Skip to main content

Why Financial Privacy Matters?

Your online behavior is the raw material from which one of the biggest economies in the history of the world has been built.

The internet has developed into an infrastructure where it’s pretty much possible to find out anything about anyone, any time. And this isn’t merely theoretical speculation, but a possibility that’s exploited every day. Surveillance has become the motor for the World Wide Web. Mapping everyone on Earth has produced one of the fattest cash cows in world history. This may sound a bit exaggerated coming from a company offering services for online privacy, but the fact is that this is what the harsh reality looks like. Every step we take is fed into huge systems where AI and machine learning is used to register, categorize and calculate what we’ll do next.

Metadata: Exposing a Person Without Content

> “Give me enough metadata, and I can kill.” > — Former NSA Director Michael Hayden

Metadata DimensionInferred InformationReal Cases
Transaction Time + Device IPHome city, travel frequency, daily routineIn 2020, ProPublica solved a case using public blockchain data: A hacker often transferred funds between 08:00–10:00 UTC when out for coffee.
Recipient Address + Transaction IntervalSocial network, company payroll datesSwiss PostFinance used Bitcoin UTXO mapping to infer a mining company’s payroll and denied them an account.
Credit Card MCC + LocationHealth status, political inclinationsIn 2022, a U.S. insurance company identified “organic grocery + gym” customers as low-risk policyholders.

When all metadata converges into a single dataset, an individual's life is dissected into a colorful spectrum. Without communication content, one can still pinpoint when, where, and why you spend money.

Surveillance Capitalism: How Tech Giants Monetize "Residual Behavior"

Shoshana Zuboff's revelations in The Age of Surveillance Capitalism summarize a three-step cycle:

  1. Behavioral Surplus — User clicks, browsing time, and accidental taps are all collected.
  2. Prediction Products — Behavioral surplus is packaged and sold to advertisers, banks, and insurers.
  3. Outcome — Companies not only predict but begin to manipulate users’ future behavior.
“Google understood early on that directly extracting your experience and feeding it into their production chain would never be welcomed by the public.
Therefore, they had to hide the machines behind a one-way mirror—that’s the essence of ‘surveillance.’”
— Shoshana Zuboff, Interview with Incite Magazine

Commercial Surveillance: Data as Oil, Behavior as Currency

  1. Behavioral Profiling

    Payment networks like Visa, Mastercard, Alipay, and Stripe collect data on every transaction—including time, location, amount, and product category.
    This data is packaged by data brokers (Acxiom, Experian) and sold to advertisers, insurance companies, and credit agencies.
    Outcome: Your credit card interest rates, airline ticket prices, and even job listings may be dynamically priced based on your profile.

  2. Financial Black-Box Scoring

    Facebook's "hidden credit score" experiment, the U.S. FICO 9 model, and China’s Momo/Alipay-based "beauty loan" scoring.
    No appeal channels—algorithmic misclassification can lead to denied loans, housing, and job opportunities.

  3. On-Chain Analytics Industry

    Companies like Chainalysis, Elliptic, and TRM use network mapping to track all public blockchain transactions.
    Their clients include law enforcement agencies and banking compliance departments; even a routine transfer could be flagged as “high risk,” leading to account freezes without explanation.

The Real Cost of Losing Financial Privacy

  1. Small Businesses: Algorithmic Misjudgment in 48 Hours

    Berlin café owner Sophia was flagged by Chainalysis because one of her suppliers had previously sold data on the darknet. Her Binance exchange account was frozen instantly, locking five years of savings. The appeal process took two months—rent was overdue, and the café shut down.

  2. Dissidents: Public Ledgers as Target Lists

    Belarusian journalist NEXTA anonymously crowdfunded Bitcoin for protests. Authorities traced transactions on-chain and arrested 45 fund contributors at border crossings. If XMR had been used, transactions would have been mixed and amounts concealed, drastically reducing targeted arrests.

  3. Ordinary Citizens: The Domino Effect of a Misfilled Form

    The Dutch child welfare system used an algorithm to detect “suspected fraud.” Over nine years, 26,000 families were falsely accused, facing tax repayment and fines, leaving many bankrupt. A key factor? Bank transaction remarks containing “tutoring fees.” Without financial privacy, algorithms become judges.

USA: with the capacity and experience of monitoring the entire population of the world.

