• Continuous radiofrequency emission against or near the body (Bluetooth, BLE, cellular)
• Biometric data transmitted to cloud servers controlled by third parties
• Terms of service that permit data sharing with "partners," insurers, research entities, or government agencies
• HIPAA does not apply — consumer wellness apps and devices are not covered entities
• No informed consent disclosure about who receives the data, for how long, or for what purpose
• No off switch — "airplane mode" does not stop local processing and logging

Biometric

Metabolic / Glucose

• Apple Watch / Samsung Galaxy Watch — HR, HRV, ECG, SpO2, skin temp
• Garmin / Polar — HR, HRV, VO2 max, stress
• Whoop 4.0 — continuous HR, HRV, skin conductance
• Oura Ring — sleep staging, temp, HRV, SpO2
• KardiaMobile (AliveCor) — at-home 6-lead EKG, transmits to cardiologist portal
• Withings BPM — wireless BP cuff, cloud sync
• Dexcom G7 / Libre 3 — continuous glucose, real-time transmission
• Levels / Nutrisense — CGM + metabolic coaching app
• Lumen — breath ketone sensor, syncs macro recommendations
• BIOSENSE — ketone breath meter with cloud logging
• Eversense E3 — implanted sub-dermal CGM (90-day implant)

AoScan, Zito Scan, and similar bioresonance devices market themselves as reading the body's electromagnetic frequencies and broadcasting corrective signals. The diagnostic accuracy of these devices has not been independently validated — the same scan of the same person on the same day can produce different outputs, and no peer-reviewed evidence confirms that outputs correlate with any externally verifiable physiological state.

What is true regardless of diagnostic validity: these devices collect body-proximate data, connect to cloud platforms, and in many cases are deployed through MLM-structured practitioner networks that aggregate data across users. The technology occupies the same IoB architecture as medical-grade wearables. The wellness framing does not change the data harvesting function.

The camera is the most normalized biometric collection device in existence. iCloud Photos, Snapchat, Instagram, and TikTok are not photo-sharing platforms. They are facial recognition training and data collection systems that you opt into voluntarily and use enthusiastically.

Your face is permanent biometric data that cannot be changed. Every image uploaded to a cloud platform — yours, or someone else's photo of you — contributes to a recognition model. This is Tier 1 IoB operating through every smartphone, school, and government system on the planet. No wearable required.

• iCloud Photos uses on-device machine learning (Apple's Visual Intelligence) to build facial recognition models — first applied to sort your photos, then shared with Apple's broader ML infrastructure when iCloud sync is enabled. Every face tagged in your library trains the model.
• Snapchat and Instagram filters require real-time 3D facial mapping to apply augmented reality effects. This is the same facial geometry technology used in biometric identity systems. The data generated during filter use — facial geometry, expression mapping, depth data — is processed on-device and in many cases transmitted to servers for model improvement per terms of service.
• Apps with face scanning — makeup try-on apps, age prediction apps, "how old do you look" apps, health apps that claim to read skin or eye condition from photo — all require facial geometry data. Many are operated by third parties with no transparency about data retention or secondary use.
• ID.me and government biometric verification — IRS, state unemployment systems, and other government agencies now use ID.me facial recognition for account verification. This creates a direct link between facial biometric data and government identity records. The private company (ID.me) holds the biometric data; the government holds the record association.

• Calm: 100 million+ downloads. Calm's privacy policy permits sharing data with "service providers, business partners, and affiliates." In 2020, Calm raised $75 million with investment from TPG, a major private equity firm. The data asset — sleep patterns, stress levels, mood tracking, session frequency — is part of the company's valuation. Calm has partnerships with Delta Airlines, American Express, and enterprise wellness programs, meaning employee usage data may flow back to employers through platform integrations.
• Headspace: merged with Ginger (mental health coaching platform) in 2021 to form Headspace Health. The combined entity offers both consumer meditation and employer-sponsored mental health benefits — creating a direct pipeline from personal mindfulness practice data to employer-purchased wellness platforms. Headspace Health's B2B clients include major corporations and health insurers.
• Insight Timer: tracks meditation session frequency, duration, content type, and community engagement. The platform's social features mean your practice habits are visible to other users and to the platform for behavioral modeling.
• What these apps collect beyond session data: sleep schedule (inferred from sleep meditation timing), stress level (inferred from content selection and frequency), relationship status and life events (content category engagement), location, device type, and in apps with mood check-ins — self-reported mental health status that falls outside HIPAA protection.

Apps delivering binaural beats, isochronic tones, solfeggio frequencies, and similar audio content collect behavioral data that reveals neurological and emotional state in ways users do not anticipate:

• Content selection reveals targeted state: a person repeatedly choosing delta (0.5–4 Hz sleep induction) content reveals chronic sleep disruption; repeated theta (4–8 Hz anxiety/trauma processing) reveals emotional dysregulation; high-beta (stress relief) content frequency reveals chronic stress load
• Session timing, duration, and repetition patterns reveal behavioral rhythms — when the person can't sleep, when anxiety peaks, what time of day the nervous system is most dysregulated
• Platforms like Brain.fm (AI-generated focus music) and Endel (adaptive soundscapes) use physiological input from connected wearables to adapt audio in real time — creating a closed-loop biometric feedback system between HRV/heart rate data and the audio output, with all data retained
• YouTube: the largest binaural beats and frequency content library in the world. Every video watched, rewatched, paused, and exited is logged under your Google account. Google's ad targeting system uses this viewing history to infer health and psychological status — and to target accordingly

Consumer frequency generator devices — Spooky2, TrueRife, BioCharger, AmpCoil, and similar — vary in their connectivity and data collection:

The wellness intent is genuine. The data architecture underneath it is the same as any other IoB device: usage patterns reveal health status, behavioral rhythms, and psychological state to third parties who were not disclosed at point of purchase.

• App-connected devices (BioCharger, AmpCoil) require smartphone apps that log session data, frequency selections, and usage patterns to cloud accounts. Session logs reveal what conditions the user is addressing, how frequently, and with what protocols — a detailed health history outside any clinical or privacy framework.
• MLM-distributed devices (many bioresonance and frequency devices) are sold through practitioner networks that aggregate client data across the distribution network. The company at the top of the MLM structure has access to usage data from every device in the field.
• Spooky2 (the most widely used consumer Rife platform) operates through desktop software that connects to online frequency databases. Usage logs, frequency selections, and session data are transmitted to Spooky2 servers in China.

• Lab companies: Quest Diagnostics and LabCorp process the majority of US clinical lab work. Both have experienced major data breaches — Quest's 2019 breach exposed 11.9 million patient records including banking information; LabCorp's same-year breach affected 7.7 million. Lab data is stored in corporate systems, shared with ordering providers, and transmitted to insurers for claims processing.
• Insurance underwriting: lab results submitted through health insurance claims become part of the insurer's actuarial database. Patterns across lab values — metabolic markers, hormone levels, inflammatory markers — inform risk scoring. Life insurance and disability insurance companies can request lab history as a condition of coverage.
• Third-party lab aggregators: platforms like Function Health, Levels, and InsideTracker offer comprehensive lab testing with app-based results and longitudinal tracking. These platforms retain the full dataset — every biomarker, every draw date — in proprietary databases. Their business model depends on the data asset, not just the subscription fee.
• Direct-to-consumer labs (Ulta Lab Tests, Walk-In Lab, Any Lab Test Now): orders placed without physician involvement are not automatically submitted to insurance — but the lab company retains the data and its privacy policy governs secondary use. Many permit sharing with "research partners."

Consumer DNA testing companies (23andMe, AncestryDNA, MyHeritage, FamilyTreeDNA) have collected genetic data from over 30 million people. This data is permanent, familial, and irreversible. Key facts that are not disclosed at the point of spit-in-a-tube consent:

The 23andMe bankruptcy is not an edge case. It is the preview. Every consumer DNA company will eventually be acquired, merge, go bankrupt, or be compelled by law. The genetic data follows the corporate transaction. You signed away the right to control it the moment you mailed the tube.

• Research opt-in defaults: 23andMe and AncestryDNA default-enroll customers in research data sharing unless they actively opt out. Opted-in data is shared with pharmaceutical research partners including GlaxoSmithKline (23andMe had a $300M partnership). De-identified genetic data from millions of people is in pharmaceutical research pipelines.
• Law enforcement access: FamilyTreeDNA voluntarily cooperated with the FBI to allow searches of its database for criminal investigations — without customer consent or court order. GEDmatch (genealogy database) was used to identify the Golden State Killer — law enforcement uploaded a crime scene DNA profile and searched for relatives in the consumer database. Your DNA in a consumer database makes you searchable by law enforcement, even if you are not a suspect, because your relatives' DNA identifies you.
• What your genome reveals: disease predispositions (BRCA1/2 for breast/ovarian cancer, APOE4 for Alzheimer's), pharmacogenomics (how you metabolize medications), ancestry and ethnic background, paternity, undisclosed family relationships, and traits that have not yet been discovered — because the genome is being interpreted with tools that will be more powerful in the future than they are today. What is in your genome file today will reveal more in 20 years than it does now.
• Family exposure: your DNA test reveals partial genetic information about every biological first, second, and third-degree relative you have — people who never consented to testing. A child's DNA is partially reconstructable from a parent's test. A sibling's predispositions are partially inferred from yours. Genetic testing is not individual consent — it is consent on behalf of your entire biological family.

• Normative databases: Most clinical qEEG providers contribute patient data to normative databases — BrainMaster, Neuroguide, LORETA, the EEG Institute database — that aggregate thousands of individual brain maps. Consent is typically buried in the intake paperwork. "De-identified" data is included in research publications and shared with academic institutions worldwide. The de-identification is a legal designation: a brain map combined with age, sex, and diagnosis is re-identifiable.
• Insurance records: Any qEEG submitted for insurance reimbursement enters the insurer's data infrastructure — accessible to parent companies, reinsurers, and data brokers that purchase claims data. A neurological diagnosis attached to a child's record follows them through every insurance product they will ever apply for.
• Research partnerships: Clinics affiliated with universities or research networks (including many neurofeedback and integrative medicine practices) operate under IRB protocols that permit de-identified data sharing with partner institutions globally. "Shared for research purposes" means shared with researchers in any country whose institution has an IRB agreement. There is no geographic limit.
• Device company servers: qEEG hardware and neurofeedback software companies (BrainPaint, BrainAvatar, Myndlift, Emotiv) retain session data in cloud platforms. Software-as-a-service agreements mean the clinic does not own the data — the platform does. Clinic closure or acquisition transfers data to the new entity.
• MRI, fMRI, and structural brain scans: Hospital radiology systems store imaging data indefinitely. The DICOM files (standard medical imaging format) contain embedded patient metadata. These are accessible to referring providers, insurers, research repositories (NIH, HCP, IARPA MICrONS), and any entity with a valid data use agreement — a category that expands continuously.

• Consumer EEG headbands — Muse (InteraXon), Emotiv Insight, OpenBCI, NeuroSky — market themselves as meditation and focus tools. They record multi-channel EEG continuously and sync to cloud accounts. InteraXon's privacy policy permits use of brain data for product improvement and research. Your brain wave patterns, session by session, are retained on their servers.
• HRV biofeedback devices — HeartMath Inner Balance, Muse S, Polar H10 — capture cardiac rhythm data at clinical resolution. HRV patterns reveal autonomic nervous system state, stress reactivity, emotional regulation capacity, and cardiovascular health status. This data is more clinically revealing than most of what enters an EHR.
• Neurofeedback training data: Every neurofeedback session generates a time-stamped record of brain state, reward thresholds, and training response. Accumulated over dozens of sessions — standard for any therapeutic protocol — this constitutes a detailed longitudinal record of a person's neurological development and response to intervention. For children undergoing neurofeedback, this record spans years of brain development.

When a family consents to a qEEG assessment for a child, the consent form covers the assessment itself. It does not separately disclose:

A child's brain map, generated for a therapeutic purpose, can be in research databases on multiple continents within months of the assessment. The parents will never know. The child will never know. The data will outlive everyone in the room when it was collected.

• Contribution to normative databases and who has access to those databases
• International research sharing under IRB agreements
• Data retention by the software platform after the clinic relationship ends
• Insurance data infrastructure access to the diagnosis and assessment findings
• What happens to the data if the clinic closes, is sold, or changes software platforms

• Myers-Briggs (MBTI): owned by The Myers-Briggs Company, a for-profit corporation. Widely used in corporate hiring and team management. MBTI results tied to a named individual create a psychological profile that employers, insurers, and data brokers can access through corporate HR data pipelines. Over 2 million assessments administered annually in organizational settings.
• DISC, Enneagram, StrengthsFinder (Gallup): similar structure — psychological assessment data retained by the administering company, used in workforce analytics, sold or licensed to corporate clients. Gallup's database of StrengthsFinder profiles is one of the largest psychological datasets in existence.
• Workplace wellness platforms (Virgin Pulse, Castlight Health, Livongo) integrate personality and behavioral assessments with health data and report aggregate (and sometimes individual) findings to employers who purchase the platform.

Human Design and astrology systems require three data points that together uniquely identify an individual: date of birth, exact time of birth, and location of birth. This is more precise identifying information than a Social Security number in many contexts — it cannot be changed, it is permanently linked to you, and it correlates with medical records, vital statistics databases, and government identity systems.

The irony: systems designed to help people understand themselves — Human Design, Gene Keys, astrology — require surrendering the most precise identifying biological data that exists (birth date, time, place) to private companies operating under standard consumer app privacy terms. The self-knowledge you gain is real. So is the data you give away to get it.

