Headlines are plentiful about the digital surveillance of our government on immigrants, activists and constitutional observers as part of Operation Metro Surge. We are being watched and the to-do of locking things down can no longer just sit on my to-do list.

I’m also someone who is currently unemployed — so I do have more time on my hands. I’ve been sending out applications, attending interviews and working on my career retrospective but that is hard to do 24/7.

I’m also sick. Nothing serious. Just the kind of couch-bound week where it helps to have a project that feels productive but doesn’t require leaving the living room. So yesterday, I started “operation digital lockdown”: an afternoon of research and digital footprint migration, shifting to open source and a more private tool set. Laptop in hand, Industry on HBO Max playing in the background, this project turned into a well-spent afternoon of learning and action. So after such an effort, I figure it was a worthwhile POV to share. We are all safer when we are all safer, right? So here’s what I did with recommendations for you, too, if you aren’t already here:

Start with the email problem

Gmail is free because we, the users, are the product. Google’s entire business model is built on knowing everything about the owner of the account — what we search, what we click, what we write.

This isn’t a new concept. I’ve been well aware for years, especially working in digital marketing where dozens upon dozens of my campaigns have targeted these audience groups. But now, given the government surveillance and ownership of most platforms and media being consolidated under the billionaire class, it really is time to switch and gain what control is possible, even if it feels overwhelming.

After much research, I did it. I started the process and moved to Proton Mail. With that account set up, I was able to add my own domain (hlockwoo.com) and use an email address that truly belongs to me regardless of what provider I use now or in the future. Proton is based in Switzerland, which has the strongest privacy laws in the world. It’s end-to-end encrypted, meaning even Proton can’t read your email. And it’s open source, so the code is publicly auditable. Nobody has to just “take their word for it.”

One note: I’m not completely off Gmail yet. It’s embedded in too many of my accounts for that to happen overnight. But I’ve started the migration and that’s the point.

Next, look at your VPN

Most people have a VPN. Unfortunately, many VPNs don’t actually protect you. Free VPN services sell your data. US-based VPNs are subject to government data requests. Unaudited VPNs want you to just trust them. And a surprising number of popular VPNs are owned by advertising companies — the same companies profiting from your data in the first place.

I switched to Proton VPN, which is included in my Proton email plan. It’s Swiss-based, independently audited, open source, and funded by subscriptions rather than advertising. It meets every bar I set when I did the research. It’s also really important to have it running on any connected device (phones, laptops, tablets), especially if you are using public wifi.

Onto video conferencing

Zoom is the top dog. Google Meet is the popular (and free) option. And while the same concerns with Gmail can be attributed to Google Meet, Zoom is also a problem. They routed calls through Chinese servers and lied about end-to-end encryption. Now they are using your meetings to train AI.

After some research, I found and switched to Jitsi Meet, a free, open source option that doesn’t require an account and works in your browser. If you’re hosting, it’s important to set a password and enable the waiting room. I’ve tested it a bit and it seems like an easy and elegant solution — which surprised me that I hadn’t heard of it before this week.

Desktop web browsers and your data

Chrome is owned by Google. Different capability, same data story. The best recommendation that I found was to switch to Firefox with uBlock Origin for content blocking and DuckDuckGo for search. I used to be a big proponent of Firefox back in the day. I’m not sure when that changed and I’m a little mad at myself for getting so complacent with using both Google Chrome and Safari by default. So back to the fox I am and, honestly, the application icon is the cutest of the bunch.

On my iPhone, I’m sticking to Safari. The research showed me there isn’t much saved by switching to Firefox here. You lose some functionality and you can lock down your phone and Safari other ways via mobile. My recommendation: update your privacy settings, audit your app permissions, and enable Safari’s cross-site tracking protection. This is obviously all iPhone-specific but I’m sure there is a similar approach that can be taken on Android.

A callout I’d like to make is that our favorite apps are also harvesting our data. My weather app, my navigation app, my store and membership apps are likely using my location data and selling it to brokers. That data ends up in massive commercial databases. And those databases are now being purchased by government agencies, including ICE, without a warrant.