There’s a problem with reporting the mass surveillance carried out by countries like the USA (at least if you want to stick to proven facts): they aren’t very happy about you talking about it. Of course there are exceptions. Like when self-satisfied managers like the CIA’s chief technology officer Ira ‘Gus’ Hunt give presentations and boast to journalists about how “we try to collect everything and hang onto it forever”. Or when a senior Defense Department official explains that not even the Pentagon’s employees can expect to have their privacy respected: “We want our people to understand: they should make no assumptions about anonymity. You are not anonymous on this planet at this point in our existence. Everyone is trackable, traceable, discoverable to some degree”.

And sometimes a building says more than a thousand words, like when the NSA constructs enormous server halls out in the Utah desert to store data.

But to get mass surveillance down in black-and-white, to produce hard facts and figures, it requires brave whistleblowers like Edward Snowden. It’s only through this type of hero that we get an insight into what’s actually going on. Even now we still don’t have better answers than what Snowden gave us in 2013. We’d hoped for change in the wake of his revelations, but unfortunately they’re still relevant today, so that’s where we’ll start.

Snowden's revelations showed that American authorities were monitoring hundreds of millions of people all over the world – every day.

American mass surveillance is possible thanks to Section 702 of the Foreign Intelligence Surveillance Act (FISA), a law that the USA renews every five years. Section 702 is the key to why American authorities need no court decisions to monitor people. The law came into being on the pretext that terrorists were being tracked after the 9/11 attacks, and would ‘only’ refer to eavesdropping on non-American citizens, but as the law is written and as the internet is constructed, in practice it means surveillance of both foreign and American citizens. When Snowden’s revelations emerged, it also turned out that it wasn’t just being used against people suspected of a crime, but that the American administration was carrying out mass surveillance of millions of people. Other documents that Snowden leaked demonstrated how the National Security Agency (NSA) had the capacity to monitor essentially every person on the planet, and that they weren’t saving their powder: the documents showed, amongst other things that they collected 200 million text messages from different parts of the world – every day.

Using the program Xkeyscore, the NSA’s analysts had access to a database covering “nearly everything a typical user does on the internet”. This included both direct data like emails in people’s inboxes, chat conversations and private messages on Facebook. But also things categorized as metadata; search histories and exactly what sites millions of people were visiting. Using XKeyscore the analysts could also do searches on people’s internet behavior – entirely without judgments from either a court or even a superior inside the NSA. Either via a hard search: for example through an IP address or email address, which could give them access to virtually everything a specific person did online. Or via a soft search: a search for a keyword or phrase, which could give them lists of people with a particular internet behavior. Snowden showed the world how easy it was for the NSA to search in XKeyscore and how much they could get out from the program. But where did all the data come from?

Section 702 contains two parts that give American authorities such as the FBI, CIA and NSA access to enormous quantities of data, and they go by the names of PRISM (downstream) and Upstream.

PRISM means that they have the right to demand data from American companies without a court decision. When the authorities have free rein to request information from the world’s biggest tech companies, it’s not surprising that it ends in mass surveillance. But Snowden revealed that the situation was even worse. The leaked documents revealed that the authorities didn’t even need to request the material, but that they more or less had direct access to the tech companies’ systems and servers. As Snowden wrote in his book Permanent Record: _”_PRISM enabled the NSA to routinely collect data from Microsoft, Yahoo!, Google, Facebook, Paltalk, YouTube, Skype, AOL, and Apple, including email, photos, video and audio chats, Web-browsing content, search engine queries, and all other data stored on their clouds.”

Of course all the tech companies on the list denied that the FBI, CIA and NSA had direct access to systems and servers. Which maybe wasn’t all that strange, because the law can actually mean that it’s illegal for the companies to admit their involvement.

The systems reacted to keywords such as 'anonymous internet proxy' or 'protest'. There, algorithms decide which of the agency's exploits – malware programs – to use against you. Once the exploits are on your computer, the NSA can access not just your metadata, but your data as well. Your entire digital life now belongs to them.

Edward Snowden

While PRISM gave the NSA the right to demand data from American companies such as Microsoft, Facebook and Google, Upstream gave them the right to directly connect to the backbone used by American telephone and internet service providers. This involved major American telecoms companies such as AT&T but also the world’s biggest router manufacturers, who built monitoring for the NSA into their products. Snowden again:

“Upstream collection, meanwhile, was arguably even more invasive. It enabled the routine capturing of data directly from private-sector internet infrastructure – the switches and routers that shunt internet traffic worldwide, via the satellites in orbit and the high-capacity fiber-optic cables that run under the ocean.”

