You Didn't Consent to This... Digital ID, your data, and what you should be concerned about.
- What’s Actually Happening Right Now
- Why Are They Doing This?
- This Is How You Get a Social Credit System
- Innocent People Are Already Getting Destroyed
- The Politicians Writing These Laws Are Exposing Themselves Too
- “That Would Never Happen Here”
- So Who Built This Standard? Prepare yourself….
- Connect This to the Breaches
- AI Makes This a Ticking Time Bomb
- Think About Future Kids
- What You Can Do
- Here’s What It Comes Down To
You wouldn’t hand a stranger on the street a photocopy of your passport. You’d probably think they were insane for asking. But right now, that’s exactly what they are demanding, and they’ve convinced you it’s necessary to protect the innocent.
Governments and corporations are building a system right now where every website you visit, every app you open, every transaction you make will be tied to your real identity.
Your face. Your passport. Your fingerprint. Permanently.
This affects everyone. Not just people in tech or privacy advocates. Not just human rights activists and journalists or even just criminals and corrupt politicians.
Everyone…..
Your family. Your friends. Your coworkers. All those who don’t seem worried at all and always say stuff like “I have nothing to hide” or “I don’t care if they see”.
Well, If you use the internet. This is YOUR future.
And the evidence that it’s a terrible idea isn’t just compelling. It’s totally overwhelming.
The databases they store your identity in get breached constantly. Last week alone a billion records were found sitting on the open internet with no password. I wrote a thread here on twitter about this.
People are being kidnapped because their financial identity was linked to their holdings.
Innocent people are being jailed because facial recognition got it wrong.
Governments are freezing bank accounts of peaceful protesters. And an entire industry is making billions convincing lawmakers that more data collection will somehow make us safer, when every piece of evidence says the opposite.
Despite all of this, they’re not slowing down. They’re accelerating.
And I can’t understand why.
Anyone with common sense can look at this evidence and say hey maybe that’s not such a good idea… So let’s dig in.
What’s Actually Happening Right Now
So here’s what this looks like in practice. Right now.
So starting in January 2027, if you live in California and your kid wants to download Minecraft, they’ll need to verify their age through the phone’s operating system. Not the app. Not the website. The device itself will demand proof of who they are before they can use it.
So let’s be clear California’s Digital Age Assurance Act requires age verification at the OS level.
That means a 10 year old handing over biometric data or a government ID scan just to use a phone they got for Christmas.
And it ain’t just California.
As of 2026, 25 US states have passed age verification laws.
That is half the country.
Nine took effect in 2025 alone. Millions of people are already being forced to upload their passport or scan their face to access parts of the internet that were free and open last year. Think about what that means.
KOSA, the Kids Online Safety Act, was passed in December. The House tried to bundle it with 18 other age verification bills into one massive package. They’re not debating whether to do this and they’re debating how fast.
In Europe it’s even further along. The EU digital identity wallet becomes mandatory by December 2026. Every member state must offer a wallet linking your national ID, driving license, diplomas, and bank accounts.
All in one place.
All digital.
All trackable.
If you live in the EU, this is happening to you this year whether you want it or not.
More than half of US states are building digital driver’s licenses. Apple Wallet and Google Wallet already support them. The Department of Homeland Security is backing it.
None of this was voted on by the public. None of this was debated in any meaningful way. This is infrastructure being deployed right now and most people have no idea.
Why Are They Doing This?
So this is the insane part. The why they are doing this.
So there are basically four groups pushing this. And when you understand who they are, the whole thing makes a lot more sense.
Group 1: Politicians who want to “do something” about kids online
Now let’s be clear this is the bipartisan cover story. Senators Blumenthal and Blackburn introduced KOSA. Republicans and Democrats both support it.
and really the argument is simple: kids are being harmed by social media, we need to verify ages, this is common sense regulation.
And I want to be real clear about something. I’m not arguing against protecting kids. Kids face real dangers online. That’s not the debate.
What I’m arguing is that these laws endanger far more kids than they protect. And the evidence is right there.
