Most people have a rough sense that their data is being collected. Fewer realise just how deep it goes — or that the laws meant to protect them have been quietly dismantled. This brief breaks it down: what's actually happening, what changed in Australia and globally, and the practical steps anyone can take to start clawing back control.
Section 01Meta Just Showed You Exactly Who They Are
On May 8, 2026, Meta removes end-to-end encryption from Instagram DMs. After that date every private message sent on Instagram can be read by Meta, scanned for ad targeting and handed over to authorities on request. End-to-end encryption means only the sender and recipient can read a message — not even the platform. Without it, that protection is gone.
Meta's own updated Terms and Conditions already grant them the right to read, copy and share private messages — including for AI training and law enforcement requests. Most users agreed to this without realising it was buried in dozens of pages of legal text.
"In 2019 Zuckerberg published a manifesto about building a privacy-focused future. Seven years later he's pulling encryption from two billion people's private messages."
The stated reason: not enough people opted in. They never made it the default, buried the setting, then blamed users for not finding it. TikTok confirmed the same week they have never offered message encryption and don't plan to. Their reasoning: it makes content easier for their teams to monitor.
Section 02Your Home Is Full of Informants
Most smart devices in a typical home are collecting data constantly. Samsung TVs use a feature called ACR — Automatic Content Recognition — which fingerprints everything displayed on screen and sells viewing data to advertisers. It is enabled by default on most models.
Smart doorbells, robot vacuums and cheap security cameras all connect to home networks and regularly send data back to manufacturer servers — often in countries with no meaningful data protection laws.
A network monitoring device like the Firewalla Gold — a small hardware device that plugs into a home router and gives real-time visibility over every connected device — reveals the full picture. Smart TVs phoning home at 2am. Apps that haven't been opened in weeks quietly checking in with remote servers. Most people have no idea what their devices are doing in the background.
- Disable ACR on Samsung TVs — found in privacy or viewing data settings
- Put smart TVs and IoT devices on a separate guest network so they can't interact with phones and computers
- Before buying a cheap security camera, research who manufactures and owns it
Section 03Australia — What Got Passed While You Were Distracted
In 2015 the Australian government passed the Telecommunications Data Retention Act — requiring every telco and ISP to store customer metadata for two years minimum. Every call, text and website visit — the time, duration, location and destination — retained on servers.
21 different agencies can access this data. Not just ASIO and the AFP but state police, ICAC and ASIC — without a warrant if they consider it reasonably necessary. ISPs are legally prohibited from telling customers if their data has been requested. Warrant canaries — the transparency signals used overseas — are banned.
The Ombudsman's own reporting later revealed a spike in metadata access requests and repeated failures by agencies to comply with the safeguards the legislation required.
Since then the Online Safety Act gave the eSafety Commissioner powers to compel content removal globally. New hate speech laws passed in January 2026 gave ASIO and ministers authority to outlaw groups and impose aggravated offences on religious figures whose speech they define as extremist.
The concern is not about supporting hate or violence. It is about scope. These laws are broad, the definitions contestable, and the infrastructure built to enforce them is the same infrastructure that can be turned toward ordinary people having ordinary conversations.
"Understanding what can be accessed — and by whom — is the first step to making informed decisions about digital communication."
Section 04The Apps Bleeding Your Data
Every app installed on a phone is a data collection agreement most users never read. Location history, contact lists, microphone access, browsing behaviour — handed over in exchange for a free service. That service is not free. The data funds an advertising industry worth trillions.
The good news: most of these services have direct private alternatives that work just as well.
| Swap This | For This | Why |
|---|---|---|
| Gmail | Proton Mail | Swiss encrypted — even Proton can't read it |
| Google Search | DuckDuckGo | No profile, no tracking |
| Chrome | Firefox + uBlock Origin | Blocks ads and trackers at source |
| Google Drive | Proton Drive | Encrypted, Swiss jurisdiction |
| Instagram DMs | Signal | End-to-end encrypted by default |
| Need anonymity | Session | No phone number, decentralised |
| Google Maps | Organic Maps | Offline, no tracking, no account |
| iCloud Keychain | Bitwarden | Open source, audited, free |
| SMS 2FA | Raivo / YubiKey | Can't be SIM swapped |
| Scattered email | SimpleLogin | One alias per site, kill if breached |
| No / patchy VPN | Mullvad | No logs, cash accepted, always on |
Section 05The Harder Part
None of this requires going off grid. Social media is where business happens, communities exist and people stay connected. That's not going to change and it doesn't need to.
The distinction worth making is between using a platform and being harvested by one. Post publicly. Build an audience. But move real conversations to encrypted apps. Isolate smart devices. Know what the law allows to be collected about you — and take reasonable steps to limit what isn't necessary.
There's also a behavioural dimension worth considering. These platforms are engineered to maximise time spent on them. The scroll, the notification, the algorithmic feed — all designed to keep attention on the platform for as long as possible, because attention is what gets sold. Being deliberate about screen time is not a wellness trend. It's a reasonable response to an industry that profits from extracting it.
Small changes compound. Start with one swap. See what feels different. Go from there.