”Between the face scan at the airport and the cookie banner you rage-clicked…” – Christina Maas describes in a recent article on ReclaimTheNet the very moment when most of us lose.(reclaimthenet.org)
Not because we’re stupid, but because the system is built on a default ”yes”.
This analysis pulls out the threads of Maas’ list: what everyday refusals really do, how the surveillance economy plays against us – and how the usual ”no thanks” response becomes a silent attack on the whole model.
”No” has been made rare – on purpose
Maas’s basic observation is sharp: control no longer comes from dark back rooms, but from bright interfaces and cheerful pop-ups.(reclaimthenet.org)
The three levers are repeated everywhere:
- Time pressure
– no time to read the conditions at the airport gate
– waiting in the back of the checkout queue while the clerk asks for a postcode
– the application refuses to proceed until you press ”Accept” - Default pressure (default pressure)
– ”This is just the way things are done nowadays”
– biometric authentication, cookie banners, ”better user experience” – all dressed up as normality
– no one reminds you that consent requires real choice - Peer pressure
– ”everyone else is doing it”
– if everyone’s face is already in the database, why are you picky?
On top of these comes the most important thing: fatigue. You’re busy, tired, sometimes just bored. A single ”ok, whatever” doesn’t seem critical – but for the data ecosystem, it’s a new piece in the puzzle.
The price of a yes answer – rights disappear by habit, not by law
Maas reminds us: every time you say yes, you don’t give up everything at once. You rent yourself out piece by piece – creating a ”behavioral map” that follows you from one service to the next.(reclaimthenet.org)
Two frightening consequences:
- Yes normalises the escape
The more people get used to having no privacy, the easier it will be for companies and authorities to later remove the choice altogether.
– first ”we recommend facial recognition for faster boarding”
– then ”this line is only for biometric users”
– finally ”no other options will be offered” - Monitoring becomes the default infrastructure
New models, such as telecom operators’ large-scale data sales and advertising networks, are no longer a marginal business – they are at the heart of the structure. When the FCC is forced to fine Verizon nearly $47 million for illegally sharing location data, we know that the problem is not a single slip-up but an entire industry logic.(Reuters)
Add to this the fact that operators such as T-Mobile opt customers in to advertising and analytics tracking by default, unless the customer goes through a multi-stage opt-out rally, and you can see the game that is being played.(Android Central)
Everyday tactics: what Maas suggests – and why they bite
The point of the article is not philosophy but practice. Maas lists concrete ways in which everyone can add friction to the wheels of the control economy. Below, the key tactics in a nutshell + a further analysis of his own.(reclaimthenet.org)
1. Break the assumption: one person, one identity, one log
The control economy thrives on consistency: same email, same phone, same login (Google, Meta, Apple login).
Tactics:
- use different email aliases for different services
- keep a separate number for bank and critical accounts only
- avoid ”Sign in with X” logins
Why does this work?
When profiles become fragmented, it becomes harder for companies to build a single, fully transparent user profile of you. Models stay rosier, the margin of error increases – and it’s right out of your pocket.(journals.uchicago.edu)
2. Updates: security yes, ”telemetry sweets” no
Maas hits the nail on the head: every ”update available” is not only a bug fix, but often also a new layer of analytics, telemetry and monitoring SDKs.(reclaimthenet.org)
Tactics:
- turn off automatic updates on your phone
- install only security updates, not the ”experience improvement” package for each application
- In Windows, connection to ”metered connection” mode → forces the system to throttle the background runtime
Plus: delaying updates slows down the spread of new tracking features, although it does not prevent them altogether.
3. Don’t register anything if you don’t have to
”Registering” a new device is often just a way to permanently link a serial number to your personal data.
Tactics:
- do the first deployment offline
- leave the manufacturer’s registration forms cold and unfilled
Why: it’s much harder to link an unregistered serial number to personal data – especially if you don’t push the same email everywhere.
4. The deadly simple question, ”Is this compulsory?”
This is perhaps the most underrated, but most powerful weapon in the article.
Use whenever a form is greedy for data:
- HR papers from the workplace
- medical information forms
- school or nursery forms
- leases
- customer service ”security issues”
Question:
”Is this field mandatory or can I leave it blank?”
Surprisingly often the answer is: ”It’s not really compulsory, but we usually…”
This is not activism, but a peaceful drawing of boundaries. When unnecessary fields are left empty, the one-off data format becomes much less useful.
5. ”Public device” – cheap decoy identity
Maas suggests a separate ”public use” device: an old phone or tablet used only for public Wi-Fi, QR codes, event apps and travel junk.
