// digital rights · privacy · freedom
They're watching. They're collecting. They're selling. Every click, every search, every message — recorded, analyzed, and monetized. It's time to take back what was always yours.
01 — The Problem
The internet was born as the greatest equalizer in human history — a boundless, decentralized network where every voice carried equal weight, where knowledge flowed freely across borders, and where the individual could reach the world without asking anyone for permission. That vision is dying. And it is dying quietly, systematically, and with the full cooperation of governments, corporations, and platforms we once trusted.
You wake up and reach for your phone. Before you've had a single thought, fourteen different companies have already logged your location, your device ID, your network, the time you woke up, and what app you opened first. You haven't done anything wrong. You haven't agreed to anything meaningful. But your morning has already been packaged, priced, and sold.
This is the modern internet. Not a tool for liberation — but a surveillance apparatus masquerading as a convenience. The apps are free because you are the product. The platforms are engaging because engagement is addiction by design. The algorithms know you better than you know yourself — and they use that knowledge not for your benefit, but for theirs.
Big Data is not a buzzword. It is the engine of modern control. Every search query, every purchase, every like, every hesitation before you type something and then delete it — all of it is captured. Machine learning systems process billions of these data points per second, constructing psychological profiles of unimaginable precision. These profiles determine what news you see, what prices you're shown, whether you get a loan, whether your insurance is affordable, whether you get that job interview.
You are feeding the machine that controls you.' data-tr='Ve sonra onlarca yıldır bilim kurgu yazarlarının bizi uyardığı kavram var: özerk, birbirine bağlı yapay zeka sistemleri — bir zamanlar şakasını yaparak Skynet dediğimiz şey. Bugünün gerçekliği daha sıradan ama hiç de daha az ürkütücü değil. Verinizle eğitilen yapay zeka sistemleri, şeffaflık olmadan, hesap verebilirlik olmadan ve sizin rızanız olmadan hayatınız hakkında kararlar alıyor. Kredi notunuza karar veren model, asla eğitim verisi olmayı kabul etmemiş milyonlarca insanın verisiyle eğitildi. Sizi kontrol eden makineyi besliyorsunuz.'>And then there is the concept that science fiction writers warned us about for decades: autonomous, interconnected intelligence systems — what we once called Skynet in jest. Today's reality is more mundane but no less terrifying. AI systems trained on your data make decisions about your life without transparency, without accountability, and without your consent. The model that decides your credit score was trained on the data of millions of people who never agreed to be training data. You are feeding the machine that controls you.
Social media is perhaps the most insidious part of this machine. Platforms like Instagram, TikTok, Twitter/X, and Facebook were not designed to connect people — they were designed to maximize engagement. Engagement means time on platform. Time on platform means more data. More data means more targeted advertising. The easiest way to maximize engagement is to trigger emotion — especially outrage, fear, and anxiety. You are not using social media. Social media is using you.
None of this means you must disappear from the internet. But it means you must use it with intention and knowledge. Understand what you're giving away when you use a free service. Understand that your data is not just harmless metadata — it is a detailed map of your thoughts, beliefs, relationships, vulnerabilities, and desires.
Use open source browsers. Use open source operating systems. Use open source communication tools. Audit the software you rely on. Support the developers who build tools for freedom rather than profit. The alternative — continuing to hand every aspect of your digital life to corporations whose entire business model depends on knowing everything about you — is not neutrality. It is complicity.
The internet is worth fighting for. Not the internet of today — walled gardens, algorithmic feeds, and surveillance capitalism — but the internet that was promised: open, decentralized, and free. That internet still exists. But you have to choose it, actively, every single day.
02 — Your Machine
Your operating system is not just software. It is the foundation on which your entire digital life is built — every file you create, every password you type, every private conversation you have passes through it. And if that foundation is rotten with surveillance code, nothing above it is safe.
Windows, the operating system running on approximately 73% of the world's computers, is — from a privacy standpoint — a catastrophically hostile environment. This is not speculation. This is documented, verifiable, and in many cases, legally mandated by Microsoft's own terms of service, which you clicked through without reading.
macOS is often presented as the privacy-conscious alternative to Windows. It is not. Apple collects detailed telemetry about how you use your Mac, which apps you open, how long you use them, and what you search for. Siri listens. iCloud stores. The App Store gatekeeps. Apple's security model is genuinely good — but security and privacy are not the same thing. Apple's entire services business is built on knowing its users deeply. The cage is prettier, but it is still a cage.