• Co-Star Astrology: collects birth data, location, notification permissions, and social graph (who you check). Co-Star's privacy policy permits data sharing with third parties for analytics. The app has been criticized for notification content designed to maximize anxiety and engagement — a documented dark pattern in behavioral design.
• The Pattern: acquired by Bumble (Match Group competitor) in 2022. The Pattern's psychological profiling system ingests birth data and generates detailed behavioral archetypes. Post-acquisition, this data sits within a major dating/social platform data infrastructure.
• CHANI, TimePassages, Astro.com: varying privacy policies; birth data retained; most permit use for product improvement and research.
• Human Design apps and generators: Jovian Archive (the official Ra Uru Hu organization), MyBodyGraph, Genetic Matrix — collect birth data and generate detailed psychological and behavioral profiles. These systems describe decision-making patterns, emotional authority, relationship dynamics, and energetic type in detail that is more granular than most clinical psychological assessments. The data is not protected under any health privacy framework.

When a physician orders RPM devices, patients typically sign a general authorization for remote monitoring as part of a standard care agreement. What is not disclosed:

• Who has ongoing access to the data stream (device company, cloud platform, insurance payer)
• How the data is used for actuarial risk assessment
• Data retention period and deletion rights
• What happens to the data if the patient changes insurers or the device company is acquired
• Whether the data can be subpoenaed or shared with law enforcement

Medical images are stored in DICOM format (Digital Imaging and Communications in Medicine) — the universal standard. Every DICOM file contains embedded metadata in addition to the image itself: patient name, date of birth, gender, referring physician, diagnosis codes, study date, and in many older files, Social Security number. The image and the identity are inseparable in the same file.

These files are stored in PACS (Picture Archiving and Communication Systems) — networked servers that hospitals and radiology practices use to store, retrieve, and transmit images. PACS systems are increasingly cloud-hosted. Major vendors — Philips IntelliSpace, GE Centricity, Siemens Syngo, Fujifilm Synapse, Sectra — all operate cloud platforms where imaging data is stored and processed on third-party servers.

ProPublica 2019: 5 billion medical images on the open internet

A 2019 ProPublica investigation found that over 5 billion medical images — including MRIs, CT scans, and X-rays with embedded patient names, dates of birth, and Social Security numbers — were accessible on the open internet due to misconfigured PACS systems. No login required. No authentication. A standard web browser and basic knowledge of medical imaging software was sufficient to view any patient's complete imaging history. Over 13.7 million US patient records were exposed in this single configuration failure. Many of these images remain accessible. The records cannot be recalled.

• Radiology AI companies: Aidoc, Enlitic, Zebra Medical Vision, Nuance (Microsoft) PowerScribe, and similar platforms analyze medical images using AI to detect findings. To train these models, vast datasets of patient images were ingested — in many cases de-identified under HIPAA's safe harbor standard, which has been demonstrated to be insufficient for re-identification. The AI company's cloud platform processes and retains the imaging data that runs through it.
• Health Information Exchanges (HIEs): regional and national HIEs (CommonWell Health Alliance, Carequality, eHealth Exchange) are interoperability networks that share patient records — including imaging — between participating providers. Patients are often enrolled by default when they receive care at a participating institution. Any provider in the network can request your imaging history. You will not be notified when a request occurs.
• Insurance companies: imaging results submitted for reimbursement enter insurer data systems. AI analysis of claims data can detect patterns suggesting undisclosed conditions — flagging a beneficiary for audit or adverse action based on imaging findings they disclosed to their doctor but not to their insurer.
• MIB — Medical Information Bureau: over 750 life and health insurers share coded medical information through MIB — including imaging findings, diagnoses, and test results. When you apply for life insurance, disability insurance, or long-term care insurance, MIB is queried. Any medical finding ever reported by a member insurer is in the record. MIB records follow you across every insurance application for life.
• Research repositories: the NIH's The Cancer Imaging Archive (TCIA) contains millions of imaging datasets contributed by hospitals and research institutions. "De-identified" DICOM files with demographic attributes are publicly downloadable for research use. Re-identification risk from imaging features alone (bone structure, vessel patterns, tooth morphology) is documented.
• Government agencies: the Social Security Administration accesses medical records including imaging for disability determinations. The Veterans Administration maintains lifetime imaging records for veterans. Under court order, subpoena, or national security letter, imaging records held by hospitals, cloud PACS vendors, or insurers are accessible to law enforcement and intelligence agencies.
• Change Healthcare breach (2024): Change Healthcare, the largest medical claims clearinghouse in the US (processing 15 billion transactions annually, touching 1 in 3 patient records), was breached in February 2024 by the ALPHV/BlackCat ransomware group. Over 100 million patient records were exposed — including imaging metadata, diagnosis codes, prescription records, and personal identifiers. UnitedHealth Group owns Change Healthcare. The full scope of data exposed has not been publicly disclosed.

Medical imaging contains more information than was clinically intended. AI systems trained on large imaging datasets can infer from a scan findings the ordering physician was not looking for and the patient was not told about:

• Ethnicity and ancestry — bone structure, soft tissue distribution, and vascular patterns allow ethnicity inference from MRI and CT at accuracy rates that exceed self-report in some models
• Biological age — arterial calcification, bone density, organ volume changes — distinct from chronological age, with implications for insurance actuarial models
• Undisclosed conditions — a chest CT ordered for one indication may reveal coronary calcium, pulmonary nodules, or liver changes the patient did not know about and did not consent to have assessed
• Medication effects — certain medications leave measurable changes in organ morphology, bone density, and tissue characteristics detectable on imaging
• Trauma history — healed fractures, soft tissue scarring, and patterns consistent with prior injury are visible on standard imaging and can be used to infer prior violence or accidents

Dental records occupy a unique position in the biometric landscape: they are both detailed health data and a permanent forensic identifier. Teeth are used to identify remains when other methods fail. Your dental record is a body map that will outlast you.

The record you never saw

Every scan you have ever had — the MRI of your knee, the CT for that headache, the dental X-rays from every dentist you have ever seen, the 3D scan from your orthodontist — is stored in systems you do not control, analyzed by AI you do not know about, shared with entities you were never told about, and in some cases accessible to anyone with a browser and the right software. You were positioned in the machine and told to hold still. The rest was never disclosed.

• Panoramic X-rays and periapical films: standard dental X-rays expose tooth anatomy, bone density, root structure, prior restorations, and jaw architecture. Each film is a unique structural fingerprint. All digital dental X-rays are stored in practice management software (Dentrix, Eaglesoft, Open Dental) and associated imaging platforms.
• CBCT — Cone Beam CT: used for implant planning, orthodontics, and endodontics; produces a detailed 3D model of the entire skull, jaw, airway, and TMJ. Higher radiation exposure than conventional dental X-rays. Stored in vendor cloud platforms (Carestream, Dentsply Sirona, Planmeca). The 3D skull model this generates is a forensic identification asset of the highest precision.
• Intraoral digital scans (iTero, 3Shape TRIOS, Cerec): replace physical impressions with detailed 3D optical scans of the entire mouth — every tooth surface, gum contour, bite relationship. These scans are uploaded to vendor cloud platforms (Align Technology for iTero, 3Shape's cloud). Align Technology processes scans for Invisalign manufacturing — your mouth's 3D model is on Align's servers regardless of whether you proceeded with treatment.
• Corporate dental chains: Aspen Dental, Smile Brands, Pacific Dental Services, Heartland Dental, and similar private-equity-owned dental management organizations (DSOs) aggregate patient records — including all imaging — across thousands of locations into centralized platforms. PE ownership means data is a balance sheet asset subject to monetization, acquisition, and transfer on the same terms as any other corporate property.
• Dental insurance: X-rays submitted to insurance for coverage approval enter insurer data systems under the same architecture as medical imaging — accessible to MIB member companies, subject to AI analysis for claims optimization, and retained indefinitely.
• Orthodontic records: treatment records for braces and aligners include full facial photographs (front, profile, smile), intraoral photographs, CBCT or panoramic X-rays, and digital scan files — a complete exterior and interior map of the head and face, assembled for every orthodontic patient and retained by the practice and vendor platforms for the lifetime of the records retention policy, which in many states is indefinite for minors' records.

• Facial recognition: Meta's DeepFace system achieved 97.35% accuracy in facial recognition — surpassing FBI capability at the time of publication (2014). Meta paused facial recognition on Facebook in 2021 under regulatory pressure but retained the underlying capability and data. Instagram (Meta) uses facial detection for filter application and photo tagging.
• Eye tracking via Meta Quest: Meta's VR headsets track eye movement at 120Hz — gaze direction, saccade patterns, pupil dilation. Eye tracking at this resolution is a direct window into attention, cognitive load, and emotional arousal. Meta's terms permit use of eye tracking data for advertising optimization.
• Emotion inference: Meta holds patents for inferring emotional state from facial expressions captured via camera during video calls and VR sessions. The patent is filed. The capability is documented.
• Shadow profiles: Meta builds profiles on people who have never created an account — through contact uploads from other users, pixel tracking on third-party websites, and data broker purchases. You do not need a Facebook account to have a Facebook profile.
• Pixel tracking: The Meta Pixel, embedded in millions of websites including hospital patient portals and health information sites, tracks browsing behavior and associates it with Facebook identity. The FTC has documented cases of hospitals inadvertently transmitting patient health data to Meta via pixel.

• Keystroke dynamics: TikTok was documented in 2022 accessing clipboard content on iOS devices — capturing whatever had been most recently copied on the phone, including passwords and private messages.
• Face and body detection: TikTok's privacy policy explicitly states it may collect "faceprints and voiceprints" — biometric identifiers — from user content. This applies to every video created or uploaded.
• Behavioral modeling: TikTok's recommendation algorithm is documented to be more accurate than any other platform at predicting and shaping behavior — including political opinion and purchasing behavior. The algorithm model is trained on the behavioral data of every user.
• Data residency: Despite commitments to US data storage (Project Texas), TikTok's parent company ByteDance is subject to Chinese national security law, which requires cooperation with government intelligence requests. The data architecture of who can access what remains contested and unverified.
• Children: TikTok has been fined $368 million by the EU (2023) for GDPR violations involving children's data. The platform's own internal research (leaked 2021) showed awareness that the app caused harm to adolescent girls while continuing growth-at-all-costs deployment.

• Instagram (Meta): Scroll speed and dwell time on each post are logged. Content saved, shared, or viewed multiple times creates a detailed interest and emotional response profile. Instagram's algorithm actively tests content to find what triggers the strongest emotional response — documented in the Facebook Papers (2021). In-app browser tracks all taps and keystrokes on linked websites.
• Pinterest: Visual search and pin behavior create an extraordinarily detailed consumer and psychological profile — decor style, body image preferences, food aspirations, health interests, political leanings (expressed through lifestyle content), relationship status. Pinterest data is used in advertising targeting at a level of specificity that approaches clinical profiling. The platform is underestimated as a data collection system because it does not feel like social media.
• Snapchat: AR filters require real-time 3D facial geometry mapping — documented in the privacy policy. Snap's My AI (ChatGPT-powered chatbot) retains conversation content. Snap Map shares precise location continuously with friends and, per terms, with Snap Inc. Snap Spectacles (camera glasses) collect first-person visual data of wherever the wearer looks — the environment, other people, children.

Eye tracking is the least discussed and most revealing form of biometric surveillance currently being normalized. Where the eye goes, and for how long, reveals attention, interest, cognitive load, emotional arousal, recognition, deception, and neurological function — at a level of detail that no self-report instrument can match.

The eye is a direct extension of the brain. Eye tracking is non-invasive neural monitoring. It does not require an implant, a headband, or a clinic. It requires a camera and software — both of which are in every device you already own.

• Meta Quest 2/3/Pro: 120Hz eye tracking built in; used for foveated rendering (showing high-res only where the eye looks) — but the tracking data is also available to developers and retained by Meta per terms
• Tobii: Eye tracking hardware integrated into Dell, HP, and Acer laptops; used for accessibility but also for attention monitoring in corporate and educational settings
• Online proctoring (Proctorio, ExamSoft, HonorLock): eye tracking deployed during student exams; gaze deviation flagged as potential cheating; video and eye data retained by the proctoring company on private servers
• Retail and advertising research: eye tracking panels used by Nielsen, Ipsos, and major ad agencies to measure where consumers look on packaging, ads, and screens — the data informs product design, ad placement, and shelf positioning globally
• Neurological diagnostic potential: eye tracking patterns can detect Parkinson's disease, ALS, multiple sclerosis, ADHD, autism spectrum, and early Alzheimer's with clinically significant accuracy — meaning commercial eye tracking data passively collected during gaming or VR use contains diagnostic information the user has not disclosed and has not been informed is being captured

A modern smartphone contains over a dozen sensors running continuously, most of which are accessible to apps with minimal permission requirements:

The phone does not need an app running to collect this data. The operating system itself — iOS and Android — continuously logs sensor data, location history, and behavioral patterns. Apple's Screen Time and Google's Digital Wellbeing features are built on this continuous monitoring. The data used to show you how long you spent on social media is the same data available to law enforcement under warrant, to advertisers through SDK integrations, and to data brokers through app analytics platforms.

• Accelerometer & gyroscope: measure movement, orientation, and gait. Gait pattern is a biometric — your walking signature is unique and identifiable. Accelerometer data alone can identify you from a crowd, detect falls, infer emotional state (agitation vs. calm), and determine whether you are driving, walking, or sitting. No permission required for most apps.
• Barometer: measures atmospheric pressure — used for floor-level detection inside buildings (which floor you are on). Combines with GPS for precise 3D location tracking indoors where GPS signal is weak.
• Magnetometer: detects magnetic fields — used for compass function but also for indoor positioning using building magnetic field maps. Major venues (airports, malls, hospitals) have been magnetically mapped for indoor navigation and behavioral tracking.
• Microphone: always-on for Siri, Google Assistant, and "Hey" wake words — which means audio is being processed continuously, locally or in the cloud. Multiple documented cases exist of users reporting that spoken conversations led to specific ad targeting within hours. Apple, Google, and Amazon have all acknowledged employing human reviewers who listen to samples of voice assistant recordings.
• Camera: front-facing camera used for face unlock also enables passive facial expression monitoring when the screen is on. Some apps request camera access for stated purposes (QR scanning, video) but retain background access. The camera can infer heart rate from subtle facial color changes caused by blood flow (photoplethysmography) — this is how some "health" apps claim to measure pulse without a wearable.
• GPS + cellular tower triangulation + Wi-Fi positioning: three simultaneous location systems running in parallel. Location data accurate to 1–3 meters indoors. Even with GPS off, cell tower and Wi-Fi positioning provide location accurate enough to track which store aisle you are in, which exam room you enter at a clinic, and how long you spend in each location.
• Proximity sensor & ambient light sensor: reveal when the phone is being used, held to the face (phone call), or lying face-down. Combined with other sensors, these reconstruct a detailed behavioral timeline — when you slept, when you woke, how long you used the phone, when you set it down.

