In this section, I want to give a brief overview of some of the most common ways surveillance works. This is not an exhaustive list, but it should give you a general idea to recognize potential surveillance mechanisms. The most common form of surveillance is Surveillance Capitalism, meaning companies like Amazon or Google who collect information about you in order to serve more relevant ads or products.
Governments also perform mass surveillance on nearly (if not) everyone, but typically mass surveillance piggybacks off existing surveillance capitalism infrastructures (see PRISM for an example of how this works). This means that while ending up on "a list" is likely a very easy, common, and automated thing, getting an actual person to watch you individually is less likely than you'd think. Most surveillance is performed automatically by algorithms and automated systems. The bad news is, this means surveillance is everywhere. The good news is, that means it's designed to work on the "most common denominator" and therefore relatively easy to get out of to an extent.
It's also worth knowing that there are organizations known as data brokers who collect your information strictly for profiling purposes. Amazon and Apple may not be sharing data with each other, but they are likely sharing it with companies like Acxiom and LexisNexis who in turn sell your profile back to other companies who use it mainly for advertising.
The Three Types of Surveillance (According to Me)
The most visible form of surveillance is what I call "consented surveillance." This is when you knowingly and intentionally give up information. For example, if you sign up to both Amazon and eBay using the same email address, then you probably expect that any purchases made on either platform are automatically and easily tied back to you. As I said in the previous paragraph, Amazon and eBay may not be sharing your purchase history with each other, but they definitely share it with data brokers. Their automated systems easily correlate the two accounts and combine them.
I call the next form of surveillance "unconscious surveillance." Technically you consent to this when you do things like, for example, click "I agree to the terms of service." But do you know what the terms actually say? Often the company does things you'll never even see: reading a "cookie" on your computer that tells them every site you visit, reading your contacts list, seeing what other apps are on your device, or scanning for other devices on your network and what they are. It could also include things like automatically scanning your emails or messages for keywords or recording your usage habits.
I call the final form of surveillance "targeted surveillance." This is the kind that is typically only an issue if you're already getting the attention of a highly-resourced threat actor. This is the kind where they plant a fake version of an app on your phone or computer to get extra, hidden access to the information on the device, or where they actively capture and read your communications by a person and not just a machine. Think of it like the proverbial "FBI surveillance van." As I said on the last page, I don't deal with this type of surveillance on this site because each situation is unique.