Wong Edan's
Cover
Coding & Algorithms

The Digital Panopticon: How They Track You Without Permission

February 12, 2026 • By Azzar Budiyanto

Greetings, fellow travelers of the silicon wasteland! It is your favorite neighborhood eccentric, your “Wong Edan” of the World Wide Web, coming at you from a bunker lined with lead and vintage floppy disks. Today, we are going to talk about a specific type of madness—the kind where you think you’re alone because you haven’t installed “The App,” yet the App knows exactly what brand of lukewarm coffee you’re drinking and how many times you’ve Googled “how to build a faraday cage out of kitchen foil.”

You think you’re safe because you deleted TikTok? You think you’re a ghost because you never signed up for Facebook? Halah! Don’t make me laugh. In the modern data economy, your presence is recorded by the shadow you cast, not just the feet you plant on their digital soil. We are living in a reality where the “ghost” of your data is more valuable than your actual participation. Grab your tin-foil hats, because we are diving deep into the invisible dragnet that tracks you even when you aren’t looking.

The Invisible Pixel: The Sniper in the Website Grass

Let’s start with the most insidious weapon in the big tech arsenal: the Tracking Pixel. Imagine you’re walking through a mall. You don’t enter the “TikTok Store” or the “Meta Boutique.” You just walk past them. But every single tile you step on in the hallway is pressure-sensitive and sends a notification to those stores saying, “Subject 402 is wearing blue shoes and lingers near the electronics.”

That is what a Meta Pixel or a TikTok Pixel does on a website. These are tiny, often 1×1 invisible images or snippets of JavaScript code embedded into millions of third-party websites. When you load a page—be it a news site, a clothing store, or a blog about artisanal goat cheese—your browser automatically requests that invisible pixel from the tracking company’s servers. In doing so, your browser reveals your IP address, your device type, your screen resolution, and—most importantly—a unique identifier stored in your cookies.

According to recent reports, TikTok has been aggressively expanding this “data harvesting empire.” Even if you have never touched the app in your life, if you visit a site that has the TikTok pixel, TikTok now knows you were there. They are building a “Shadow Profile” of you. They don’t need your name; they just need to know that “User ID X-49-Alpha” likes high-end GPUs and conspiracy theories about 5G towers. When you eventually do succumb to the pressure and join the app, they already have a five-year history of your digital life ready to feed into their algorithm.

The SDK Shadow: Why Your Flashlight App is a Snitch

It’s not just websites. It’s the apps you do use that are snitching on you to the companies you don’t use. This is done through something called a Software Development Kit (SDK). Think of an SDK as a pre-packaged box of tools that a developer uses to build an app so they don’t have to reinvent the wheel for things like analytics, ads, or login buttons.

When a developer puts the Facebook SDK or the Google Firebase SDK into their “Weather App” or “Sudoku Pro,” they are essentially inviting a spy into the room. Every time you open that Sudoku app, the SDK “calls home” to its parent company. It says, “Hey, the person at this IP address just spent 20 minutes solving a hard puzzle.”

“The data-industrial complex doesn’t care about your consent; it cares about your connectivity. If a device has a heartbeat and a Wi-Fi chip, it’s a target.”

This is why you’ll see an ad on Instagram for a pair of hiking boots you just looked at on a completely unrelated outdoorsy app. The outdoorsy app didn’t sell your data to Meta—Meta was already inside the outdoorsy app, watching you through the SDK window. It’s a house of mirrors, my friends, and every mirror is a two-way camera.

The Amazon Overlord: Knowing Your Shopping List via Proxy

You might think, “Well, I don’t use social media, so I’m fine.” Oh, you sweet summer child. Let’s talk about Amazon. Amazon isn’t just a store; it’s a massive infrastructure provider through Amazon Web Services (AWS). But more specifically, Amazon’s advertising network is a beast that rivals Google.

Amazon tracks your behavior across the web to understand your “intent.” If you visit a tech review site that uses Amazon’s affiliate links or tracking tags, Amazon records your interest. They use this data to refine their “recommendation engine” so that the next time you accidentally land on an Amazon page, or even see an Amazon ad on a billboard in a digital space, it’s tailored to your exact desires. They are tracking you through the very fabric of the internet’s commerce layer. You are a data point in their logistics chain long before you click “Add to Cart.”

The Workplace Panopticon: Teams, Slack, and Your “Private” Time

Now, let’s get a bit more personal. Let’s talk about your job. Many of you are working from home, thinking your work phone is just a tool. But as recent queries suggest, many employees are terrified that their bosses are watching them through Microsoft Teams or other corporate software. And let me tell you—the truth is weirder than the fiction.

While Microsoft Teams doesn’t necessarily “watch you through the camera” while you’re off the clock (usually), the metadata it collects is staggering. Your employer can see your “Active” status, how long you spend in meetings, and even your “Productivity Score” in some configurations. But the real danger lies in non-Microsoft applications specifically designed for tracking. If your company has installed a Mobile Device Management (MDM) profile on your phone, they don’t just see your Teams activity—they can potentially see every app you’ve installed, your GPS location history, and even your web traffic if you’re using a corporate VPN.

