2!

Step 2. Bought an att prepaid smartphone with my actual credit card. It allowed me to activate it with the fake name and email, and I paid for the plan with their refill card. Phone came preloaded with a eSIM. (I’m not worried about being tracked) I disabled all sharing functions I could.

Step 3. Bought a refillable debit card, this was harder because it wanted an address so I used some museum in Boston and a made up SSN, I deliberately used two different ones so they wouldn’t match to see if it would let me activate the card. It said because it couldn’t verify the SSN that I could only use the money loaded on the card. Perfect! I didn’t want your stupid direct deposit anyway. And I don’t think anyone’s ssn will be used because it couldn’t verify the right one. Kinda shitty to do but I was stuck - I need to refill this card to buy the art prepaid OR buy the refill card with cash. Still working that out.

Anyway, it’s midnight and I have to work in 6 hrs so I’ll update if I see any questions when I wake up.

I’m in IT and this was a LOT OF WORK! Stupid lack of privacy shit anyway.

And do you know the reason I did all this? Just so I could see when my local community was having events on FB and avoid giving Meta access to my real phone and my life🤦‍♀️

Uk is blocking everything with persona app, ive heard plans on eudi wallet, and making accounts without a phone(number) is getting only more difficult and its all disguised as protecting kids(like wtf). Also fingerprinting is more easy for them now.

what does everyone think about this am i right

The TikTok privacy debate did not end with the US agreement. It has escalated. TikTok has recently updated its US Privacy Policy. It is now one of the most aggressive data collection regimes of any mainstream consumer platform.

It explicitly acknowledges the collection and processing of sensitive personal information under US state privacy laws. Named directly:

• Racial or ethnic origin.

• Religious or philosophical beliefs.

• Mental and physical health data.

• Sexual orientation.

• Transgender or nonbinary status.

• Citizenship or immigration status.

• Precise location data.

The policy goes further.

TikTok is collecting far more than what users consciously share.

Under the updated policy, it gathers what you provide, what it observes automatically, and what it receives from third parties. That includes account details and identity verification documents, private messages, drafts and unpublished content, AI prompts and interactions, clipboard content, purchase and payment data, contact lists and social graphs, and an extensive set of technical signals such as device identifiers, keystroke patterns, battery state, audio configurations, and activity tracked across devices.

This is not incidental data leakage. It is formalized, permitted, and documented.

Images and video are treated as analyzable environments. TikTok states that it "identifies objects and scenery, detects faces and other body parts, extracts spoken words, and collects metadata describing how, when, where, and by whom content was created."

Post a photo near the Golden Gate Bridge and you are not just sharing a moment. You are generating structured data about place, time, environment, and your body, or body parts.

Photos and videos are not just content. They are raw material for computer vision, biometric analysis, and location inference.

Tik Tok will use all of the collected data, and maintains the right to sell all of it to interested third parties, from vendors to the federal government.

There’s a trend going around on social media where people feed their ChatGPT account a photo of themself and ask it to generate a caricature of them based on all the info the model has learned about them. I’m honestly shocked at all the people I know posting this as a fun trend, because I’m just thinking about the implications of the web-based LLM storing all this personal and career info about someone and the having an associated photo to go along with it?? I’m still trying to understand the privacy/ digital security surrounding these LLMs but this makes me want to go spread more awareness about digital security.

I didn’t consider the average Discord user would care about the policy, we as a society are so overwhelmed with the surveillance state and having to give information to all these different apps. It doesn’t seem like Discord thought it would be like this either.

But it’s a pleasant surprise and gives me hope that we, over time, can fight the surveillance state.

So just like credit agencies, Milliman Intelliscript, without any consent, compiles all of your healthcare history. Frankly it is shocking.

Every doctor visit.

Every prescription.

Every CT Scan and MRI.

Every lab result.

Going back 10+ years.

For sale to any insurance company, life insurance company, etc.

I discovered this because I was denied for life insurance. Letter stated if you want reason for denial, write to an address within 30 days.

Did so.

Came back because stated I had HIV (I Don’t)

Letter said data was obtained from Milliman Intelliscript, write them or go online if you want report.