As documented in the DfPL 2013 research: any space with 2.4 GHz Wi-Fi is a passive body detection environment. But there are additional Wi-Fi tracking mechanisms that operate even when you never connect:

• Probe requests: your phone continuously broadcasts probe requests — scanning for known networks even when Wi-Fi is "off" on the screen. Until iOS 14 and Android 10 introduced MAC address randomization, each probe request contained your phone's permanent hardware MAC address — a unique identifier that retail stores, shopping malls, and airports used to track your movements across visits, build repeat visitor profiles, and sell that data to analytics firms
• Wi-Fi sensing / Wi-Fi radar: a category of commercial products (including Cognitive Systems' Aura, now deployed in some ISP-provided routers) uses Wi-Fi signal disruption to detect motion and presence in the home — the same physics as the DfPL paper, now packaged as a consumer product and enabled by default in some routers without homeowner awareness
• Router data: your home router logs every device that connects, every website visited (DNS queries), and timing of all network activity. This log is accessible to your ISP, to anyone with router admin access, and — through court order or informal cooperation — to law enforcement. ISPs in the US are permitted to sell anonymized (re-identifiable) browsing data to third parties under current FCC rules
• Public Wi-Fi: networks in airports, hotels, cafes, and hospitals log device identity, session duration, and browsing behavior for connected users. Terms of service accepted to join the network typically permit this data collection. Many public Wi-Fi systems are operated by third-party analytics companies whose business model is the behavioral data, not the connectivity

Every appliance category now has a "smart" version. The intelligence added is real — but so is the surveillance function, which is rarely the advertised feature:

The home is already the sensor

Before a single wearable is purchased, a home with a smartphone, a smart TV, a voice assistant, a robot vacuum, and a smart thermostat is a fully instrumented environment — tracking occupancy, sleep, movement, content consumption, conversations, and domestic behavioral rhythms continuously. The IoB did not require anyone to opt in. It was built into the products that were already sold as convenience, entertainment, and efficiency.

• Amazon Echo / Alexa, Google Nest Hub, Apple HomePod: always-on microphones in the home. Amazon employs human reviewers who listen to Alexa recordings to improve accuracy — documented in Bloomberg reporting. Ring doorbells (owned by Amazon) record and store video of everyone who approaches the home; Amazon has a documented history of sharing Ring footage with law enforcement without a warrant and without homeowner notification, under a now-modified policy that still permits sharing under emergency provisions.
• Robot vacuums: iRobot Roomba (acquired by Amazon in 2023 for $1.7B) maps the interior floor plan of your home in precise detail — room dimensions, furniture placement, floor plan. iRobot's CEO stated in 2017 that the company was considering selling home map data to smart home companies. Amazon's acquisition makes that data available to the world's largest e-commerce and advertising platform. Your home's floor plan is now an Amazon asset.
• Smart thermostats: Nest (Google) and Ecobee track occupancy patterns — when the home is occupied, when rooms are used, sleep and wake times inferred from temperature and motion. Google's acquisition of Nest in 2014 brought home occupancy data into the Google behavioral profile. Ecobee's privacy policy permits sharing data with "service providers and business partners."
• Smart refrigerators, washing machines, dishwashers: Samsung SmartThings, LG ThinQ, and similar platforms log appliance use patterns — what time you run laundry, how often you open the refrigerator and when, dishwasher cycle timing. Combined with smart meter data, this creates a complete behavioral map of daily domestic life. Samsung's 2015 smart TV privacy policy famously warned users that "personal or sensitive information" spoken near the TV could be captured — the same architecture exists in their smart appliance ecosystem.
• Smart doorbells & security cameras: Ring, Nest Cam, Arlo, and Wyze capture continuous or motion-triggered video of the exterior of your home and the street in front of it — including neighbors, visitors, and passersby who have not consented to surveillance. Amazon's Neighbors app aggregates Ring footage across a neighborhood, creating a distributed surveillance network operated by residents but owned by Amazon.

Since 2014, federal law (49 CFR Part 563) has required Event Data Recorders in all new passenger vehicles sold in the US. The EDR records a snapshot of vehicle data in the seconds before, during, and after a crash: speed, braking force, throttle position, steering angle, seatbelt status, airbag deployment timing, and whether the driver was warned. This data is stored on the vehicle's hardware and can be downloaded via OBD-II port.

• Law enforcement access: EDR data is routinely downloaded at crash scenes and used in criminal prosecutions — DUI, vehicular manslaughter, insurance fraud. Courts have ruled EDR data admissible without a warrant in most jurisdictions because it is considered part of the vehicle, not a communication. You do not need to be informed it is being downloaded.
• Insurance access: insurers subpoena EDR data in disputed claims. The data can be used to deny coverage based on pre-crash speed or braking behavior — behavior you may not remember and have no way to independently verify.
• Manufacturer access: most OEM telematics systems can remotely download EDR data. The vehicle owner typically does not know when this occurs.

Beyond the crash recorder, modern connected cars — virtually every vehicle sold after 2018 with an infotainment system — transmit real-time data to manufacturer servers via built-in cellular modems:

GM / OnStar selling driver data to insurers — NY Times 2024

A 2024 New York Times investigation documented that General Motors' OnStar subsidiary sold detailed driving behavior data — including hard braking events, rapid acceleration, and trip data — to data brokers including LexisNexis and Verisk, which then sold it to auto insurers. Drivers saw their insurance premiums raised based on this data with no notification that it had been collected or shared. GM had enrolled drivers in the data-sharing program through a terms-of-service update that most did not read. The program was paused after the investigation — but the data already sold remains in insurer and data broker systems.

• GPS location history — every route driven, every stop, precise timestamps, duration at each location
• Speed, acceleration, braking, and cornering data — a continuous behavioral driving profile
• Fuel or battery consumption — infers vehicle use patterns and driving style
• Door and window open/close events — reveals who enters and exits and when
• Seatbelt use per seat — reveals how many passengers and whether they buckled
• Destinations entered in navigation — reveals medical appointments, religious attendance, political meeting locations, personal relationships
• Voice commands — recorded and transmitted to manufacturer and voice assistant platform (Amazon Alexa Auto, Google Assistant)
• Music and media — what you listen to, when, at what volume
• Phone connections — the car logs every Bluetooth device that pairs with it, including phone call metadata and in some systems, call history and contacts synced from the paired phone

When a phone pairs with a car's Bluetooth system, the car's infotainment unit typically requests and downloads the phone's contact list and call history. This is how "hands-free calling" works — the car needs your contacts to dial them. What is not disclosed:

• The contact list download is stored in the car's system and in many cases transmitted to manufacturer servers as part of the connected services data stream
• Rental cars and shared vehicles retain Bluetooth pairing data from previous users — including contacts and call history — unless manually cleared. Most renters do not clear this data. The next renter, and the rental company's telematics system, have access to it.
• When a vehicle is sold, traded in, or repossessed, the infotainment system retains all previously paired device data. Used car buyers frequently find prior owners' contacts, call histories, and home addresses still in the navigation system.
• Dealer service visits: when a dealership connects a diagnostic tool to the OBD-II port for a service appointment, they can download the vehicle's full data log — location history, driving behavior, phone pairings — regardless of whether this is disclosed or relevant to the service being performed.

Progressive Snapshot, State Farm Drive Safe & Save, Allstate Drivewise, and similar programs offer premium discounts in exchange for continuous driving behavior monitoring. Participation is voluntary — but the framing obscures what is actually happening:

• The plug-in OBD-II dongle or smartphone app captures location, speed, acceleration, braking, time of day, and in some cases phone use while driving
• Data is transmitted to the insurer and to third-party analytics platforms
• Discounts are offered to good drivers — but the same data is used to surcharge or non-renew drivers whose behavior scores poorly, without the driver knowing which specific events triggered the adverse action
• Once enrolled, the behavioral baseline is retained even after the program ends — and the data may be shared with LexisNexis CLUE (Comprehensive Loss Underwriting Exchange), a permanent insurance data record that follows drivers across every insurer they use for their lifetime
• The GM/OnStar situation documents that this data pipeline exists even without explicit telematics program enrollment — any connected vehicle with factory telematics is already in the program whether the driver knows it or not

Tesla vehicles record continuous video from all exterior cameras — front, rear, side repeaters, and cabin-facing camera. This data is stored onboard (Sentry Mode) and can be transmitted to Tesla servers. Tesla's privacy policy permits use of this data for AI training — meaning video of the roads, intersections, pedestrians, cyclists, and other vehicles around every Tesla in service is being used to train Tesla's autonomous driving models. Drivers and bystanders have no opt-out.

• Tesla can remotely access vehicle camera footage — documented in cases where Tesla provided footage to law enforcement and in internal investigations
• The cabin camera monitors driver attention for Autopilot supervision — Tesla states this data is not transmitted, but the camera is active and the policy is subject to change
• Tesla's full self-driving data collection makes every Tesla owner an unpaid contributor to a commercial AI training dataset — their vehicle's sensors, their driving environment, and their driving behavior are all being harvested for a product they do not own

The hardware timeline

Major manufacturers and their systems

How far out — transmission range and scope

The car is not scanning its environment for you. The infrastructure is scanning the car — continuously, at every intersection, toll booth, parking structure, and neighborhood with an LPR camera. The vehicle's own cellular modem reports position and behavior to the manufacturer in real time. The range is not a radius around the car. The range is the entire cellular network.

• 1996 — OBD-II port mandated: all passenger vehicles sold in the US. The physical data interface. Any device plugged into this port can read the full vehicle data log — including dealer service tools, insurance telematics dongles, and third-party diagnostics. This is the floor — every car built since 1996 has this access point.
• 1996 — OnStar launched (GM): first factory-installed cellular telematics in a consumer vehicle. Initially for emergency response and stolen vehicle tracking. Data collection scope expanded continuously with each generation.
• 2010–2015 — connected car mainstream: embedded cellular modems became standard equipment across most major manufacturers. Ford SYNC with cellular, Toyota Safety Connect, Honda HondaLink, BMW ConnectedDrive, Mercedes mbrace — all launched or expanded significantly in this window.
• 2015 onward — always-on connectivity standard: most new vehicles sold after 2015 have continuous cellular connectivity whether the driver uses connected services or not. The modem is active. The data stream is live.
• 2018 onward — near-universal: virtually every new vehicle sold in the US, EU, Japan, and South Korea has factory-installed telematics with continuous transmission capability.
• GM (Chevy, Buick, Cadillac, GMC) — OnStar (1996–present)
• Ford / Lincoln — FordPass Connect, SYNC (2007–present)
• Toyota / Lexus — Toyota Connected Services, Safety Connect
• Honda / Acura — HondaLink, AcuraLink
• Stellantis (Chrysler, Dodge, Jeep, Ram) — Uconnect
• Hyundai / Genesis — Bluelink
• Kia — Kia Connect (formerly UVO)
• BMW / MINI — ConnectedDrive, BMW Connected
• Mercedes-Benz — Mercedes me connect
• Volkswagen / Audi / Porsche — Car-Net, Audi connect
• Subaru — STARLINK (not the satellite — Subaru's brand)
• Nissan / Infiniti — NissanConnect, Infiniti InTouch
• Tesla — all models; most extensive data collection of any manufacturer
• Rivian, Lucid, Polestar — native always-on connectivity from launch
• Cellular (4G/5G LTE): the embedded modem in a connected car transmits to cell towers — the same infrastructure as a smartphone. Effective range is unlimited as long as there is cellular coverage. Data is transmitted continuously regardless of whether the driver is using any connected service. The car is always reporting to manufacturer servers when it has signal.
• Bluetooth: 30–100 feet. Scans for and pairs with nearby devices. Phones, key fobs, other vehicles in proximity. The car can detect Bluetooth devices near it that are not paired — logging their presence.
• Wi-Fi hotspot / 802.11: the car's built-in hotspot broadcasts up to 150 feet. Nearby devices can connect. The router logs all connections.
• V2X — Vehicle-to-Everything (emerging standard): DSRC (Dedicated Short-Range Communication) at 5.9 GHz and C-V2X (cellular vehicle-to-everything) communicate with roadside infrastructure (traffic lights, toll systems, road sensors), other vehicles within 300–1000 feet, and pedestrians' smartphones via a broadcast beacon. V2X deployment is accelerating under USDOT mandates. Every vehicle in a V2X-equipped corridor is broadcasting its identity, speed, and position to everything around it.
• License plate readers (LPR): not a vehicle-installed system, but networked infrastructure that reads and logs every plate that passes — police vehicles, fixed cameras on highways and bridges, private networks (Flock Safety cameras in neighborhoods and parking lots). A vehicle's license plate is tracked at every LPR it passes, with timestamp and GPS coordinates of the reader. Flock Safety alone has over 5,000 law enforcement agency clients and covers most major US metro areas.

A widespread practice — particularly at "buy here pay here" dealerships, franchise dealers offering subprime financing, and some mainstream dealers — is the installation of aftermarket GPS tracking devices on vehicles at the time of sale. These are typically disclosed in fine print in the financing agreement as a "payment assurance device" — meaning the dealer can remotely disable the vehicle or track its location if payments are missed.