On Linux, you own your machine. The kernel is publicly audited. The distribution packages are maintained by communities accountable to their users. There are no advertising IDs. There is no mandatory telemetry. There is no Cortana, no Siri quietly indexing your documents, no silent syncing of your files to a corporate cloud. When you install a program, you can read its source code. When something runs on your machine, you can verify what it's doing.
How do you make the switch? The process has become remarkably accessible. Download a Linux distribution as an ISO file, write it to a USB drive using a tool like Rufus (Windows), Ventoy (multi-boot USB), or Balena Etcher. On mobile, EtchDroid lets you create bootable drives directly from your Android phone. Boot from the USB, follow the installer — most modern distros guide you through the process with clear graphical interfaces.
We understand that switching isn't always immediately possible. Work requirements, specific software, hardware compatibility — real constraints exist. But if you're going to use Windows, you should at minimum dramatically reduce its surveillance footprint. The following tools are trusted, open source, and widely used by the privacy community:
03 — Your Window
Your browser is not just a tool for viewing websites. It is the single most active data collection point in your digital life. Every page you visit, every link you click, every form you fill out, every video you pause — your browser witnesses all of it, and in most cases, reports it back to corporations in real time. Google Chrome, the dominant browser with over 65% market share, is built by the world's largest advertising company. It is, at its core, a data harvesting instrument dressed up as a productivity tool.
The data flow from your browser extends far beyond what you consciously share. Third-party trackers embedded in nearly every website — invisible pixels, JavaScript beacons, fingerprinting scripts — communicate with dozens of advertising networks simultaneously as you browse. These trackers do not need cookies to identify you. Your browser's unique combination of fonts, screen resolution, installed plugins, time zone, language settings, and hardware characteristics creates a fingerprint so precise it identifies you across sessions, across devices, and even across incognito mode.
04 — Your Identity
Your email address is the master key to your digital life. Every account you've ever created, every password reset you've ever requested, every private message you've ever sent — all of it flows through your inbox. And if that inbox belongs to Gmail, you have handed Google the most complete picture of your life that exists anywhere. Email is not just a communication tool. It is your identity.
Gmail is free. And the reason it is free is the same reason every free product is free: you are what they're selling. Google processes the content of your emails, your contacts, your attachments, your newsletters, your receipts, your travel itineraries — feeding it all into the same behavioral profile that powers their advertising empire. They will tell you this is 'to improve your experience.' What it actually means is that a corporation has access to every intimate detail of your correspondence, indefinitely, and uses it for profit.
Beyond advertising, there is a more immediate threat: legal exposure. Google complies with government data requests — and they receive tens of thousands of them per year. In most jurisdictions, emails older than 180 days sitting on a third-party server have reduced legal protection compared to physical mail. Your most private conversations, stored indefinitely on Google's servers, are accessible to any government agency with a subpoena. And in many countries, far less than that.
An email alias is a forwarding address — emails sent to it arrive in your real inbox, but the sender never learns your actual email address. This is one of the most powerful and underused privacy tools available. Use a different alias for every service you sign up for. When a service gets breached or starts spamming you, you know exactly who leaked your data — and you simply disable that alias. Your real inbox remains clean and private forever.
05 — Your Keys
The average person reuses the same 3–5 passwords across dozens of services. This is not laziness — it is a rational response to an impossible cognitive burden. You cannot memorize 150 unique, strong passwords. Nobody can. But the consequence of reuse is catastrophic: one breach anywhere means attackers have the keys to everywhere. This attack pattern — called credential stuffing — is responsible for the majority of account takeovers happening right now, today, at industrial scale.
In 2024 alone, billions of credential pairs were leaked in documented data breaches. These lists are sold on dark web markets, run through automated tools that test them against every major platform, and used to drain bank accounts, hijack social media, steal cryptocurrency, and extort individuals. If you reuse passwords, it is not a matter of if this happens to you. It is a matter of when.
Have I Been Pwned (haveibeenpwned.com) — maintained by security researcher Troy Hunt — aggregates data from thousands of documented breaches. Enter your email address and it will tell you exactly which breaches your credentials appeared in, what data was exposed, and when. Check every email address you've ever used. The results are often alarming. This is not a scare tactic — it is a free, legitimate security service used by millions.
