How do you quantify the threat posed by surveillance capitalism (e.g., MS, Google)?

This has been something that has been bugging me for quite a while.

Because, with all I know right now, surveillance capitalism still feels more like a boogeyman to me than an actual defined threat.

I don’t know how much data companies like Microsoft or Google have collected from me, how much data they are collecting, how likely I will be negatively affected by that data, and how bad the consequences are if I do get negatively affected.

So, yeah. That’s my question. How do I quantify the threat from surveillance capitalism enough to actually build a threat model for it?

As an aside, the reason why I bring this up is because I have software that I need to use and is Windows-only. I’ve tried running it in a VM, and that doesn’t work, so I’m trying to assess how bad Windows is.

Which is frustrating because nobody really seems to know how bad it is. Just that it’s bad.


I just asked this in the matrix room regarding Windows 10/11. I guess it depends on convienance/security&privacy standpoint. From my understanding Windows has much better sandboxing and overall mitigations from a security/privacy standpoint to protect you from malsicious actors and applications but they collect their own data about you as well. Personally if you need that application and it only works on bare metal windows then just use it and modify the settings to be as best privacy wise as possible. If you force yourself to use something that doesn’t work for you personally you will hate it and it’ll be a discomfot or grind to use it which means it isn’t worth your mental health/sanity. A little discomfot is fine but don’t make yourself miserable either. Any settings you change will make you more private and secure compared to 99% of internet users so yoiu will be much better of. I don’t want to tag him (again) but Edward is working on Windows guide that should be out at some point and it will have some good suggestions i’m sure. In the mean time The New Oil has a great guide on Windows The New Oil
(Hopefully it’s okay if i link to an outside site i am a member of)

With Google you can export all (?) the data they have on you here
If you are in the EU you can also consider filing a GDPR request and they are legally obliged to inform you about all data collected from you.


Hey. I don’t have a clear answer to your question, it certainly sucks that so much of the software for the public is made specifically for Windows, and I hope you somehow manage to overcome this situation. I just wanted to point out one thing you mentioned, and I’ve seen it mentioned a lot around here.
Personally, I don’t think the right word is capitalism. I guess it’s semantics, but I think it’s much better to use the term “corporatism”, because in essence the companies that do these things are only allowed to do it to the extent that they ally or team up with governments to do it, which is a quality of a corporatist economy or sector, rather than an open and free market, where you generate value and make money (very basically, I could go on, but honestly, I’ll pass) by directly satisfying the customer, rather than stealing their data and information.
That said, and not to make an empty answer, maybe you can find some alternative software that can replace it. Another option might be to isolate the machine with Windows installed, in case the software can be used offline, so that it can’t physically steal any data, or you can minimise the amount of stolen information as much as possible. Lastly, it occurs to me that you could use some kind of capped version of Windows, such as Atlas, but honestly, these kinds of de facto Windows versions are not at all reliable. Another similar option I can think of is to install all kinds of restrictions on Windows or follow a guide to manually cap it, such as (a reliable guide in my humble opinion). I don’t know, I can’t think of any other advice. I hope I have helped in something, best regards.

1 Like

The thing about surveillance capitalism is there’s no way of knowing whether Microsoft and Google really are selling your data. Since they do have a strong focus on security and keeping your data safe from outsiders like hackers, I think Google and Microsoft are trusted companies. That doesn’t mean we should give them all our information, but we can choose not to by disabling telemetry with the options they provide for us.

Isn’t that the source of Google’s revenue is selling ad data to ad agencies? I don’t think either are slack on security itself but actually using your data to make income is a different thing imo.

There are a lot of ideas in this thread, so I’ll start with your first question.

If you want to demystify the concept, I really recommend reading its Wikipedia article. This section of Privacy Guides’s Common Threats article is also a great place to start.

To provide an extremely loose argument for why it might not be a good thing:

  1. Privacy is a human right.
  2. Surveillance capitalism is mass surveillance for the purpose of profit-making.
  3. If (2) constitutes a violation of the right to privacy, then surveillance capitalism infringes on human rights.
  4. (2) does constitute a violation of the right to privacy.
  5. Therefore, surveillance capitalism sucks.

This is a very in-a-nutshell explanation (I can go into detail if you like—I actually wrote a dissertation on the ethics of mass surveillance :smile: ) and makes some basic assumptions like “infringing on human rights is bad”. I hope it illustrates a somewhat basic angle, though.

There is a lot more to the topic (although not necessarily complex—just expansive), but I hope that this is enough to address your question.

