Surveillance

The Technology of Counter-Surveillance: How to Annoy an Algorithm (and Why You Should)

Keystone Collective

16 min read
The Technology of Counter-Surveillance: How to Annoy an Algorithm (and Why You Should)
Photo by Markus Spiske / Unsplash

By now, you already know you’re being watched. The world has quietly turned into one big data buffet, and we’re all on the menu, diced, tagged, and served to anyone with a corporate expense account. Every click, stroll, and muttered insult at a bus stop is fodder for someone’s analytics dashboard.

But here’s the twist: the watchers have built their empire on lazy maths and probabilistic guesswork. And like any machine, they can be jammed, confused, or tricked into chasing ghosts. That’s what counter-surveillance is about, not tinfoil hats and bunker chic, but strategic irritation. It’s less about vanishing completely (good luck with that), and more about making yourself an inconvenient target.

The All-Seeing Algorithm

Before we get clever, let’s take a moment to appreciate just how omnipresent the watchers are. Walk through a modern city and you’ll appear on hundreds of cameras before you’ve finished your latte. Your phone pings its location to Google or Apple every few seconds, Bluetooth beacons snitch on your proximity, and Wi-Fi routers scream your device ID to anyone listening. Facial recognition logs your expressions; gait analysis maps the way you walk; even your voice cadence can now betray you.

We live, quite literally, in the age of the digital panopticon, a term Michel Foucault would have adored if he’d had a TikTok account. In this grand open-air laboratory, the subjects (that’s us) behave better because we think we’re being watched. The genius of modern surveillance isn’t in watching everything. It’s in making us believe it could.

So, if we can’t escape the gaze, what can we do? Simple: break its focus.

Cloaking Yourself Online

If the street is the stage for visible resistance, hoodies, lasers, and umbrellas, then the internet is the silent front line. You don’t need to run from the cameras when your browser, email, and cloud storage already know you better than your therapist.

“Cloaking yourself online” doesn’t mean becoming a ghost. It means turning your digital shadow into a shape-shifting mess, unprofitable, unpredictable, unmarketable. Because while the system craves neat data, you can feed it chaos instead.

Encrypt Everything (Even the Boring Stuff)

Encryption is the digital equivalent of closing your curtains. Not because you’re doing something scandalous or illegal, but because no one has a right to watch.

Modern tools make it almost effortless. Signal encrypts your chats by default. ProtonMail wraps your emails in a cryptographic hug. Even file encryption tools like age or gpg can hide your dullest spreadsheets from prying eyes.

The point isn’t secrecy, it’s control. When you encrypt, you decide who sees what. Surveillance systems hate that. They thrive on visibility; encryption blinds them.

“Encryption doesn’t make you mysterious, it just makes you less edible.”

And yet, many people still treat encryption like it’s only for spies and hackers. They think it’s overkill, that their lives are too boring to be of interest. But the point isn’t whether you are interesting; it’s that your data is. It’s worth money, influence, and leverage. Encrypting your messages isn’t about hiding a plot; it’s about refusing to provide free raw material to every analytics engine and ad broker on the planet.

Besides, encryption is political now. Every message you send encrypted tells the machine, “No, you don’t get to decide what’s private.” It’s a small, elegant act of defiance, a raised eyebrow in cipher form. Governments hate it because it limits their omniscience; corporations hate it because it limits their profit. Which means you’re probably doing something right.

If you want to go further, you can encrypt entire drives, devices, and even your cloud storage. Tools like VeraCrypt or BitLocker can make your laptop unreadable without the right key. Just don’t forget the password, because no one, not even the best hacker, will get your dissertation back if you lock yourself out.

Metadata: The Invisible Trail

If encryption is about locking the message, metadata is about reading the envelope, and the envelope, it turns out, tells most of the story.

Metadata is the quiet villain of modern surveillance. It doesn’t care what you said; it just knows when, where, to whom, and how often. It’s the digital equivalent of a gossip who never hears the words, but still knows everyone’s secrets by pattern alone. Every email you send, every photo you take, every file you create carries this invisible crust of context, timestamps, device IDs, GPS coordinates, network paths, even the software used to edit it. Your phone doesn’t just take a picture of your cat; it tattles about where you were standing, what model of phone you used, and what time of day you fed it.

That’s metadata, and it’s how surveillance systems thrive without breaking a single encryption key. You can encrypt a message all you like, but if the metadata shows you messaging a journalist at 2 a.m. from a protest site, they don’t need to read it. They already know enough.

