For five chapters your datafolk has been on the receiving end of everything, born without asking, moved without seeing, auctioned, predicted, and copied. It is time for the chapter where it learns to push back.
This is the defence chapter, and it comes with an honesty clause stapled to the front. There is no perfect protection, no single app, no toggle, no clever trick that makes your datafolk safe forever. Anyone selling you that is selling something. What exists instead is a small set of genuinely powerful ideas, locks, disguises, and the underrated word no, that, used consistently, change the odds. This chapter is about how those ideas actually work, so you can tell the real shields from the decorative ones.
The Oldest Shield: Scrambling the Message
Long before computers, a general who feared his messenger might be caught had a simple defence: write the order so that only the right person could read it. Scramble the letters by a rule agreed in advance, and to anyone else the page is gibberish. This is encryption Scrambling a message so that only someone with the right key can unscramble it. To everyone else it is noise. , and it remains the single strongest tool your datafolk has.
The crucial thing to understand is what encryption does not do. It does not hide that you spoke. It hides what you said. A scrambled message is still visibly a message. Its protection is that the contents are noise to everyone without the key, the eavesdropper, the network, the company carrying it. Hold that distinction; the whole chapter pivots on it.
For most of history, encryption had one awkward flaw: to unscramble a message, the recipient needed the same secret key, which meant you first had to share the key somehow, and sharing a secret over an unsafe channel is the very problem you were trying to solve. In 1976, two researchers published a way out so elegant it still feels like a magic trick.1 It is called public-key cryptography A trick using two keys — a public one anyone can use to lock a message to you, and a private one only you hold to unlock it. , and the idea is this: give everyone a public key, an open padlock that anyone can snap shut, while you alone keep the private key that opens it. Strangers can lock messages to you without ever knowing your secret. Only you can unlock them.
That single idea is doing quiet work every time you see a padlock in your browser, every time your UPI app talks to your bank, every time you log in over Wi-Fi you don’t trust. It is the lock on almost every door in your digital life, and most people use it thousands of times a day without ever seeing it.
The Disguise, and the Envelope It Can’t Hide
When India’s most-used messaging app rolled out end-to-end encryption When a message is locked on your device and only unlocked on the recipient's, so no one in between — not the app, not the network — can read it. , it changed the security of billions of conversations overnight. Locked on your phone, unlocked only on your friend’s, a WhatsApp message is unreadable to WhatsApp itself, to your telecom operator, and to anyone tapping the line. This is a genuine, enormous shield, and it is worth defending against the periodic demands to weaken it, because a lock with a master key for “good guys” is just a lock that has already been broken, it only awaits the wrong hand.
But here the honesty clause earns its keep, because encryption guards the message and leaves something else exposed: the metadata Data about your data — not the contents of the call, but who you called, when, for how long, from where. . The envelope. Encryption hides what is inside the letter; it does very little to hide that you wrote to this particular person, at this hour, from this location, for this long, again and again.
And the envelope, it turns out, is loud. Researchers who studied only the metadata of phone calls, never the contents, found they could infer astonishingly intimate facts: a sequence of calls to a cardiologist, a pharmacy, and a medical lab does not need a transcript to tell its story.2 The envelope often says more than the letter. This is why a disguise that hides your face but not your movements is only half a disguise, and why the most thorough surveillance has always been more interested in patterns than in contents.
The tools that try to hide the envelope, the anonymity tools Software — a VPN, Tor — that disguises where your datafolk is coming from by routing it through other places first. A disguise, not an invisibility cloak. , deserve the same clear-eyed treatment. A VPN genuinely hides your browsing from your internet provider and your location from a website, which is useful. It does not make you anonymous to the VPN company itself, who now sees everything your provider used to, so you have changed who you trust, not whether you must trust anyone. Tor goes further, bouncing your traffic through several relays so no single one knows both who you are and where you’re going. Stronger disguise, real costs: slower, and conspicuous in places where simply wearing a disguise draws attention. The skill is not owning the tools. It is knowing exactly what each one hides and what it leaves in plain sight.
Privacy Is Not Secrecy
The most important shield in this chapter is not a technology at all. It is a correction to how we think about the word privacy.
We tend to hear “privacy” and think “secrecy”, having something to hide. But your datafolk has very little it needs to keep secret, and reframing the whole problem that way concedes the argument before it starts (“why worry if you’ve done nothing wrong?”). Privacy is not secrecy. It is the power to choose who sees which part of you. You behave one way with your doctor, another with your employer, another with your mother. None of it is shameful. All of it is contextual. Privacy is just the right to keep those contexts from collapsing into one, which is exactly the right the Supreme Court of India recognised when it held that privacy is fundamental to dignity and autonomy under the Constitution.3
Seen this way, the most ordinary defences become the most powerful ones. The app permission you decline, location, contacts, microphone, is your datafolk choosing which context to share. The information you simply do not provide cannot be breached, sold, or re-identified later; the cheapest data to protect is the data that was never collected. “Incognito mode”, for the record, is none of this, it hides your history from others using your device and from almost no one else, which is a fine thing to want and a poor thing to mistake for a disguise.
Why This Matters
The shields in this chapter are real, and not one of them is perfect. Encryption protects the message and not the envelope. Anonymity tools trade one watcher for another. Permissions and refusal cost you convenience. There is no configuration that wins the game, and the books that promise one are lying to you for a download.
But “imperfect” is not “useless”, and treating it as such is how people end up defenceless out of despair. Your datafolk does not need to be invisible. It needs to be expensive to misuse and deliberate about what it reveals, and the tools here, used with a clear understanding of what each actually does, accomplish exactly that. You will not disappear. You will become someone who chooses, on purpose, which parts of themselves to hand over, which is the only definition of privacy that survives contact with a connected world.
In the final chapter, we step back from any single tool and ask the larger question the shields can’t answer alone: not how you survive the data age, but what a humane one would even look like, for all of us, and how we get there from here.
Next: Living With Our Datafolk, where we stop playing defence and ask what a fairer, saner relationship with our data could be, for individuals, communities, and a country of 1.4 billion.