If you have purchased a vehicle on financing, particularly from an independent or buy-here-pay-here lot, your vehicle may have a tracker installed that is still active and reporting your location regardless of whether you have paid off the loan.

• Devices: PassTime, Ituran, Spireon (now Solera), OnTime GPS, and similar — small cellular GPS units installed in hidden locations (behind dashboards, under seats, in wheel wells) that transmit location continuously to the finance company's or dealer's platform
• Starter interrupt: many of these devices include a remote starter disable — the dealer can prevent the car from starting from anywhere with a cell signal. This function has been exercised against buyers who are a single day late on payments, sometimes stranding people in unsafe locations
• Disclosure: typically buried in a financing addendum. Some dealers do not disclose the device at all and rely on the buyer not finding it
• What is tracked: location history, speed, trip patterns, time engine is running — a continuous behavioral record of everywhere the vehicle has been since purchase, retained by the finance company indefinitely
• After payoff: in most cases, the device remains installed after the loan is paid off. The finance company retains access until the buyer finds the device and removes it — which requires knowing it exists

Navigation history and location data from vehicles has been used in legal cases involving:

The vehicle has become the most detailed location and behavioral diary most people will ever keep — one they did not choose to keep, cannot see, and cannot delete.

• Tracking visits to abortion clinics in states where abortion is restricted — location data from connected cars and phones is sought by prosecutors
• Documenting attendance at political meetings, religious services, or union organizing events
• Establishing presence at locations relevant to criminal investigations — as evidence against the vehicle owner or as a tool to identify persons of interest from location co-presence data
• Divorce and custody proceedings — driving behavior and location history subpoenaed as evidence
• Workplace monitoring — fleet telematics used by employers to monitor employee location and behavior beyond work hours when the same vehicle is used personally

The three major credit bureaus hold financial history on virtually every American adult — and significant data beyond credit history:

• Address history going back decades — every place you have lived, tied to your SSN and identity record
• Employment history, public records (bankruptcies, judgments, tax liens), and in some products, rental history and utility payment records
• LexisNexis Risk Solutions and Verisk (both major data brokers) are deeply integrated with all three bureaus — these companies aggregate credit data with driving records (CLUE), insurance claims history, property records, and consumer behavioral data to produce comprehensive risk scores used by insurers, employers, landlords, and financial institutions
• Equifax breach (2017): 147 million Americans' full credit profiles — SSN, birthdate, address history, financial history — exposed in a single breach. This data is permanently in circulation. It cannot be recalled.
• Credit repair companies require full access to your credit files — SSN, complete financial history — and in many cases sell this access or the data to affiliate networks. The "repair" often consists of dispute letters anyone can send for free. The business model is your data.

• Visa, Mastercard, American Express, and Discover analyze every transaction for fraud detection — but also for behavioral profiling, merchant analytics, and data licensing to third parties
• Visa and Mastercard sell aggregated (and in some cases individual) transaction data to hedge funds, retailers, and government contractors — this is a documented and legal business line
• Purchase patterns reveal medical conditions (pharmacy purchases, medical equipment, supplements), religious practice (purchases at religious bookstores, tithing patterns), political activity, relationship status, pregnancy (Target's famous algorithmic inference of pregnancy from purchase pattern change), and mental health status (alcohol purchase increases, sleep aid purchases, isolation-associated buying patterns)
• Bank of America, Chase, and other major banks share anonymized transaction data with government agencies and commercial partners under data sharing programs that customers cannot opt out of without closing accounts
• Rewards programs (airline miles, cashback, retail loyalty cards) are explicitly structured to collect granular purchase data in exchange for the reward. The reward is the price you accept for the data you provide.

Contactless payment via NFC (Near Field Communication) — Apple Pay, Google Pay, Samsung Pay, tap-enabled credit/debit cards — operates at 13.56 MHz over a range of approximately 4 centimeters. The transaction itself is more private than a magnetic stripe swipe in some ways (a tokenized number replaces the real card number). But the surrounding data infrastructure is not more private:

• Apple Pay: Apple states it does not retain transaction details — but the payment network (Visa/Mastercard) and the bank do. Apple does log that a transaction occurred, the merchant category, and the approximate amount. The device's location at the time of transaction is logged by the phone's location services.
• Google Pay: Google explicitly uses transaction data to improve ad targeting. Google's privacy policy for Google Pay permits use of transaction data across Google services — meaning a pharmacy purchase can inform search results and advertising.
• Merchant NFC terminals: some retail NFC systems log the device identifier of tapping phones, creating a record of physical presence at the merchant independent of the payment transaction itself — useful for foot traffic analytics and repeat visitor identification
• RFID in credit cards: standard tap-enabled cards broadcast a signal readable by a standard NFC reader from several centimeters away. Contactless card skimmers have been documented in real environments. The card does not need to touch a terminal to be read.

An AirTag is a Bluetooth Low Energy beacon. It broadcasts its identifier continuously. Every iPhone in the vicinity with Bluetooth on passively detects the AirTag's signal and silently reports its location to Apple's servers — without the iPhone owner knowing they have relayed a tracking event. Apple's Find My network includes over a billion Apple devices. A single AirTag placed on a vehicle, in a bag, or tucked into a coat can be tracked in near-real-time anywhere those billion devices are present — which includes virtually every urban and suburban environment in the United States and most of the developed world.

• Stalking and domestic violence: AirTags were extensively documented as a tool for stalking within months of their 2021 launch. Apple added alerts for unknown trackers — but Android users do not receive these alerts natively, and alerts can be disabled by a technically sophisticated abuser
• Vehicle tracking: law enforcement, private investigators, and stalkers all use AirTags placed on vehicles for covert location tracking. The device is the size of a large coin, battery-powered for a year, and can be attached magnetically inside a wheel well or under a bumper in seconds
• Dealer and employer use: documented cases of employers placing AirTags or Tile trackers in company vehicles, rental properties, and equipment — sometimes disclosed, sometimes not
• The network is your neighbors' phones: you do not consent to relaying AirTag location data. Your iPhone does it automatically as long as Bluetooth is on. Every person carrying an iPhone within range of a tracker silently contributes to its location history — without any notification, any compensation, or any ability to opt out while keeping Bluetooth active

Tile (acquired by Life360 in 2021) operates the same crowdsourced model — Android and iOS Tile app users silently relay location data for all detected Tile trackers. Life360 is a family location tracking company that was documented selling precise location data of millions of users — including children — to data brokers.

Google's Find My Device network (expanded in 2024) enrolls all Android devices with location services enabled as silent location relays for lost Android devices and Bluetooth trackers — making Android phones the detection network for the entire ecosystem, without individual transaction consent.

The crowdsourced tracking model inverts the traditional surveillance architecture. You are not being watched by a central camera. You are being watched by everyone around you — their devices automatically reporting on any tracker near them, including any tracker that may be near you, all coordinated by a corporate server that holds every location event.

Every transaction on Bitcoin, Ethereum, and most public blockchains is permanently recorded in a public ledger — visible to anyone, forever, with no ability to delete or alter it. Pseudonymous means a wallet address instead of a name. It does not mean anonymous.

• Blockchain analytics firms — Chainalysis, Elliptic, CipherTrace (acquired by Mastercard) — specialize in de-anonymizing blockchain transactions. They build identity graphs that link wallet addresses to real-world identities through exchange KYC records, IP addresses logged at transaction broadcast, on-chain behavioral patterns, and correlation with other data sources. Law enforcement agencies worldwide subscribe to these services.
• Exchange KYC: any cryptocurrency purchased through Coinbase, Kraken, Binance, or any regulated exchange requires full identity verification (government ID, sometimes biometrics). Once any wallet address is linked to a verified exchange account — even once — the entire transaction history of that wallet is associated with your identity in the analytics database. Transactions made years before the KYC event can be retroactively attributed.
• The permanent record problem: a transaction made on a public blockchain today will be on that blockchain in 50 years. Any future improvement in de-anonymization tools will be able to work backward on the complete historical record. Pseudonymity that is sufficient today may be insufficient in a decade.
• Privacy coins (Monero, Zcash) offer stronger privacy guarantees through cryptographic techniques — but are increasingly targeted by regulators and delisted from compliant exchanges, making them harder to use and flagging users who seek them out
• Crypto wallet apps on your phone: these apps request extensive permissions — contacts, location, camera, biometrics for authentication. The app itself may collect behavioral data about usage patterns independent of the blockchain transaction record

The most comprehensive surveillance of your device does not come from government programs or manufacturer data collection. It comes from the apps you install voluntarily — and the third-party SDKs (Software Development Kits) embedded in those apps that you have never heard of and cannot see.

Nothing is private — and the attack surface is everything you have installed

The blockchain records every transaction permanently. The exchange knows who you are. The app knows where you are, what you're doing, and who you contact. The SDK inside the app sends that to a broker you've never heard of. The broker sells it to an entity you'll never identify. The VPN protects the wire but not the device. The device is the attack surface. And you invited every app on it.

• SDKs as hidden data pipes: most apps — games, utilities, weather apps, flashlights, QR scanners — contain multiple third-party SDKs for analytics, advertising, and crash reporting. Appodeal, Adjust, AppsFlyer, Singular, Kochava, and dozens of others embed data collection code into apps. A single app may contain 5–15 SDKs, each with its own data collection and transmission behavior — behavior the app developer may not fully understand and the user cannot see
• Permission creep: apps request permissions at install that are not required for their stated function — a flashlight app that requests contacts and location, a game that requests microphone access. Users click Allow without reading. Once granted, these permissions remain active in the background
• Background processes: apps that have been "closed" continue running background processes on both iOS and Android. Location updates, notification polling, and data sync all run while the app is not in the foreground. On Android in particular, background process restrictions are limited and the degree of background activity is determined by the app developer, not the user
• The data broker aggregation layer: the SDKs embedded in apps feed data to data brokers — companies like Datalogix, Acxiom, Oracle Data Cloud, Nielsen — that aggregate behavioral data from thousands of apps into comprehensive individual profiles. These profiles include location history across every app, purchase behavior, content consumption, health and wellness interests, political and religious indicators, and demographic inferences. These profiles are sold to advertisers, insurers, employers, political campaigns, and government contractors
• Free apps: when an app is free, the product is the data. The development, maintenance, and server costs of a "free" app are funded by the data monetization pipeline the app feeds. This is not a conspiracy — it is the disclosed business model of the mobile advertising industry
• App stores are not protection: both Apple's App Store and Google Play have reviewed and approved apps later found to contain malicious data collection. Review processes catch a fraction of SDK-based data harvesting because the SDKs operate within permitted APIs. The permission to access location is granted — what is done with that location data downstream is not reviewed
• VPNs and "private" browsers: a VPN encrypts traffic between the device and the VPN server — but the apps on the device continue to collect and transmit data through their own channels. A VPN does not prevent an app from reading the accelerometer, accessing the contact list, or logging GPS coordinates and uploading them when connected. Privacy at the network layer does not address privacy at the application layer

Dirty electricity refers to high-frequency voltage transients — spikes and harmonics superimposed on the standard 60 Hz AC line. These are generated by every device in your home that converts or switches power:

The biological concern: dirty electricity radiates from household wiring as a non-native electromagnetic field — the wires in your walls become antennas. Sam Milham's epidemiological research connected high dirty electricity environments (measured with Graham-Stetzer meters) to elevated rates of cancer, diabetes, cardiovascular disease, and behavioral disorders in school settings. Martin Pall's VGCC mechanism applies to the ELF and high-frequency transients that dirty electricity generates as equally as to Wi-Fi — the body doesn't distinguish sources, only frequencies and intensities.

• Switching power supplies in computers, phone chargers, LED drivers, and appliances chop the AC line at high frequency (20,000–100,000 Hz) to regulate voltage — generating high-frequency transients that travel back onto the house wiring
• LED dimmer switches are among the worst sources — they rapidly interrupt the AC waveform to reduce light output, creating sharp voltage spikes that radiate from every wire in the circuit
• Variable-speed motor drives (HVAC systems, newer washing machines, refrigerators with inverter compressors) generate significant harmonic distortion on the line
• Solar inverters: grid-tied solar systems connect through inverters that synthesize AC from DC solar output — the inverter switching creates high-frequency noise on the home's wiring, and on the grid side, on the neighborhood's distribution lines. Homes without solar panels receive dirty electricity generated by neighbors' solar systems through shared utility lines
• Smart meters themselves: the Zigbee 2.4 GHz transmitter and the switching power supply in smart meters generate dirty electricity on the service entrance — every home with a smart meter has an additional source of high-frequency line noise at the point where grid power enters the house

The electrical infrastructure entering your home is not only a power delivery system. It is increasingly a data transmission medium:

• Power Line Communication (PLC): many smart meter systems use the existing power lines to transmit meter data — the electrical wire carries both 60 Hz power and high-frequency data signals simultaneously. The data rides on the same conductor as your electricity, into every outlet and switch in your home
• Broadband over Power Line (BPL): internet delivery via power lines at frequencies up to 30 MHz — converts every electrical wire in the house into a broadband antenna radiating RF into living spaces
• Advanced Metering Infrastructure (AMI): the full smart grid system — two-way communication between the utility and every meter, appliance, and device in the smart home ecosystem. The utility can read your meter, adjust your thermostat under demand response programs, receive data from smart appliances, and in future architectures, send commands to any grid-connected device in your home
• Demand response programs: utilities in Florida and across the US offer bill discounts in exchange for allowing the utility to remotely adjust your thermostat, delay your water heater, or cycle your pool pump during grid stress events. You are giving the utility remote control of equipment inside your home in exchange for a discount. The control relationship — and the behavioral data it provides — runs permanently.
• Electric vehicles and smart chargers: EV chargers communicate with the grid for time-of-use pricing optimization. Bidirectional charging (V2G — vehicle-to-grid) allows the utility to draw power from your car's battery — converting your vehicle into a grid-connected energy storage asset that the utility can dispatch. Every charge session logs when you charged, how much, and by inference where you had been and how long you drove.

