Resistance and Opt-Out Strategies
Hey everyone, welcome back to another Learn With Hatty! This is the final part of my four-part series. We started off with a little conspiracy and curiosity, and now we’re ending with facts and real ways to make sure the fictional story I created stays fictional, if you know what I mean.
Privacy is one of the most important things we have today. Without it, we lose part of who we are. Now, don’t get me wrong, I’m not saying we don’t need surveillance or security. What I’m saying is we need transparency. We need open source. We deserve to know what data is being collected and what’s happening behind the scenes of the apps and websites we use every day.
If you watched Part Three, you already know the big picture. AI is becoming the brain of the system, crypto and tokenization are turning money and assets into code, big tech owns the pipes, banks are moving everything on-chain, and governments are trying to glue it all together with digital IDs and CBDCs. That was the diagnosis. This article is the prescription.
This is Part Four, resistance and opt-out strategies. What you can actually do right now to protect your privacy, where you still have leverage, and how to push back before this becomes inescapable. Let’s get into it.
THE IMMEDIATE WINS
I want to start with something that sounds boring but is actually insanely powerful. The legal tools you already have and can use.
If you’re in California, you basically woke up in 2026 with a privacy nuke called DROP, the Delete Request and Opt-Out Platform. You go to the site, verify you’re a resident, click a few buttons, and that one request hits hundreds of registered data brokers at once. They are legally required to delete the data they hold on you in about 90 days, and starting in 2026 they have to keep checking back every 45 days and delete it again if your data creeps back in. That’s not “unsubscribe from emails.” That is “stop selling my entire profile.” Now I do not live in California but from the information I found it sounds fairly easy. If you have done this or heard about it please let me know your experience in the comments.
Even if you’re not in California, this still matters, because it shows you what’s possible when people push for real privacy laws. And it’s not just one state. Roughly twenty states in the U.S. now have some kind of comprehensive privacy law on the books, and state attorneys general are starting to enforce those laws harder, especially around deletion requests and ignoring opt-outs. The era of “we’ll just collect everything and hope nobody notices” is starting to crack.
On top of that, you’ve got something called Global Privacy Control, or GPC. This is just a setting you can turn on in your browser that sends a signal to sites that support it saying, “Do not sell or share my data.” In California, companies are legally required to treat that as a valid opt-out. Outside California, it’s not always enforced yet, but it’s still a way of saying, “No, you don’t have my permission,” and more sites are starting to honor it.
So before we get into Tor or crypto or any of the hardcore stuff, step one is simple: if you’re in California, go file a DROP request. Everywhere else, turn on Global Privacy Control in your browser. It’s low effort, and it immediately shrinks the amount of raw data that even enters the surveillance machine.
THE FINANCIAL FRONT
Now let’s talk about the battlefield that really matters, your money.
In Part Three, we talked about CBDCs and programmable money as the control layer. That’s how you go from “we can see what you’re doing” to “we can decide what you’re allowed to do.” What’s interesting is that, in the U.S., CBDCs are not some smooth, inevitable rollout. There’s real pushback.
You’ve got bills like the Anti-CBDC Surveillance State Act, which basically says the Federal Reserve doesn’t get to roll out a retail CBDC without explicit permission from Congress. You’ve got the American Bankers Association and a lot of community banks openly opposing a retail CBDC, because if the Fed offers accounts directly to citizens, those banks lose their deposit base and their business model blows up. So the system is not one unified monster; there are fractures and turf wars. That’s where we still have leverage.
On an individual level, there are a few simple moves you can make right now that push back against financial surveillance.
Start using cash more intentionally. I’m not saying you have to become the “only cash, never card” guy, but get used to withdrawing cash and using it for local purchases. Every cash transaction is one that never hits a ledger with your name, your location, and a timestamp on it.
If you can, build relationships with community banks or credit unions instead of just parking everything in the largest systemically important banks. A lot of smaller institutions are more skeptical of a retail CBDC and more worried about the privacy implications. Supporting them strengthens the side that doesn’t want a fully centralized money system.
At least understand that privacy coins exist. Monero, Midnight, and Zcash, for example, are designed so that on-chain, you can’t easily see who sent what to whom or for how much. Monero hides sender, receiver, and amount by default. Zcash gives you the option to use shielded, private transactions using zero-knowledge proofs. Governments and big exchanges are trying hard to delist and ban privacy coins, and that alone should tell you how much they threaten the surveillance model. I’m not telling you to run out and buy them. I’m saying: know that tools for financial privacy exist, so if we ever get to the point where CBDCs are “mandatory,” you are not mentally trapped into thinking there are no alternatives.
