© Dominic Lipinski/PA
'By extracting location details from Facebook, check-ins and photos it builds it builds a picture of where someone’s been, who they’ve been there with, and where they might go next.
'Riot' software developed to monitor people on social networks is as sinister as it sounds. We need legal safeguards, and fast

Separating paranoia from healthy caution in the 21st century is only getting harder, as it gets easier and easier for governments and corporations to track our online behaviour. The latest development, revealed by the Guardian, is that defence giant Raytheon has created software capable of tracking people based on information posted to social networks.

Its capabilities are impressively creepy: by extracting location information from Facebook, check-ins, and even latitude and longitude details from photographs in which targets are tagged (did you know cameras stored that?), it builds a picture of where someone's been, who they've been there with, and where they might go next.

This software, named Riot, is the latest in a long line of products offered to track people online, whether through spyware on their machines or by generating fake online personas who befriend dissidents. In the past, tracking individuals was difficult and costly, and so kept well targeted. Today, it's so easy that mass-surveillance is feasible - and so-called "big data" makes it seem tempting and innocuous.

The "big data" theory works like this: by grabbing hundreds or thousands of datapoints on millions of people, we build a systematic picture of how everyday people act. By analysing these by machine for "outliers", or suspicious activity, we can catch the bad guys - and it's OK, because only at that stage is another human being looking through your personal info.

This is, by and large, fantasy. For one thing, any algorithm will generate hundreds if not thousands of false positives (innocent people who hit a red flag). Given how rare, say, terrorism is, the vast majority of people bothered by these systems will be ordinary people facing previously unbelievable intrusion.

Second, these systems and techniques are just as useful to draconian governments around the world - as demonstrated in the Middle East uprisings, and time and again with China's internet monitoring and censorship.

The reality of surveillance tends to be mundane. For years in the United Kingdom, there was (in certain circles) outrage over the Ripa Act, which allowed councils and public bodies to initiate targeted surveillance with very limited oversight. Now, the world has moved on: public bodies barely even need to use Ripa - as they can glean far more information on anyone they choose through "overt" online sources, with no safeguards whatsoever.

It's easy to believe those with nothing to hide have nothing to fear - and most of us are essentially decent people, with frankly boring social network profiles. But, of course, to (say) a petty official with a grudge, almost anything is enough: a skive from work, using the wrong bins, anything. Everyone's got something someone could use against them, even if only for a series of annoyances.

It's also tempting to believe that with good privacy settings and tech savvy, we can protect ourselves. Other people might be caught, but we're far too self-aware for that. But stop and think. Do you trust every friend you have to lock their privacy settings down? Your mum? Your grandad? Do they know to strip location data from photos? Not to tag you in public posts? Our privacy relies on the weakest point of each of our networks - and that won't hold.

Surveillance is getting cheaper and easier by the day, which in turn proves almost irresistible - for those with good and bad intentions - to make more use of it.

The only way to prevent such a shift is to group together, raise funds, and lobby hard for real legal safeguards, fast, before the culture shift is irreversible. Anything less is acquiescence.