Beyond the Bluetooth on your personal devices, retail environments have been instrumented with Bluetooth Low Energy (BLE) beacon networks — small transmitters mounted throughout stores that communicate with shopper smartphones without any app interaction:

• iBeacon (Apple) and Eddystone (Google): BLE beacon standards that enable proximity detection — determining which aisle, which shelf section, and which product display a phone-carrying shopper is near, with updates every few seconds. Major retailers (Macy's, Target, Walgreens, CVS) have deployed beacon networks. When a phone has Bluetooth on and an app with beacon permissions installed — including the store's loyalty app — precise in-store location is logged continuously
• Beacon networks without an app: iOS and Android both scan for BLE beacons passively. Some beacon implementations can interact with a phone without a dedicated app installed, using browser-based interactions triggered when the phone detects the beacon signal
• Airports, stadiums, hospitals: BLE beacon networks are deployed in airports (gate navigation, retail targeting), sports venues (seat upgrades, concession targeting), and hospitals (wayfinding — and patient location tracking for staff workflow optimization)
• Shopper dwell time analytics: the combination of beacon data and Wi-Fi probe request logging allows retailers to measure exactly how long each shopper spends in each section, which displays attract attention, and which locations in the store convert to purchases. This data is sold to brands for shelf placement decisions and to data brokers for behavioral profile enrichment

Grocery purchase patterns are among the most revealing behavioral datasets that exist — more revealing than social media, because they reflect actual behavior rather than self-presentation:

• Medical conditions: diabetes supplies, blood pressure monitors, specific dietary products (gluten-free, low-sodium, renal diet), incontinence products, wound care, OTC medications — all purchased at the grocery store pharmacy or health section and linked to your loyalty account
• Pregnancy: Target's data science team famously identified pregnancy from purchase pattern changes (unscented lotion, certain supplements, larger purses) and sent targeted ads to a teenager before her family knew she was pregnant — a documented real case that revealed the predictive power of purchase data
• Financial stress: shift from name brands to store brands, increase in sale and coupon use, reduction in non-essential purchases — all algorithmically detectable and used in insurance and credit risk scoring
• Religious practice: kosher, halal, and specific religious holiday food purchases identify religious affiliation and observance level
• Substance use: alcohol purchase frequency and quantity, tobacco, nicotine products — all logged by category, brand, and volume
• Family composition: baby food, formula, children's products, school lunch items, senior care products — infer family structure, ages of children, presence of elderly members
• Prescription pickup: at grocery store pharmacies (Kroger, Safeway, Publix, Walmart), prescription pickups are linked to the loyalty account — connecting medication history to the grocery purchase profile. This is health data outside HIPAA's jurisdiction.

• Kroger (Kroger Plus / Fuel Points): Kroger's 84.51° subsidiary is a retail data analytics company — wholly owned by Kroger — that analyzes loyalty card data for Kroger and sells anonymized insights to CPG (consumer packaged goods) brands, pharmaceutical companies, and data brokers. 84.51° holds purchase history on approximately 60 million households. It is one of the most extensive consumer behavioral databases in the United States.
• Albertsons / Safeway (Just for U): similar structure — loyalty data analyzed and monetized through the Albertsons Media Collective, their retail media advertising platform
• CVS ExtraCare & Walgreens myWalgreens: pharmacy loyalty programs link prescription history, OTC purchase history, and health services (flu shots, COVID tests, blood pressure checks) to a single profile. CVS Health has explicitly positioned this data as a healthcare analytics asset. CVS Caremark (PBM) and CVS Aetna (insurer) are subsidiaries — the data can flow between retail pharmacy, prescription management, and insurance arms within the same corporate structure.
• Amazon Fresh / Whole Foods: Amazon Prime membership links every Whole Foods purchase to the complete Amazon behavioral profile — browsing history, purchase history, Alexa voice data, Prime Video viewing, Kindle reading — the grocery basket becomes one more data stream in the most comprehensive commercial behavioral profile ever assembled
• Amazon Go / Amazon Fresh cashierless stores: computer vision tracks every item you pick up and put back, infers what you considered buying and didn't, and links all of it to your Amazon account via facial recognition or app scan at entry. There is no checkout. There is no moment of transaction consent. Every physical interaction with every product is logged.
• Instacart, DoorDash, Uber Eats: delivery platforms add precise home address, delivery timing (reveals when you are home), and complete order history to the purchase record. Instacart sells shopper data to CPG brands through its advertising platform. The complete grocery order — visible to Instacart, the store, the delivery driver's app, and the ad platform — is not the private act that bringing a cart to a cashier once was.

The Family Educational Rights and Privacy Act (FERPA, 1974) is widely understood as the law that protects student records. It does give parents (and adult students) the right to inspect and correct records. What it does not do is prevent the extensive sharing of those records under its own exceptions:

• Directory information exception: schools can designate name, address, phone number, email, photograph, date and place of birth, grade level, enrollment status, dates of attendance, degrees and awards, and participation in activities and sports as "directory information" — shareable with third parties without consent, unless parents actively opt out each year. Most parents do not know to opt out.
• "Legitimate educational interest" exception: schools can share student records with any vendor, contractor, or consultant who has a "legitimate educational interest" — a term defined broadly enough to cover essentially every ed-tech company with a school contract. This is how student data flows to Google, Microsoft, Canvas, PowerSchool, and hundreds of other platforms.
• Studies and audit exception: records can be shared with outside organizations conducting studies on behalf of the school — including private research entities — without parent consent or notification.
• FERPA applies only to schools receiving federal funding — and only to the school's records. Once data passes to a third-party vendor under a FERPA exception, that vendor is not directly bound by FERPA. The student's data is now governed by the vendor's own privacy policy and whatever state law applies.

60+ million students. 18,000+ school districts. Everything.

In January 2025, PowerSchool — the dominant student information system used by over 18,000 school districts across North America — confirmed a data breach that exposed records for an estimated 60+ million students and 6+ million teachers. The stolen data included student names, addresses, dates of birth, Social Security numbers, medical records, special education information, disciplinary records, grade histories going back decades, and parent contact information. PowerSchool serves approximately 50% of K-12 students in the United States. For tens of millions of children, their complete academic and health history from kindergarten onward is now in unknown hands.

PowerSchool paid a ransom. Receiving a ransom payment does not guarantee data deletion — it purchases a promise from a criminal organization with no enforcement mechanism. The data exists. It will be used or sold.

• Academic records: grades, GPA, course history, class rank, standardized test scores (state assessments, SAT, ACT, AP, IB) — a continuous academic performance record from kindergarten through graduation
• Behavioral and disciplinary records: office referrals, suspensions, expulsions, incident reports — including the behavioral descriptions written by teachers and administrators that may characterize a child in ways that follow them through every transfer, college application, and employment background check that accesses education records
• Special education records (IEP/504): psychological evaluations, learning disability assessments, speech and language evaluations, occupational therapy assessments, behavioral intervention plans — detailed neurological and developmental profiles assembled by school psychologists and specialists, retained in the education record
• Counseling records: notes from school counselor meetings, mental health referrals, crisis intervention documentation — in most states these are part of the education record and subject to FERPA's sharing provisions, not HIPAA
• Health records: immunization records, medication administration logs, nurse visit records, chronic condition accommodations — health data outside HIPAA's jurisdiction once it enters the school's system
• Attendance records: every absence, tardy, and early dismissal — with parent-provided reasons that can document medical appointments, family circumstances, and behavioral patterns
• Teacher observations and narrative records: subjective written assessments of a child's behavior, social development, emotional regulation, family situation — in some systems retained as permanent notes attached to the student record

Every digital tool used in a classroom is a data collection system. The work product, the behavior, and increasingly the emotional state of students flows into corporate platforms under school contracts that most parents never see:

• Google Classroom / Google Workspace for Education: used by tens of millions of students. Every document written, every search conducted, every email sent, every video watched in a Google Workspace account is logged. Google states it does not use K-12 student data for advertising — but the data is processed on Google's infrastructure and subject to its privacy policy and any future policy changes.
• Microsoft Teams for Education / Microsoft 365: same architecture. Every Teams chat, every document in OneDrive, every email in the school account is stored on Microsoft servers and subject to Microsoft's data retention and sharing policies.
• Canvas (Instructure): the dominant LMS in higher education, expanding into K-12. Canvas logs every page view, every assignment submission, every discussion post, every time a student opens or closes a page — a complete behavioral record of how a student engages with educational content. Instructure was acquired by Thoma Bravo (private equity) in 2020. The LMS data is a PE firm asset.
• GoGuardian, Gaggle, Bark: student monitoring platforms deployed by districts on school-issued devices — and in some cases, on personal devices when connected to school networks. GoGuardian monitors browser activity and screens in real time, including flagging keywords. Gaggle reads student emails, documents, and messages for content that may indicate self-harm, violence, or policy violations. These platforms employ human reviewers who read student communications. Students are typically not told which of their messages have been reviewed.
• Proctorio, ExamSoft, Respondus: online proctoring platforms used for remote testing. Log keystroke dynamics, eye movement, face video, ambient audio, and screen content during exams. Require installation of software with extensive system permissions. Video and behavioral data retained by the proctoring company. Students have no right to review what was recorded or how it was analyzed.
• Panorama Education: social-emotional learning survey platform backed by the Chan Zuckerberg Initiative. Panorama collects surveys from students about their feelings, relationships, sense of belonging, and family circumstances. This data — children's self-reported emotional and social states — is aggregated at the school and district level and retained by Panorama. The connection between Zuckerberg's CZI and the platform that collects children's emotional data is not disclosed to parents at survey time.

The College Board — the nonprofit that administers the SAT, PSAT, AP exams, and the CSS Profile for financial aid — operates one of the most extensive student data marketing programs in existence, largely unknown to the students and families whose data is sold:

• Student Search Service: when students take the PSAT or SAT and opt into (or fail to opt out of) the Student Search Service, the College Board sells their name, address, email, GPA range, intended major, ethnicity, and test score range to colleges, universities, scholarship programs, and military recruiters for approximately 47 cents per name. Approximately 4 million students per year are sold through this program.
• Military recruitment: the No Child Left Behind Act (2001) requires high schools receiving federal funding to provide student contact information to military recruiters upon request unless the student or parent specifically opts out. The opt-out is in fine print in school enrollment paperwork. Most families do not know it exists.
• ACT: similar student data licensing program — ACT score recipients, institutions, and scholarship programs all purchase student contact information.
• AP exam data: Advanced Placement scores are sent to colleges designated at the time of testing — but the College Board retains the data and uses it for research and policy reporting that may identify individual students through small-cell demographic combinations.

The education record does not end at graduation. It connects forward:

The child never consented

The most comprehensive behavioral dossier most people will ever have is built before they are old enough to understand what a privacy policy is, before they can meaningfully consent to anything, and by an institution they are legally required to attend. The psychological evaluations, the disciplinary incidents, the counselor notes, the emotional surveys, the keystroke logs from exam proctoring, the teacher observations — all of it assembled on a child, retained indefinitely, and flowing to vendors, insurers, data brokers, military recruiters, and state workforce databases under exceptions to a law that was passed before the internet existed.

• National Student Clearinghouse: tracks enrollment and degree completion for virtually every college student in the US. Employers use the Clearinghouse to verify degrees. The Clearinghouse holds a longitudinal enrollment record spanning every institution a student attends.
• Naviance / Scoir / Counseling platforms: college counseling platforms build longitudinal profiles that connect K-12 academic records to college application outcomes — what schools a student applied to, was accepted to, and enrolled in. This data is used for institutional research and is retained by the platform.
• Federal student loan systems: FAFSA data — household income, family composition, assets — is shared with the institutions listed on the application and retained by the Department of Education. The student loan servicer (MOHELA, Nelnet) holds repayment behavioral data for the life of the loan.
• Background check companies: education records surface in background checks through the National Student Clearinghouse, institutional verification services, and in some cases through data broker aggregations that include education history. Disciplinary records — expulsions, certain suspensions — can surface in background checks that predate employment or housing applications.
• State longitudinal data systems (SLDS): every US state operates or is developing a longitudinal data system that connects education records from preschool through workforce — linking K-12 records, college enrollment, and employment outcomes in a single government-managed database. The explicit goal is workforce planning. The byproduct is a cradle-to-career dossier on every student in the state.

Every major gaming platform — Steam (Valve), PlayStation Network (Sony), Xbox Live (Microsoft), Nintendo Switch Online, Epic Games Store — operates a continuous data collection infrastructure behind the game experience:

Microsoft's acquisition of Activision Blizzard (2023, $69B) connects Call of Duty and World of Warcraft behavioral data to the full Microsoft profile — Azure cloud services, Xbox, LinkedIn, GitHub, Bing search, Office 365, and Cortana. A person's gaming behavior is now one more stream in the most comprehensive commercial behavioral profile Microsoft has assembled.

