A physical object can only be in one place at a time. Steal someone’s bicycle and they no longer have a bicycle; the theft is at least honest about itself.
Data does not work this way, and almost every strange thing in this chapter follows from that single fact. When your datafolk is “stolen”, nothing leaves. The original sits exactly where it was. What the thief takes is a copy, perfect, weightless, and indistinguishable from the source. You can be robbed and lose nothing you can see, which is precisely why you so often don’t notice until the copy turns up wearing your name.
A copy is as good as the original. That is the whole problem.
The Boundary Breaks, Not the Data
Up to now, your datafolk has at least stayed roughly where it was put, in the bank’s system, the app’s database, the government’s registry. A data breach When data escapes the place it was supposed to stay — through a hack, a leak, a misconfigured server, or an employee with a USB stick. is the moment that boundary fails.
The failure is rarely cinematic. The popular image is a hooded genius breaking encryption in the dark. The reality is usually duller and sadder: a server left open to the internet with no password, a database backup uploaded to the wrong place, a contractor with more access than they needed, a phishing email that one tired employee clicked at the end of a long shift. The data itself never resists. It simply finds itself on the other side of a wall that was supposed to hold.
India has had its share, and one example is worth stating carefully because it became a national debate. In 2018, The Tribune reported that, for a few hundred rupees, reporters were able to obtain access that returned demographic details for Aadhaar numbers, the database that anchors over a billion datafolk.3 The authority disputed the framing and the severity, and the precise mechanics were argued over for months. But the episode taught the public a lesson that no official statement could un-teach: the danger of putting everyone’s identity in one system is that one failure copies everyone at once. Centralisation is convenient in exactly the way it is dangerous.
”Anonymous” Is Usually Temporary
Here is the reassurance you have been given a hundred times: don’t worry, the data is anonymised. Your name was removed. You are just a row of numbers now. No one can tell it’s you.
It is, unfortunately, one of the most over-promised words in all of technology.
The problem is data linkage Joining two datasets by what they share — a date, a pin code, a device. Each one alone tells you little; together they can tell you everything. . A dataset stripped of names is not anonymous; it is merely waiting. The moment you line it up against one other dataset that shares even a little, a timestamp, a pin code, a pattern of behaviour, the names snap back into place. The researcher Latanya Sweeney demonstrated the bones of this decades ago: a striking majority of people could be uniquely identified from just three “harmless” facts, their date of birth, their sex, and their postal code.1 None of those is your name. Together, they usually are.
It gets worse the richer the data. When Netflix released a giant “anonymised” set of film ratings for a competition, two researchers showed that by matching the rating patterns against publicly visible reviews elsewhere, individual subscribers could be picked back out, along with the films they had quietly watched.2 Nobody’s name was in the data. Their behaviour was, and behaviour turns out to be a fingerprint.
This is the chapter’s second hard lesson: anonymous data is often just data that has not been re-linked yet. Re-identification Putting a name back onto data that had its name removed — usually by linking it to one other dataset. is not a rare exploit. It is the default fate of detailed data, given one more dataset and someone with a reason.
Stealing You No Longer Requires Stealing From You
The classic con was to take something you had, your card number, your OTP, your password. That con is alive and well in India: the “your KYC will expire today” message, the fake bank call that walks you through your own UPI PIN, the SIM-swap that quietly moves your number, and your OTPs, to someone else’s phone. These work because they copy one crucial fragment of your datafolk and use it before you notice.
But the frontier has moved somewhere stranger. Increasingly, a criminal does not need to steal from you at all. They can assemble a synthetic identity A fake person stitched together from real pieces — a genuine number here, a real address there, a face generated by a model. : a person who never existed, built from a real leaked address, a real-looking document, and a face that no human owns because a model generated it. The fake is hard to catch precisely because most of its pieces are true.
And then there is your face and your voice, which you have always assumed were yours alone. A deepfake Audio or video of a real person doing or saying something they never did, generated by a model trained on footage of them. is your datafolk learning to perform. Trained on a few minutes of real footage, a model can produce video of you saying things you never said, or a voice clone convincing enough to call a parent and ask, in your voice, for money in an emergency. India has already seen deepfaked celebrities used to sell scams and deepfaked politicians deployed during elections. The technology does not care whose face it wears. Your likeness, it turns out, is just one more kind of data, and data can be copied.
Data Does Not Forget
Run all of this forward and you arrive at the property that makes digital harm different in kind from the physical sort.
A house fire is a catastrophe, but it has an end. The thing burns, and then it is gone. A leak has no such mercy. Once a copy of your datafolk is loose, it cannot be recalled, deleted everywhere, or burned. It is downloaded, re-uploaded, merged into other databases, traded on forums, and quietly stored on machines you will never find. A breach is not an event that happens and finishes. It is permanent in a way a fire is not.
This is why a mistake in a digital system can outlive the moment it was made by years. A password you reused in 2016 surfaces in a breach in 2024 and unlocks an account you forgot you had. A photo you deleted persists in someone’s backup. A “private” message becomes a screenshot becomes evidence. Your datafolk, as we said in the very first chapter, doesn’t forget, and now we can see the sharp edge of that: neither does anyone who has ever copied it.
Why This Matters
It would be easy to end here in pure dread, and this is exactly the point in the genre where most books do. This one will not, because dread is not literacy and it is not useful. Yes, your datafolk can be copied, and yes, the copy is permanent. But understanding how the copying happens changes what you do about it in concrete, undramatic ways.
You stop reusing the one password. You treat “your KYC will expire” with the contempt it deserves. You assume that “anonymised” means “not yet re-linked”, and you share accordingly. You believe a panicked voice on the phone slightly less, and call back to check. None of these are heroic. All of them work, because most copying succeeds not through brilliance but through our assumption that a copy must announce itself. It doesn’t. It just shows up later, wearing your name.
In the next chapter, finally, the datafolk fights back. We turn from the ways it is taken to the ways it can be defended, the locks, the disguises, and the quiet mathematics of keeping a secret in a world built for copying.
Next: Shields, Locks, and Disguises, where your datafolk learns to protect itself, with encryption, anonymity, and the underrated power of saying no.