THE DIGITAL FORTRESS
Let’s move to communications, because if they can’t see what you’re saying or who you’re talking to, they lose a huge amount of power. You don’t have to be a hacker to level up here. Just switching the tools you use makes a massive difference.
Signal is still the default recommendation for a reason. It’s end-to-end encrypted. It’s open source. It’s run by a nonprofit instead of a giant ad company. It collects almost no metadata about who you talk to or when. They’ve been moving toward usernames instead of phone numbers, which is huge because a phone number is one of the main ways your identity gets tied into everything else.
If your risk is a little higher, lets say you’re an activist, a journalist, or you just really care. You can look at tools like Session or SimpleX, which take decentralization and metadata resistance even further. But honestly, step one for most people is just: install Signal and move your sensitive conversations there. Don’t drop your entire life story into plain SMS. Don’t put things into email that would ruin you if they got leaked. The goal is not to go full spy. The goal is to stop making it ridiculously easy.
THE DATA MINIMIZATION STRATEGY
Now I want to talk about something that isn’t flashy but is probably one of the most powerful moves you can make, and that’s data minimization. We all obsess over encryption and VPNs and “How do I lock down the data they already have?” But the more powerful question is, how do I stop feeding them in the first place?
Start with your phone. Go into your settings, look at your app permissions, and ask one simple question: does this app actually need this permission to function? You’ll see weather apps with your precise location, random tools with access to your microphone, games that want your contacts list. That’s not about functionality, that’s about building a profile.
If an app doesn’t genuinely need your location, turn it off. If it doesn’t need your microphone or your camera, turn those off too. You don’t have to be extreme about it. Just stop giving blind trust to every app that pops up a permission box.
Next, start using aliases and burner emails. Services that let you generate unique email addresses for each site mean that if one company leaks or sells your info, you can just kill that alias and move on. It fragments your digital identity so companies can’t as easily glue all your profiles together.
And then just be intentional about what you post. You don’t have to delete your entire online history, but maybe don’t broadcast your real-time location, your workplace, and your full social graph constantly. Future you might appreciate that. You’re not trying to be invisible. You’re making surveillance more expensive. You’re making them work for it.
AI TRAINING DATA
Let’s talk about AI, because this is one a lot of people miss. One of the ways they’re building this future infrastructure is by feeding all of our data into AI models. Our posts, our images, our messages, and most of the time. We are opted in by default.
The good news is, after a lot of pushback, some platforms are starting to give you real opt-out switches. For example, with ChatGPT and similar tools, you can go into your account settings and disable the option that says your data can be used to improve the model. For Microsoft 365, Word, Excel, and Outlook, you can go into the privacy settings and turn off the “experiences” that analyze your content. Platforms like Substack and WordPress are adding options to say, “Do not use my content for AI training.”
If you run your own website, you can even add machine-readable signals like robots.txt that tell AI crawlers to stay away from your content. It’s not a perfect system yet. Not everyone respects it. But it’s a start, and more legal cases are emerging that will force companies to actually listen.
If everyone leaves those toggles on, the future models get trained on all of us by default. If enough people shut them off, you slow down how much raw human behavior gets vacuumed into these models and you send a very clear message about consent.
So sometime this week, go into the tools you use most. AI tools, office suites, creative platforms, and hunt for the “training,” “data sharing,” or “improve the model” switches. Turn off anything that turns your content into free fuel.
THE DATA BROKER PURGE
Now let’s hit the data brokers, because these are the people quietly selling your life to anyone with a budget. Data brokers are companies that aggregate everything about you. Public records, purchase history, location traces, scraped social media, and then package that up for advertisers, insurers, law enforcement, and whoever pays. That’s why random sites can know so much about you instantly, they just buy it.
Again, if you’re in California, DROP gives you a way to blast deletion requests to hundreds of these brokers in one shot. That’s step one. But even if you’re not in California, or you want an extra layer, there are services built specifically to fight this.
Aura, for example, scans over 200 data-broker and people-finder sites, automatically sends removal requests, and keeps re-scanning to see if your data pops back up. Optery combines automation with human follow-up and can remove you from anywhere between around a hundred to several hundred brokers, and they even have a free plan that at least shows you where you’re exposed. There are others like DeleteMe and Incogni that do a similar thing.
None of these are magic. Some brokers drag their feet. Some re-add your info later. That’s why the rescans matter and why people tend to keep these subscriptions going. But you’re still cutting off a huge chunk of the fuel that powers the profiling and the targeting. Think of it like paying for a VPN. It’s not sexy, but it hits the surveillance economy where it hurts.
THE SURVEILLANCE RESISTANCE NETWORK
One thing I really want you to understand is that you are not alone in this fight. There are organizations and communities already pushing back in concrete ways.