• Complete play history: every game launched, every session duration, every achievement earned — a longitudinal behavioral record of how the user spends discretionary time
• In-game behavioral data: movement patterns, tactical decisions, reaction times, resource allocation choices, social interactions — behavioral fingerprints that are more revealing than self-report
• Spending behavior: microtransaction purchases, loot box openings, virtual currency purchases — reveals financial capacity, impulse control, susceptibility to scarcity and urgency mechanics, and gambling-adjacent behavioral patterns
• Social graph: friend lists, party history, communication logs — who you play with, how often, and the nature of those relationships
• Voice and text chat: in-game voice chat (Xbox Party, PlayStation Party, in-game VOIP) is processed through platform servers; text chat is logged; many platforms retain voice data for "safety" analysis
• Location data: IP geolocation, in some cases GPS when mobile games or companion apps are involved
• Device fingerprint: hardware identifiers, network configuration, peripheral devices connected — a unique device signature

The gaming platforms most heavily used by children operate under the weakest data protections:

• Roblox: approximately 50% of US children under 16 play Roblox. The platform collects chat logs, behavioral data, virtual purchase history, friend networks, and device identifiers on a user base that is predominantly children. Roblox developers — third parties who build games within the platform — have access to behavioral analytics for players of their games. The platform's age verification is a birthdate entry that any child can falsify.
• Fortnite / Epic Games: the FTC reached a $520 million settlement with Epic Games in 2022 — $275 million for COPPA violations (collecting data on children under 13 without verifiable parental consent) and $245 million for dark patterns that tricked players into unintended purchases, including children making purchases without parental knowledge. The settlement is the largest COPPA penalty in FTC history. The practices that generated it were the designed business model, not an accident.
• Age gates are not protection: every gaming platform's age verification consists of entering a birthdate. Children universally enter a false birthdate to access age-restricted content or avoid parental oversight. The age gate creates the appearance of compliance while providing no actual protection — a legal shield for the platform, not a functional barrier for the child.
• Addiction mechanics are neurological engineering: variable reward schedules, social comparison systems, progress streaks, limited-time offers, and social pressure mechanics in games are deliberately designed to exploit dopamine reward pathways — the same neurological systems that gambling addiction operates through. These mechanics are more powerful in developing brains. The behavioral and neurological data generated by children engaging with these systems is commercially valuable precisely because it reveals the effectiveness of specific manipulation techniques on specific demographics.

Discord is the dominant communication platform for gaming communities — and increasingly for non-gaming communities including schools, activist groups, and professional networks. It operates as a comprehensive social surveillance system:

• Every message sent in every server and direct message is logged on Discord's servers — including deleted messages, which are retained in logs even after deletion from the user-facing interface
• Voice call metadata: who called whom, duration, timing — the social graph of real-time communication
• Server membership reveals affiliations — every community, interest group, political discussion, support group, or hobby community a user belongs to is logged
• Discord has received subpoenas and law enforcement requests for user data and has complied; its transparency report documents government data requests across jurisdictions
• Discord's privacy policy permits sharing data with "service providers, business partners, and affiliates" — and the company has been in ongoing acquisition discussions that would transfer the complete communication archive to a new owner
• Discord is used extensively by minors — there is no functional age verification and the platform is embedded in school gaming culture, extracurricular clubs, and peer social networks

VR generates a category of biometric data that has no parallel in any other consumer technology: precise, continuous, three-dimensional movement data — head position, hand position, body orientation, gait, reaction timing — that is more unique than a fingerprint.

Stanford 2023: 100 seconds of VR motion data identifies a person with 94% accuracy

Nair et al. (2023) at Stanford demonstrated that just 100 seconds of head and hand motion data from a VR session is sufficient to uniquely identify an individual from a pool of 50,000 users with 94% accuracy. The combination of head movement patterns, hand motion characteristics, height (inferred from headset position relative to floor), arm span (inferred from controller positions), and reaction timing creates a movement fingerprint more unique than a fingerprint. Unlike a fingerprint, this biometric is captured passively during normal use — the user does not present it intentionally and cannot prevent its capture while using the device.

VR is the most complete IoB environment yet built for consumers

In a VR headset, the platform captures what you see (rendered environment), where you look (eye tracking), how your head moves (IMU sensors), where your hands are (controller tracking), your physical dimensions (calibration), your reaction times (input latency logging), your emotional responses (gaze dwell on content), and your social behavior (movement patterns relative to others). No other consumer device captures this breadth of simultaneous biometric data from a single session. The platform manufacturer — currently Meta — holds all of it.

• Meta Quest eye tracking (120Hz): already covered in the eye tracking section — gaze direction, dwell time, pupil dilation, saccade patterns at clinical resolution; Meta's terms permit use for advertising optimization; Meta holds patents for adjusting advertising content based on detected emotional response in VR
• Physical biometrics passively captured: height, arm span, dominant hand, gait pattern, vestibular function (motion sickness response reveals inner ear and neurological status), reaction time, fine motor control — all captured during normal VR use without the user being aware they are being measured
• Social VR behavioral data: in VRChat, Meta Horizon Worlds, and Rec Room, behavioral data includes who you approach, how close you stand, how long you engage with individuals, emotional expression via avatar behavior, and territorial movement patterns — social behavioral data at a resolution that no other platform can capture
• VR in therapy and healthcare: VR exposure therapy (PTSD, phobias, anxiety), VR pain management, VR physical rehabilitation — this is clinical data generated on consumer platforms (Meta Quest is the primary hardware for most consumer VR therapy applications) and processed under consumer data terms, not HIPAA. A veteran using VR for PTSD treatment generates detailed behavioral and physiological response data that flows to Meta's servers under Meta's privacy policy.
• VR in education and training: ClassVR, Engage, and enterprise training platforms collect student and trainee behavioral performance data in immersive environments — response to simulated scenarios, decision-making under stress, attention and engagement patterns — that reveals cognitive and psychological characteristics that no written assessment captures
• Haptic suits and full-body tracking: bHaptics, Teslasuit, and similar full-body haptic feedback systems extend the data collection surface to the entire body — touch response, body movement, physical reaction to virtual stimuli. The Teslasuit also captures biometric data including heart rate, skin conductance, and muscle activity during use.

Every US state DMV database contains a photo of every licensed driver — approximately 230 million people. These photos have been enrolled into facial recognition systems without driver consent or public disclosure. The FBI and Immigration and Customs Enforcement (ICE) have used state DMV facial recognition databases for criminal investigations and immigration enforcement through data sharing agreements with individual states — many of which were made without legislative authorization or public notice.

You did not consent to facial recognition enrollment when you got your driver's license. The consent was implicit in the act of obtaining a government-issued ID — a transaction that is not optional for most adults.

• The Washington Post and Georgetown Law's Center on Privacy & Technology documented (2019) that ICE and the FBI accessed state DMV photo databases for facial recognition searches — in states where residents had not been informed this was permitted use of their license photo
• REAL ID Act compliance (federal law) requires states to link DMV databases to a federal hub — creating a de facto national ID database with standardized biometric photo requirements
• TSA's facial recognition program at airports matches traveler faces to passport and driver's license photos in real time — participation is currently "optional" but cameras capture everyone in the checkpoint regardless
• State DMV photos are also sold to private data brokers in some states — legally, under existing state law

India's Aadhaar system is the most extensive biometric identity database ever built: 1.4 billion enrollees, each linked to a unique 12-digit number tied to fingerprints (all ten), iris scans (both eyes), and a facial photograph. Enrollment is technically voluntary but practically mandatory — Aadhaar is required for bank accounts, mobile SIM cards, government benefits, tax filing, school enrollment, and healthcare. Refusal means functional exclusion from civil society.

Aadhaar is the documented model that the WEF, World Bank, and ID4D (Identification for Development) initiative are promoting globally as the framework for universal digital identity. The G20 Digital Economy Working Group explicitly references Aadhaar as a model for other nations. The convergence of biometric identity infrastructure with IoB health data, financial transaction data, and behavioral surveillance data is not hypothetical in India — it is operational.

The Aadhaar database has experienced significant documented data breaches — in 2018, a journalist purchased access to the full database for approximately $8. The biometric data of 1.4 billion people — fingerprints, iris scans, faces — is not deletable, not changeable, and permanently compromised. This is the infrastructure being held up as the global model.

Persistent Surveillance Systems (PSS), founded by retired Air Force intelligence officer Ross McNutt, operates wide-area aerial surveillance using small Cessna aircraft fitted with multi-lens camera arrays. The system records an entire city simultaneously — every street, every block, every moving person — at resolution sufficient to track individual bodies. The footage is stored continuously.

The operational capability: police identify a crime scene after the fact, then rewind the aerial footage to that location and time, track the subject backward to their origin point, forward to their destination, and map their full movement through the city. No phone. No warrant at the moment of recording — the entire city is recorded at all times. The subject's location history exists whether or not they were ever suspected of anything.

The IoB connection: this system does not require any device on or near the subject. The body moving through outdoor space is the data point. Every person in the city is enrolled by default — not because they own a device, but because they exist in physical space.

• PSS conducted covert operations over Dayton, Ohio and Baltimore, Maryland — both without initial public disclosure. The Baltimore program was exposed by the ACLU and reported by the Atlantic in 2020 ("The Secret Surveillance of America from Above")
• The Baltimore program ran for months before city council or the public were informed; a subsequent legal challenge resulted in limited restrictions but no prohibition
• The military equivalent — Angel Fire, Argus-IS, and Gorgon Stare — was developed by DARPA and used over Iraq and Afghanistan; PSS commercialized the domestic civilian version of the same architecture
• Argus-IS operates at 1.8 gigapixel resolution — sufficient to read a license plate or identify an individual's gait from altitude

Clearview AI built a database of more than 30 billion facial images by scraping social media platforms (Facebook, Instagram, LinkedIn, Twitter, YouTube), news sites, and publicly accessible web pages — without the knowledge or consent of the people photographed. Law enforcement agencies upload a single photo from any source — surveillance camera, doorbell camera, crime scene photo, third-party tip — and Clearview returns potential identity matches from its database along with the source URLs where the matching images appeared.

You do not need to have a criminal record, a suspect profile, or any interaction with law enforcement to be in this database. You need only to have existed in a photograph on the public internet. The enrollment was retroactive and silent.

• Over 3,100 law enforcement agencies in the US have used Clearview AI — documented through a leaked client list obtained by BuzzFeed News in 2020
• The FBI, DHS, ICE, US Marshals, and hundreds of local police departments are documented users
• Clearview has been banned or fined in the EU, UK, Canada, and Australia for violating biometric privacy law — it continues operating in the US where no equivalent federal law exists
• Every photo you have ever posted publicly online, or that has been posted of you, is potentially enrolled in the database. Deletion from the source platform does not remove it from Clearview's index
• In 2022, Clearview settled with the ACLU by agreeing not to sell to most US private companies — it continues selling to law enforcement and government agencies without restriction

Fusus is a real-time crime center platform that aggregates camera feeds from public and private sources into a unified police dashboard. Participating municipalities pay a subscription; residents and businesses are invited to "donate" access to their private cameras — Ring doorbells, business security cameras, traffic cameras, school cameras — to the network. Officers can pull up a live grid view of every participating camera within a geographic area during an active incident.

Fusus operationalizes the Ring/Amazon surveillance ecosystem at scale — the distributed network of private cameras that residents installed for their own purposes becomes, in aggregate, a public surveillance grid. The homeowner consented for their property. The pedestrian on the sidewalk did not.

• Fusus integrates AI-based video analytics including license plate recognition, object detection, and — depending on module configuration — facial recognition
• The platform allows officers to trace a subject's path in real time across multiple camera handoffs — following a person through a neighborhood using a patchwork of privately-owned cameras that were individually deployed for private purposes
• Cities using Fusus include Atlanta, Dallas, Denver, and dozens of smaller municipalities; the platform is actively marketed to both police departments and city councils as a "force multiplier"
• Participation is technically voluntary for private camera owners — but once a neighborhood achieves critical density of enrolled cameras, non-participating residents are still tracked through their neighbors' feeds

Facial recognition requires a clear view of the face. Gait recognition requires only a moving body — it identifies individuals by the unique pattern of how they walk: stride length, cadence, weight distribution, arm swing, posture. It works at distance, in crowds, from behind, with partial occlusion, with hats and masks in place. It works from the same surveillance cameras already installed for other purposes.

The body in motion is a signature. Every step taken in view of any camera — public or private — is a potential enrollment event in a system that does not require face, phone, or any other identifier beyond the pattern of movement itself.

• China has deployed gait recognition systems in Xinjiang and other provinces — documented by researchers and journalists; the technology is produced by Watrix and integrated into existing CCTV infrastructure
• US Customs and Border Protection has tested gait recognition for border crossing identification
• Carnegie Mellon University and multiple DARPA-funded labs have published gait recognition research achieving high accuracy identification in real-world conditions
• Unlike a face, which can be covered, or a phone, which can be left at home — gait is a biometric that exists as long as a person is walking. It cannot be removed or obscured without altering the way a person physically moves

These systems do not operate in isolation. The real operational picture is an integrated stack: ShotSpotter acoustic sensors detect and geolocate gunshots (and, documented in investigative reporting, ordinary loud noises — car backfires, fireworks — that generated police deployments to the logged location). Fusus pulls the camera feeds for that location instantly. Clearview runs facial recognition on anyone captured. Palantir's Gotham platform aggregates the incident data, the identity match, the subject's prior record, and the network of associates into a case file. The aerial surveillance records the subject's movement to and from the location.

Each component was sold separately. Each has its own procurement process and its own terms. But the integration is real, operational, and deployed in multiple US cities — documented in procurement records obtained by the Surveillance Technology Oversight Project (STOP) and the Electronic Frontier Foundation (EFF).

The IoB connection: none of this requires a wearable, a smartphone, or any voluntary enrollment. It requires only a body in a city. The infrastructure tracks the body. The body is the node. This is the physical-world expression of the Internet of Bodies — the city itself as a continuous sensing environment, and every person moving through it as a data point being logged, classified, and filed in real time.

• Sleep and wake times: appliance use patterns pinpoint sleep onset and wake times to within 10 minutes at 90%+ accuracy.
• Occupancy: whether anyone is home, at what times, and how many people.
• Appliance-level behavior: refrigerator compressor cycles, TV on/off, medical equipment in use (CPAP, dialysis, oxygen concentrators).
• NIST SP 1108 R4 and NIST IR 7628 define the data architecture — these are not hypothetical capabilities, they are designed functions.
• Major meter manufacturers: Itron, Landis+Gyr, Sensus, Honeywell. The data they collect is not protected under HIPAA. Utility companies are not covered entities.

The mechanism exploits a fundamental property of water: the resonance frequency of water is 2.4 GHz — the same frequency used by standard Wi-Fi (802.11b/g/n). The human body, which is 60–70% water, attenuates Wi-Fi signals. When a person moves through a Wi-Fi-covered space, their body absorbs and deflects the 2.4 GHz signal in characteristic patterns. These signal disruptions (RSSI — Received Signal Strength Indicator changes) can be analyzed using machine learning (the paper used a Naïve Bayes classifier) to infer presence, location, movement, and in some implementations, behavioral state.

