NorthStave

Why I Won't Verify My Identity to Use the Internet

I recently came across an incredibly insightful blog post over at neilzone.co.uk titled, “I’m struggling to think of any online services for which I’d be willing to verify my identity or age.” Reading it was refreshing because it perfectly articulated a quiet but growing sentiment that I share. It aligned so closely with how I think about the modern internet that it prompted me to sit down and map out exactly where I stand on the impending wave of digital identity verification.

Identity and age verification have become increasingly common policy conversations across numerous countries, particularly within the UK where legislative frameworks like the Online Safety Act have brought these issues to the forefront. Often, these proposals are wrapped in the politically unassailable cloak of protecting children from varying, ill-defined concepts of online harm. In practice, however, these legislations generally mandate that everyone, regardless of age, background, or intent, must definitively prove to a faceless corporate entity that they are who they say they are.

Like Neil, I have yet to see a well-considered proposal for how this would actually work in practice without completely dismantling the fundamental architecture of the free web. Worse, the problem these politicians are ostensibly trying to solve is rarely stated clearly or concisely. We are fed a steady diet of moral panic with zero consideration for the broader sociological, political, or security implications of what is being proposed. Instead, we are subjected to a relentless push for technosolutionism. This is the naive belief that complex human and societal issues can be solved by simply installing a digital turnstile and demanding to see everyone’s papers.

Reading Neil’s post made me ponder exactly which services I, personally, would be willing to verify my age or identity to access.

And, just like his conclusion, my answer is a resounding none.

But my refusal goes deeper than just a stubborn attachment to the free web and privacy. To understand why I am completely unwilling to participate in these digital checkpoint schemes, you don’t need to look far to uncover the catastrophic reality of modern cybersecurity, the staggering amount of data these companies have already hoarded, and the reality that tying internet access to a government ID is virtually indistinguishable from a state surveillance apparatus.

When politicians and tech executives talk about digital identity verification, they speak with a breathtaking arrogance about data security. They frame the act of uploading your passport, your driving licence, or your biometric facial scan as a simple, sterile transaction. They want you to believe that handing over your government ID to a social media platform is no different to showing a plastic card to a bouncer at a local pub.

This is a dangerous, systemic fiction.

The reality is that we are living through a golden age of cybercrime, and the corporate entities demanding our most sensitive information are proving on a daily basis that they are entirely incapable of keeping it safe.

If we look at the last few years of data breaches, the scale of incompetence is staggering. We are no longer talking about a few thousand stolen email addresses or hashed passwords. We are talking about the wholesale exfiltration of the foundational building blocks of human identity.

Take the breaches that have defined the last half-decade. We have seen credit bureaus lose the financial and personal histories of half the population. We have seen background check companies, entities whose sole purpose is to handle sensitive data, breached, leaking billions of records containing national insurance numbers, current and past addresses, and familial connections. We have seen genetics companies breached, leaking the literal DNA profiles and ancestral data of millions of users. We have seen health services like the NHS affected by ransomware, exposing patient records, and we have seen massive supply chain attacks compromise the internal communications of governments and multinational corporations alike.

When you verify your identity online, you are not engaging in a fleeting interaction. You are permanently uploading highly sensitive, immutable data into a corporate database. You are trusting that the company has properly secured their cloud storage buckets, that their employees are not vulnerable to social engineering or phishing, that their application programming interfaces are not leaking data, and that their third-party age verification vendors are completely bulletproof.

History shows us that this trust is completely misplaced. Data is not a static asset. The longer a company holds it, and the more of it they accumulate, the more likely it is to leak.

Here is the critical difference between a traditional data breach and an identity verification breach. If a hacker steals your password, you change your password. If a hacker steals your credit card number, you cancel the card and get a new one issued in a matter of days.

But what do you do when a cybercriminal syndicate steals a high-resolution scan of your passport? What do you do when your biometric facial map, your national insurance number, and your verified home address are dumped on a dark web forum and sold to the highest bidder? You cannot easily change your date of birth. You cannot easily change your national identity number.

By mandating identity verification for everyday internet access, governments are forcing citizens to load their most dangerous, immutable personal data into corporate systems that are guaranteed to fail. We are being asked to subsidise the security failures of the tech industry with our own permanent legal identities. It is a terrifying prospect, and I simply refuse to be the collateral damage in the next inevitable mega breach.