A password manager generates, stores, and autofills unique, random, impossible-to-guess passwords for every service you use. You remember one strong master password. The manager handles everything else. This is not optional advice — it is the single most impactful security decision you can make.
Even with a unique password, a single breach can expose your credentials. Two-factor authentication (2FA) adds a second requirement to log in — something you have, not just something you know. Enable 2FA on every account that offers it. Prioritize email, banking, and any account tied to your identity or finances.
The combination of a password manager and TOTP-based 2FA eliminates the vast majority of account takeover risk. These two tools, used together, put your account security far ahead of 99% of internet users. The setup takes an afternoon. The protection lasts indefinitely. There is no excuse not to do this.
06 — The Pipes
Every time you visit a website, your device first makes a DNS query — essentially asking 'what is the IP address of this domain?' By default, this query is sent to your ISP's DNS servers, in plain text, unencrypted, and logged. Your ISP has a complete record of every domain you've ever visited. Not just the pages — every single domain lookup, timestamped, associated with your account, and in many countries, legally required to be stored for years.
This data is used to profile you for advertising, sold to data brokers, handed to government agencies on request, and in some cases, used to throttle traffic or enforce censorship. The average user has no idea this is happening. Every search, every article, every embarrassing or sensitive query you've ever made — your ISP knows. And they have been keeping records since the day you signed up.
DNS-over-HTTPS (DoH) encrypts your DNS queries so your ISP cannot see which domains you're looking up. It's built into modern browsers and operating systems — you just need to enable it and point it at a privacy-respecting resolver. This is one of the easiest, highest-impact privacy changes you can make.
Pi-hole is a network-wide DNS sinkhole that you run on your own hardware — typically a Raspberry Pi or a spare computer on your home network. It intercepts DNS queries for known ad and tracker domains and blocks them before they ever reach your devices. Every device on your network — phones, tablets, smart TVs, game consoles, everything — gets ad blocking without any software installed on the device itself.
The VPN industry has spent hundreds of millions of dollars convincing you that a VPN makes you anonymous online. It does not. A VPN shifts trust — instead of your ISP seeing your traffic, your VPN provider does. If your VPN provider logs, monetizes, or complies with legal requests, you've solved nothing. You've just moved the problem.
'top-rated' VPN services are owned by a small number of holding companies with opaque ownership structures, questionable logging policies, and business models built entirely on selling your data — the exact opposite of what they advertise. Services aggressively marketed on YouTube, promoted by influencers, and appearing on 'best VPN' comparison sites should be viewed with extreme skepticism. The marketing budget for these products exists because the margins on selling user data are enormous.
VPNs are genuinely useful in specific scenarios: hiding traffic from a hostile local network (public WiFi, workplace surveillance, ISP censorship), bypassing geographic restrictions on content, or adding a layer of separation between your IP address and a service you're accessing. But they are not a privacy panacea. Combine a trustworthy VPN with DoH, a privacy browser, and careful app selection — not as a standalone solution.
07 — In Your Pocket
Your smartphone is the most sophisticated surveillance device ever built — and you paid for it, you carry it everywhere, and you sleep next to it. It knows where you are at every moment, who you talk to, what you search for, what you buy, how long you look at specific content, your heart rate, your sleep patterns, and the precise microexpressions of your daily life. No intelligence agency in history has had access to data this granular about this many people.
The business model of the smartphone industry is not selling you hardware. It is selling access to you. Google's entire revenue model — Search, Maps, Gmail, Android — exists to build the most detailed behavioral profile ever assembled on billions of human beings. Apple is more subtle, but its services business depends on deep integration with your digital life. Both companies comply with government data requests. Both have had security incidents. Both store data you didn't knowingly agree to share.
There is a disturbing and escalating trend in the Android ecosystem: restrictions on APK sideloading — the ability to install apps from sources other than the official Google Play Store. This is being implemented gradually, framed as a 'security measure,' but its real effect is catastrophic for user freedom.
Sideloading is not a vulnerability. It is a fundamental right — the ability to install the software you choose on a device you own. Restricting it means Google becomes the sole gatekeeper of what software you can run. Apps that compete with Google's services, apps that protect your privacy from Google itself, open source apps, niche apps, apps from jurisdictions outside Google's comfort zone — all of them are at risk of being effectively banned from hundreds of millions of devices.