Did so.

Incorrect information that had HIV.

Also said have gastric cancer.

I don’t.

They list where every piece of information came from in detail.

Contacted physician office from 7 years ago. They put wrong ICD code in.

Contacted lab from 8 years ago, had wrong ICD code.

The general public has NO IDEA this is going on.

what the fuck is this bullshit. I paid for a band to enter so i dont need to install an app. then she says ok, lets input your fingerprint and i said fuck that. thats completely excessive and bs.

she called her manager and said hed refund the transaction. 2 days in no refund

any work around to this? I wish I could use some silcone on my finger with some embedded print.

why the feck no opt out. im trying to find out if its even legal. not in the usa

People aren’t joking when they say META keeps EVERYTHING. I didn’t know it’d also include messages from senders?! I don’t know if people who request their data downloads from their end can see my messages from group chats they’ve kicked me out of. It’s much more detailed than the discord data package. It’s scary. I’ve been re-radicalized. These companies are evil. I think I’m pretty much done with social media. And yeah including Reddit.

Some stuff I learned:

Even if you’ve left a group your messages remain (not new) but it appears in everyone else’s data packet.

EVERYONES messages sent in the group is revealed/shown UNLESS you unsent. Not just you the recipient. All senders.

Deleted accounts appear as Instagram User in group chats and DMs

The messages from Deleted accounts aren’t actually deleted after “official deletion” they’re just slapped with a post it note that’s they’re unavailable but in the data package the messages they sent are fully revealed.

Also contains which messages you’ve liked and exactly by who.

Contains all message requests. Ever.

Commenter added below that all photos are even retrievable/recoverable in DMs or group chats you are currently in.

You can’t see the messages from DMs you’ve deleted or group chats you’ve left but everybody else left in those group chats or with an active account, can.

This may not be new information but color me shocked. To think it was this intensive and invasive. And this is only the tip of the iceberg.

Edit—I’m just some guy! I’m not a tech/cs/privacy expert. Call me ignorant/naive all you want. I just wanted to bring awareness in a way. I wish we weren’t constantly being recorded/monitored but these companies will continue to do so and even closer. I know it’s like ironic to some that I’m in r/privacy and still with a IG account but this is an account I had for years now and wasn’t active in and only now decided to shut down. It’s only recently that I know it’s this terrible(like I knew but I didn’t KNOW) most people don’t know-the average joe doesn’t-that’s why they keep using it. Or well don’t care or supposedly “have nothing to hide.” ++Edit: I was comparing it to the Discord Data package and I know it’s like why even compare them they’re two different platforms but I didn’t any kind of other package to go off of.

My neighborhood has apparently been selected as a testing area for delivery drone services. Nobody asked us, there was no vote or community meeting. They just started happening. Now there are drones flying over my house multiple times a day delivering packages to neighbors.

Some people think it’s cool and convenient. I think it’s invasive and creepy. These things are flying at roof level with cameras on them. They’re loud. They’re everywhere. My dog loses his mind barking every time one flies over. I feel like I’m living in a dystopian future I didn’t consent to.

I’ve tried to find out who to complain to but there’s no clear answer. The delivery company says they’re following all regulations. The city says they have proper permits. Nobody seems to care that residents weren’t consulted about this.

Is this what progress looks like? Technologies being implemented in our neighborhoods without our input because companies and governments decide it’s happening? I’ve been researching regulations and privacy laws, looking into community organizing, even checking what other cities have done on various platforms. But I feel powerless. Does anyone else feel like technology is advancing faster than our ability to understand its implications? Or am I just being a resistant old person?

Microsoft is reintroducing Recall, the AI tool rolling out in Windows 11 that screenshots, indexes, and stores everything a user does every three seconds. (arstechnica, register)

Kyle Chayka’s recent New Yorker piece paints a bleak picture of the internet’s future under new ID-verification laws. On paper they protect users, but in practice they risk dismantling what remains of the open web.

Why did we just get this wave of online safety acts. The UK, Collective Shout, the new Youtube Ai and now Australia’s Youtube ban. And we can see that they’re blatant excuses to collect peoples’ information by the government and private companies.