In intelligence circles, this is called traffic analysis, the art of inferring relationships and events just from the flow of data. The NSA famously said, “We kill people based on metadata,” which isn’t hyperbole; it’s how drone targeting once worked. Closer to home, marketing algorithms use the same principles, they don’t care what’s inside your messages, only how those messages connect you to others.

“Content tells you what someone said. Metadata tells you who they are.”

The privacy advocates call metadata “data about data”, but that undersells it. It’s more like context turned into surveillance capital. The content is disposable; the metadata is eternal. And because it’s invisible, people underestimate it. When you upload a selfie, you don’t see the hidden EXIF data tagging your GPS coordinates. When you share a PDF, you don’t see the author name and software version embedded in its properties. When you sync files to the cloud, you don’t see the logs recording every access and edit. You just assume the file is the file, but it isn’t. It’s a witness statement.

It’s the invisible bloodstream of the modern surveillance economy, quietly connecting every dot you didn’t know you’d drawn. And once you start seeing it, you can never unsee it.

Browsers: The Friendly Traitors

Your browser is both passport and snitch. Chrome, Edge, and Safari aren’t browsers so much as data collection agents with a search bar attached. They log your every move, ostensibly to “improve your experience,” which is Silicon Valley code for sell you better.

If you value privacy, switch to something less needy: Firefox (hardened), Brave (if you can tolerate the crypto swagger), or the Tor Browser (if you’re patient and slightly masochistic).

Use private windows, block third-party cookies, and disable browser fingerprinting scripts. And don’t bother with “incognito mode”, it’s basically a paper bag with eyeholes.

VPNs, Tor, and the Geography of Anonymity

If metadata is the gossip of the internet, VPNs are the disguises people wear to fool it, and most of them are about as convincing as a plastic moustache.

The marketing pitch is seductive: “Hide your identity! Protect your privacy! Browse safely from anywhere in the world!” Cue heroic stock footage of someone typing in a hoodie. But the reality is less cinematic: your free VPN app from the Play Store will do absolutely fuck all for your privacy.

A VPN, Virtual Private Network, simply tunnels your internet traffic through another server before it hits the open web. To the outside world, you appear to be connecting from that server instead of your own device. In theory, this prevents your Internet Service Provider (ISP) from snooping on your browsing habits. In practice, it just means you’ve traded one watcher for another.

Your VPN provider is your new ISP. They can see everything: what sites you visit, when, and how long for. And while some premium VPNs genuinely do keep minimal logs (NordVPN, ProtonVPN, Mullvad, etc.), most cheap or “free” ones are glorified data harvesters. They track usage, inject ads, or quietly sell your traffic to marketing firms. If the product is free, the product is you.

“Using a free VPN for privacy, is like hiring a pickpocket as your bodyguard.”

And then there’s the matter of jurisdiction, that ugly word buried in every privacy policy. Your VPN might promise “no logs,” but if it’s headquartered in a Five Eyes nation (UK, US, Canada, Australia, New Zealand), those promises crumble under the right subpoena. A shiny UI and a cartoon lock icon can’t protect you from court orders.

The only real anonymity network is Tor, and even that’s not flawless. Tor bounces your connection through a series of encrypted relays, each one only knowing the next hop, like a digital relay race where no one runner knows the full route. It’s clever, decentralised, and infuriatingly slow. Using it feels like browsing the internet through a teapot.

But the myth that “Tor makes you untouchable” is just that, a myth. While the network’s design is solid, its weakest points are the humans and the edges: exit nodes (the final relay before your data hits the open web). Some of those nodes are undoubtedly operated by law enforcement, researchers, or intelligence agencies. It’s not even a conspiracy, it’s public record. They watch what leaves the network, sometimes to catch criminals, sometimes to gather intelligence, sometimes just because they can.

“If you’re using Tor to buy drugs, they’re already reading your cart.”

That doesn’t make Tor useless, far from it. It remains the most powerful tool for anonymous communication ever built. But you need to treat it like a tool, not a magic cloak. Don’t log in to personal accounts. Don’t use it for convenience browsing. And for the love of privacy, don’t torrent through it. You’re not anonymous if you announce yourself.

Think of online privacy as geography: you can move the borders, but you can’t erase the map. Your data always flows somewhere. VPNs shift it from your ISP to a data centre in Iceland; Tor scatters it across the globe like confetti. The trick isn’t to vanish, but to confuse the cartographers.