When Florida passed its age verification law, VPN demand surged 1,150%. Kids didn’t stop. They moved to less regulated, more dangerous sites where there are zero protections. NYU and Phoenix Center research confirmed this. You pushed kids out of the relatively supervised spaces and into the actual dark corners of the internet. Good job.
The UK’s Online Safety Act was even worse. Websites shut down or blocked UK users entirely. Communities were censored. Reddit subreddits got age-gated randomly, which meant that a lot of users migrated to sketchier platforms.
The law was supposed to protect young people and instead it drove them underground. This is always the case.
And Discord? Discord collected 70,000 government IDs specifically for age verification. Exactly what these laws demand. Then a vendor got hacked and all those IDs leaked. So now you’ve got 70,000 young people whose government ID photos are on the dark web because a company tried to “protect” them by collecting their identity documents. What did Discord do? They decided to delay it’s global age verification, not cancel.
This is not protecting kids. This is building a target list of children’s identities and handing it to hackers. If you argue against these laws, you’re not arguing against kids. You’re arguing against a system that puts kids in more danger than it saves them from.
Group 2: A $51 billion identity verification industry
This is where you follow the money.
The digital identity market is worth $51 billion in 2025. Projected to hit $80 billion by 2030. Some estimates put it over $200 billion by 2035.
Companies like Thales, IDEMIA, NEC, Persona, Yoti, Veriff, Jumio, Onfido, and dozens more. And these aren’t exactly companies with clearn records.
Thales for example powers 1 in 3 government IDs issued globally. Well… they are also under investigation by the UK serious Fraud Office and French autorities for briberty and corruption. The company the govts trust to build their identity system. hmmmmm….
Another major player, has been accused alongside Thales of facilitating human rights abuses of refugees and migrants through border surveillance technology. They helped supply surveillance systems to authoritarian regimes including Egypt under el-Sisi.
Persona, the KYC provider used by Coinbase, Kraken, OpenAI, and Discord, was caught with 53 megabytes of unprotected source code showing they pipe passport data directly to FinCEN tagged with intelligence program codenames. Government surveillance through the same codebase that handles your selfie.
The US just awarded a $37.4 million contract for facial biometrics on Login.gov. Yoti’s CEO blogged about 2025 being a “record year” for revenue thanks to age verification laws.
These are the companies building the infrastructure for mandatory digital ID. Companies under investigation for corruption. Companies accused of enabling authoritarian surveillance. Companies that can’t protect their own source code.
These companies lobby for the laws that make their products mandatory. The laws create demand. Demand creates contracts. Contracts fund more lobbying. It’s a cycle.
Just look at one of them. I’ve already written about this week, Persona, one of the biggest identity verification providers, was caught with code that pipes your passport data directly to FinCEN tagged with intelligence program codenames.
The same company handling your ID for Coinbase, Kraken, OpenAI, and Discord was running government surveillance through the same codebase. 53 megabytes of source code left unprotected on a government endpoint.
This is the industry we’re supposed to trust with mandatory digital ID for everyone. It seems like its already here…
Group 3: Tech companies that want your identity for ad targeting
In January 2024, at a Senate child safety hearing, X CEO Linda Yaccarino testified in support of KOSA. Microsoft’s Brad Smith endorsed it the day before. Snap had already thrown its support behind the bill.
By May 2025, Meta, Spotify, Match Group, and Garmin had founded an entirely new lobbying organization dedicated to pushing app-store-level age verification. They hired a veteran government relations professional to lead it.
Ask yourself why the biggest data-harvesting companies on earth are enthusiastically supporting a law that requires verified real identity.
The EFF spelled it out: “Companies want users to spend as much time on their platforms as possible, because they make money from targeted ad sales, and these ad sales are fueled by invasive data collection.”
Once you’re tied to a verified real identity, you become an infinitely more valuable advertising target. Personalized pricing. Perfect ad targeting. Complete user profiles. The ability to sell verified identity data to third parties. That’s not speculation. That’s the business model.
These companies aren’t supporting KOSA because they care about kids. They’ve been profiting off kids’ data for years. They’re supporting it because mandatory identity verification turns every user into a perfectly profiled advertising asset.
and the most clueless of all and the ones we have to educate
Group 4: The “nothing to hide” crowd!
there’s regular people who genuinely think
“what’s the big deal? I show my ID at a bar. Why not online?”