That’s not speculation either. Minnesota AG Keith Ellison issued a formal consumer alert about it in January. So while we can’t stop this practice entirely, we can minimize the damage through our settings.

Why all of this matters beyond Operation Metro Surge

I want to be clear. I still choose to have a public blog. I’m still publishing my Instagram and Threads content publicly and I’m also very vocal about how I feel about ICE as well as the Trump administration.

I know the trade-offs that come from that and I’m pretty sure that I’m already on a government watchlist of citizens considered as outspoken. But posting publicly is a choice I actively make because community and connection matter. It’s part of my 1st Amendment rights as a US citizen. I’m a proud J-school graduate. I believe in the 4th estate.

However, there is a big difference between what I put into the world intentionally through public posting and what is being quietly harvested from my behavior, location, and inbox without my consent.

“Data is being weaponized by a hostile federal government — and that was always the intended use for all that data collection.” — ACLU Minnesota

This surveillance infrastructure has been built over decades. Our data has always been available to be used in this way. But the stakes are higher right now. Our rights are being infringed upon in ways that we haven’t seen in decades. So the question now is: what do we do about it? How can we protect ourselves?

This is a start — and honestly it doesn’t even touch AI yet, which deserves its own post. I’ll keep sharing as I go.

For easy reference, I put everything I learned into a quick reference guide: the what, the why, and the how. You can download it as a PDF or find it saved on my Instagram.

• Download the Digital Privacy Guide
• View the Instagram carousel

In summary

This is not a small effort. The research takes time and implementation takes more. The good news is that you don’t have to do it all at once. Pick one thing. Fix your email. Update your phone settings. Get a better VPN. Just start somewhere.

And if you’ve already done some of this, or if you do it after reading this, let me know in the comments. I’d genuinely like to hear what people are doing or if there are other options out there that I missed.

---

One important note from a reader: The steps outlined above address commercial privacy — closing the gaps created by data brokers, ad tracking, and corporate data harvesting. That’s real and worth doing.

But state-level surveillance operates differently. The government doesn’t need to read your emails. It works on metadata and behavioral patterns — who you talk to, when, how often, and from where. Encryption protects the message, not the pattern.

Former NSA Director Michael Hayden said in 2014: “We kill people based on metadata.” That quote alone captures the stakes.

This doesn’t change the value of what’s outlined above. It just means we should understand what we’re protecting against and what requires a different conversation entirely.

Sources: ProPublica NSA explainer (https://propublica.org/article/nsa-data-collection-faq) and EFF NSA Spying (https://eff.org/nsa-spying)

Sources

ICE surveillance technology in Minnesota — Sahan Journal https://sahanjournal.com/immigration/ice-surveillance-technology-facial-recognition-phones-minnesota/

ICE phone tracking in Minnesota — Minnesota Reformer https://minnesotareformer.com/2026/01/20/ice-may-be-tracking-you-via-your-cell-phone-a-minnesota-law-can-help/

How ICE is watching you — Minnesota Reformer https://minnesotareformer.com/2026/02/03/how-ice-is-watching-you/

MN Attorney General alert on DHS surveillance https://www.ag.state.mn.us/Office/Communications/2026/01/15_DHS_Digital-Surveillance.asp

ICE AI surveillance tracking Americans — American Immigration Council https://www.americanimmigrationcouncil.org/blog/ice-ai-surveillance-tracking-americans/

US spy agencies buying your data — The Intercept https://theintercept.com/2025/05/22/intel-agencies-buying-data-portal-privacy/

Location data brokers — Electronic Frontier Foundation https://www.eff.org/issues/location-data-brokers

Data broker loophole — Brennan Center for Justice https://www.brennancenter.org/our-work/research-reports/closing-data-broker-loophole

CFPB proposed rule on data brokers https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-rule-to-stop-data-brokers-from-selling-sensitive-personal-data-to-scammers-stalkers-and-spies/