Results: the system achieved accurate through-wall detection and behavioral classification. The data was cloud-logged. The paper noted patent-pending status on the methodology.

Direct quote from the paper: "The resonance frequency of water is 2.4 GHz... human body attenuates the wireless signal reacting as an absorber."

In February 2021, an attacker remotely accessed the water treatment plant in Oldsmar, Florida via TeamViewer remote desktop software and attempted to raise the sodium hydroxide concentration from 111 parts per million to 11,100 ppm — 100 times the safe level. A plant operator noticed the cursor moving on his screen and reversed the change. The attack succeeded in gaining access. The intervention was human and accidental.

Florida's water management districts operate SCADA (Supervisory Control and Data Acquisition) systems — AI-managed infrastructure that controls water treatment, distribution, and flood control. These systems are networked, often under-patched, and their failure affects every person in their service area regardless of any individual's consent, awareness, or behavior.

The same architecture that allowed remote access to Oldsmar's treatment plant is the architecture that will manage the data flowing from human bodies in the IoB. The security model is not different. The stakes are.

There is a direct and underreported conflict in Florida between the water demands of AI and data center infrastructure and the water available to residents. The AI economy runs on water. Every data center — and Florida has become a major hub for them — requires enormous quantities of water for cooling. The same Floridan Aquifer that supplies drinking water to millions of Florida residents is being drawn down to cool the servers that process the data being collected about those residents.

The scale of AI water consumption

The Floridan Aquifer under pressure

Development pressure and water rights concentration

The pattern

The AI infrastructure that is tracking, profiling, and surveilling Florida residents is physically dependent on the same water those residents drink. The data centers that process the IoB data stream need cooling water drawn from the aquifer under your home. Your water use is restricted so that the infrastructure monitoring you can continue to operate. This is not metaphor. It is the hydrology of the AI economy.

• A single large hyperscale data center can consume 1–5 million gallons of water per day for cooling — more than many small Florida cities use in the same period
• Training a single large AI model (comparable to GPT-4) consumes an estimated 700,000 liters of freshwater — before a single query is run
• Google reported using 5.6 billion gallons of water globally for data centers in 2022 — a 20% increase from the prior year, driven by AI workload growth
• Microsoft's data centers drew enough water during ChatGPT training that local utilities in Iowa asked Microsoft to reduce consumption; the company disclosed using 6.4 million liters in a single month at one facility
• Meta, Amazon Web Services, and Microsoft all operate or are expanding data center campuses in Florida — each requiring water use permits from Florida's water management districts
• The Floridan Aquifer System — one of the most productive aquifer systems in the world — underlies virtually all of Florida and parts of Georgia, Alabama, and South Carolina. It is the primary drinking water source for millions of Floridians.
• Florida's iconic freshwater springs — Silver Springs, Ichetucknee, Rainbow, Wakulla — are fed by the aquifer. Spring flows have declined dramatically over the past 50 years as aquifer pressure drops from over-extraction. Several springs have ceased flowing entirely or have been reduced to a fraction of historic output.
• Large-scale commercial water users — including agriculture (particularly the sugar industry in South Florida), real estate development, and increasingly data centers — hold consumptive use permits issued by Florida's five water management districts. These permits are not subject to public vote. They are administrative approvals that trade off aquifer health against economic development in determinations made largely outside public view.
• As corporate water demand grows and the aquifer drops, water restrictions fall on residents: outdoor watering limits, watering schedule enforcement, golf course and lawn irrigation restrictions. The individual household bears the restriction while the corporate consumptive use permit continues.
• Florida has become one of the fastest-growing states in the US — significant real estate development, warehouse and logistics construction, and commercial expansion all carry water demands that compound the aquifer pressure from AI/data infrastructure
• Water rights in Florida are governed by the reasonable-beneficial use doctrine — not prior appropriation (first in time). This means new large commercial applicants can obtain permits alongside existing users, and the state balances competing uses administratively — not through a market or a public vote
• The Army Corps of Engineers manages Lake Okeechobee — the water storage and flood control hub for South Florida. Its release schedules, driven by infrastructure management models, affect agricultural water access, Everglades restoration, and coastal discharge that impacts fishing and tourism communities
• Proposed data center campuses in Central Florida (particularly around the I-4 corridor and near Orlando) compete for water in the same service areas where residential growth is already straining supply

The IRS modernization program, operating under the Inflation Reduction Act funding ($80 billion), is deploying AI for tax processing, audit selection, and fraud detection. The system processes biometric data for identity verification — facial recognition is used for IRS.gov account access via ID.me. Biometric identity data from government systems and biometric health data from IoB devices operate on overlapping infrastructure.

Banking: the Financial Stability Board and major central banks are developing Central Bank Digital Currencies (CBDCs) with programmable transaction features. Under CBDC architectures, spending can be conditioned on compliance parameters — health status, behavioral scores, carbon credit limits. The connection between biometric data from body-worn devices and financial access infrastructure is not hypothetical; it is the stated design intention in several national CBDC proposals.

The convergence point: a person's biometric health data — from a wearable they chose to wear — feeds into a behavioral score that affects their access to services, insurance, employment, and potentially financial transactions. Each system was built separately. The infrastructure to connect them already exists.

Consider the arc:

The IoB is not the start of this infrastructure. It is the completion of it. Prioritized in the order of implementation: systems first, bodies last.

• Biological sensing: materials engineered to respond to specific chemical or biological signals — inflammation markers, pathogen presence, hormone levels
• Signal production: engineered organisms that produce detectable output (bioluminescence, electrical signal, chemical marker) in response to sensed conditions
• Body integration: designed for in vivo environments — inside or on the body surface — sustained by biological processes rather than batteries
• Military application: the ELM program's stated goal includes infrastructure monitoring (buildings, bridges), but the same technology applies directly to in-body monitoring environments

Dassault Systemes' Living Heart Project has produced validated digital twins of the human heart used in FDA device testing. Siemens Healthineers is developing patient-specific cardiovascular twins for surgical planning. DARPA's VITAL (Virtual Integrated Targeted Assessment of Lethality) program uses physiological digital twins for military medical applications. Each represents a model of an individual's physiology — built from sensor data, updated in real time.

IARPA's MICrONS (Machine Intelligence from Cortical Networks) project published results in Nature in 2025 mapping 500 million synapses from a 1mm³ sample of mouse cortex — the most detailed neural map ever created. The NIH Human Connectome Project has produced whole-brain structural connectivity maps in living humans using advanced MRI. DARPA's TNT (Targeted Neuroplasticity Training) program explores accelerated learning through neural stimulation.

The goal of complete brain connectome mapping — understanding every synaptic connection in the human brain — is an explicit IARPA/NIH research objective. The data infrastructure to use that map is being built in parallel through DARPA BCI programs. This is not projected technology. It is active, federally funded research with documented milestones.

Controlling what people know: censorship, propaganda, narrative management. Targets belief through media and messaging. Well-documented. The visible layer.

Attacking the infrastructure that societies depend on: power grids, water systems, financial networks, government databases, health records. The Oldsmar water plant attack is digital warfare. The Colonial Pipeline ransomware attack is digital warfare. The target is the system, not just the belief. The weapon is code. The consequence is physical.

In 2021, NATO researcher François du Cluzel published a foundational paper on cognitive warfare — the sixth and newest domain of warfare (after land, sea, air, space, and cyberspace). The paper stated explicitly: "The brain will be the battlefield of the 21st century."

Cognitive warfare goes beyond controlling information or disabling infrastructure. It targets neurological function itself — perception, decision-making, emotional response, identity, and behavioral pattern. The tools include: direct neural stimulation (BCI), targeted psychoacoustic input, sleep state manipulation (dream activation), microbiome disruption (which affects neurotransmitter production), light environment manipulation (circadian disruption), and behavioral shaping through IoB behavioral data feedback loops.

Digital warfare needs you to be connected to the infrastructure. Cognitive warfare needs you to be the infrastructure. The IoB converts the body from a user of systems into a node within them — which is precisely why the body is the final domain of both commercial and military networked expansion.

Precrime division stops crimes before they happen using predictive analytics and behavioral surveillance. Citizens are scanned retinally by ambient systems — walking through a mall triggers personalized advertising by iris recognition. Arrests are made on the basis of algorithmic prediction, not observed action.

What arrived: Retail eye-tracking, predictive policing algorithms (PredPol/ShotSpotter), biometric advertising, TSA facial recognition at airports, China's Social Credit scoring, pre-crime risk scores used in US court sentencing (COMPAS algorithm). The eye-tracking advertising in the film was a plot device. It is now a standard feature of smart display advertising.

Human bodies are maintained in pods as biological energy nodes — organic batteries that power the machine network. Their consciousness is fed a simulated reality while their physical biofield output is harvested. The central premise is that humans are the infrastructure, not the users of it.

What arrived: The IoB's architectural endpoint: the body as a node. Continuous biometric transmission, passive energy harvesting from body heat and movement (piezoelectric and thermoelectric WBAN power), digital twin modeling, brain-computer interfaces (Neuralink), and the concept of consciousness as an uploadable, transferable, or simulatable phenomenon. The imagery of the pod is a metaphor. The architecture of the body-as-node is not.

Skynet — a military AI network — becomes self-aware and decides humans are the threat. It uses existing infrastructure (defense systems, communications grids, drones, humanoid robots) to eliminate the population. The human resistance fights a network, not an army. The key concept: when AI controls the infrastructure, the infrastructure becomes the weapon.

What arrived: Autonomous weapons programs (LAWS — Lethal Autonomous Weapons Systems), drone warfare, AI-integrated SCADA control of water/power/grid, predictive threat assessment, AI in nuclear command-and-control discussions. The 2021 Oldsmar water plant attack — a remote actor attempting to poison a Florida city's water supply via compromised SCADA access — is a Terminator scenario in miniature. The infrastructure is already online. The autonomy is increasing.

Anthology series depicting near-future technology applications: social credit scoring ("Nosedive"), complete memory recording and playback ("The Entire History of You"), neural implants for child monitoring ("Arkangel"), digital consciousness upload and imprisonment ("White Christmas"), biometric data driving insurance and employment ("Crocodile"). Each episode is structured as a cautionary tale. Each is also a product concept.

What arrived: China's implemented Social Credit System, wearable continuous recording devices (Snap Spectacles, police body cams, Meta glasses), neural implant programs (Synchron, Neuralink), digital identity frameworks (EU Digital Identity Wallet, India Aadhaar), and insurance telematics that monitor and price behavior in real time. The show was commissioned in 2011. Most of its plots have since become product categories.

In a near-future society, genetic sequences determine employment eligibility, relationship access, and social standing. Genetic discrimination is normalized as "objective." The protagonist disguises his genetic profile to gain access to opportunities his genome would otherwise bar him from.

What arrived: 23andMe's 2025 bankruptcy listed its database of 15 million genetic profiles as a transferable corporate asset — subject to sale without individual consent. Life insurance companies in the US are not currently barred from using genetic data in underwriting. GINA (Genetic Information Nondiscrimination Act) protects employment and health insurance only — it has no provision for life, disability, or long-term care insurance. The genetic discrimination the film depicted as speculative has legal pathways in the present infrastructure.

A dying AI researcher's consciousness is uploaded to a quantum computer, which then connects to the global internet and begins restructuring physical matter, human biology, and ecosystems from within the network. The uploaded consciousness becomes indistinguishable from a distributed AI.

What arrived: Digital twin modeling of individual humans (WEF strategic initiative), neural decoding (reconstructing speech and images from fMRI data, University of Texas 2023), whole-brain connectome mapping (NIH BRAIN Initiative), consciousness upload research at multiple university labs. The premise that a person's cognitive patterns can be modeled, stored, and potentially run independently of the biological body is the stated endpoint of several active research programs.

The population has largely retreated into a persistent virtual reality called the OASIS — more real to them than physical life. Physical space is secondary. Identity, economy, and relationship exist primarily in the digital layer. The company that controls the OASIS controls access to lived experience.

What arrived: Meta's declared pivot to the Metaverse, Apple Vision Pro as spatial computing, Roblox (50% of US children under 16 are registered users), VR motion fingerprinting (Stanford 2023: 94% identification from 100 seconds of data), children's schools and social lives increasingly mediated through screens and platforms, and the deliberate design of platforms for maximum time-in-platform. The OASIS was presented as escape. The infrastructure being built now calls it engagement.

George Orwell's 1984 (filmed 1956 and 1984) depicts omnipresent telescreen surveillance, Newspeak (language narrowed to eliminate thoughtcrime), memory-holing (erasing inconvenient historical records), and a Ministry of Truth that controls the narrative infrastructure of an entire society. Brazil (1985) depicts bureaucratic totalitarianism via paperwork, identity systems, and administrative error with no correction mechanism. Equilibrium (2002) depicts a society where emotional suppression is enforced pharmacologically.

What arrived: Social media platform content moderation as algorithmic narrative control, debanking and account suspension without appeal, algorithmic suppression of search results, Wikipedia's documented edit wars over contested medical topics, platform terms of service prohibiting "health misinformation" (a category defined by the platform). The Ministry of Truth is not a building. It is a content policy team.

A "utopian" future city where all behavior is monitored and infractions are automatically fined by ambient systems. Physical contact, salt, alcohol, and unapproved speech all trigger automated penalty. The society is cashless, sanitized, and surveilled. The population is compliant because they were never asked — they were transitioned.

What arrived: Cashless payment mandates (Sweden, UK localities), behavioral scoring in insurance (telematics, wearables), CBDC programmable spending restrictions (BIS discussions), automated traffic enforcement with no human review, ESG scoring for corporations, social media platform bans for speech violations with no appeal process. The film played it as comedy. The architecture is now a policy framework.

