The Cost of Free: How AI, Apps, and Crypto Are Exploiting Your Data

4 months ago 5

They Say It’s Free, But You’re Paying With Your Privacy

Every day, billions of people use apps and AI tools or explore crypto thinking these tools are harmless or even helpful. But the truth is hidden: instead of paying money, many of us are paying with our data, identity, and behaviour.

This article is for everyday users, especially in Africa and Asia, where smartphones are booming. This growth is exciting but it’s also dangerous if we don’t know what’s happening behind the screen.

The average phone is far from a private tool. An NSoft report named some of the world’s most invasive apps: Facebook, Instagram, Messenger, TikTok, YouTube, LinkedIn, and Twitter. These apps can:

Track your location even when idle
Monitor calls and contacts
Record keystrokes and searches
Listen or watch through mic or camera
Analyze facial expressions or voice tone

A recent report by NSoft analyzed which apps collect and share the most personal data. Facebook, Instagram, TikTok, and LinkedIn top the list, not surprising, but still alarming.

Facebook, Instagram, Messenger, and Threads together share over 68% of users’ personal information with third parties. This means more than two-thirds of the data you generate, like likes, contacts, location, and typed content is being sent outside your phone to outside companies.

LinkedIn, Snapchat, TikTok, and X (Twitter) also collect extensive personal data, although not quite as much as Meta’s apps. These apps are still part of the same surveillance ecosystem. You may think they’re “safer,” but in reality, they’re just less intense.

Unlike the standard WhatsApp app, WhatsApp Business does not offer full end-to-end encryption. It shares about 57% of user data including device identifiers, contacts, and usage metadata. Even communication tools marketed as “private” can expose a majority of your personal info unless you verify their security features carefully.

The report also highlights surprising data collectors, including:

Games (e.g., Candy Crush Saga, Roblox)
Educational apps (Duolingo, which shares around 20% of collected data)
Transportation apps (Uber and Uber Eats, tracking extensive habits) — these may share more than some social apps.

Data collection is not limited to obvious “social” apps. Many everyday tools you trust collect and share surprisingly personal information.

Have you noticed how a flashlight app asks for mic access? These tricks, known as dark patterns, are widespread. And with weak laws in many parts of Africa and Asia, there’s little to stop it.

Here’s how it worked, simply:

Meta’s Facebook or Instagram app, once installed and logged in, created a hidden server on your phone. It listened quietly on internal ports (like 12387 or 12388).
When you visited a site in Chrome that had Meta Pixel, the browser script sent a special _fbp tracking ID to that hidden local server using internal web technologies like WebRTC.
Facebook/Instagram app received this tracking ID and immediately sent it to Meta’s backend servers along with your account info creating a direct link between your browsing session and your identity.
This happened behind the scenes, bypassing incognito mode, VPNs, and deleted cookies because it communicated through internal ports, not through the browser history.

Meta briefly paused this tracking method in early June 2025 after The Register reported on it. But the fact is, a major platform designed a way to match your private browsing with your account — without your knowledge.

Incognito mode and VPNs are not always enough. This is a deeper, network-level tracking method.
The data flow happened without your consent or any clear notice, making it a serious privacy violation.
Even if you think you’re hidden, your phone could be handing over your browsing habits to Meta.

More on how Meta spied with Localhost tracking explained

In 2022, journalists from Markup and STAT News uncovered that 33 of the top 100 hospitals in the United States had installed Meta Pixel on their websites. Some even had it inside password-protected patient portals.

This meant that when someone searched for cancer treatment, booked an abortion appointment, or typed symptoms into a health form, that info was sent straight to Meta.

This violated medical privacy laws like HIPAA. After the report:

Some hospitals removed the pixel
Lawsuits were filed
Meta claimed it had filters to block sensitive data but those filters clearly didn’t work

In places like Nigeria, India, Kenya, Brazil, and Indonesia, millions rely on public or low-cost websites for health advice, education, government services, or spiritual support.

Many of these websites:

Use free or borrowed templates that include Meta Pixel by default
Don’t fully understand how the tool works
Don’t ask for user consent

So when someone in Lagos visits a free health clinic site to check malaria symptoms or a girl in Kerala searches for period pain remedies, Meta might be silently collecting that data.

These people often don’t have privacy protections or awareness about what’s going on. And unlike users in Europe, they don’t have strong enforcement of data rights.

4. Meta receives this data, connects it to your profile if it can, and may use it to:

Show you ads
Add to your behavioral profile
Train its AI algorithms

You don’t see it, you don’t agree to it, and in most cases, you don’t even know it happened.

