Digital Ecosystem

The Machine That Knows You Better Than You Do

April 2026 25 min read Charlotte Camilleri

When an app asks permission to track you, you are looking at the visible surface of something much larger. Behind it sits a surveillance industry worth hundreds of billions of dollars, built from thousands of data sources, stitched into a persistent identity, and fed into prediction models designed to find the exact moment your resistance is lowest.

This piece covers how it works, how large it actually is, who else is buying the data besides advertisers, how it causes real harm, and what, if anything, you can do about it.

01 You have already seen this
02 The popup is not the point
03 How large this industry is
04 Hundreds of sources, one profile
05 The identity graph
06 From description to prediction
07 Temporal targeting
08 The feedback loop
09 Who else is buying
10 How it causes real harm
11 What this means for marketers
12 What you can do
01 You have already seen this

In the Black Mirror episode Nosedive, every social interaction is rated on a five-star scale. Your aggregate score, updated in real time, determines your access to housing, transport, jobs, and healthcare. Institutions query it before making decisions about you. The data accumulates from thousands of small interactions over time. You cannot meaningfully inspect or challenge what the system holds. People with low scores are quietly excluded from things other people take for granted, and most of them don't fully understand why.

Most viewers watched it as a satire of social media anxiety. It is more usefully read as a fairly precise description of an infrastructure that already exists, with one key difference.

In the episode, people know their score. In reality, they don't. The Electronic Privacy Information Center describes the actual system as "a scored society in which they are not aware of when and how they are algorithmically evaluated."

China's social credit system is the parallel people usually reach for. That framing lets Western audiences off the hook. The US system produces similar outcomes through a commercially operated, privately held, largely unregulated version of the same infrastructure. The score is distributed across thousands of companies rather than centralised in government, which makes it harder to see, harder to challenge, and arguably harder to dismantle. None of this is a future risk; it is the current situation.

This piece explains how it works.

02 The popup is not the point

Apple's App Tracking Transparency framework, introduced in 2021, gave iPhone users a simple choice: allow an app to track them across other apps and websites, or don't. By the end of 2021, the average opt-in rate for tracking across iOS had fallen to around 25 percent, according to data from mobile attribution platform Adjust. The rate has risen since, reaching 46 percent globally by March 2022 per MarketingCharts, but for social media apps specifically, around 80 percent of users opted out during the initial rollout period. Privacy advocates declared a victory. The ad industry complained about billions in lost revenue.

Neither reaction fully captured what was happening. The ATT popup addresses one specific mechanism: the IDFA, Apple's device identifier used for cross-app attribution. When you decline, that identifier is withheld from the requesting app. What the popup does not address, cannot address, and was never designed to address is the broader infrastructure already built around you.

The tracking prompt is one intake valve on a system with thousands of others. Declining it is roughly equivalent to closing one window in a house with no walls.
03 How large this industry actually is

Most people have a vague awareness that companies collect data about them. Very few have a sense of the actual scale. The numbers are worth sitting with, because they reframe what is otherwise easy to dismiss as background noise.

$300bn+ Global data broker market valuation in 2024, across multiple independent market research reports
5,000 Estimated number of data broker companies operating globally
700m Consumer profiles held by Acxiom alone, including 96% of American households
1,500 Specific data points Acxiom holds per individual, including weight, political affiliation, and pet breed
535m Employment records held by The Work Number (Equifax subsidiary), including salary and healthcare data
$500bn Forecast market size by early 2030s, larger than global music, film, and newspaper industries combined

There are estimated to be up to 5,000 data broker companies operating globally. The industry is consolidating: the number of distinct companies fell by roughly 30 percent between 2010 and 2024, while total assets under management grew by around $1.7 trillion over the same period. Fewer players controlling more data is the direction of travel.

Acxiom has been collecting data on consumers since 1969. It runs 23,000 servers processing more than 50 trillion unique data transactions per year. LiveRamp, which grew from Acxiom's data onboarding business, describes its identity graph as drawing from "hundreds of contributors" and maintaining records on individuals that are continuously updated as people move house, change jobs, and acquire new devices. Oracle advertises connections with 80 data broker companies.

These are not small operations. This is infrastructure. It predates most of the internet companies people think of when they think of data collection, and it will outlast most of them.

04 Hundreds of sources, one profile

The profile built on you doesn't come from one place. It comes from hundreds, and the aggregation is the product. Individual data points are often not sensitive in isolation.