Even if, by some technological miracle, these companies could guarantee the absolute security of our government IDs, which they absolutely cannot do, I would still refuse to hand them over. I refuse because the amount of data these corporations already possess on us is staggering, invasive, and deeply concerning.

You could argue that we already live under a regime of surveillance capitalism. For the past two decades, the modern internet has been funded by the systematic extraction and monetisation of human behaviour. Data brokers, advertising technology companies, and tech giants have built incredibly granular, invisible shadow profiles of nearly every person holding a smartphone or sitting at a keyboard.

They know our location history with terrifying precision, tracking the mundane rhythms of our commutes, our visits to doctors, our late-night trips to the takeaway. They log our browsing habits, categorising our fears, our health anxieties, our political leanings, and our consumer desires. They know our sleep schedules based on the accelerometer data in our mobile phones. They map our social graphs, understanding exactly who we talk to, how often, and the nature of those relationships.

They use cross-site tracking cookies, invisible pixels embedded in emails, and deep telemetry baked right into our operating systems. They have aggregated so much behavioural data that their predictive algorithms can routinely guess major life events, such as pregnancies, illnesses, impending divorces, and changes in employment, long before we might even consciously acknowledge them ourselves.

Given this reality, the sudden legislative push for formal, legal identity verification feels not just redundant, but deeply insidious. If a tech conglomerate already knows where I sleep, where I work, what I read, and who I love, why on earth do they also need a scan of my driving licence?

The answer lies in the difference between probabilistic and deterministic data.

Right now, your ever-growing shadow profile is largely probabilistic. The algorithms are heavily confident that the device belongs to a specific demographic with specific habits, but there is still a tiny, lingering gap between the digital avatar and the physical human being. There is still a shred of plausible deniability.

A government ID is deterministic. It bridges that final gap. By tying our sprawling behavioural dossiers to a definitive, government-issued legal identity, the tech industry and the governments pushing these laws achieve total information awareness. It transitions us from being heavily tracked consumer demographics into fully mapped, legally identifiable subjects at all times. It takes the invisible panopticon we have unwittingly built and officially bolts the doors shut.

The moment you tie general internet access to a government ID, you have effectively instituted a system of state surveillance.

For decades, the defining characteristic of the internet was its capacity for anonymity and pseudonymity. This was not a flaw in the system; it was its greatest feature. It was a fundamental pillar of free expression, intellectual exploration, and personal liberty.

Anonymity allowed dissidents to speak out against oppressive regimes without fear of a midnight knock on the door. It allowed marginalised individuals to find community and support without risking their physical safety or their livelihoods. It allowed ordinary people to ask embarrassing questions, to explore niche interests, to seek medical advice, and to debate controversial topics without the fear of those thoughts being permanently attached to their permanent legal record.

When you mandate that everyone must prove their identity to participate in digital life, you destroy this sanctuary.

If every comment you leave, every article you read, every video you watch, and every forum post you make is inextricably linked to your legal identity, the effect on free speech will be absolute. People will self-censor. Intellectual exploration will wither. The internet will cease to be a place of discovery and will instead become a place of compliance.

We are building a digital surveillance society, and we are using child safety as the palatable justification to swallow the bitter pill of total surveillance. It fundamentally shifts the relationship between the citizen and the goverment. You are no longer presumed to be a free individual moving organically through a public space. Instead, you are a tracked, verified entity moving through a controlled, monitored environment, required to show your digital papers at every intersection.

I have no interest in participating in a society that treats its citizens as inherent suspects who must be verified before they are allowed to speak or read.

So, with this grim reality in mind, I return to Neil’s thought experiment. If the mandates come down, and the digital checkpoints go up, how would I react regarding the specific services I use daily?

Like Neil, I compute in a somewhat unusual way compared to the average consumer. I self-host, I rely on decentralised services, and much of what I do online is about accessing infrastructure I control.

However, my self-hosted services are still built around interacting with the broader internet.

If forced into a corner, here is how I evaluate the trade-offs:

RSS Feeds and Independent Blogs: Would I be willing to verify my identity or age to read someone’s RSS feed? Absolutely not. The beauty of RSS is syndication without surveillance. It is the purest form of content consumption left on the web. While I deeply enjoy the myriad of independent blogs I follow, none are strictly crucial to my existence. If a blogger is forced by their hosting provider or by national law to put their feed behind an age gate or an identity verification wall, I will simply unsubscribe. It is a tragedy for the independent web, but I will not hand over a passport to read a short essay on software development or gardening.