That’s why some privacy advocates use both, Tor over VPN, to add layers of plausible deniability. Your ISP only sees an encrypted tunnel to a VPN, and the VPN only sees Tor traffic it can’t read. It’s not perfect, but it raises the cost of surveillance. Think of it as digging a digital foxhole: you won’t stop the artillery, but you’ll make them waste shells finding you.

You can’t buy privacy with a subscription. You earn it through behaviour, through scepticism, compartmentalisation, and the occasional act of digital disobedience. VPNs and Tor are tools, not miracles. They help you blur the line between who you are and what you do, but they won’t save you from clicking the “I Agree” button like a lab rat pressing for dopamine.

At best, they make you a ghost in the machine. At worst, they make you a slightly harder target. And in this age of dragnet surveillance and algorithmic profiling, sometimes that’s victory enough.

The Myth of Going “Off-Grid”

Every now and then, someone announces they’re “going off-grid,” as if they’re about to disappear into the digital wilderness armed with nothing but a camping stove and righteous indignation. It’s an appealing fantasy: no pings, no ads, no data trails, just you, nature, and a smug sense of superiority.

The problem is, unless you plan to live in a cave gnawing on moss, the grid will still find you.

You can ditch your smartphone, but your bank won’t stop reporting your transactions. You can pay cash, but the CCTV watching you do it will timestamp the whole affair. Even your car’s tyre sensors, bus cards, and supermarket loyalty schemes feed the hive. In the 21st century, off-grid is less a location and more a hallucination.

“You’re not off-grid, you’re just temporarily unsynced.”

There’s also the small matter of infrastructure. Modern life is built on surveillance-adjacent convenience: energy grids that balance loads via smart meters, hospitals running digital records, navigation powered by GPS. Rejecting all of it sounds noble until you remember that you quite like electricity, antibiotics, and not dying lost in a field.

Sure, you can make gestures, cash payments, Faraday bags, Linux laptops, the occasional detox week without Wi-Fi, and they help. But true invisibility now requires abstaining not just from technology, but from participation. You can’t exist in a system that logs everything without generating logs. The only way to vanish entirely is to forfeit modernity.

And even then, you’ll probably turn up on someone else’s feed. “Mystery Man in Woods Spotted for Eighth Time”, tagged, uploaded, and discussed in the comments by your neighbours. Congratulations: you’re viral.

The myth of the off-grid hero persists because it flatters our sense of agency. It lets us believe that privacy is a lifestyle choice, that you can buy it with solar panels and smugness. But privacy isn’t a state of isolation; it’s a series of boundaries you enforce while still existing in society. You don’t need to flee civilisation; you just need to confuse it.

So, stop fantasising about woodland hermitage. Accept that you are, and always will be, a blinking node in the machine. But you can make yourself an uncooperative one, encrypted, inconsistent, and gloriously unprofitable.

The goal isn’t to escape the grid. It’s to make the grid regret adding you.

Fighting AI With AI

The machines are learning, badly. They’ve been fed billions of human faces, gestures, and tweets, and still can’t tell a protester from a pedestrian with hay fever. But they are getting better, and that’s what makes this next phase of counter-surveillance so strange: we’re no longer just hiding from machines, we’re fighting through them.

“Adversarial” design, the art of confusing AI, has become a kind of digital judo. Artists and engineers are crafting patterns, patches, and pixels that make facial-recognition systems think you’re a cat, a tree, or a traffic sign. Stick the right sticker on your T-shirt and, to an algorithm, you’re suddenly a road cone. It’s ridiculous, poetic, and mildly effective, for now. The trouble is that AI adapts. The more you try to fool it, the more training data it gains, and the cleverer it gets. Resistance literally makes the machine stronger.

So we escalate. Enter the era of counter-AI: tools that use machine learning to anonymise us faster than surveillance AIs can recognise us. Apps that blur faces, distort voices, rewrite writing styles, all in real time. One AI pretends not to see you, another pretends you’re someone else. It’s a bizarre arms race where algorithms impersonate humans to hide humans from algorithms impersonating other humans.

Infrared devices add another layer of absurdity. Some privacy enthusiasts now walk around wearing LED necklaces and IR-emitting glasses that overload camera sensors. To the naked eye they look eccentric; to a CCTV feed they’re blinding white or invisible. It’s the 21st-century version of flipping the bird to a machine, only this time, the machine might actually blush.