This is a user rights violation of the highest order. Fight it. Support organizations like the Electronic Frontier Foundation, the Free Software Foundation, and the Digital Freedom Foundation. Demand that your representatives protect your right to install software on hardware you own. Make noise. This matters.
The good news is that Android — unlike iOS — remains the most customizable major mobile operating system on the planet. At its core, Android is based on Linux and is open source (AOSP — Android Open Source Project). This means that developers can take that foundation and build completely de-Googled, privacy-first operating systems on top of it. Choose Android. Then choose what runs on it.
Your device isn't compatible with a custom ROM. Or you're not comfortable with the flashing process. Or you simply need to keep your stock Android for work. ADB (Android Debug Bridge) is your best available option — and it is genuinely powerful.
ADB is a command-line tool that lets you communicate with an Android device from your computer. It is part of the Android SDK and is maintained by Google itself. With ADB, you can disable system apps and bloatware without root, remove pre-installed telemetry packages, revoke permissions from apps that shouldn't have them, disable manufacturer tracking software, and clean up carrier bloatware — all without voiding your warranty or unlocking your bootloader.
ADB is available for Windows, macOS, and Linux. Enable Developer Options on your Android device (tap Build Number seven times in Settings → About Phone), enable USB Debugging, connect to your computer, and you have a command line directly into your device. The power this gives you over a device you own is remarkable — and it should make you think about why this level of control isn't available by default.
08 — The Industry
The tech industry will tell you that data collection is about improving your experience. This is, to put it plainly, a lie of omission so vast it constitutes deception. Data is collected because data is extraordinarily valuable. Not to you — to them. Your behavioral profile, your psychological triggers, your social graph, your purchasing patterns, your political leanings, your health anxieties, your relationship status — packaged, analyzed, and sold in real-time auctions that happen in the milliseconds between you clicking a link and a page loading.
Big Data is not just about advertising. It is about prediction and control. Insurance companies use data to determine your premiums. Banks use it to model your creditworthiness beyond what you've disclosed. Employers screen social media profiles. Governments purchase commercial data sets to surveil populations without a warrant. The line between private commerce and state surveillance has effectively ceased to exist.
Meta — the corporation that owns Facebook, Instagram, and WhatsApp — has been progressively weakening the privacy protections of its platforms under the convenient cover of 'AI safety' and 'AI training.' This is one of the most significant and under-reported privacy crises of our time.
WhatsApp is used by over 2 billion people globally — not as a choice, but because network effects have made it effectively mandatory for social and professional communication in dozens of countries. It is the only way to reach certain family members, certain colleagues, certain communities. Meta knows this. And it is leveraging this captive audience to normalize the weakening of end-to-end encryption.
The argument is always the same: 'We need to scan messages to prevent child abuse / terrorism / misinformation.' These are real problems. But building surveillance backdoors into encrypted communications doesn't solve them — it creates a permanent infrastructure of mass surveillance that will inevitably be abused, hacked, expanded, and ultimately turned against ordinary citizens. There is no such thing as a backdoor only the good guys can use.
Meta's moves to use private conversations as AI training data — even with 'anonymization' that has repeatedly been shown to be reversible — is not a minor policy update. It is a fundamental betrayal of the trust of billions of people who were promised private communication. Oppose it. Loudly.
The most important thing to understand is this: you do not have to choose between communication and privacy. The open source and privacy community has built genuinely excellent alternatives to the surveillance tools you currently use. They are not compromises. In many cases, they are technically superior.
You cannot immediately move everyone in your life to these tools. We know. But you can start the conversation. You can use them with the people who matter most. You can normalize privacy as a default expectation rather than an opt-in feature for the paranoid. Privacy is not about having something to hide. It is about having something to protect.
The choice is not between convenience and paranoia. It is between being an informed participant in your digital life and being a passive data source for companies whose interests are fundamentally opposed to yours.
Much of the awareness around these issues in Turkey and the broader Turkish-speaking community has been driven by the tireless work of content creators who take the time to explain complex technical realities in accessible language. We want to specifically acknowledge Yusuf İpek for his outstanding contributions to digital literacy and privacy awareness. His ability to make these issues understandable and urgent is genuinely valuable — and this work matters. Thank you.