Video Streaming and YouTube: I occasionally watch videos, many of which originate on platforms like YouTube. But if YouTube is forced to implement hard age verification, and they are already experimenting with requiring credit cards or IDs for age-restricted videos in regions like the UK, what then?

It would be a massive shame. YouTube is a repository of incredible educational content, tutorials, and historical archives. But I will just walk away. It is not worth it. Mostly, I rely on my own physical media anyway. I buy secondhand physical media, rip it, and watch it on my own terms. I have never been asked to submit a biometric scan to buy a DVD at a charity shop, and I intend to keep it that way.

Forums, Reddit, and Discussion Boards: I abandoned traditional social media a long time ago and more recently centralised discussion sites like Reddit. I occasionally browse aggregators like Hacker News (that’s how I came across Neil’s blog post), but if any of these platforms threw up an identity wall, my departure would be instantaneous and completely painless. The signal-to-noise ratio on the modern web is already abysmally low. Adding a privacy-destroying checkpoint to read arguments between strangers is a terrible bargain. Websites with comment sections? I aggressively block them with browser extensions anyway. I do not comment, and I do not want to read them. A verification mandate changes absolutely nothing for me here.

Code Forges and Open Source Contribution: This is where the friction begins to show. What happens to places like GitHub, GitLab, and other forges? I am free to contribute to open source projects. If an organisation’s repositories are locked behind an ID check to comply with some overreaching tech legislation, I would have to seriously evaluate my involvement. While I value the free and open source software community deeply, I am not a linchpin developer holding up vital infrastructure. I would feel a pang of regret, but I would step away from contributing to those specific platforms. The open source ethos is fundamentally at odds with state-mandated digital identification.

Knowledge and Wikipedia: Wikipedia is a marvel of human collaboration. But if reading or editing it required a government ID? I would follow Neil’s lead. I would build a Kiwix instance, download the entire Wikipedia database locally, and browse it offline. Yes, the articles would be a few months out of date, and I would not have access to up-to-the-minute breaking news edits. But I rarely use Wikipedia for rapidly changing current events anyway. The trade-off is clear. Slightly outdated encyclopaedic knowledge is infinitely preferable to sacrificing my privacy and personal security to a verification vendor.

Communication Tools: This is perhaps the most painful hypothetical scenario. What if private, end-to-end encrypted messengers are forced to require ID to register? We are already seeing governments wage war on encryption, trying to force client-side scanning or backdoor access. Losing seamless, secure communication with friends and family would be a profound pain point. But if the cost of that communication is logging my legal identity into a central database, I will revert to email, self-hosted XMPP, or physical letters. I will not compromise on private communication.

Professional Services: This is the one area where rugged individualism hits the brick wall of modern capitalism. If the day comes when Microsoft or Zoom requires a verified digital ID just to join a meeting, the situation becomes incredibly complex.

Realistically, it is easy to take a principled stand when it comes to reading blogs or watching videos. It is much harder when your livelihood is on the line. If these services fell within the scope of identity mandates, it would force a brutal reckoning between my privacy principles and my need to pay the bills.

In practice, if the legislative hammer falls and the web becomes a series of gated communities demanding digital passports, my response will be a self-imposed, self-controlled digital isolationism.

I will retreat to the protocols that still respect anonymity. I will consume local media, read offline archives, and communicate over decentralised networks. I will accept that the golden age of the open web has ended, replaced by a sanitised, heavily monitored, corporate and state mall.

It is a depressing outcome. I grew up with an internet that promised boundless freedom and intellectual liberation. Watching it devolve into a surveillance apparatus where entry is contingent on surrendering your legal identity is a tragedy. But as much as I love the connectivity the internet provides, I value my autonomy, my privacy, and my security far more.

Unless a service emerges in the future that is so incredibly vital, so revolutionary, and so deeply necessary that it overrides every single one of my security and philosophical concerns, which I find highly improbable, I will simply walk away. The internet is a tool, not a mandatory condition of human existence. And if the price of using that tool is my identity, the cost is simply too high.

<< Previous Post

|

Next Post >>

#Security #Privacy