Shoshana Zuboff spent years at Harvard Business School before she wrote The Age of Surveillance Capitalism. She is not an activist. She is not a conspiracy theorist. She is a scholar who watched Silicon Valley invent a new economic logic and spent 700 pages documenting what that logic actually does to human beings. The book landed in 2019. The enforcement actions that followed — from Google's $391 million location tracking settlement to Meta's $5 billion FTC penalty to Amazon's Alexa fine — validated nearly every claim she made. The surveillance didn't stop. It scaled.
What Zuboff describes is not a privacy problem in the conventional sense — not a leaky database or a misconfigured server. It is a business model. The clicks you make, the routes you walk, the searches you run at 2 a.m., the amount of time you spend hovering over an ad before scrolling past it — all of that is what she calls behavioral surplus : data exhaust generated by your use of a product, harvested by the company that operates it, packaged into prediction products, and sold to whoever wants to influence your next decision. You are not the customer. You are the mine.
This is not a review in the conventional sense either. It is an explainer anchored in Zuboff's framework, with the enforcement record attached. Because the thesis is only half the argument. The receipts are the other half.
- ✓ Surveillance capitalism is not a side effect of tech business models. It is the business model — behavioral data extraction as the core value proposition.
- ✓ Zuboff's vocabulary — behavioral surplus, prediction products, means of behavioral modification — gives you language to identify what is actually happening when platforms describe their "personalization."
- ✓ The enforcement record since 2019 provides documented evidence for nearly every category of harm she described: location tracking, incognito deception, voice data collection, vehicle surveillance, and more.
- ✓ The book's weakness is tactical: the diagnosis is surgical; the prescription is thin. What to actually do about it is not Zuboff's focus.
- ✓ The question is not whether to trust the platforms. It is whether you understand the transaction you've already entered — and whether you've thought about how much of that transaction is negotiable.
01 What Surveillance Capitalism Actually Is
The conventional story about Big Tech is that companies got very good at targeted advertising. The more accurate story — Zuboff's story — is that targeted advertising was only the first application of something much larger. The real invention was the discovery that human behavioral data, generated as exhaust from ordinary digital activity, could be converted into prediction products: models that anticipate what you will do next, what you will buy, who you will vote for, what will make you stay on the platform longer. Once you can predict behavior, you can modify it. Once you can modify it at scale, you have something that has no good historical precedent.
Zuboff calls this instrumentarian power — not ideological, not governmental, but infrastructural. It does not operate through force or belief. It operates through the systems that mediate daily life: phones, search engines, navigation apps, smart home devices, school software, connected cars. Every surface that can generate behavioral data becomes a sensor. Every sensor feeds the prediction apparatus. The goal is not surveillance for its own sake. It is behavioral influence at scale, for commercial purposes, without meaningful consent.
The analogy she draws is to the original enclosures — the 16th-century privatization of common land in England that dispossessed rural populations and rewired the economy around a new class of landowners. What was enclosed then was land. What is being enclosed now is human experience itself: attention, intention, emotion, behavior. The rent is paid in data.
-
Behavioral Surplus The data generated by your use of a product that exceeds what is needed to operate that product. Your search query is necessary to return results. The time you spent on each result, the device you used, your location, your next search, and the pattern that emerges across thousands of sessions — that is surplus. It is harvested and sold.
-
Prediction Products What behavioral surplus is converted into. Statistical models that predict your future behavior with sufficient accuracy to be commercially valuable. Not just "this person might buy shoes" — but "this person, in this emotional state, in this location, at this time, is X% likely to respond to this stimulus."
-
Means of Behavioral Modification The next step after prediction. Once you can predict behavior, you can design interventions that nudge it toward commercially preferred outcomes — longer platform engagement, higher purchase likelihood, specific emotional states that increase ad receptivity. The interface is the tool. The notification is the nudge. The algorithmic feed is the delivery mechanism.
