November's almost over, and the surveillance machine didn't take Thanksgiving off.
While you were arguing about politics at dinner, the FBI was shopping for facial recognition drones. DHS decided your face isn't enough, they want your DNA now. And Meta's directors are writing a $190 million check for privacy violations that shocked absolutely nobody.
Let's break down what happened this month. Spoiler: it's not good.
FBI Wants Flying Cameras That Know Your Face
The FBI dropped a Request for Information on November 21st that should terrify anyone who's ever attended a protest. They're shopping for AI-powered drones with:
- Real-time facial recognition
- License plate readers
- Weapon detection
- Multi-target tracking
Not "maybe someday." They want vendors now. [1]
The ACLU's already screaming about warrantless aerial surveillance. They should be. Remember when drones were just for military operations overseas? Yeah, that line's gone.
What you can do: Support the ACLU's legal challenges. They're the only ones consistently fighting this in court. And maybe invest in a good hat.
DHS: Your Face Isn't Enough Anymore
On November 26th, DHS finalized rules that make George Orwell look optimistic. Starting December 26th, they're collecting:
- Facial scans (already doing this)
- All ten fingerprints
- Palm prints
- Eye scans
- Voice recordings
- DNA test results
Yes, DNA. For immigration paperwork. [2]
This applies to virtually all non-citizens entering or leaving the U.S. And here's the kicker, they're expanding it to U.S. citizens who file immigration applications for family members. Have a foreign spouse? Congratulations, you're in the database.
DHS warns that opting out (if you even can) means travel delays, extra searches, and missed flights. That's not a bug. It's the feature.
Protection: There isn't any. This is mandatory for international travel. Vote for representatives who oppose biometric expansion. That's your only play here.
Meta Directors Write a $190 Million Apology Check
Remember Cambridge Analytica? Meta's board does. On November 20th, Zuckerberg and friends agreed to pay $190 million to settle shareholder lawsuits about their "failure to rectify repeated Facebook user privacy violations." [3]
That's on top of the $725 million they're still distributing to 28 million Facebook users from the class-action case.
Quick math: $190 million divided by Meta's $135 billion revenue last year equals... nothing. It's a rounding error. Cost of doing business.
Your move: Delete Facebook. Seriously. Or at least lock down your privacy settings. They're buried three menus deep for a reason.
ICE Goes Full Minority Report
ICE didn't announce this. Democratic senators had to drag it out of them. Throughout November, we learned ICE is using:
Mobile Identify and Mobile Fortify Apps
Field agents point phones at your face. The app tells them who you are and your immigration status. Also scans irises. Because why not. [4]
Paragon Solutions Spyware ($2 Million Contract)
Remote access to your phone's location, messages, and photos. Real-time tracking for "extended periods." They reactivated this contract quietly.
Zignal Labs Social Media Surveillance
- Analyzes 8 billion social media posts daily
- Creating individual dossiers
- $9.2 million Clearview AI contract for facial recognition
Evidence shows ICE used Mobile Fortify to scan protesters. When senators demanded answers, ICE went silent. The Trump administration's goal: 1 million deportations annually. This tech is how they plan to do it.
Defense strategy:
- Use Signal, not SMS
- Turn off location services
- Post less on social media
- Use a VPN always
- Consider a second phone for protests
OpenAI Joins the Breach Club
On November 27th, OpenAI admitted hackers got into their Mixpanel analytics on November 9th. Exposed: names, emails, "limited customer identifiable information." [5]
They swear ChatGPT conversations are safe. Sure. Just like they swore they wouldn't train on user data until they did.
Damage control: Change your OpenAI password. Check if you reused it anywhere. (You did, didn't you?) Enable 2FA everywhere.
London Deploys Facial Recognition, Makes Arrests
November 3rd, Manchester city center. Live facial recognition. Two arrests: one for carrying a weapon, one for bail violations. [6]
British Transport Police announced November 27th they're rolling out a 6-month pilot at London railway stations. No opt-out. No consent. Just cameras and algorithms deciding if you look suspicious.