It depends on where you live.

In many countries, this kind of hidden data collection is technically illegal, especially when it involves sensitive information.

Laws it may violate include:

GDPR (European Union)
HIPAA (United States)
LGPD (Brazil)
NDPR (Nigeria)
DPDP Act (India)

But even if your country has strong privacy laws, enforcement is often weak or slow, especially when dealing with big international platforms like Meta.

For regular users:

Use privacy-respecting browsers like Brave
Install browser extensions like uBlock Origin, Privacy Badger, or NoScript
Don’t enter sensitive info into any form unless you trust the site
Consider installing Facebook or Instagram as “Add to home screen” with Brave

For developers and site owners:

Remove Meta Pixel if you don’t need it
Don’t track pages or forms that deal with health, religion, or finances
Use private, ethical analytics tools like Plausible, Matomo, or Umami
Make sure users clearly know and agree to any tracking

The internet is filled with tools that collect data from people who don’t even know they’re being watched. Meta’s Pixel is just one example, but it shows how big tech profits off the digital lives of billions — especially in places with the least protection.

For people in the Global South, this isn’t just about targeted ads. It’s about exploitation, digital colonialism, and the urgent need to fight back with transparency, consent, and tech that respects users.

AI is everywhere: voice assistants, chatbots, face filters. And they’re collecting more than just your commands:

Voice recordings
Facial data
Keyboard habits and emotions

Image 1 (The Guardian): Google contractors were caught listening to users’ private voice recordings. Image 2 (Meta fine): Meta fined €1.2 billion for illegally moving user data to the U.S.

In 2019, it emerged that Google contractors listened to private voice messages. It wasn’t an accident it was built into the system.

Meta (Facebook’s parent company) was fined over 1.3 billion dollars for illegally sending your data abroad, used for profiling and ads. Read more

Ask yourself: how many people in Africa or Asia even realize this is happening? How many read or understand the terms?

Crypto often feels like the last frontier of digital freedom. It’s decentralized, borderless, and supposedly anonymous. But in practice, that anonymity is often an illusion and the consequences are real.

CoinDesk revealed that MetaMask began leaking user IP addresses through Infura — raising privacy concerns

Here’s what most people don’t realize:

Every transaction on most blockchains is public and permanent:
That means anyone including governments, data firms, or bad actors can trace the flow of funds. Even a single wallet address can be enough to build a full profile of your behavior over time.
Once you connect to an exchange or a decentralized app (dApp), your identity is often exposed:
Many platforms require KYC (Know Your Customer) verification, which links your real name and ID to your wallet. From there, all your past and future transactions can be tied directly to you.
Some crypto wallets leak data without you knowing:
For example, MetaMask once leaked users’ IP addresses when connecting to Ethereum nodes, exposing location and device information — a direct hit to your privacy.
Even so-called ‘decentralized’ platforms often rely on centralized infrastructure:
Some use tools like Google Firebase or Cloudflare, meaning your data still touches Big Tech servers. This quietly defeats the whole point of decentralization.

Mock crypto timeline showing how your wallet activity and IP can still expose your identity.

Picture This:

You’re sending funds on a “private” crypto wallet. But behind the scenes, your wallet ID, IP address, and browser fingerprint are quietly collected. Now imagine someone piecing together that data across transactions, accounts, and platforms building a map of your entire online financial life.

PI Network Controversy: Free Mining with a Hidden Cost?

PI Network promised free crypto mining via a mobile app. Millions in Africa and Asia signed up. But there’s a catch:

To access your mined Pi, the app requires KYC (Know Your Customer). a process where you submit government ID, facial recognition, and more. Why does a “free” mining app need that?

CoinBureau warns that Pi Network’s mandatory KYC creates a centralized system with privacy risks

Users have submitted national IDs, phone numbers, and photos
It's unclear who stores this data or how secure it is
There's no clarity on where the data goes, raising red flags

This raises a question: if something is free, why are they demanding your most personal information?

Who’s Letting This Happen?

Why aren't governments stopping this? Is it ignorance, lack of resources, or profit motives? In many African and Asian nations, laws are weak, outdated, or unenforced. Corruption and dependency on foreign tech giants make it easy to overlook violations.

How apps, advertisers, and weak laws silently trap user data.

Let’s be honest: these companies make billions from your personal habits. Ads, insurance rates, political targeting it’s all fueled by your data. This isn’t harmless tracking it’s a global ecosystem built on control and profit.