In 2025, more than thirty privacy and civil rights groups, think EFF, ACLU, and Amnesty. Sent letters to major U.S. universities telling them to stop turning campuses into surveillance zones. They called out things like facial recognition, mass monitoring of protests, and automated tracking of students. That’s not just complaining online. That’s organized pressure on institutions to dismantle surveillance infrastructure.
At the same time, you’ve got groups like the Internet Society and various civic organizations helping towns and cities build their own broadband networks. These are community-owned fiber networks where the city or a local cooperative controls the infrastructure instead of just handing it all to a mega-ISP. That doesn’t automatically fix privacy, but it gives communities leverage. It means they get to decide how data is handled instead of just accepting whatever the largest corporation decides.
So yeah, your personal settings matter. But supporting these bigger moves multiplies your impact. Donating to, sharing, or volunteering with organizations that are fighting surveillance in court, lobbying for better laws, or building alternative infrastructure is just as much a resistance strategy as installing Signal.
BUILDING YOUR PERSONAL THREAT MODEL
Now, I want to give you a simple way to think about all of this so it doesn’t just feel like a random list of tools. That’s where a threat model comes in.
A “threat model” sounds intense, but it’s really just a fancy way of saying, “What am I actually worried about, and what am I going to do about it?”
You can start with five questions.
First
What am I actually trying to protect? Is it your identity, your location, your finances, your conversations, your political beliefs, your relationships? Different people will answer that differently.
Second
Who am I trying to protect it from? Is it advertisers, data brokers, random hackers, your employer, an abusive ex, or a government agency?
Third
How likely is it that this threat really applies to me? If you’re not a journalist or dissident, your immediate government threat might be lower than your corporate surveillance threat. If you’re organizing protests, that flips.
Fourth
How bad is it if I fail? Getting targeted ads is annoying. Getting doxxed, fired, or prosecuted is a different level.
Fifth
How much friction am I actually willing to live with? Some people love running everything through Tor and using hardened Linux distros. Most people are not going to stick with that. And that’s fine.
Once you have those answers, you can match tools to your actual life instead of just hoarding apps. If your main concern is corporate tracking, your stack might be something like this. Use Signal, turn on GPC, clean up app permissions, use a privacy-respecting browser, and run a data-broker removal service. If your main concern is state surveillance, you might add Tor, more aggressive encryption, maybe separating identities entirely. If your concern is financial freedom, you’ll care more about the cash, the banks you choose, and understanding privacy coins.
You don’t have to go from zero to ghost. You just have to be private enough for your actual threat model.
THE LEGISLATIVE FRONT
Let me wrap this into something practical so you’re not just like, “Okay, cool theory, what now?” Here’s your 80–20 plan. This week, install Signal and move your important conversations there. Turn on Global Privacy Control in whatever browser you actually use. Do a quick permissions audit on your phone and cut off the obviously unnecessary access. And if you’re in California, go file that DROP deletion request and start nuking your data from broker databases.
This month, go into the tools you use the most. ChatGPT, Microsoft 365, your blog platform, and turn off any setting that says your content can be used to train AI models. Sign up for at least a free-tier data-broker scan with something like Optery or a similar service and see where your info is exposed. And take 20 minutes to actually write down your threat model, in plain language, even if it’s just in a notes app.
Over the course of this year, start building a small cash buffer outside the banking system. Consider moving some of your banking relationship to a community bank or credit union that isn’t cheerleading for CBDCs. Learn enough about privacy coins and decentralized identity that, if things escalate, you’re not starting from zero. And pick at least one organization that’s fighting this fight. EFF, ACLU, Cato, Internet Society, whoever resonates with you, and support them in whatever way you can.
If you do just that, you’re already ahead of the vast majority of people.
Final Thoughts
Here’s the thing I want to leave you with. Surveillance systems only feel inevitable when nobody resists them. Every time you withdraw cash instead of tapping your phone, every time you use Signal instead of unencrypted text, every time you deny a sketchy permission request, opt out of AI training, or rip your profile out of a data broker’s database, you’re shifting the asymmetry a little bit back in your favor.
You won’t get to perfect. I won’t get to perfect. That’s not the point. The point is, while the machine is still being built, resistance is still cheap. A few toggles, a few new habits, and a few intentional choices go a long way. In a few years, those same choices might not be on the table.
So if this helped you, if it made you think, if it gave you at least one concrete thing you can do this week, let me know. Drop a comment with one change you’re going to make and what your personal threat model looks like. Are you more worried about corporate tracking, governments, or something else?
As always, thanks for reading! Stay vigilant and keep learning.
Original article on Medium