The EFF wrote an entire page addressing this argument directly. Here’s why online ID checks are nothing like showing your ID in person:
When you show your ID to a bartender, they look at it and hand it back. They don’t photocopy it. They don’t store it in a database. They can’t track everywhere else you’ve shown it. They can’t be hacked. The data doesn’t persist forever.
Online verification stores your data and creates permanent records, which connects to third-party companies.
They get breached.
Your data gets sold.
Gets hacked.
Gets subpoenaed.
And unlike a password, you can’t change your face or your date of birth when the database leaks.
This Is How You Get a Social Credit System
And I know people roll their eyes when you say social credit. They think you’re being dramatic. They think that’s just a China thing.
But let’s be clear we already have one, we just don’t call it that.
Your credit score decides if you get a mortgage an apartment a car loan sometimes you can even decide if you get a job. Then there’s your Uber rating that decides if drivers pick you up your Airbnb reviews well those decide if anyone rents to you, your insurance premium shift based on data you never agreed And some might say this is a great thing. Of course I would like to know who’s getting in my car before I give them a ride or who’s staying in my home if I rent it out on airbnb.
Nobody is arguing that trust doesn’t matter in fact. But here’s where that starts to be a problem. These systems were built for specific and limited context. Your Uber rating is supposed to tell a driver. If you know your normal not gonna puke in his backseat your credit score yeah that’s supposed to tell a bank if you pay your bills, that’s it that’s the scope.
And that’s what’s legitimately terrifying is that what happens when you add a universal digital identity that ties everything together? Well yeah, you have one ID one profile one system and that system knows everything about you your financial history, your travel patterns, your health records, your online behavior and it’s all connected to your face.
So that means suddenly that Uber rating or that insurance premium or that credit score will they’re not separated anymore their layers of the same identity and that’s one switch they can turn it all off they showed you this playbook, and you laughed at it. Remember that Black Mirror episode? Well its here…..
This isn’t some conspiracy theory. It’s the literal architecture. It’s being built in 25 states across the EU and across the world right now on your phone.
Well, let’s talk about it because they didn’t wake up one morning and announce “Hi, we have a social credit system now.” It started as something that many would consider reasonable. Credit enforcement, business regulation, consumer protection, well doesn’t that all sound familiar?
Edward Snowden warned about this in June 2025: “Data will influence every aspect of our lives. Can you get a mortgage when you qualify? Will a dating app match you with anyone other than serial killers? That’s how you should think of the system.”
He’s not wrong.
So what happens?
Innocent People Are Already Getting Destroyed
This isn’t theoretical. People are already being harmed by the systems that digital ID is built on.
Robert Williams spent 30 hours in a Detroit jail because facial recognition said he was a shoplifter. He wasn’t. The match was wrong. He was handcuffed in front of his daughters in his own driveway.
In August 2025 a man in New York was arrested and jailed for two days for a sex crime he didn’t commit. The NYPD’s facial recognition tool matched him. He didn’t even match the physical description the victim gave. Didn’t matter. The system said he was the nope that’s the guy!
A medical entrepreneur named Vernau spent three days behind bars in July 2024 after facial recognition accused him of cashing a fraudulent check at a bank in Miami. He’d never been to that bank.
The Washington Post investigated and found that police routinely ignore their own safeguards after getting facial recognition matches. At least 10 people have been documented as wrongly arrested based on facial recognition in the US alone. Those are just the ones who fought back and got covered by the press. How many others just took a plea deal?
Now imagine this technology plugged into a mandatory digital ID system. Where your face is the key to everything. Where a false match doesn’t just get you pulled over, it locks you out of your bank account, your government services, your ability to function.
That’s what they’re building. And the technology isn’t ready. Gartner said 30% of organizations will consider facial biometric verification unreliable by 2026 because of deepfakes. We’re there. The technology that’s supposed to secure this system is already failing.
The Politicians Writing These Laws Are Exposing Themselves Too
These people don’t seem to care. No one does until it affects them.