It would take a lot to prevent global internet traffic from traveling via American servers, cables and services. That’s how the digital infrastructure and power relationships are constructed. In principle, PRISM and Upstream therefore gave the American authorities the possibility of monitoring every person on the globe. Snowden showed that they could search people’s history, but also monitor them in real time. Handling that quantity of data required sorting, which was done via the TURMOIL and TURBINE programs. In Permanent Record, Snowden wrote:

“You can think of TURMOIL as a guard positioned at an invisible firewall through which internet traffic must pass. Seeing your request, it checks its metadata for selectors, or criteria, that mark it as deserving of more scrutiny. Those selectors can be whatever the NSA chooses, whatever the NSA finds suspicious: a particular email address, credit card, or phone number; the geographic origin or destination of your Internet activity; or just certain keywords such as ‘anonymous internet proxy’ or ‘protest’. If TURMOIL flags your traffic as suspicious, it tips it over to TURBINE, which diverts your request to the NSA’s servers. There, algorithms decide which of the agency’s exploits – malware programs – to use against you. Once the exploits are on your computer, the NSA can access not just your metadata, but your data as well. Your entire digital life now belongs to them.”

Snowdens whistleblowing revealed that the American authorities were eavesdropping on people’s conversations, reading their messages and even looking right into their homes via cameras in computers and mobile phones. And yet it’s common for states carrying out mass surveillance to deny it and try to hide behind the phrase ‘we only collect metadata’. As if that wasn’t enough. American cryptographer and security expert Bruce Schneier describes it as follows in his book Data and Goliath:

“In a text message system, the messages themselves are data, but the accounts that sent and received the message, and the date and time of the message, are all metadata. An e-mail system is similar: the text of the e-mail is data, but the sender, receiver, routing data, and message size are all metadata. Metadata may sound uninteresting, but it’s anything but. Collecting metadata on people means putting them under surveillance. Eavesdropping gets you the conversations. Surveillance gets you everything else. Metadata reveals our intimate friends, business associations. It reveals what and who we’re interested in and what’s important for us, no matter how private.”

Metadata includes all the websites you visit and your entire search history, and when you realize that, the ‘we only collect metadata’ defense suddenly becomes very thin. Stewart Baker, former general counsel for the NSA, expressed this clearly: “Metadata absolutely tells you everything about somebody’s life. If you have enough metadata you don’t really need content.” .

For example, metadata can be used to identify journalists critical of the American mass surveillance apparatus. Two of them are Laura Poitras and Glenn Greenwald, the journalists Snowden reached out to when he decided to blow the whistle. Snowden chose them because they had already criticized the NSA and had suffered personal consequences as a result. When he handed over the documents to them, in that Hong Kong hotel room, it was revealed that the NSA partner GCHQ had been monitoring journalists from the New York Times, Le Monde, and the Washington Post, among others, and classified investigative journalists as a threat equal to terrorists and hackers.

The fact that the NSA was monitoring journalists wasn’t particularly surprising. The American surveillance apparatus wasn’t merely eavesdropping on terrorists and criminals. They were also carrying out industrial espionage and monitoring human rights organizations like Amnesty and Human Rights Watch. They weren’t simply listening to hundreds of millions of Americans, but for example also captured 70 million French phone calls per month. And of course the system was used to monitor politicians and world leaders.

We haven’t been able to get as good an insight into how the American authorities work since Snowden’s revelations. We don’t know exactly how they carry out mass surveillance today. But Section 702 has been extended. And every year since 2013, more and more information has emerged about how the NSA, CIA and FBI are sticking to their tactics of not merely monitoring suspects, but carrying out mass surveillance of the entire population.

End-to-end-encryption was a pipe dream in 2013. An enormous fraction of global internet traffic traveled electronically naked. Now, it is a rare sight. But the capabilities governments had in 2013 seem like child's play compared to today.

Edward Snowden

In 2017, we all got a new insight into the American mass surveillance apparatus. The leak was far from as comprehensive as Edward Snowden’s, but it was clear that these activities were still continuing when Wikileaks revealed that the CIA had hacked into people’s phones, computers and TVs to carry out mass surveillance. And this time, not even the commercial partners denied it: “If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition”, as Samsung expressed it.

The quote could have come directly from George Orwell’s 1984 dystopia, with its telescreens that both sent out propaganda and listened to the population.