Are Any Big Companies Truly Innocent?

Even the newer or more innovative tools we often trust come with concerns:

OpenAI (ChatGPT and Related Tools)

Collects chat inputs, device info, sometimes location
Free users’ conversations can be used for training AI
Has made efforts to allow data control, but most people don’t opt out

Grok (XAI by Elon Musk)

Integrated with X (Twitter), powered by user data
May access tweets, likes, and even DMs (if permitted)
Limited transparency, high profiling potential

Gemini (by Google)

Works inside Gmail, Docs, and more
Has access to personal content typed by users
Google has been fined for privacy violations in the past

Google Maps vs Apple Maps

Google tracks locations, habits, voice inputs
Apple anonymizes data more, but still tracks location

Zoom, Google Meet, and Microsoft Teams

Zoom faced backlash for weak encryption and data sharing
Google and Microsoft tools tied to user accounts and usage patterns
Conversations and behavior can feed AI features

What About Open Source Tools?

Open source tools are software whose code anyone can inspect or improve. This usually makes them more transparent because developers can’t hide secret tracking.

Why they’re safer: No hidden data collection, more community oversight

Examples: Signal (messaging), Firefox (browser), ProtonMail (email), GrapheneOS (private Android fork)

Important note: Open source doesn’t always mean perfectly secure. You still need to check if it is actively maintained and reviewed

Recommendation: When possible, choose open source tools for privacy-critical activities like messaging, browsing, or file storage.

How to Protect Yourself

You can’t unplug completely, but you can fight back. I’ve spent years exploring how everyday tools like social media, crypto wallets, and even AI apps quietly chip away at our privacy. And I’ve seen it firsthand: people unknowingly give away personal data just to use a flashlight app or check their crypto balance. The truth is, you don’t need to be a tech expert to start protecting yourself. You just need to understand the little things that make a big difference:

1. Use Brave Instead of Downloading Apps

People download apps like Instagram, TikTok, Facebook, and YouTube without thinking twice. But these apps don’t just run. They request access to your microphone, camera, location, contacts, and even storage. And often, they continue to track you even when you’re not using them.

Here’s the thing: you don’t have to download those apps at all.

Most major platforms have fully functional web versions, and with the right browser, they can be even faster and safer. That’s where Brave comes in.

What is Brave?

Brave is a free and privacy-first web browser. It automatically blocks ads, third-party trackers, fingerprinting scripts, and even some forms of malware. It doesn’t log your data, doesn’t sell your behavior to advertisers, and doesn’t spy on you.

But here’s what makes Brave even more powerful:

You can use it to visit Instagram, X (Twitter), TikTok, Facebook, YouTube, and other sites without downloading their apps.
You can turn those websites into lightweight app-like experiences right from your browser using a feature called Add to Home Screen.
It’s faster than Chrome, Safari, or Firefox. And far more private.
Brave was co-founded by Brendan Eich , the creator of JavaScript and the former CTO and CEO of Mozilla (the organization behind Firefox). He knows the web inside and out. He helped build the web. And now he’s trying to protect it.
JavaScript powers nearly every interactive website and app you’ve ever used. Brendan Eich understands how web tracking, cookies, and scripts work on a deep level. That’s why Brave exists to undo the damage modern surveillance big tech has caused.

“We didn’t want to fix the web. We wanted to take back the web.”

— Brendan Eich

How to Set Up Brave and Use Web Apps Instead of Native Apps

Here’s how to protect yourself while still using the apps you love:

Step 1: Install Brave Browser

Go to https://brave.com
Download and install it for Android, iOS, Windows, or Mac.
On mobile, make it your default browser.

Step 2: Visit the Web Versions of Your Favorite Apps

Open Brave and type in the app’s URL, like: instagram.com, youtube.com, twitter.com (now X), tiktok.com

You’ll notice they load quickly and behave just like the apps without needing to install anything bloated or invasive.

Step 3: Add Them to Your Home Screen (PWA Method)

While on the website, tap the three-dot menu in the Brave browser.
Select “Add to Home screen.”

Add to home screen on Brave menu

A pop-up will appear — tap “Add” or “Install.”
The site icon will now appear on your home screen like a regular app.

“Don’t install snoopy native apps, use the vendors’ mobile web site or app in Brave, installed with its own icon and Brave as its app runner.” Credit: Brendan Eich

You can now open the site just like any other app. No need to open your browser again.