-
Instrumentarian Power Zuboff's term for the form of power that surveillance capitalism exercises. Not ideological (it doesn't require your agreement with any belief system). Not coercive (it doesn't threaten you directly). Infrastructural — it operates through the systems that mediate ordinary life, shaping behavior by controlling the environment in which behavior occurs.
Google didn't discover that your data exhaust was valuable and decide to sell it. Google discovered that your data exhaust was more valuable than the product it came from — and rebuilt the product around the exhaust.
02 The Receipts: What the Enforcement Record Shows
Zuboff's argument is a historical and structural analysis. What has accumulated since the book's publication is something more concrete: a documented enforcement record that covers nearly every category of surveillance practice she described. These are not allegations. They are settlements, consent decrees, and guilty pleas.
Google's behavioral data collection practices produced three separate enforcement actions that together illustrate the full surveillance capitalism stack: collection without meaningful consent, deception about collection scope, and quiet aggregation of data across previously siloed systems.
- Location History — $391.5M Settlement (2022) The Associated Press reported in 2018 that Google continued tracking user location even when "Location History" was turned off — the data was simply stored under a different setting called "Web & App Activity," which was on by default and not prominently disclosed. Forty states sued. Google settled for $391.5 million. California filed a separate case and reached its own resolution. The company had designed the privacy setting to appear protective while continuing collection through a separate mechanism users were unlikely to find. AP News ↗
- Incognito Mode — Class Action Settlement (2024) Google settled a class action lawsuit over its Incognito browsing mode by agreeing to delete or de-identify billions of records collected from users who had activated a feature explicitly designed to prevent tracking. Internal documents produced in litigation showed that Google employees understood Incognito was not actually private. The settlement required Google to update its disclosures and restrict how Incognito data is used for ad targeting. The Verge ↗
- DoubleClick Integration — 2016 Policy Change In 2016, Google quietly removed the wall between DoubleClick advertising data — which tracked browsing behavior across millions of websites — and the personally identifiable account data it held on signed-in users. The change was disclosed in a privacy policy update. ProPublica reported on it. The practical effect was that Google could now merge browsing history with identity — assembling the most complete behavioral profile of any individual in the ad-tech ecosystem. ProPublica ↗
Amazon's home ecosystem products — voice assistants, doorbell cameras, home security systems — are among the most complete behavioral data collection infrastructure available to a consumer technology company. The enforcement actions that followed illustrate both the scope of collection and the distance between what users were told and what was actually happening.
- Alexa — Human Review and Children's Data Bloomberg reported that Amazon employed teams of humans to review audio clips captured by Alexa devices — a practice undisclosed to users, who generally assumed voice processing was automated. Amazon subsequently added an opt-out. Separately, the FTC fined Amazon for retaining children's voice recordings and geolocation data under the Children's Online Privacy Protection Act — the data was retained "indefinitely" even after parents requested deletion. Amazon paid $25 million to settle. FTC ↗
- Ring — Internal Access and Police Sharing The FTC found that Ring employees and contractors had broad, largely unsupervised access to customer camera footage — including footage from cameras installed inside bedrooms and bathrooms. Amazon paid $5.8 million in consumer refunds. Separately, Ring had a policy of sharing camera footage with law enforcement agencies under "emergency" provisions that did not require a warrant or user consent; this was subsequently constrained following public pressure. Your doorbell camera was never just a doorbell camera. FTC ↗
Zuboff's argument that every surface becomes a sensor is not metaphor. The smart TV in the living room. The security cameras. The doorbell. The thermostat. Each is a data collection endpoint with its own vendor relationship, its own data processing agreement that no one has read, and its own pathway to a behavioral analytics ecosystem.