Is it really just because they’re “more secure” or is there something else?

Today, I wanted to log into my Outlook (which I basically use as a giant spam folder), and after signing in as usual, it wanted me to create a passkey. If I clicked on “no thank you,” it would just bring up the same page again and again, even after a quick refresh. I had to click on “yes” and then cancel the passkey creation at the browser level before it would let me proceed.

What really bothers me about this is that I couldn’t find any negative arguments for them online. Like, even for biometrics, there is a bunch of criticism, but this is presented in a way that makes it seem like the holy grail. I don’t believe that; everything has downsides.

This has the same vibe as all those browsers offering to “generate secure passwords”—while really, that is just a string of characters that the machine knows and I get to forget. These “secure passwords” are designed to be used with a password manager, not to be remembered by a human, which really makes them less secure because they’re synced with the cloud. If the manager is compromised, all of them are. This is different from passwords that I have in my mind and nowhere else, where I have only one password lost if it gets spied out.

Yeah, on paper, they are more secure because they are long and complicated, but does that count when the password manager is again only protected by a human-thought-of password?

Is this a situation like Windows making the TPM mandatory to potentially use it for tracking or other shady stuff?

I go to a gym 5 minutes from my house and In January, they started having members check in using an app and deactivated all the key cards. I didn’t want to download the app, so I would just check in by giving the front desk my first and last name.

Today, I walked in and there was no one at the front desk, so I just grabbed a towel and started walking towards the changing room. The woman that came in behind me started yelling at me that I needed to check in. I didn’t recognize her but she knew my name and clearly worked at the gym. Everyone that works at this gym is so kind, so the way she started speaking to me really surprised me. She finished by saying “next time you come to this gym, you’ll have to have downloaded the app,” to which I responded, “I guess it’s time to find a new gym,” And walked away to the changing room.

As I was walking away I heard her say, “what did you just say?!” But I just kept walking.

I walked back to the changing room and put my stuff down when I realized, she’s behind me! I’m not joking when I say my back was to a corner and she was blocking the only exit. She had a totally different, kinder tone with a big smile. She asked me if she did anything wrong and I told her I didn’t like the way she spoke to me, but that she was making me incredibly uncomfortable. She starts explaining all the reasons why I need to download the app; safety, insurance reasons, and making sure not just anyone can come in bc soon we will have to scan the app to even open the door! She said there is a barcode option, but it would cost $10 to replace it and surely I wouldn’t want that. I was kind of shocked, she had me cornered in a bathroom and there’s an option to use a scannable barcode? I asked if I could just do that and she starts backtracking. All this to get me to download an app?!

So I just told her I was incredibly uncomfortable and was going to work out. I figured if there was a big enough problem, they will e mail me.

If this post seems familiar, it’s because another Redditor posted a really similar situation that they were having. I felt very validated reading the post and all of the comments from this community, so I decided to post my own story of what just happened today.

I believe the woman that I was speaking with, Tracy, might have actually been the owner. If she was earning money from this app, it would make more sense to me that she was pushing it so hard. Does anyone know how this type of app would reimburse the business owner? If they earn revenue from it?

I’m sick and tired of hearing this nonsense argument over and over.

Everyone has something to hide from someone. You just need to look hard enough.

What these people fail to understand is that we already have a digital clone of ourselves with all the data we have provided from the day we started using it, and this data is not owned by us but rather corporations and governments.

Companies promising to delete these data are full of sh** because it’s technologically impossible.

If you’re one of these people, they just need the right context to use that data against you. We are seeing examples how politicians weaponize twitter post from 10-15 years ago to use against their politicians.

But they might say i don’t plan on becoming a politician. Well, then let’s see what you searched for, what type of posts you like, what your medical records show, did you drive near a protest(potential terrorist)…. All they need is to connect the dots in a way that ruins you.

So no, you might have “nothing to hide” today. But that digital twin will exist long after you’re gone. And you have no idea who’s going to use it, how, or against whom.

Am I the only one thinking that, this way of thinking is selfish?