The tracking market is not just an ad problem#
EFF’s latest Deeplinks post makes a narrow fundraising appeal, but the useful point is broader: online tracking is not only about creepy ads or unwanted user profiling. EFF argues that the same commercial surveillance system used by advertisers, platforms, scammers, and data brokers also creates a path for government surveillance.
The mechanism is familiar. Websites and apps leak or collect behavioral data. Trackers package browsing behavior, location signals, device identifiers, and other metadata into commercial products. Data brokers then sell access to that information. EFF’s claim is that weak privacy law and widespread commercial collection allow law enforcement agencies, including the FBI, CBP, and ICE, to buy sensitive information that would otherwise often require a warrant to obtain.
The specific example named by EFF is location over time. That matters because location history is not a neutral data point. It can expose where someone lives, works, worships, receives medical care, attends political meetings, or meets other people. Even when a dataset is advertised as anonymized or aggregated, repeated location patterns can make people identifiable in practice.
This is the core shift: private tracking infrastructure can become public surveillance infrastructure without a new wiretap, a new device exploit, or a direct government demand to a platform. The government can sometimes buy what the market already collected.
Why commercial surveillance creates a legal shortcut#
EFF’s argument depends on a simple asymmetry. Companies collect data at huge scale because the advertising and analytics market rewards it. Users often cannot meaningfully opt out because the tracking is hidden, bundled into consent banners, or embedded across services they need for ordinary life.
Once that data exists in commercial hands, it can be repurposed. A data broker does not need to be a police agency to sell products useful to police agencies. A marketing dataset does not need to be built for immigration enforcement to become useful for immigration enforcement. The same map of devices, visits, interests, and movement can serve multiple buyers.
This is where weak privacy law becomes operational. If the law does not sharply limit collection, retention, resale, and government purchase of personal data, the burden falls back on individual users. They are expected to understand tracker behavior, configure browsers, reject dark-pattern consent flows, install extensions, avoid hostile apps, and still participate in modern life.
That is not a stable privacy model. It treats privacy as a hobby for technical users, not as a baseline condition for everyone.
EFF’s post points to its own work on several fronts: legal advocacy, investigation into how surveillance technologies affect communities, and tools such as Privacy Badger, its browser extension designed to block hidden trackers. The post is also a membership appeal, with merchandise attached. That fundraising context should be stated plainly. But it does not weaken the underlying privacy issue.
Privacy Badger helps, but it is not a full answer#
Privacy Badger is useful because browser tracking remains one of the common ways people are followed across the web. It can reduce exposure to hidden third-party trackers and make some forms of behavioral profiling harder.
But browser extensions are only one layer. They do not solve mobile app tracking. They do not stop every first-party data collection flow. They do not erase data already held by brokers. They do not prevent every form of device fingerprinting. They also cannot fix the legal problem: a market where sensitive personal data can be collected first and questioned later.
That is why EFF frames the issue as bigger than ad blocking. Blocking trackers cuts off part of the supply. Legal reform would reduce the demand and resale channels. Public pressure can make law enforcement contracts and broker relationships more visible. Each piece matters, but none is sufficient alone.
The practical lesson is not that one tool can make a user invisible. It is that privacy protection has to work at several levels at once: device, browser, app, service provider, broker market, and law.
What not to overclaim#
The source does not provide a new breach, a newly disclosed contract, or a specific fresh lawsuit tied to this post. It also does not quantify how much data each named agency bought, from which brokers, or under what exact legal process.
So the responsible claim is narrower: EFF is warning that commercial tracking enables government surveillance because agencies can purchase sensitive data from brokers in ways that may bypass warrant protections that would apply if the same information were directly demanded from a service provider.
That claim fits a larger pattern already visible in privacy debates across the U.S. and elsewhere. But this article should not be read as a claim that every tracker sells directly to law enforcement, or that every data broker product contains precise location history, or that Privacy Badger alone prevents government access to personal data.
The risk is structural. The system collects too much, stores too much, and sells too much. Once the data exists, future uses become hard to control.
What readers can check next#
For individuals, the immediate steps are modest but useful.
- Use a browser with strong tracking protection, or add a reputable tracker blocker such as Privacy Badger or uBlock Origin.
- Review app permissions, especially location access. Set location to “while using” where possible, and deny it where it is not needed.
- Reduce ad ID exposure on mobile devices. Reset or disable advertising identifiers where the operating system allows it.
- Avoid logging into unnecessary accounts inside embedded browsers and low-trust apps.
- Use end-to-end encrypted messengers for sensitive conversations, but remember that encryption does not hide all metadata.
- Check whether your jurisdiction has data broker opt-out tools or privacy rights requests.
For organizations, the questions are different. They should know which trackers run on their sites, which analytics vendors receive user data, how long logs are kept, and whether any vendor contract permits resale or secondary use. Many privacy failures begin as “normal analytics” nobody re-audits.
For policymakers, EFF’s point is sharper: privacy law that only regulates government collection misses the private market that feeds it. If agencies can buy sensitive records from brokers, then warrant rules lose force. Real protection would need limits on collection and resale, stronger data minimization duties, and clear restrictions on government purchase of personal data.
The useful takeaway#
The ad-tech privacy debate often sounds cosmetic: fewer creepy ads, less annoying retargeting, cleaner browsing. EFF is arguing for a harder reading. Tracking is infrastructure. Once built, it can serve advertisers, scammers, brokers, and state agencies.
That does not mean every user faces the same risk. Journalists, activists, migrants, political organizers, vulnerable communities, and people seeking sensitive medical or legal help may face sharper consequences. But the system is not limited to high-risk users. Mass collection works because ordinary people are included by default.
The cleanest privacy win is still prevention: collect less, share less, retain less, sell less. Tools can help users reduce exposure today. Law and market pressure decide whether the surveillance pipeline keeps scaling tomorrow.