GPS, cell tower, Wi-Fi, Bluetooth location pings
Loyalty card and pharmacy purchase history
Third-party cookies and tracking pixels
Mobile app SDKs running in the background
Social media activity and public profiles
Electoral rolls and property registries
Streaming behaviour: what you watch, skip, pause
Retail media networks at checkout
Card network transaction data
Search history and browsing patterns
Court records and arrest history
Employment records and salary history

A Cornell Law Review note on derived information from data brokers describes how these companies "integrate data into a single database, analyse it, and build predictive models to produce derived information," segmenting consumers based on factual and predicted characteristics. The key word is predicted. The profile doesn't just describe who you are. It infers things about you that you may never have shared with anyone, based entirely on the pattern of things you have done.

What makes this inference hard to regulate is precisely that it doesn't rely on sensitive data. Prohibiting the use of protected characteristics from predictive models doesn't prevent discrimination, because the models can predict those characteristics from entirely unprotected inputs. Your postcode, your browsing time, your purchasing patterns, and your app usage collectively imply your income bracket, health status, political leaning, and religious affiliation without any of those things being explicitly captured.

05 The identity graph

The data is only valuable if it can be tied to a consistent identity across sources and devices. When you use different apps, different browsers, different devices, the raw data appears fragmented. The identity graph is the infrastructure that resolves all of that into a single persistent record.

LiveRamp's RampID is a pseudonymous, people-based identifier that ties together offline personally identifiable information (name, postal address, email, phone number) with online devices, browsers, and app IDs. It is transmitted through the real-time bidding infrastructure that underpins programmatic advertising. Every time a page loads and an ad auction runs, that identifier passes through the bidstream, allowing any participant in the auction to match the incoming user against their own database.

Identity resolution uses two methodologies. Deterministic matching links devices using exact, verified identifiers like email addresses or phone numbers. Probabilistic matching is statistical: it infers that two devices likely belong to the same person because they consistently connect from the same IP address, share browsing patterns, or appear in the same household data.

The 2024 Open Rights Group complaint to UK and French regulators described LiveRamp's system as "a private population register" covering 700 million consumers across 150 data providers, triggering formal regulatory review in both countries.

When you opt out of tracking on one app, the rest of the graph continues building. When you get a new phone, the graph eventually links the new device to your existing profile. The system was designed specifically to survive the things people do when they try to limit their exposure.

06 From description to prediction

A static profile, however detailed, is only so useful. What changed the economics of the whole system was the application of machine learning to behavioural data, shifting the model from descriptive to predictive. The question is no longer who you are, but what you will do next, and when.

Google's advertising platform offers "predictive audiences," described in its own documentation as using AI to "predict user intent based on past behaviour, allowing you to target users likely to convert even before they actively search for your product." The system is not waiting for you to express intent. It is predicting intent before you have consciously formed it.

The signals feeding these models go well beyond search queries. Scroll velocity slows when something catches attention. Tap hesitation before a purchase correlates with price sensitivity. Time spent on specific content types correlates with emotional state. Session length and time of day carry information about psychological context.

Documented case

Target's analytics team identified pregnant customers from shifts in purchasing patterns, including unscented lotion and particular vitamins, before the pregnancy had been publicly disclosed. In one documented instance, a customer's father complained to a store after she began receiving baby product promotions. The model had identified the pregnancy before the family knew. The case became canonical not because it was malicious, but because it demonstrated how pattern recognition on non-sensitive data surfaces deeply sensitive conclusions at industrial scale.

07 Temporal targeting

The predictive layer adds a temporal dimension that most discussions of personalisation skip past entirely. The question is not only who to target but when to reach them. These are not the same problem, and conflating them understates what has been built.

Real-time data pipelines process behavioural signals with very low latency. A user browsing travel deals can trigger a personalised email offer before they have left the page. Push notification timing is optimised by machine learning systems trained on individual response patterns. Email send-time optimisation tools learn each recipient's engagement windows from historical open and click data.

These systems are not selecting the best time to reach "people like you." They are selecting the best time to reach you, based on your specific historical patterns. The "receptive moment" is not random; it is predictable.
08 The feedback loop

The system is self-improving. Every interaction you have with a targeted ad, every click, every conversion, every scroll-past, feeds back into the model and refines it. The more you engage with a platform, the more accurately it can predict your behaviour. The more accurately it predicts your behaviour, the more effectively it can influence it.

You are, in a very literal sense, providing free labour to a system designed to exploit your own patterns against you. The optimisation target was never your satisfaction; it is your measurable response to stimuli.