In March 2023, DC Health Link was hacked. The personal data of hundreds of members of Congress, their spouses, their dependents, and their staff was stolen and put up for sale on a dark web forum. Social security numbers. Home addresses. Everything. Reuters, the New York Times, and The Guardian all covered it. House Speaker McCarthy called it an “egregious security breach.”
In September 2024, 3,200 Capitol Hill staffers had their passwords and IP addresses leaked on the dark web because they’d used their work emails to sign up for various services.
In October 2025, WIRED reported that a database containing information on people who applied for jobs with House Democrats was left accessible on the open web. People with Top Secret security clearances exposed.
And five days ago, at Abu Dhabi Finance Week, 700+ passport scans and government ID cards of world leaders, politicians, and major business figures were found on an unprotected cloud server. Reuters covered it.
The people writing the laws that will put everyone’s identity in centralized digital databases can’t even protect their own data.
So my question is this. Who convinced these people that building a system to collect and centralize everyone’s identity was a good idea? Who sat in front of a senator and said “trust us, we’ll keep it safe” when every single piece of evidence says otherwise?
Furthermore, who in the right mind thinks that in the age of AI LLMs its a good idea to digitize everyone’s identity and personal information?!?
it’s infuriating.
Was it the $51 billion identity verification industry? The one where Yoti’s CEO literally blogged about 2025 being a “record year” for revenue? The one where Thales powers 1 in 3 government IDs globally? The one where Persona was caught running government surveillance through the same codebase that handles your passport?
These companies lobby for the laws that make their products mandatory. The laws create demand. Demand creates contracts worth tens of millions. The contracts fund more lobbying.
That’s who put the fear in these people. That’s who told them digital ID would save them. An industry that stands to make $200 billion by 2035 if every person on earth is forced to carry a digital identity.
What the ACLU Is Saying (and Why It Matters)
In January 2026 they published “How to Give the Government New Power to Un-Person Someone, in Three Easy Steps.”
Step 1: Build a digital ID with centralized revocation capability.
Step 2: Make it required for everything so people can’t function without it.
Step 3: Let government officials yank people’s IDs out of their wallets.
They used the word “unperson” from 1984. And they weren’t being hyperbolic. They were describing a technical capability that most digital ID implementations include by default.
Here’s what they said: once this infrastructure exists, the government gains the power to “cut off in a single stroke their ability to access their accounts, visit much of the Internet, access government services, start a new job, obtain healthcare.”
With a physical ID the government can cancel your driving privileges but they can’t reach into your wallet and take the card. With digital IDs? They can. Remotely. Instantly. And most states have included zero protections against this.
https://www.aclu.org/news/privacy-technology/un-personing-with-digital-id
“That Would Never Happen Here”
but It already happened….
In April 2025 the Trump administration moved 6,000 legal immigrants into Social Security’s “death master file.” One entry per person. That’s all it took to revoke their ability to work, receive benefits, use banks, or function in society. The AP reported it and Congress condemned it.
This happened with the crude identity infrastructure we already have. Now imagine what becomes possible when that infrastructure is digital, centralized, connected to everything you do, and comes with a remote kill switch.
The ACLU also warned about something called the “phone home” feature. Over 80 organizations signed a letter about it. Every time you use your digital ID, it contacts the issuing government. They can see when and where you show your ID. Every store. Every website. Every bar. Real time surveillance built into the ID itself.
Your physical ID doesn’t call the DMV when you show it to a bartender. Your digital one will.
So Who Built This Standard? Prepare yourself….
The digital ID standard most states are adopting was created by a secret committee at the International Standards Organization.
Members: Google. Apple. US Department of Homeland Security. And foreign governments which the ACLU says may include China and Russia. The ISO refuses to say who was on the committee.
No privacy advocates participated.
No civil liberties groups.
No human rights organizations.
Nobody representing the people who would carry these IDs.
Kinda sounds like all things aren’t what they seem and the man behind the curtain… Well.. he’s probably mean.
The standard prioritizes verifiers over holders. It was built for the people checking your ID. Not for you.
And the text of the new standard? Copyrighted. not public and costs thousands of dollars to even read it.
So you’ll be required to carry an ID built in secret by corporations and governments, including potentially authoritarian ones, with zero public interest input.