The UK doesn't even pretend to care about privacy anymore.
The Data Breach Lightning Round
Because there's always more:
- Habib Bank AG Zurich: Qilin ransomware gang stole 2.5TB of customer data on November 5th [7]
- Salesforce/Gainsight: 200+ companies breached through third-party apps. Scattered Lapsus$ Hunters also hit Atlassian, CrowdStrike, LinkedIn, and Verizon [8]
- CoVantage Credit Union: Social Security numbers, financial data exposed. Disclosed November 26th [9]
State Privacy Laws: Too Little, Too Late
Eight states have new privacy laws taking effect in 2025. Minnesota makes companies disclose who they sell your data to. Texas is actually investigating tech companies about kids' data.
It's something. Not enough, but something. [10]
What This Means
November 2025 proved what we already knew: surveillance expansion is accelerating. Government agencies aren't asking permission. Corporations treat privacy violations as operating expenses. And the technology to track everything you do gets cheaper every month.
The FBI wants drones that recognize faces from the sky. DHS wants your DNA to travel. ICE tracks protesters through their phones. This isn't the future, it's happening now.
What You Can Do Today
- Donate to the ACLU and EFF. They're the only ones consistently fighting this in court.
- Contact your representatives about the FBI drone program and DHS biometric expansion. Yes, even if you think they won't listen.
- Audit your digital life:
- Delete apps you don't need
- Review privacy settings monthly
- Use Signal for messaging
- Enable 2FA everywhere
- Consider a VPN for daily use
- Prepare for protests: Burner phone, no Face ID, airplane mode
- Support privacy-focused alternatives: DuckDuckGo over Google, Proton over Gmail
Next Month's Nightmares
Keep watching for:
- FBI's drone vendor selections
- ICE deportation operations using new surveillance tech
- More ransomware attacks on financial institutions
- State privacy law enforcement actions
- UK facial recognition expansion results
The surveillance state doesn't take breaks. Neither should your privacy defenses.
Suggested Articles to Add
Based on this month's events, here are topics that need deep dives:
- "How to Protect Your Biometric Data When You Can't Opt Out" - Practical guide for international travelers facing mandatory biometric collection
- "The Complete Guide to Protesting Without Getting Surveilled" - Updated tactics for the age of facial recognition drones and mobile surveillance
- "ICE's New Surveillance Arsenal: Every Tool They're Using" - Deep technical breakdown of each system and vendor
- "Your Phone vs. ICE: A Technical Analysis of Mobile Surveillance" - How Paragon Solutions and similar spyware actually work
- "State Privacy Laws Ranked: Which Actually Protect You?" - Comprehensive comparison of all 2025 state privacy laws
- "The Real Cost of 'Free' AI Services" - Investigation into what OpenAI, Anthropic, and others actually collect
- "Ransomware in 2025: Why Banks Keep Getting Hit" - Technical analysis of recent financial sector attacks
- "Building a Surveillance-Resistant Digital Life" - Advanced operational security guide for high-risk individuals
References
- FBI Seeks AI-Powered Surveillance Drones - Federal Register, November 21, 2025
- DHS Biometric Data Collection Expansion - Federal Register Notice, November 26, 2025
- Meta Directors Privacy Settlement - SEC Filing, November 20, 2025
- ICE Surveillance Technology Expansion - Senator Markey Letter, November 2025
- OpenAI Data Breach Notification - User Email Communication, November 27, 2025
- UK Police Facial Recognition Deployments - Greater Manchester Police, November 3, 2025
- Habib Bank Ransomware Attack - Qilin Gang Leak Site, November 5, 2025
- Salesforce Third-Party Breach - Security Advisory, November 21, 2025
- CoVantage Credit Union Breach - NH Attorney General Notice, November 26, 2025
- State Privacy Law Tracker - IAPP Database, November 2025