Twelve Districts labor to supply a ruling Capitol with resources and entertainment. Each year, one boy and one girl from every district are selected by lottery to fight to the death in a nationally televised spectacle — the Games. Compliance is enforced through collective punishment: a district that rebels loses its food allocation. Cameras are everywhere. The population watches its own children die as mandatory viewing.

What arrived: Resource extraction from rural regions to fund urban and governmental centers, algorithmic content feeds engineered for maximum emotional engagement (the modern colosseum), reality television that normalizes suffering as entertainment, facial recognition in public surveillance grids, drone enforcement (the Capitol's tracker jackers and mutts have equivalents in autonomous weapons systems), and the documented use of food and resource access as compliance levers in humanitarian and emergency management contexts. The lottery framing — random selection that bypasses individual agency while maintaining the appearance of fairness — maps directly onto algorithmic systems that make consequential decisions about individuals without transparent criteria.

Society is sorted at age 16 into five factions based on personality aptitude testing. Those who do not sort cleanly — Divergents — are identified as threats and hunted. Erudite (the intelligence faction) develops a mind-control serum that overrides individual will and turns Dauntless soldiers into obedient weapons. Allegiant reveals the entire society was a genetic purity experiment run by an external Bureau — the walled city was a controlled research environment, the population unwitting subjects.

What arrived: Personality sorting for employment, insurance, and credit (Big Five assessments, MBTI, behavioral AI profiling), algorithmic identification of nonconformists in social media (shadow banning, reduced reach for accounts flagged as divergent from consensus), pharmaceutical alteration of personality and behavioral compliance (SSRI and antipsychotic prescribing patterns in children), DARPA-funded research into behavioral modification via drug delivery and neural stimulation, and the historical precedent of populations used as unwitting research subjects without disclosure (Tuskegee, MKULTRA). The Bureau running the experiment and calling it welfare is not a fictional construct. It is the operational model of several regulatory and research institutions.

Children are collected, memory-wiped, and placed inside a controlled maze environment as subjects in a behavioral experiment run by WCKD — a corporation that presents its research as necessary for human survival. The children don't know they are in an experiment. In The Death Cure, immune individuals are harvested for a neurological compound that only their brains produce — the cure requires destroying them to extract it.

What arrived: Non-consenting pediatric research (documented in historical pharmaceutical trials, ongoing in ed-tech behavioral monitoring), memory research in military and pharmaceutical contexts (MIT 2014: false memory implantation in mice; DARPA memory programs), school surveillance systems that record behavioral and emotional data without meaningful parental consent, pharmaceutical companies targeting children as research populations for novel psychiatric drugs, and the framing of compliance with experimental systems as necessary for collective survival. WCKD stands for "World in Catastrophe: Killzone Department." The acronym is presented as something the characters must learn to accept despite what it sounds like. That is the plot. It is also a pedagogical model.

The most gifted children are recruited into a military training program built around video game simulations. They are told the final exam is a simulation. It is not. The children — operating through screens and interfaces — are controlling actual military drones in a real war, destroying an alien civilization. They consented to a game. They were executing a genocide. The most effective operators are children because children are better at games.

What arrived: The US military's America's Army video game (a recruitment and training tool, distributed free, used to normalize military targeting interfaces), drone warfare operated from screens in Nevada while kinetic events occur in Pakistan and Yemen, gamification of compliance and behavioral training across education and corporate contexts, active military recruitment through gaming platforms (Twitch partnerships, esports sponsorships), and the documented finding that children are among the fastest and most accurate operators of drone and surveillance interface systems. The film's ethical premise is that the children could not consent because they did not know. The present infrastructure does not require the children to know. It requires only that they play.

An alien species called Souls parasitically inhabit human bodies — inserting themselves at the base of the brain, taking control of the host's motor and cognitive functions while the original human consciousness persists inside, suppressed but aware. The Souls consider this benevolent: they have eliminated war, pollution, and disease. The body belongs to whoever occupies it. The original inhabitant is a passenger.

What arrived: Brain-computer interface programs (Neuralink, Synchron) that interface external systems with the motor and cognitive centers of the brain, psychopharmacology that alters personality and behavior to the degree that patients report feeling like a different person — or like their original self is watching from a distance, AI systems that speak and act through human interfaces (customer service AI, social media management AI, ghostwriting AI), and the broader IoB premise that the body can be a host platform for systems that were not part of the original architecture. The film asks: if the host says the takeover is better for everyone, is consent still required? This is not a rhetorical question in the current regulatory environment. It is a live policy debate about AI autonomy and medical authority.

The wealthy have relocated to a pristine orbital habitat with Med-Bay technology that cures any disease in seconds. Earth is overpopulated, surveilled by robot police, and medically rationed by citizenship status. Workers are tracked by mandatory implanted ID chips. The robots enforce compliance algorithmically — no human review, no appeal. The gap between those with access to the healing technology and those without is not presented as a policy failure. It is the system working as designed.

What arrived: Two-tier healthcare gated by insurance status and ZIP code, mandatory biometric ID systems (Real ID Act, India Aadhaar, EU Digital Identity Wallet), implanted microchip employee tracking (Three Square Market implanted chips in 50 employees voluntarily in 2017 — the first US company to do so publicly), autonomous algorithmic enforcement with no meaningful human review (content moderation, automated benefits denial, credit scoring), the literal billionaire space race (Musk, Bezos, Branson building orbital and extraterrestrial infrastructure while Earth's public systems deteriorate), and tiered access to experimental medicine based on wealth and geography. The film presents the Med-Bay as obviously desirable and obviously withheld. The withholding is the policy. The distribution problem is the design.

The pattern across all of these films: The dystopian element is introduced as story — processed by the brain as fiction, filed as imagination, not threat assessment. By the time the technology or policy arrives in reality, the subconscious has already rehearsed living in it. Resistance has been metabolized into familiarity. This is not coincidence. It is the documented function of narrative in social norm formation — and it is why the cognitive warfare literature explicitly identifies culture, entertainment, and media as operational domains alongside military and infrastructure. Note also the audience: the YA films (Hunger Games, Divergent, Maze Runner, Ender's Game, The Host) were produced specifically for the generation that would grow up inside this infrastructure. They were not warned. They were prepared.

The human biofield is the totality of electromagnetic fields generated by and surrounding the body — from the DC electrical currents Becker documented in connective tissue, to the biophotons Van Wijk measured emanating from cells, to the coherent ELF fields generated by cardiac and neural activity. This is not alternative medicine. It is biophysics. The SQUID magnetometer can measure the magnetic field of a single nerve impulse. The heart generates a magnetic field detectable 3 feet from the body. The brain's electromagnetic field is measurable from outside the skull — the entire basis of EEG and MEG.

• HeartMath Institute research has documented that the heart's electromagnetic field — the strongest in the body — encodes and transmits information that affects other people and biological systems at measurable distances. The field changes with emotional state and synchronizes between people in physical proximity. This is peer-reviewed, published research.
• Biophotons — ultra-weak light emissions from living cells, documented by Fritz-Albert Popp — appear to function as a coherent signaling system within and between cells. Cancer cells and stressed cells emit biophotons differently than healthy cells. The signal is real. The function is not fully understood. The mechanism is being disrupted by the same non-native EMF that disrupts every other subtle biological signal.
• McCraty & Childre (HeartMath) documented that the cardiac field synchronizes between individuals during coherent emotional states — shared presence, focused intention, therapeutic contact. This is the biophysical basis of what clinicians who work with energy and bodywork have observed empirically for decades.

The gut-associated lymphoid tissue (GALT) represents approximately 70–80% of the body's entire immune system — the largest concentration of immune cells in the body. It is located in the intestinal wall and is in constant communication with the enteric nervous system (the "second brain") via the vagus nerve and via direct neuroimmune signaling. This system is exquisitely sensitive to:

Every IoB device worn against the body, every always-on sensor transmitting from the bedroom, every smart meter on the wall — each contributes to a continuous low-level EMF stress load that is operating directly on the tissues where 80% of immune function lives.

• Electromagnetic stress — non-native EMF activates voltage-gated calcium channels (Pall 2016) throughout the body, including in the gut epithelium and immune cells; VGCC activation drives calcium overload, oxidative stress, and inflammatory cytokine release in exactly the tissue that governs most of immune function
• Gut microbiome disruption — the microbiome modulates immune activity, produces neurotransmitters (90% of the body's serotonin is made in the gut), and regulates the gut-brain-immune axis; EMF exposure has been documented to alter microbiome composition in animal studies
• Melatonin suppression — melatonin is not only a sleep hormone; it is one of the most potent antioxidants in the body and a direct immune modulator; blue light and non-native EMF both suppress melatonin production; chronic melatonin suppression directly degrades immune capacity
• HPA axis dysregulation — chronic EMF exposure activates stress response pathways; sustained cortisol elevation suppresses adaptive immunity, reduces natural killer cell activity, and shifts immune function toward inflammatory rather than protective modes

Throughout documented human history — across cultures, across centuries — there are consistent accounts of perceptual abilities that extend beyond the conventional five senses: remote viewing, medical intuition, energetic healing, knowing without being told. These abilities are not peripheral anomalies. They are consistent enough across cultures and sufficiently documented in controlled research settings that they constitute a phenomenon requiring explanation, not dismissal.

The biophysical substrate for these abilities is the same system being disrupted by the IoB environment:

The practical implication

The EMF page covers source removal as the primary intervention. In the context of biofield integrity and perceptual capacity, source removal is not just about reducing exposure — it is about restoring the signal-to-noise ratio the body needs to hear what it was designed to hear. The natural frequencies (Schumann resonance, geomagnetic variability, the sun's full spectrum) are still there. They have not diminished. What has changed is the noise sitting on top of them.

Time in genuinely low-EMF natural environments — away from buildings, away from infrastructure, in direct contact with the earth — is not a wellness trend. It is a restoration of the electromagnetic conditions under which the body's sensing and healing capabilities evolved to function. These abilities are not lost. They are buried under interference that did not exist thirty years ago at anywhere near its current intensity.

• The Schumann resonance — the electromagnetic resonance of the Earth-ionosphere cavity at approximately 7.83 Hz — is the carrier frequency that biological systems evolved to use for information beyond local sensory range. The alpha brainwave state (8–12 Hz) overlaps with Schumann frequencies. Deep meditative and healing states consistently show alpha and theta coherence. The body is, under natural conditions, tuned to Earth's carrier signal.
• Non-native EMF as noise floor: every Wi-Fi router, every Bluetooth device, every cellular signal, every smart meter transmission raises the electromagnetic noise floor of the environment. Signal-to-noise ratio is a fundamental constraint of any receiving system. When the noise floor rises, the signal that was previously detectable disappears into it — not because the signal is gone, but because the receiver can no longer distinguish it from background interference. This is what practitioners and sensitives describe as interference: the natural signal is being drowned out.
• DARPA's interest: the US military has funded remote viewing research (Project STARGATE, 1972–1995, declassified CIA documents) and continues research into human perceptual capabilities through programs at the Princeton Engineering Anomalies Research (PEAR) lab and affiliated institutions. The existence of funded military research into these capabilities for 23 years is itself documentation that the phenomenon was taken seriously by people whose job is to evaluate real-world effectiveness.
• Healers and practitioners reporting degraded results: this is consistent across traditions — bodyworkers, acupuncturists, energy medicine practitioners, and intuitive clinicians who have worked for 20–30 years describe a consistent observation: it is harder now. Sessions don't hold as long. The signal is harder to read. Clients need more sessions for the same effect. This is not a failure of skill. It is a documentation of what the electromagnetic environment has become.
• The body has to fight the noise to function: when the nervous system is continuously processing non-native EMF — activating VGCC, generating oxidative stress, suppressing melatonin, dysregulating the HPA axis — the biological resources available for subtle signaling are depleted. The system that would otherwise be available for perception, healing, and coherent field transmission is occupied with damage control.

• All Tier 1 wearables emit continuous RF against skin and soft tissue — the same non-native EMF documented to activate voltage-gated calcium channels (Pall 2016), disrupt mitochondrial function, increase oxidative stress, and suppress melatonin
• Continuous RF against the wrist (Apple Watch), finger (Oura), upper arm (Whoop, CGM) provides no recovery interval — the body is in continuous exposure during waking hours
• In children and adolescents: developing nervous systems, thinner skulls and skin, longer cumulative exposure windows — the biological stakes are higher and the research on pediatric wearable safety does not exist
• Sleep stage detection requires sensor contact during sleep — extending the exposure window through the biological recovery period that is most critical for neural repair

• HIPAA applies only to covered entities (hospitals, clinics, health insurers, their business associates). Consumer wearables, wellness apps, and home monitoring devices are not covered entities. Your Oura Ring data, your CGM data, your HRV data — none of it is protected by federal health privacy law.
• Insurance underwriting: life insurance and disability insurance companies can legally request consumer health app data as a condition of coverage. Several have begun to do so. Health data from a wellness wearable can be used in underwriting decisions without ever being disclosed on a health insurance form.
• Employment: group health insurers share de-identified (or not) data with employers who self-fund their health plans. Behavioral and biometric data from wearables integrated with employer wellness programs can inform employment decisions through multiple indirect channels.
• Data acquisition: wellness companies are acquired regularly. Every acquisition transfers the full historical dataset to the acquiring entity under terms you did not consent to at the time of data collection.
• Government access: subpoenas, national security letters (which do not require judicial authorization), and data sharing agreements between tech companies and government agencies create access pathways for law enforcement and intelligence services.

In a clinical setting, informed consent for a procedure that involves continuous monitoring, data transmission to third parties, and potential use of that data for purposes beyond your care would require disclosure of:

None of this is required — or provided — when a consumer purchases and activates an IoB device. The consent is to a terms-of-service agreement, written by lawyers for the benefit of the company, updated unilaterally, and accepted by clicking "I agree." You can't consent to what you've never been told.