Marivel Guzman | Akashma News

September 12, 2025

In truth, the lock icon was never a promise — it was a spectacle. It distracted our eyes while the scaffolding of mass surveillance was being erected behind the scenes.

The Architecture of Trust and Betrayal

The Snowden documents revealed not merely that intelligence agencies spied, but how deeply structural that spying had become. The NSA’s internal tool Boundless Informant counted and mapped metadata at a global scale — showing how many phone calls, emails, and network flows were collected from different regions. What made the surprise so sharp was the contrast: tech companies marketing “secure” services, and governments quietly negotiating backdoors or “exceptional access” into encryption standards. The Guardian reported that U.S. and U.K. agencies had “successfully broken or circumvented much of online encryption” via cooperation with industry and standards manipulation.

Encryption, it turned out, was only part of the façade. The metadata — timestamps, routing paths, volumes, device identifiers — was the building material of omniscience. Bruce Schneier famously said, “Metadata equals surveillance data.” Even if the contents are hidden, the patterns and structure betray identities, connections, and behaviors. (As explored in analyses of how big data and network analysis can map social graphs, traffic flows, and association networks.)

Then came Pegasus. This is where surveillance stopped needing subpoenas, legal justification, or even network access. Pegasus is a zero-click spyware deployed by state actors via the NSO Group and others. Once installed on a device, it has permissions to:

Capture keystrokes, screenshots, and audio

Steal messages, call logs, location data, images, and more

Operate cameras and microphones remotely

Exfiltrate data even when network traffic is encrypted

Self-destruct to erase traces of its presence


No padlock in a browser can defend against that — because Pegasus doesn’t attack the pipe, it attacks the endpoints.

In Europe, the PEGA Committee (European Parliament’s inquiry) found that Pegasus was used to target journalists, lawyers, and opposition figures, raising serious concerns for rule-of-law, judicial oversight, and democratic institutions. Legal constraints, in many cases, proved no barrier to deployment. The committee’s investigations exposed state-level misuse of surveillance.

The Reality: No Expectation of Privacy

If you believe that privacy is guaranteed by your tools — your phones, browsers, encryption, or even the law — you are living a paradox. In the digital world, rights can exist in text, but be hollowed out in architecture.

When you upload an image with a filename tied to your article, your domain, your server — you’re willingly placing a breadcrumb trail into the system. The webserver logs, hosting account metadata, CDN records, and DNS all know who owns the domain and where the content originated.

When encrypted traffic is analyzed, metadata leaks help reconstruct your patterns and potential identity.

When your device is compromised, no layer of encryption can save you.


We do not live in a world where privacy is a default — it must be defended, fought for, and designed intentionally. And often, the design is against us.