In 2023, Snowden gave his picture of how the world had changed, ten years after he had become a whistleblower. He spoke about how his revelations had made the tech companies introduce end-to-end encryption and that in many ways it’s no longer as easy for authorities to simply eavesdrop on all internet communication. At the same time, the technical skill and development have advanced enormously, even on the other side. As Snowden expressed it:

“If we think about what we saw in 2013 and the capabilities of governments today, 2013 seems like child’s play. The idea that after the revelations in 2013 there would be rainbows and unicorns the next day is not realistic. It is an ongoing process. And we will have to be working at it for the rest of our lives and our children’s lives and beyond.”

The tenth anniversary of Snowden’s revelations received widespread attention, and the majority of sources were in agreement that global mass surveillance has certainly not ceased, merely found different approaches.

It has emerged that organizations including the FBI and other three-letter agencies have purchased collected data from data brokers. But why do American agencies, who already have an exemption allowing them to monitor people without a court order, buy data from data brokers? Well, for a start, when they buy data, they needn’t claim that American citizens “happened to be caught up in surveillance of foreign threats”. It’s likely also true that commercial data collection has become so widespread and so invasive that it’s cheaper and more convenient for the agencies to simply purchase the data rather than doing the job themselves. As one consultant for the American government put it, in an article about how the American agencies used data collection via apps to track some of Putin’s closest entourage: “The advertising technology ecosystem is the largest information-gathering enterprise ever conceived by man.”
Or as Michael Morell, former director of the CIA, put it:
“The information that is available commercially would kind of knock your socks off. If we collected it using traditional intelligence methods, it would be top secret-sensitive. And you wouldn’t put it in a database, you’d keep it in a safe.”

The reason why the CIA had been forced to keep it secret, if they had collected it themselves, is obvious – the agency isn’t permitted to carry out this type of data collection according to the American Constitution (although they still do it anyway via the Section 702 exemption to the Foreign Intelligence Surveillance Act).

In recent years, the fact that American agencies have purchased large quantities of data from data brokers has contributed to an increasingly heated discussion about Section 702 – the law that the Americans extend every five years which makes it possible for their agencies to carry out mass surveillance without a court order. Senator Ron Wyden has been one of the most voluble critics and has urged the government that it “should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical but also illegal.”

The debate became a hot topic in 2023 when it was once again time to renew Section 702 for a further five years. The House of Representatives failed to pass the extension bill on three occasions and was forced to delay the decision until spring 2024. At the same time, amendments to the law were suggested. The biggest proposed amendment would force agencies to have court approval before they were able to monitor American citizens. Another proposal would prevent the NSA from carrying out ‘abouts collection’ – in other words monitoring aimed not just at people communicating with surveillance targets, but also involving communications where the target has merely been mentioned.

In other words, a minor storm erupted about the latest extension of Section 702, indicating deeper awareness of and broader skepticism to American mass surveillance. But how did it end? Well ultimately both the House of Representatives and the Senate still voted an extension through – but following the debate in the House of Representatives, the extension will only run for two years instead of the normal five. This shorter extension could have been seen as a step in the right direction if it wasn’t for the fact that an expansion of the law was also voted through at the same time. Because despite all the protests and debates in the House of Representatives, when the extension was passed the majority in both the House of Representatives and the Senate had no problem expanding the list of companies that, according to the law, can be forced to collaborate with government agencies and their mass surveillance of the population. The definition of organizations that must permit surveillance is now so broadly described that it could even include anyone with physical access to a target’s communications infrastructure, such as routers. Senator Ron Wyden called the expansion “dramatic and terrifying.” Edward Snowden commented on the issue by stating: The NSA is taking over the internet.” Instead of a step in the right direction, the exemption became more invasive than ever.

“Privacy is the fountainhead of all other rights. Freedom of speech doesn’t have a lot of meaning if you can’t have a quiet space, a space within yourself.”

What Shoshana Zuboff is talking about is resistance that must come now, before it’s too late. This is an important point. Because the infrastructure built today will be used by future governments. Because we don’t know who will be coming to power. And because this type of surveillance society tends to come creeping in, hidden from the masses. Function creep is total in this area. As we all know, the road to hell is paved with good intentions and it’s difficult to detect the bigger picture when it’s being laid out one small jigsaw piece at a time. Every obscure small law that’s introduced may not represent a catastrophe, but together they’re taking us in the wrong direction. And the ultimate destination is crystal-clear: when a country has introduced total mass surveillance, people begin self-censoring. When they can’t be sure whether or not they’re being monitored, they hold their tongues. In a Ted Talk, Glenn Greenwald, one of the journalists who met Edward Snowden in that Hong Kong hotel room and helped him get the word out, explains exactly how self-censorship is a highly developed control method that’s been used for several hundred years.