And you can’t even read the rules governing how it works.
What the actual fuck…..
Connect This to the Breaches
Here’s where my last two weeks of news and research becomes really important.
They want mandatory digital ID for everyone to access everything. We just documented:
IDMerit: 1 billion KYC records exposed across 26 countries. No password.
Coinbase: 69,000 users’ government IDs stolen by bribed employees.
Discord: 70,000 government IDs collected for age verification. Vendor hacked. All leaked.
Transak: 92,000 IDs from one phished employee.
PayPal: Social Security numbers exposed for 6 months from a code error.
MobiKwik: 99 million users, 8.2 terabytes of KYC data sold on the dark web.
Discord is the proof of concept. They collected government IDs specifically for age verification, the exact use case these laws mandate.
The IDs got leaked.
Now multiply that by every website, every app, every government service. That’s what mandatory digital ID means. The attack surface becomes everything.
AI Makes This a Ticking Time Bomb
We’re building global identity infrastructure that relies on biometrics at the exact moment AI is learning to fake biometrics perfectly.
Gartner said that by 2026, 30% of organizations will consider facial verification unreliable because of deepfakes. We’re there. That’s this year.
Vietnamese authorities busted a ring that used AI faces to bypass bank facial recognition and launder $38 million. 1 in 20 verification failures is now linked to deepfakes. “Deepfake as a service” is a real industry you can buy into. 404 Media passed KYC with an AI generated fake driver’s license. Took 30 minutes and cost $15.
So the system catches honest people. Stores their real biometrics. Creates permanent records. Meanwhile criminals walk through with synthetic identities.
We’re building the largest honeypot in human history and calling it safety.
Think About Future Kids
This is where it stops being a policy argument for me.
I was part of the first generation who really grew up on the internet, it was everything to be noticed and popular online.
Now that I am older, I think about what it means to grow up in this system. Your face in a government database from the day you get a phone. Every website logged against your real identity. One man’s keystroke away from being locked out of society. debanked and unpersoned,
And the worst part? Our kids will be told this is normal. That showing your face to read an article or to play minecraft is just how the internet works. That handing over biometrics to download an app is what everyone does.
They won’t know there was ever another way.
That’s not safety. It’s a cage built by people who have proven, over and over and over again, that they cannot protect a database.
What You Can Do
Learn what’s happening. EFF has a resource hub at
. Stop Online ID Checks has a petition at
. Share them.
Support the legal fight. The EFF is challenging these laws in court and winning. They amplification.
Push back on your reps. These laws pass because nobody shows up. Be the one who does.
Use tools that don’t collect your identity. Vexl**.** Mullvad. Proton. Signal. Tor. Cash. The less data you hand over, the less can be leaked or weaponized.
Stop normalizing it. Every time you hand over your passport to access something, you’re telling them it’s acceptable. Demand alternatives.
Talk about it. Most people have no idea. You do now. That makes it your job.
Here’s What It Comes Down To
The evidence is right there.
A system that catches less than 0.1% of criminal money. That costs 100x more than it recovers. That creates databases breached every month. That enables the largest laundering operations through compliant banks. That gets people kidnapped. That locks 1.7 billion people out of the financial system.
And the response? Make it mandatory. For everyone. For everything.
The same companies that left a billion records exposed with no password want to store your face. The same governments that froze bank accounts of peaceful protesters want a remote kill switch on your identity. The same industry that was caught piping passport data to intelligence agencies through the same codebase wants you to trust them with your children’s biometrics.
They’re wrapping it in “protect the kids” because that’s the one argument nobody’s allowed to question. But the ACLU is questioning it. The EFF is questioning it. Courts are blocking these laws. Researchers are proving they don’t work.
And now I’m questioning it. As loudly as I can.
If we don’t push back now, we’ll wake up to an internet that demands our face, our fingerprint, and our government ID just to read the news. And by then it’ll be too late.
Share this. Send it to someone who doesn’t know. Talk about it at dinner. Bring it up with friends, family, whoever will listen.
Because nobody else is going to do it for us.
support the Vexl Foundation
support the Electronic Frontier Foundation