81% Share of global digital ad spend transacted programmatically by 2023, per Aerospike analysis
$400bn+ Google and Meta combined advertising revenue in 2024, both built entirely on behavioural profiling
09 It is not just advertisers buying this data

The framing of data collection as primarily an advertising problem understates how many other industries are purchasing and acting on the same profiles. This is where the conversation moves from uncomfortable to genuinely alarming.

Employers and background check companies are significant buyers. The Work Number, Equifax's employment data subsidiary, holds 535 million active and historic employment records including salary history, healthcare data, and leave status, sourced from 2.5 million contributor organisations. A Stanford Tech Policy analysis found that sensitive personal information including social security numbers, salary data, and parental leave status are often shared with data brokers on a weekly basis, often without employees being aware.

AI-driven recruitment platforms buy broker data to fill gaps in candidate profiles and score applicants before they are interviewed. Platforms like EightfoldAI advertise using "the world's largest source of talent data" to identify "Validated Skills, Likely Skills, and Missing Skills" in candidates. Systems like Veriato Cerebral monitor employee chats, emails, web activity, and file transfers and produce a daily-updated Risk Score for each worker.

Insurance companies buy health data profiles compiled from browsing behaviour, search history, and pharmacy loyalty card data. If you searched for a medical symptom, or bought medication using a pharmacy rewards card, that signal is potentially in a profile being sold to insurers. The data may reflect a search you ran for someone else. Inaccuracy is endemic to the system and carries no liability for the broker.

Financial institutions use broker profiles to assess creditworthiness and mortgage applications. Landlords use them to screen tenants. The Electronic Privacy Information Center notes that broker algorithms "can be used to determine interest rates on mortgages and credit cards, determine eligibility for public benefits, or deny people jobs." In the United States, none of this requires your knowledge or consent.

Government use

The US Department of Homeland Security has purchased cell phone location data and home utility data from data brokers to facilitate deportations. The FBI has purchased personal data from location data company Venntel. Under both circumstances, no warrant is required, because the data is classified as commercially obtained.

10 How it causes real harm

The harms from data broker profiles are not theoretical. They are documented and ongoing, and they fall disproportionately on the people with the least ability to challenge them.

Inaccuracy is the first and most mundane problem. Profiles built from hundreds of sources, matched probabilistically, and updated by automated systems are wrong with significant frequency. There is no mechanism for you to inspect or correct a profile held by most data brokers. The consequences of that inaccuracy, a declined mortgage, a failed background check, a higher insurance premium, have no meaningful recourse in most jurisdictions.

Physical safety

Data brokers enable domestic violence by providing tools for abusers to locate and track survivors. Personal information including home address, workplace, and location data can be purchased by anyone willing to pay the fee. Many survivors do not seek legal services or move house because each action generates new records brokers can resell.

Exposure without consent

In 2021, The Pillar outed a Catholic priest by purchasing data from a data broker that included usage patterns from the app Grindr. The data was sold legally. No law was broken by the broker. The priest resigned. The same infrastructure used to sell you trainers was the infrastructure used to expose him.

Fraud and social engineering

A phishing message that includes your accurate location, employer, and recent purchase history is far more convincing than a generic attempt. The EPIC notes that criminals actively use broker information to legitimise attacks, targeting retirees and veterans specifically on the basis of their known demographics.

Political targeting

Cambridge Analytica claimed in 2017 to hold psychological profiles on 220 million US citizens, built from 5,000 separate data sets. The methodology violated Facebook's terms of service. But the underlying capability, using broker profiles to build psychographic models and serve targeted political messaging, was real and effective. The infrastructure remains fully operational.

11 What this means if you work in digital marketing

There are two ways to read the above. One is as a privacy story, a critique of surveillance capitalism and the erosion of individual autonomy. That reading is valid. The other reading, more immediately useful if you are a practitioner, is structural: you are working inside a system that most of your clients and stakeholders don't fully understand, and that misunderstanding has consequences.

Attribution models built on last-click or multi-touch frameworks are measuring the visible output of a system that made its real decisions earlier in the funnel, at a point of predicted receptivity the attribution model never captured. The conversion you are crediting to a retargeting ad may have been a near-certainty before that ad ever appeared. You are measuring the last domino. The system fell several dominos earlier.

The deprecation of third-party cookies has been slow and incomplete, but the direction of travel is established. The infrastructure described above will not disappear. It will increasingly run on first-party signals, which means the competitive advantage shifts toward whoever has the richest direct relationship with their audience.