This is called a Progressive Web App (PWA). PWAs are:

Fast and lightweight
Don’t take up much storage
Most importantly: they don’t access your camera, mic, or contacts unless you explicitly allow it

Why This Matters

Every app you don’t install is another opportunity to protect your privacy.

Apps often come bundled with invasive tracking tools, background location monitoring, and data logging services. But web versions in Brave avoid all that. Brave doesn’t allow fingerprinting. It doesn’t collect your behaviour, and it blocks a huge chunk of what normally spies on you.

I’ve personally removed Instagram, X (Twitter), and YouTube apps from my phone. I now use them only through Brave. Not only is my phone faster and battery life better but I’m also no longer handing over my personal data to companies that never deserved it in the first place.

Want to go even further? Brave also includes a built-in ad blocker, shields for fingerprinting protection, and supports Tor for private browsing.

Learn more about Brave’s tracker protection

2. Turn Off Microphone, Camera, and Location by Default

I’ve personally seen how apps take advantage of permissions. Once, I installed a basic photo editing app, and it immediately asked for mic access. Why would an app that edits pictures need to listen to me?

The answer: they don’t need it, but they want it. These permissions give apps the power to record, track, and even watch without you knowing.

Apps like Facebook, Instagram, and even innocent-looking weather apps have been caught spying this way.

What to do now:

Go into Settings > App Permissions
Disable mic, camera, and location for most apps
If an app really needs access (like a map), set it to “Only while using”, never “Always”

Permission Manager Screen

It takes just five minutes to review, and you’ll be shocked how many apps had permission to your mic or camera without you realizing it.

Read how apps spy using these permissions

3. Use a Private VPN Like Mullvad

Let’s be honest, our internet service providers and websites can see everything we do online. That includes your location, your IP address, and your browsing history.

But recently, I came across Mullvad VPN, a truly private VPN that doesn’t even ask for an email. You just get a random number. That’s it. No personal info, no tracking, no logging.

Many VPNs claim to be private but secretly sell your data. Mullvad doesn’t. I trust them because they’re open, audited, and privacy-first. Mullvad is open source. Check source code on GitHub.

How to use it:

Download Mullvad from mullvad.net
Generate a random number (this becomes your “account”)
Pick a location and click connect
Done — You’re anonymous online

4. Avoid "Sign in with Google" or Facebook

I get it. Clicking “Sign in with Google” is fast. But I’ve seen how dangerous it is. That one click lets Google or Facebook track you across all the sites and apps you use, building a massive profile of your habits, your interests, and even your private activity.

Instead, here’s what you do:

Sign up with your email and use strong, unique passwords
You store your passwords in Bitwarden, a free and open-source password manager.

It’s best never to link your social media to other apps. This way, even if one app is shady, it doesn’t drag in your entire identity with it.

Why single sign-ons are risky – EFF explains

5. Be Extra Careful With Crypto Wallets

Crypto is supposed to be private and decentralized, but I’ve learned the hard way that many wallets leak your data. Some new wallets on the Play Store are full of trackers, ads, and even backdoors.

What to do now:

Avoid wallets that ask for too much personal info or force KYC (Know Your Customer)
Choose open-source wallets where you can see what’s going on under the hood
Disconnect wallets from dApps when you’re not using them

If a crypto tool asks for your phone number, ID, or selfie — pause. Ask yourself why. If it’s truly decentralized, why do they need to know who you are?

One user on Twitter shared this: “I’ve deleted most data hungry apps. I use the rest through Brave as PWA.” Another said: “The best app is a private browser. You don’t need anything else.”

This Matters Even More in Africa and Asia

Africa and Asia have over 4 billion mobile users, mostly on Android. Many phones come preloaded with apps that can’t be removed and secretly track users. From farmers to students to rural communities they’re all giving away their data unknowingly.

Education and basic privacy awareness are urgently needed.

What You Can Do Today

Share this blog with someone you trust
Ask tough questions about every app Who is behind it? Where’s my data going?
Call on your government to enforce privacy laws
Pause before clicking Accept each tap counts

Your data is precious. Privacy is your right.

Do You Really Know What You’re Giving Away?

The apps you love, the filters you play with, the crypto wallets you trust they may all be watching you. They know your habits, search history, identity, even your unpredictability.

But now you know what’s happening. And when you know, you have power.

Choose privacy. Choose curiosity. Choose to question everything and demand better for yourself and your community.

We cannot fully escape the surveillance web overnight, but we can take small, informed steps to reclaim our privacy. In a world where data is currency, protecting yours is not paranoia — it’s power. Start today.

Read Entire Article