AI & Tech May 2026 6 min read The Contrarian Case

The Guard Did Not Need My Photograph. The App Did.

I visited a friend who lives in a colony that uses one of these new-age gatekeeping apps. The guard insisted on photographing me before letting me in. This is a three-party problem that nobody is talking about: how a third party can make a second party surrender a first party's privacy without any consent from the first party at all.

On privacy and autonomy

Privacy protects the individual's interest in autonomy because it carves out a space around individuals in which they can direct their lives as they see fit, irrespective of social and political pressures.

The most challenging aspect of living in a connected world is how to ensure that the little space we need around us does not get violated. That space is not large; it does not ask for much. It asks, at minimum, that you control your own image, your own location, your own movement data. And increasingly, that ask is not being honoured.

I was visiting a friend at his home. His colony uses one of these new-age gatekeeping apps... the kind that has replaced the rickety notebook at the guard post. The guard told me, very politely, that he needs to take my photograph or my car's photograph before he can let me in. I declined. He looked confused; this was clearly not the usual response. The barrier stayed down for a long moment.

The question that bothered me all the way home

How can the RWA... a third party... make my friend... a second party... cause me to lose my privacy as a first party? I did not sign up for this app. I did not agree to be photographed. And yet my refusal to participate was, in effect, treated as a refusal to visit my own friend.

Let us be precise about the three parties here, because the structure of the problem matters.

First Party

The Visitor

Visiting a private citizen at their home. Has no relationship with the colony or its systems.

Second Party

The Resident

Resident of the colony. Agreed to the app's terms when they moved in or registered. Has no power to waive consent on behalf of their guests.

Third Party

The RWA + App

Resident Welfare Association and the technology provider. Made a decision that every visitor's biometric data must be captured as a condition of entry.

The resident agreed to the app's terms for themselves. That is entirely their right. But that consent does not extend to their guests. The moment the app requires a photograph of a visitor as a condition of entry, it is asking the resident to enforce data collection on someone who never agreed to any of it. And it is asking the visitor to choose between their privacy and their ability to visit a friend.

An old, worn visitor register book open on a guard post table... pages filled with barely legible handwritten entries from 1998, a chipped pen resting across the page, a bare bulb hanging above — The rickety notebook that it replaced. Handwriting that could hardly be read. Names that faded within months. Entries that no algorithm could parse. It was inefficient. It was also, unintentionally, far more private than what replaced it.

This is the thing that people miss when they celebrate the digitisation of these old manual systems. The old systems had a built-in privacy feature that was not designed but was real: illegibility. The guard's handwriting in a physical register was, functionally, a data record that almost nobody could actually use. It degraded over time. It was not searchable. It was not uploadable. It was not cross-referenceable with your face, your vehicle number, your phone number, and your visit history.

The rickety notebook

Handwriting barely legible to anyone but the guard who wrote it

Data degraded and faded; no long-term record effectively possible

Not searchable, not cross-referenceable, not uploadable

Your visit was recorded in a closed, local system with no external reach

Inefficient. Unintentionally private.

The gatekeeping app

Your photograph linked to your phone number and vehicle plate

Searchable, stored indefinitely, potentially shared across colonies

Your visit history is a structured dataset; frequency, timing, duration

Data lives on a server you have never seen, owned by a company you did not choose

Efficient. Comprehensively invasive.

I am uncomfortable giving even my phone number to such apps... let alone a photograph. And I say this not as someone who is paranoid or technophobic; I say it as someone who builds technology products and thinks carefully about what data we collect, why we collect it, and what we would do if we collected less of it.

Privacy is not about hiding something. It is about choosing what to share, with whom, and under what conditions. When that choice is made by a third party on your behalf... without your knowledge or agreement... it is not just an inconvenience. It is a structural violation of something important.

We built a navigation product. We could collect precise location data from the first second a user opens the app; almost every navigation company does exactly that. We chose not to. We do not collect location for the first 1,000 metres of a user's journey. Here is why that matters.

Our privacy design... built into the product from day one

1,000m

The distance we do not track at the start of every journey

We do not want to know where you live or where you work. We do not need to. We know that you start from somewhere within a circle of approximately 1 km radius... and in a country like India, there are thousands of people within that circle. Your precise origin stays yours. The navigation still works. The privacy is not a trade-off; it is a design choice. We made it because we believe that data you do not collect cannot be misused, cannot be hacked, and does not become a liability for your users.

The colony app could make the same choice. It could verify that a guest is expected by the resident, without collecting a photograph. It could record a visit without storing biometric data. It could be effective at its stated purpose without building a surveillance infrastructure around every apartment block in India. The technology allows for privacy-preserving design; the question is whether anyone chooses to build it that way.

Privacy is one thing that has always been very close to us. Not as a legal compliance checkbox... but as a genuine design principle. The connected world has given us extraordinary convenience; I do not want to give that back. But convenience and privacy are not opposites. They can coexist... if the people building these systems choose to make them coexist. The guard at the gate does not need my photograph. He never did. The app decided he did. And that decision was made by people I have never met, for reasons I was never told, on behalf of a system I never agreed to join.