In iGaming specifically, behavioural prediction models applied to gambling behaviour are not a theoretical concern. The question of whether targeting at points of predicted high receptivity constitutes harm is one regulators are actively working through. In this vertical, understanding this infrastructure is not just commercially useful, it may also be legally relevant.
12 What you can actually do about it

The honest answer is: not as much as you should be able to. The architecture described in this piece was built specifically to be persistent, to survive opt-outs, device resets, and account deletions. But partial mitigation is still mitigation.

EU / UK

Send a Subject Access Request

GDPR gives you the right to access data a broker holds on you, request correction of inaccurate data, and request deletion under the right to erasure. These rights apply to any company processing your data that targets EU or UK residents, regardless of where the company is headquartered. It costs nothing to send. The process is often deliberately cumbersome but it is legally enforceable.

US

Use your CCPA rights if you are in California

California residents have the right to know what data is collected, the right to opt out of the sale of their data, and the right to request deletion. Several other states have passed similar legislation. Federal protection remains absent, but state-level rights are real and underused.

Tool

Use a data removal service

DeleteMe and Privacy Bee automate opt-out requests across hundreds of brokers and re-submit them quarterly, since most brokers re-acquire data after deletion. These cost roughly $100 to $130 per year. Worth evaluating if the employer and financial risk angles described in this piece are relevant to you.

Tool

Browser and DNS level blocking

Firefox or Brave with uBlock Origin blocks most third-party tracking scripts. Private DNS services like NextDNS or Mullvad DNS block tracking at the network level. A VPN reduces location inference from IP address. Compartmentalisation, using different browsers for different activity types, limits cross-context identity stitching. None of this is a silver bullet. All of it reduces the signal available to the system.

Think

Reconsider loyalty cards

Loyalty programs are a straightforward exchange: small discounts in return for detailed purchase history data that gets sold on. The value of the data to the retailer substantially exceeds the value of the discount to you.

Structural

Support regulatory pressure

The most effective structural protection is the one that doesn't exist yet: comprehensive federal data broker legislation in the US, and effective enforcement of existing GDPR rights in Europe. The Open Rights Group's 2024 complaint about LiveRamp is a reasonable model for what targeted regulatory pressure looks like. The CFPB proposed new oversight measures targeting data brokers in June 2025. These processes are slow. They matter anyway.

A note on what this is not

This piece is not arguing that targeted advertising is inherently bad, or that the companies described above are uniquely malicious. Most of what is described here is legal, widely used, and in some contexts genuinely useful. The question of where personalisation becomes manipulation is legitimate and worth debating, but that debate belongs in a different register than this one.

What this piece is arguing is that the infrastructure described here is real, it is very large, it has consequences that extend well beyond advertising, and most people working in digital marketing have at best a partial understanding of how it actually functions. The permission popup is not the story. The story is what happens after you tap allow, and also what happens when you tap don't allow and the system proceeds anyway through the hundreds of other intake valves you never saw.

The machine that knows you is not a metaphor. It's a product with documentation, a stock ticker, a sales team, and a direct line to your employer. It would be useful to know how it works.
Sources & Further Reading
  • Open Rights Group complaint to ICO and CNIL re: LiveRamp, February 2024. crackedlabs.org/en/identity-surveillance
  • LiveRamp RampID Methodology. docs.liveramp.com/identity/en/rampid-methodology.html
  • LiveRamp Identity Resolution overview. liveramp.com/blog/what-is-identity-resolution
  • Lin, derived information from data brokers for marketing purposes. Cornell Law School, March 2025.
  • New America Foundation, The Role of Data in the Targeted Advertising Industry. newamerica.org
  • EPIC, Data Brokers issue overview. epic.org/issues/consumer-privacy/data-brokers
  • Coworker.org, Response to CFPB Request for Information on Data Brokers. home.coworker.org/cfpb-data-brokers-rfi
  • Stanford Tech Policy, Fortune 500 Companies' Selling and Sharing of Employee Data. techpolicy.sanford.duke.edu
  • Aerospike, Behavioral Targeting: Definition, How It Works, and ROI. aerospike.com/blog/behavioral-targeting
  • PIRG, The New Data Brokers. pirg.org, June 2023.
  • Dstillery, Exploring Predictive Behavioral Targeting. dstillery.com, October 2024.
  • Grand View Research, Data Broker Market Size and Share. grandviewresearch.com, 2025.
  • Wikipedia, Data Broker. en.wikipedia.org/wiki/Data_broker
  • MAF / Adjust, ATT Opt-In Rate data 2021-2023. maf.ad/en/blog/att-opt-in-rates-boost
  • MarketingCharts / Statista, Apple iOS ATT opt-in rate by app category, March 2022.