Even if the company doesn’t configure these things, the capability exists. The software is built to be a snitch. It’s the digital equivalent of your boss standing behind you with a clipboard, only the boss is an AI that never sleeps and doesn’t take lunch breaks.

The Automotive Nightmare: Your Car is a Rolling Data Center

This is where your Uncle Wong gets really worked up. Let’s talk about car insurance apps. These companies offer you a “discount” if you install their app to track your “safe driving.” Save driving score, my left foot!

These apps don’t just track how hard you brake. They track where you go, when you go there, and how long you stay. They are collecting high-frequency GPS data. This data is then sold to brokers. Why? Because knowing that you visit a liquor store every Friday at 5:00 PM is valuable information for health insurance companies, marketers, and even your local government. Even if you don’t use the app for “savings,” many modern cars have this tracking built into the infotainment system. Your car is essentially a smartphone with wheels, and its primary purpose is to harvest your movement patterns and sell them to the highest bidder.

The Illusion of Choice: Apple’s App Tracking Transparency

Apple likes to pretend they are the heroes of this story with their “App Tracking Transparency” (ATT) feature. You’ve seen the pop-up: "Allow 'App' to track your activity across other companies' apps and websites?" You click “Ask App Not to Track” and feel a surge of rebellious joy. You think you’ve won.

Hah! You’ve merely closed the front door while the back door, the windows, and the chimney are wide open. While ATT limits the sharing of the “IDFA” (Identifier for Advertisers), companies have pivoted to “Fingerprinting.” They look at your battery level, your volume settings, your free disk space, and your system uptime to create a unique digital fingerprint. Even without Apple’s permission, they can identify you with 95% accuracy. The “Ask App Not to Track” button is often more of a “suggestion” to the app developers, and while some follow it, the big players find ways around it because their billions depend on it.

The Wyze and the Wicked: IoT Tracking

Even your home security isn’t safe. Take Wyze cameras or other IoT (Internet of Things) devices. These apps often demand location permissions even if the device doesn’t “need” them to function. Why does a lightbulb need to know your GPS coordinates? Because it’s not about the lightbulb; it’s about the map of your life. By knowing where you are and when you turn your lights on, these companies can infer your work schedule, your vacation times, and even your sleeping habits. This data is the “new oil,” and your living room is the oil field.

Technical Deep Dive: How the “Shadow Profile” is Built

For my fellow geeks, let’s talk about the Identity Graph. This is the database where all these disparate pieces of information—your IP from the TikTok pixel, your GPS from the insurance app, your “Productivity Score” from Teams—get stitched together. Companies like Liveramp or Acxiom specialize in this. They take “hashed” (encrypted) versions of your email address and link them to “anonymous” device IDs.

When you browse the web, these companies use Probabilistic Matching. They see a person on a MacBook in Jakarta reading about “privacy tech” and a person on an iPhone in Jakarta using a “Sudoku” app. Because they are on the same Wi-Fi network and have similar browsing patterns, the algorithm decides with 99% certainty that they are the same person. Congratulations, you’ve been “Identity Resolved.” Your anonymity is a fairy tale we tell children to help them sleep at night.

How to Fight Back (Or at Least Make It Harder for Them)

Is it hopeless? Are we destined to be mere nodes in a giant advertising matrix? Not if your Uncle Wong has anything to say about it! While you can’t be 100% invisible unless you move to a cave in Kalimantan and communicate via carrier pigeon, you can certainly make their data “dirty” and expensive to collect.

  • Use a Hardened Browser: Switch to Firefox with “Enhanced Tracking Protection” set to Strict. Or better yet, use Librewolf or Brave. These browsers block those 1×1 pixels by default.
  • DNS Filtering: Use a service like NextDNS or Pi-hole. This allows you to block tracking domains at the network level. When an app tries to “call home” to TikTok’s analytics server, your DNS simply says “I don’t know who that is,” and the data goes nowhere.
  • Containers: Use the “Multi-Account Containers” extension in Firefox. This isolates your sessions. You can keep Facebook in a “prison” container so it can’t see what you’re doing in your other tabs.
  • Location Obfuscation: Never give an app “Always Allow” location access. If you’re on Android, use “Approximate Location” instead of “Precise.”
  • The “Delete” Ritual: Don’t just delete the app. Go into the app settings (if you still have it) and find the “Clear Off-Platform Activity” options. Then delete the account. Then delete the app. It’s like burning a haunted house—you have to salt the earth afterward.

The Final Word from the Wong Edan

We live in a world where “opt-out” is a full-time job and “opt-in” is the default state of existence. The tech giants have spent billions to ensure that your very existence generates profit for them, whether you use their products or not. They are the digital ghosts in our machines, the invisible stalkers in our pockets.

But remember: knowledge is the only armor we have. Now that you know how the pixels watch you and the SDKs snitch on you, you can’t unsee it. You are now “Edan” (crazy) just like me—crazy enough to realize that the “convenience” of the modern web is just a shiny lure on a very sharp hook.

Stay paranoid, stay encrypted, and for the love of all things holy, stop giving your flashlight app permission to access your contacts. This is your Tech Blogger, signing off from the shadows. Stay safe out there in the panopticon!