- Vizio Smart TVs — Automatic Content Recognition Vizio equipped 11 million smart televisions with automatic content recognition technology that tracked what viewers watched, second by second, across cable, streaming, and over-the-air broadcasts — without adequate disclosure. The data was sold to third parties for targeted advertising. The FTC and New Jersey settled with Vizio for $2.2 million; the company was required to obtain informed consent before collecting viewing data. "Smart" had a secondary meaning that didn't appear in the box copy. FTC ↗
- Eufy and Wyze Security Cameras Eufy marketed its cameras as "local only" — footage processed on-device, not uploaded to the cloud. Security researchers found that camera streams could be accessed from remote servers without authentication. Wyze experienced a software error that exposed 13,000 customers to camera footage belonging to other users — a direct cross-contamination of one household's private visual feed with strangers. The systems designed to protect your home were storing your home's interior on infrastructure you had no visibility into.
Mozilla's Privacy Not Included team reviewed connected vehicle privacy policies in 2023 and concluded that cars were the worst product category they had ever analyzed — worse than smart speakers, worse than health apps, worse than dating sites. And children's educational technology, documented extensively by Human Rights Watch, surveilled students at a scale that made consumer app tracking look restrained.
- Connected Vehicles Mozilla found that every major car manufacturer collected driver data far beyond what navigation or safety functions require. Several sold the data to third parties. Some collected data on sexual behavior, immigration status, and genetic information — not from onboard sensors, but inferred from connected phone data and third-party sources. General Motors shared driver behavior data with insurance companies without clear disclosure; affected drivers saw their insurance rates increase. The car is now among the most comprehensive behavioral data collection devices most people own, and they paid for the privilege. Mozilla Foundation ↗
- Educational Technology During COVID Human Rights Watch analyzed 164 educational technology products endorsed by governments during the COVID pandemic. The majority surveilled children — their keystrokes, browsing behavior, physical location, household composition — far beyond what any educational purpose could justify. The data was routed to advertising technology companies. "For the children" was the stated purpose; the behavioral data pipeline was the actual output. Human Rights Watch ↗
03 What Zuboff Gets Right — and Where the Book Drags
Zuboff's most important contribution is not the argument itself — it is the vocabulary. Once you have the phrase "behavioral surplus," you see it in every product announcement. Once you know what a "prediction product" is, you understand why the platform doesn't actually care whether you buy the thing in the ad — it cares whether your response to the ad improves the model. Once "means of behavioral modification" is in your mental framework, the design of every notification system reads differently. Language that cuts is the most durable tool she provides.
Her moral clarity is also notable. She does not offer a balanced-perspectives treatment of surveillance capitalism as a complicated tradeoff between convenience and privacy. She calls it extraction. She calls the consent frameworks theatrical. She traces the incentive structures that made it inevitable once the business model was proven. There is no "on the other hand, targeted ads do help small businesses reach customers." That argument exists elsewhere; this book is not obligated to make it.
Where the book drags is in proportion. The core thesis is established in the first 150 pages. The next 500 circle the same point with increasing academic granularity. The Hegel. The Hannah Arendt. The Foucault. For a general reader, the repetition is genuinely punishing. For the managing partner at a law firm trying to understand why their practice management software is sharing client behavioral data with an ad-tech consortium, the 700-page version is not the entry point.
The other gap is tactical. The diagnosis is surgical; the treatment plan amounts to "demand that your legislators act" and "insist on your rights." That is not wrong. It is incomplete. The architecture of surveillance capitalism is now embedded in products most organizations cannot easily replace, governed by privacy policies most users will never read, enforced by agencies that are underfunded and reactive. Understanding the system is necessary. It is not sufficient.
Behavioral surplus. Prediction products. Means of behavioral modification. These are not buzzwords — they are precise descriptions of real processes. Once you have them, you cannot read a platform's privacy policy the same way again. That is worth the price of admission by itself.
Zuboff traces the specific moment when Google discovered that behavioral exhaust was more valuable than search. That origin story is important: it explains why the architecture is what it is, why it won't self-correct, and why "just don't use Google" is not actually the shape of the solution.
The book is not a playbook. It will not tell you how to audit your law firm's SaaS stack for behavioral data leakage, how to evaluate a vendor's data processing agreement, or how to reduce your organization's exposure footprint. It tells you that these things matter. It leaves the how to someone else.