None of it is perfect. Every trick, patch, or pattern that works today will fail tomorrow. The AI models are trained on our resistance, digesting it, improving. Every reflective hoodie and pixelated patch becomes another dataset entry labelled “non-compliant human.” The best we can do is stay one update ahead, to be the glitch, not the case study.

Still, there’s something oddly hopeful in this. Counter-surveillance has become creative again, half protest art, half arms race, entirely human. We won’t win against AI by disappearing; we’ll win by being beautifully, obstinately difficult to categorise.

The future of privacy isn’t invisibility, it’s confusion elevated to an art form.

Now, welcome to the no-man’s-land between law and logic, the murky swamp where privacy meets policy and both sides pretend to be civilised. The legal grey zone of counter-surveillance isn’t really about laws; it’s about choices and consequences. What you can technically do is not always what you should do, and what you should do is not always what you can legally get away with.

Let’s be honest: most privacy tech lives in this twilight. Encryption, masking, spoofing, cloaking, all perfectly legal in theory, until you use them in a way that inconveniences someone important. Shine a laser at a CCTV camera, and suddenly you’re “interfering with public infrastructure.” Use a signal jammer in your own home to stop your smart TV eavesdropping, and you’re “violating wireless communication law.” Hide your face in a protest? That might depend on which side of the protest you’re on.

The problem is that surveillance and legality have grown symbiotic. The same governments that insist on “transparency” from citizens often treat their own operations as state secrets. You can be filmed a hundred times a day without consent, but obscure your image once, and you’re branded suspicious. It’s not justice, it’s hierarchy.

That negotiation plays out every time you decide how much risk you’re willing to take. Run a metadata scrubber on your photos? You’ll be fine. Use a Faraday pouch to block GPS tracking? Technically fine. Blind a police drone with a laser pointer? You’re going to have a very educational day in court.

But consequences aren’t just legal, they’re social. Try wearing a reflective anti-facial-recognition mask on the Tube and see how people look at you. In a world where surveillance has been normalised as “safety,” privacy itself starts to look like deviance. Every small act of concealment, an encrypted chat, a blurred face, a masked identity, becomes a tiny political statement: I don’t consent.

This is the paradox of modern resistance: the freer you try to be, the more suspicious you appear. The state says, “If you’ve got nothing to hide, you’ve got nothing to fear.” But that’s a lie of convenience, a slogan designed to make privacy look like guilt and compliance look like virtue.

So, the legal grey zone isn’t a place you stumble into. It’s a conscious choice, a line you cross knowing exactly why you’re doing it. You don’t have to break laws to challenge systems; sometimes, simply refusing to be transparent is enough to make you a problem.

And maybe that’s the quietest, most subversive form of resistance left: to be inconveniently private in a world that has outlawed inconvenience.

Freedom still exists, it just comes with a Terms & Conditions page.

DIY Resistance and Open-Source Rebellion

If surveillance is the architecture of control, then open-source privacy culture is the graffiti scrawled across its walls, defiant, improvised, and gloriously unauthorised. These aren’t secret cells of cyber-anarchists; they’re ordinary technologists, artists, and hobbyists who simply refuse to be data livestock. Their rebellion is pragmatic: if the system insists on watching, it should at least have to sweat for it.

Some fight with code, others with art. Adam Harvey’s CV Dazzle turned makeup into camouflage; Leonardo Selvaggio offered 3D-printed copies of his own face to flood facial-recognition databases. Designers stitch adversarial prints and reflective fabrics into streetwear, turning fashion into protest. It’s privacy as performance art, messy, creative, and impossible to monetise.

Developers, meanwhile, take the quieter route. They build privacy tools that actually mean it: operating systems like Tails that forget everything when shut down, Signal for encrypted messaging, and self-hosted services like Nextcloud and Matrix that reject surveillance capitalism outright. These projects aren’t perfect, they’re occasionally clunky, occasionally break, but their imperfection is the price of independence.

Open-source privacy demands patience and curiosity. It lacks the polish of corporate platforms precisely because it doesn’t treat users as products. Behind every bug report and GitHub pull request is a small act of defiance: people choosing friction over convenience, transparency over obedience.

In a world that worships seamless tracking and frictionless consent, these volunteers keep technology slightly inconvenient, and therefore, still human.

In a surveillance economy, a rough-edged open-source app is more than software. It’s a rebellion with a command line.