To understand a little bit more about the actual aim of surveillance capitalism, I really recommend watching The Social Dilemma. Likewise, with the Cambridge Analytica scandal, questions like “why is data even valuable in the first place?” are the best place to start.

With regards to Google specifically, this is simply false. I recommend this extremely thorough breakdown of exactly why. Otherwise, they have an extremely well documented history of malpractice. Ironically, I suggest Googling it.


If you could Get Windows enterprise you can set telemetry level to 0.

I’m not sure them not selling your data makes their data collection any better. Is your data not being wildly disseminated? Perhaps. Even if we assume that is the case, is that the only criteria to become a trustworthy company? I would argue certainly not. Google, Facebook, Microsoft, etc. can all misuse your data without selling it.

In the interest of brevity, I used capitalism because that was PG used in the guide, I think the word you’re looking for is corporatocracy, I don’t think capitalism needs to be a free market (e.g., state capitalism), and corporatism has little to do with corporations influencing the government.

Grain of salt though because I don’t study political/economic systems.

The first two are unfortunately not going to be possible for me (I’m required to use it, and I don’t actually have a second machine), but I am definitely going to look into stuff like to try and restrict Windows as much as I can.


I already read those actually.

I know Microsoft and Google violate my right to privacy. I just don’t know how that affects me aside from it being a violation of my rights.

Like, in the US., there is an immediately visible risk in the form of government surveillance because of PRISM and all that.

But I don’t live in the US. I don’t know if the US government or Google have decided to share data with my country’s government. Or if they did, how much.

Like, you go from knowing that Google is in bed with the NSA to not knowing anything at all. Not sure if that makes sense, and since I don’t want to use Windows or Google anyway, this is all kinda a moot point anyway. I just don’t like how vague this is.

While I kinda trust Microsoft and Google’s security, I wouldn’t say I trust them as companies.

I will say though that while I disagree that it’s not possible for us to know whether Google and Microsoft are selling data, I am getting the creeping feeling that the answer to my question is “We don’t know”. Even with known risks like viruses, it’s still tough to tell how bad running something like AME is.

Trying to divine the unknown future consequences caused by the unknown actions of corporations and governments is probably an exercise in futility.

Even at Telemetry Level 0, Windows still sends data requests. It’s a game of whack-a-mole with the registry and group policies.

That is really a very interesting question you ask.

Because everytime when posters asks questions about privacy oriented software, and online privacy behavior in general, answers are : “it depends on your threat model”, " what are you affraid of", etc.

And the fact is that most of posters doesnt know the answer to that question.

We just kinda know that Google is “bad”, that governments “can” access private datas, etc, but it’s very difficult to imagine the “actual” consequences for us.

1 Like

Gotcha. I think those are essential questions to ask!

Like I said, my loose human rights argument is just a simple case for why some people might decide that surveillance capitalism is unacceptable. It’s contingent on someone deciding that an infringement on their human rights is sufficient.

I actually agree that the discussions we tend to see in communities concerned with privacy and security can suffer from the “bogeyman” issue. Part of the trouble is that it’s actually quite a complex topic.

The Social Dilemma is still probably the most accessible explanation I’ve come across. It’s not exhaustive, but its illustration of the everyday consequences is a great introduction. If you can, I really suggest watching it.

Tl;dr: Internet discussions are hard, full of miscommunication, and often oversimplified or overcomplicated. Surveillance capitalism is a complex topic. The Social Dilemma is a really good explanation of what it is, how it works, and why it sucks.

I’ve spent the past hour trying to write a bumper-sticker explanation which isn’t overly reductive or overly detailed, but I haven’t been able to. My other reply references some high quality resources.

Without branching into another topic, this hits the wider issue on the head. It’s a huge trouble and I can endlessly list references which evidence things like “Google bad”, but, frankly, a vast majority of people won’t read them (and fair enough—we all have limited time, and I shouldn’t expect strangers on the internet to read everything I recommend).

Perhaps it would be useful if I tried to write an accessible article that attempted to demystify some of these ideas?


As far as I am concerned, I don’t much like mixing the “governments can access private data” and “Google is bad”. In the first case, the State can access whatever it wants on its territory, that is the way it has always been and will probably always be. (In the most favorable cases, it edicts rules to prevent itself from becoming a “Big Brother” and gives its “shares” to its “citizens” in order to have them edict such rules, to make it short.)
In the second case, a private actor tries to impose its rule to me. The choice to deal with them is mine.