The book is approximately twice as long as it needs to be. The academic scaffolding — extensive engagement with Arendt, Habermas, and 19th-century enclosure history — is not necessary to understand the argument. If you are reading for practical application rather than scholarly depth, you will lose about 200 pages to material you will never use.
04 The Framework vs. the Reality: What They Say, What They Mean
The language platforms use to describe their data practices and the operational reality of those practices diverge in ways that are not accidental. The gap is designed. Here is the translation table.
- · "We use your data to personalize your experience."
- · "Your privacy is important to us."
- · "This feature is off by default for your protection."
- · "We do not sell your personal information."
- · "Incognito mode keeps your browsing private."
- · "Location History is off."
- · "We process your voice locally, on your device."
- → We convert your behavioral surplus into prediction products and sell access to those predictions.
- → Our business model depends entirely on extracting your behavioral data. We have a legal team.
- → The collection continues through a different setting that you are unlikely to find.
- → We provide third parties with data that allows them to target you individually without technically "selling" a file with your name on it.
- → Your browsing is private from other users on your device. We still collect it.
- → A different tracking mechanism called Web & App Activity is still on.
- → Human contractors reviewed a sample of your recordings. Some of them were funny.
05 What You Do With This
Zuboff's prescription — demand legislative action, insist on your rights — is not wrong. It is just the 30,000-foot view. The more actionable version operates at three levels: what you can change today in your own systems, what your organization can demand from its vendors, and what the legislative landscape actually looks like right now.
Every platform relationship is a data collection relationship. Before deploying a new tool in your organization — or recommending one to a client — the relevant questions are not "does it have good reviews" but "what behavioral data does this product collect, who receives it, what is it used for beyond the stated service function, and what does the data processing agreement actually say." Mozilla's Privacy Not Included guide covers consumer products. For professional software, the DPA is the document. Most vendors have one. Most clients have never read it.
An organization's behavioral data exposure is not primarily about what data it holds. It is about what data flows outward through the products it uses. A law firm that uses a cloud-based document management platform, a CRM, a marketing automation tool, and a practice management system has likely granted behavioral data access to between 30 and 80 subprocessors it has never reviewed. That data includes client behavioral patterns, staff activity, and communication metadata. Mapping those flows is not a technical exercise — it is a due diligence exercise, and it is overdue for any professional services firm that touches regulated client information.
When a software vendor describes its product's "analytics" or "usage insights" features, ask specifically: does this platform collect behavioral surplus beyond what is necessary to deliver the contracted service? Does your data processing agreement prohibit the use of our data for product improvement, model training, or any commercial purpose beyond our subscription? Who are your subprocessors, and what data do they receive? Vendors who cannot answer these questions clearly — or who answer with generalities — are telling you something about how they view the relationship.
The surveillance capitalism model depends on cloud aggregation. Data that does not leave your infrastructure cannot be harvested, subprocessed, or incorporated into a behavioral prediction system. For organizations with high-sensitivity client data — law firms, CPA practices, wealth managers — the option to run AI inference, document search, and workflow tools locally rather than through cloud-hosted platforms is both technically available and increasingly cost-viable. It is also increasingly a meaningful differentiator in client relationships with clients who understand what they're giving up when they don't.
"The platforms' designers know exactly what they're building. The question is whether the people using those platforms do."OccuNX — The Dispatch
06 Should You Read It?
Yes. Not because it will give you a checklist — it won't. Not because it is a comfortable read — it isn't. Because understanding the system you operate inside is a prerequisite to making informed decisions about the tools you use, the vendors you trust, and the data you allow to flow outward from your organization and your household.
The book gives you vocabulary and moral clarity. The enforcement record — which has expanded substantially since 2019 — gives you evidence. What neither provides is the specific, organizational-level translation of those ideas into the choices you face when renewing a contract, deploying a new platform, or advising a client on their technology stack.
That translation is the gap the book leaves open. It is also the work that actually needs doing.