The Panopticon, the Punchline, and the Point of It All

For all our talk of cameras and code, it’s worth remembering who’s really watching. Not governments, at least not most of the time, they’re amateurs compared to the corporate surveillance machine. States spy out of paranoia; corporations spy out of habit, dressed up as “personalisation.” They know when you’re hungry, bored, lonely, or two clicks away from a nervous breakdown, and they’ll monetise every one of those moods before you’ve even realised you’re in it.

It’s the Corporate Panopticon: brightly coloured, ad-funded, and utterly normalised. You don’t live under surveillance; you live inside it, scrolling, shopping, consenting. Every camera on a lamppost is matched by a hundred inside your phone. Every street map is mirrored by a behavioural map of your brain. You are the product, the test subject, and the advertisement all at once, and the only thing free about it is the Wi-Fi.

Against this, the privacy community fights an endless cat-and-mouse game. Every time someone invents a clever way to hide, encryption, Tor, metadata scrubbing, the watchers adapt, patch, and monetise around it. It’s like playing chess against an opponent who keeps stealing your pieces and selling them back to you as “premium features.” The cat learns new tricks; the mouse buys a VPN. And so the game continues, round after round, with neither side quite winning, but the mouse growing smarter and the cat getting lazier.

This isn’t a war that ends. It’s maintenance, the ongoing labour of not being completely seen. Privacy now is something you defend, not something you possess. It’s not a right, it’s a practice, like flossing, but existential.

And yet, there’s humour in it, too. The absurdity is impossible to ignore: billion-pound AI systems undone by a dab of eyeliner and a hoodie; marketing algorithms fooled by people who don’t fit into neat demographic boxes; facial-recognition cameras blinded by a bit of tinfoil and spite. If the world insists on being a dystopia, the least we can do is make it an embarrassing one.

“They’re building Big Brother, but it keeps tripping over small sisters.”

Perhaps that’s the real joy of counter-surveillance, not the illusion of victory, but the small, persistent act of resistance that makes the machine stumble. Every encrypted message, every anonymised upload, every tracker blocked or camera dodged is a reminder that you still have agency. It’s petty, it’s partial, it’s temporary, and it’s enough.

So no, you won’t win. You won’t erase your digital footprint, outsmart every algorithm, or escape every lens. But you can make yourself inconvenient. You can make the data dirty, the patterns noisy, the conclusions unreliable. You can make the panopticon squint.

And maybe that’s the point. Freedom in the 21st century isn’t about disappearing, it’s about misbehaving loudly enough that the system can’t quite predict your next move. The watchers will always be watching. Let them. Just make sure they’re wrong about what they see.

References:

Cole, D. (2014) ‘Michael Hayden: “We Kill People Based on Metadata”’, Just Security, 10 May. Available at: https://www.justsecurity.org/10311/michael-hayden-kill-people-based-metadata/ (Accessed 8 November 2025).

Foucault, M. (1975) Discipline and Punish: The Birth of the Prison. Translated by A. Sheridan. New York: Pantheon Books.

Harvey, A. (2010) ‘CV Dazzle: Camouflage from Computer Vision’. Adam Harvey Studio. Available at: https://adam.harvey.studio/cvdazzle (Accessed 8 November 2025).

Narayanan, A. and Shmatikov, V. (2008) ‘Robust de-anonymization of large sparse datasets’, in Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP’08). IEEE. Available at: https://www.cs.cornell.edu/~shmat/shmat_oak08netflix.pdf (Accessed 8 November 2025).

Sonntag, M., and Mayrhofer, R. (2021) ‘Experiences and recommendations from operating a Tor exit node at a public university’, in Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES 2021). SCITEPRESS. Available at: https://www.scitepress.org/Papers/2021/101568/101568.pdf (Accessed 8 November 2025).

Zuboff, S. (2019) The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. London: Profile Books.

Electronic Frontier Foundation (n.d.) Surveillance Self-Defense (SSD). Electronic Frontier Foundation. Available at: https://ssd.eff.org/ (Accessed 8 November 2025).

The Tails Project (n.d.) Tails. Available at: https://tails.net/ (Accessed 8 November 2025).

Malwarebytes Labs (2024) ‘Tor anonymity compromised by law enforcement. Is it still safe to use?’, Malwarebytes Labs, 19 September. Available at: https://www.malwarebytes.com/blog/news/2024/09/tor-anonymity-compromised-by-law-enforcement-is-it-still-safe-to-use (Accessed 8 November 2025).

Read more