“In the 18th-century philosopher Jeremy Bentham set out to resolve an important problem […] for the first time, prisons had become so large and centralized that they were no longer able to monitor and therefore control each one of their inmates. He called his solution the panopticon […] an enormous tower in the center of the institution where whoever controlled the institution could at any moment watch any of the inmates. They couldn’t watch all of them at all times, but the inmates couldn’t actually see into the panopticon, into the tower, and so they never knew if they were being watched or even when. This made Bentham very excited. The prisoners would have to assume that they were being watched at any given moment, which would be the ultimate enforcer for obedience and compliance. The 20th-century French philosopher Michel Foucault realized that the model could be used not just for prisons but for every institution that seeks to control human behavior: schools, hospitals, factories, workplaces. And what he said was that this mindset, this framework discovered by Bentham, was the key means of societal control for modern, Western societies, which no longer need the overt weapons of tyranny – punishing or imprisoning or killing dissidents, or legally compelling loyalty to a particular party – because mass surveillance creates a prison in the mind that is a much more subtle though much more effective means of fostering compliance with social norms or with social orthodoxy, much more effective than brute force could ever be.”

In the same TED talk, Greenwald also talked about the cooling effect that mass surveillance has on society:

“When we’re in a state where we can be monitored, where we can be watched, our behavior changes dramatically. The range of behavioral options that we consider when we think we’re being watched severely reduce. This is just a fact of human nature that has been recognized in social science and in literature and in religion and in virtually every field of discipline. There are dozens of psychological studies that prove it.”

Shoshana Zuboff:

“Privacy rights enable us to decide what is shared and what is private. These systems are a direct assault on human agency and individual sovereignty as they challenge the most elemental right to autonomous action. Without agency there is no freedom, and without freedom there can be no democracy.”

Edward Snowden:

“Privacy is what gives you the ability to share with the world who you are on your own terms for them to understand what you’re trying to be and to protect for yourself the parts of you that you’re not sure about that you’re still experimenting with. If we don’t have privacy what we’re losing is the ability to make mistakes we’re losing the ability to be ourselves. Privacy is the fountainhead of all other rights. Freedom of speech doesn’t have a lot of meaning if you can’t have a quiet space, a space within yourself, within your home to decide what it is that you actually want to say.”

It’s actually quite simple. Either we have a society where people have the right to their own thoughts, their own private conversations and space to test out their ideas. A free society, where development and change are possible. Where power can be challenged, examined and replaced. Or we have a closed society where you never know whether or not you’re being watched. Either we continue step-by-step towards undemocratic societies. Or we instead try to uphold Article 12 of the universal Declaration of Human Rights: “No one shall be subjected to arbitrary interference with his privacy”.

When you say you have nothing to hide, you’re making a bet that you never will have in a system that changes but never forgets.

The foundation of a democratic society is that its citizens have the right to personal privacy. But let’s say that you still think mass surveillance is okay, because ‘you have nothing to hide’. The problem with ‘nothing to hide’ is that it’s not an unchanging status. Just ask the women living in US states who thought they had nothing to hide – until the law was changed overnight and it was no longer legal for them to have an abortion.

Glenn Greenwald was one of the journalists who helped Edward Snowden get the word out. In a Ted talk entitled Why Privacy Matters, he illustrated how mass surveillance takes no account either of changes in those in power or those being monitored.

“When you say, ‘somebody who is doing bad things’, you probably mean things like plotting a terrorist attack or engaging in violent criminality. A much narrower conception of what people who wield power mean when they say ‘doing bad things’. There’s an implicit bargain that people who accept this mindset have accepted, and that bargain is this: if you’re willing to render yourself sufficiently harmless, sufficiently unthreatening to those who wield political power, then and only then can you be freed of the dangers of surveillance. It’s only those who are dissidents, who challenge power, who have something to worry about. There all kinds of reasons why we should want to avoid that lesson as well. You may be a person who, right now, doesn’t want to engage in that behavior, but at some point in the future you might. Even if you’re somebody who decides that you never want to, the fact that there are other people who are willing to and able to resist and be adversarial to those in power – dissidents and journalists and activists and a whole range of others – is something that brings us all collective good that we should want to preserve.”