The New Door Policy
The internet used to have a bad reputation for letting anyone walk in. This was often a problem, occasionally a miracle, and very frequently the point. You could publish a blog under a name you invented, argue with a stranger on a forum, learn something unsuitable for your age, and disappear before anyone could ask for a scan of your passport. It was messy, fraudulent, generous, cruel, inventive, and alive.
That version of the web is now being quietly replaced by one with a clipboard at the entrance. Age verification laws, know-your-customer requirements, platform identity checks, app store compliance rules, and payment processor policies are all converging on the same basic demand: prove who you are before you proceed. The justification is always sensible. Protect children. Stop scams. Prevent abuse. Reduce fraud. Enforce the law. Nobody campaigns under the slogan Make Paperwork Worse, though many policies amount to exactly that.
This is not a complaint that rules exist. A society without rules is just a comment section with plumbing. The problem is that identity checks are becoming the default solution for problems they only partially solve, while creating a web that is less private, less open, and more dependent on a small number of companies that are very good at collecting documents and very bad at forgetting them.
Fact: The Checkpoints Are Multiplying
Fact: Governments are increasingly requiring online services to verify users in contexts involving age-restricted content, financial activity, gambling, marketplaces, political advertising, and safety compliance. The details vary by country and region, but the direction is consistent. Regulators want platforms to know more about their users and to prove that they know it.
Fact: Platforms already perform extensive identity and risk assessment behind the scenes. Phone numbers, device fingerprints, payment cards, IP addresses, behavioral patterns, government IDs, facial scans, and third-party verification providers are now normal parts of the trust-and-safety machinery. The friendly phrase is friction, as though the main thing happening is a slightly rougher user experience rather than the construction of a large identity apparatus.
Fact: Data breaches remain common. Identity documents, biometric templates, addresses, dates of birth, and account histories are not theoretical assets. They are the sort of information criminals enjoy because it retains value after the user has changed passwords and developed a richer inner life. You can reset a password. You cannot rotate your face.
Fact: Compliance costs do not fall equally. A large platform can hire lawyers, buy verification services, redesign onboarding flows, and absorb mistakes as the price of doing business. A small forum, independent publisher, niche community, or hobby project cannot. The web rarely dies in a single dramatic collapse. It is more likely to become administratively exhausting until the amateurs go home.
Interpretation: Safety Is Becoming a Business Model
Interpretation: The shift toward identity-gated access is not only about public safety. It is also about institutional convenience. Governments prefer accountable intermediaries. Platforms prefer rules that punish smaller competitors. Verification vendors prefer a world where every human interaction requires a toll booth. Everyone gets something, except the user, who gets to upload a driving licence to read a page that may still be full of nonsense.
The language around these systems is intentionally bland. Assurance. Trust. Integrity. Compliance. These are words designed to make surveillance sound like dental hygiene. But the practical result is a gradual inversion of the internet’s original assumption. Instead of access first and enforcement after harm, the new model demands clearance before participation.
There are places where this makes sense. Banks should know their customers. Adult platforms should not be indifferent to children. Marketplaces should make fraud harder. But policy has a habit of taking a tool built for edge cases and discovering that, with enough lobbying and moral urgency, it can become a general operating system.
The central mistake is treating identity as a synonym for safety. Many harmful actions online are committed by people whose identities are known somewhere. Harassment, fraud, manipulation, and exploitation do not vanish because a database contains a passport scan. Meanwhile, anonymity and pseudonymity are not merely shelters for bad behavior. They are also how whistleblowers speak, teenagers explore, dissidents organize, patients seek help, and ordinary people avoid turning every curiosity into a permanent record.
The fashionable answer is that privacy-preserving verification will solve the problem. Perhaps a system can confirm that you are over eighteen without revealing your name. Perhaps credentials can be stored locally. Perhaps cryptography can allow users to disclose only what is necessary. This is technically plausible and politically useful. It lets everyone nod solemnly while postponing the hard question: who operates the infrastructure, who audits it, who can compel it, and what happens when the exception process becomes the product?
The Cost of Being Legible
Once identity becomes the price of entry, the web becomes more legible to institutions and less forgiving to humans. Legibility is attractive to administrators because it converts messy social reality into fields on a form. Name. Age. Location. Device. Risk score. Verification status. It is less attractive if you are the person being flattened into a compliance object.
There is also a cultural cost. The open web was never as free as its nostalgists claim, but it did permit low-stakes participation. You could try on an argument, publish a strange essay, join a community, make a minor fool of yourself, and move on. That low-stakes quality mattered. It allowed people to learn in public without having every phase of development notarized.
A checkpoint internet discourages this. It rewards sanitized, brand-safe, institutionally comfortable behavior. It makes people more cautious, not necessarily more ethical. The result may be fewer visible harms and more invisible conformity. This is the sort of trade that looks excellent in a quarterly safety report and rather bleak in a history book.
It also pushes users toward the largest platforms. If identity must be verified, people will prefer to do it once with a major company rather than repeatedly with smaller services. That gives the incumbents another advantage: not better speech, not better communities, not better ideas, just better paperwork. Empires have been built on less, though usually with nicer stationery.
Prediction: The Web Will Split by Trust Class
Prediction: The next phase of the internet will not be simply open versus closed. It will be stratified by trust class. Verified users will receive smoother access, higher limits, more distribution, better payment options, and more credibility by default. Unverified users will be rate-limited, hidden, challenged, or excluded from certain activities. The division will be described as risk management, because class systems sound less alarming when translated into software.
Prediction: Many users will accept this arrangement because convenience usually beats principle in a fair fight. If a verified identity unlocks faster support, fewer captchas, more features, and fewer account suspensions, people will comply. Not happily, perhaps, but with the weary resignation of someone installing yet another authenticator app because civilization apparently depends on six digits expiring every thirty seconds.
Prediction: A counter-market will grow around privacy-preserving credentials, anonymous payments, local-first communities, and smaller networks with stricter norms but less identity extraction. Some of it will be serious and useful. Some of it will be a swamp with better branding. The desire for spaces that do not demand official papers will not disappear; it will migrate.
Prediction: Regulators will eventually discover that verification systems create their own harms. Exclusion, data leaks, false positives, surveillance creep, vendor concentration, and cross-border enforcement conflicts will become policy problems in their own right. A second wave of regulation will then attempt to fix the first wave. This is how modern governance often works: install a machine, notice it has teeth, convene a panel.
A Better Question Than Who Are You?
The better question is not whether identity should ever be required online. Sometimes it should. The better question is whether identity is being demanded because it is necessary, or because it is easy for institutions to understand. A passport scan is a crude answer to many subtle problems. It can confirm a fact about a person while revealing far more than the situation requires.
A healthier web would use identity sparingly, proportionately, and with real alternatives. It would prefer proofs over disclosures: prove age without revealing name, prove uniqueness without revealing address, prove eligibility without creating a permanent dossier. It would punish companies that hoard sensitive data under the decorative banner of safety. It would protect pseudonymity as a civic feature, not a loophole.
Most importantly, it would resist the lazy moral arithmetic that says more identification equals more safety. Sometimes it does. Sometimes it simply makes abuse easier to document after the damage is done. Sometimes it transfers risk from platforms to users while congratulating itself for responsibility.
The internet does need better locks on some doors. But a society should be careful when every door starts asking for papers. At that point, the issue is no longer access to a website. It is the quiet redesign of public life into a sequence of permission requests, each one reasonable on its own, and together a little absurd.
Comments
No comments yet. Be the first to share your thoughts.
Leave a comment