No real accounts, no banks, no private emails are ever recorded.
The result: the action signal collected at public events doesn’t connect directly to the real you – just to that one bad Android wall that looks like a ”scattered tourist” to everyone.
6. QR codes, ”handy” self-service checkouts and cameras
The vast majority of ”convenient” QR codes are only convenient for one party – the one receiving the analytics. The same applies to self-service checkouts, which capture the face and movements of the customer in real time.
Tactics:
- ask for a paper ticket, physical ticket, printed programme
- use a human cashier rather than a camera-equipped self-service system
- cover the camera if necessary (and see what the POS system does when the feed goes black)
Every ”glitch” breaks the data stream – and makes it more unreliable.
7. Telecom operators and ISPs – the silent advertising machine
The article also reminds you that your online connection is selling you as a side business, unless otherwise specified.
In the US examples, AT&T, Verizon and T-Mobile do offer opt-out settings for advertising and analytics monitoring – but they are buried deep in the account settings, and the starting point is always opt-in.(verizon.com)
When these practices go far enough, the consequences are eventually so drastic that the authority has to step in – as the FCC’s nearly $200 million fine on large operators for illegally selling location data shows.(Reuters)
Tactics:
- log in to your operator’s customer account and search for the words ”advertising”, ”analytics”, ”CPNI”, ”do not sell or share”
- turn everything off
- from time to time, as regulations and contract terms change
Creative workarounds: false answers and profiles as ”containers of refusal”
Maas highlights two additional measures that sound small but are statistically poisonous to control models.(reclaimthenet.org)
- Litter information for volunteer fields
– postcode, income bracket, interests, ”demographic information”
– when the field is not contractually related to anything critical, it is fuel for advertising models – no identity verification
– it’s a place for creative imagination - Browser profiles as ”vessels of refusal”
– separate profiles for work, shopping, social and travel
– each profile maintains its own cookie and tag set → harder to build one super profile
– in effect, you create a virtual ”public space device” on your desktop too
Where do you draw the line? Realism vs. maximum OPSEC
The honest problem: if you try to follow every single tip at once, life quickly becomes a full-time security project.
Therefore, this should be seen as a priority list, not a complete check-list:
- Critical services – banking, email, main communication
→ separate email + strong password + 2FA (preferably non-SMS) - Operator and internet connection
→ go through all the opt-out settings once and for all - Biometrics
→ be the first to oppose anything where your face or voice is stored in permanent databases (bank, airline, government channels) - A little rebellion in everyday life
→ ask ”do I have to?”, leave the postcode blank, ask for a paper form, choose manual checkout
The goal is not complete invisibility, but incompatibility: you are just that much of a difficult profile to build a perfect behavioural model of.
Why does all this irritate the system?
The surveillance economy is essentially a prediction industry: the more accurately you can predict, the easier it is to manipulate, segment and package you to sell to advertisers or political campaigns.(journals.uchicago.edu)
Kun:
- identities are fragmented
- there is a shortage of forms
- biometric data will never end up in the register
- the operator must not sell your traffic data
- wrong postcodes and income brackets spoil advertising profiles
…the models start to leak. Forecasting becomes less accurate, targeted advertising is wasted, and the ”perfect user experience” starts to crack.
It is not a revolution. It’s not in the headlines. It’s where it should be: in the bottom line and in the accuracy of models.
And that is why every silent ”no” is valuable. It’s not just a personal limitation, but a small glitch in a machine built on the assumption that you always press ”I agree”.
📚 Sources
- Christina Maas: How to Say No: Everyday Tactics to Take Back Your Privacy – Reclaim The Net
https://reclaimthenet.org/how-to-say-no-everyday-tactics-to-take-back-your-privacy(reclaimthenet.org) - Reclaim The Net homepage (as a background to the ongoing monitoring of surveillance and censorship developments)
https://reclaimthenet.org/(reclaimthenet.org) - Wikipedia: Customer proprietary network information (CPNI) – telecoms data regulation in the US
https://en.wikipedia.org/wiki/Customer_proprietary_network_information(Wikipedia) - Cape: How to Opt Out of Data Sharing with AT&T, Verizon, and T-Mobile
https://www.cape.co/blog/how-to-opt-out-of-data-sharing(Cape) - Reuters: US court upholds Verizon $46.9 million fine over location data
https://www.reuters.com/legal/litigation/us-court-upholds-verizon-469-million-fine-over-location-data-2025-09-10/(Reuters) - Android Central: It’s time to check your T-Mobile privacy settings again
https://www.androidcentral.com/phones/carriers/its-time-to-check-your-t-mobile-privacy-settings-again(Android Central)