A dangerous shift is happening online. All around the world, governments are quietly rewriting the rules of internet access. Soon, privacy and anonymity online may become relics of the past.
The UK’s newly enacted Online Safety Act marks a fundamental shift. You now need to verify your identity simply to watch a video, visit a website, or share your thoughts. The Act mandates strict age verification and identity checks for websites and platforms considered to host “harmful” or “adult content”.
But the definition of “harmful or adult content” is deliberately broad, encompassing every social media platform and website hosting user-generated content. This maneuver places all interactive sites under strict regulatory oversight, forcing them to implement identity verification systems. Users must now provide government ID or undergo facial recognition checks, ending the ability to browse, communicate, or consume content anonymously.
Platforms that don’t comply face massive fines. The result is that a vast portion of the internet has been seized under the guise of “safety”, threatening to erase the free and open internet we once knew.
The consequences are cascading. As this becomes increasingly normalized, nearly all platforms face pressure to demand user identification or age verification. This shift represents a major step toward eliminating online privacy. This isn’t about protecting children; it’s about ending anonymity altogether.
Global surveillance surge
If we look at the surveillance initiatives of governments around the world these past few weeks, it’s chilling. In what feels like a sudden, synchronized wave, the entire globe is moving in lockstep towards eliminating freedom on the internet. As well as the UK’s initiative:
- Canada: A surveillance bill has just been introduced that will significantly expand online tracking. Bill C-2 mandates backdoors in apps and platforms, giving authorities real-time access to your private data and undermining encryption. It also drastically expands surveillance by allowing police warrantless access to personal details like user identities, login history, and online activities.
- Australia: Has banned YouTube and social media platforms for users under 16, mandated face scans and government ID verification to access major internet services, and is planning to expand these invasive controls to basic online searches, embedding identity checks into everyday internet use.
- European Union: The proposed Chat Control law will go to a final vote in October 2025. If passed, it will mandate that platforms automatically scan private messages, emails, and stored files for illegal content, including encrypted communications, effectively abolishing end-to-end encryption protections across Europe. Additionally, the Digital Services Act (DSA) requires platforms hosting user-generated content to implement age verification measures, giving platforms a 12-month grace period to roll out strict ID verification systems.
- Switzerland: Have a surveillance law in the works that will force VPNs, messaging apps, and online platforms to log users’ identities, IP addresses, and metadata for government access, effectively ending online anonymity. Privacy-focused companies like Proton have announced plans to relocate if the law passes.
- United States: Numerous states are rapidly introducing and passing bills mandating strict age verification and identity checks for social media platforms and other online services, pushing the country toward the same surveillance and identity-control measures seen globally.
This explains the recent wave of platforms suddenly mandating stricter ID checks, like Spotify requiring you to upload your government ID before listening to music, or YouTube using AI to infer your age and enforce restrictions. Even in countries that don’t legally require these measures, companies often roll them out globally because it’s simpler and cheaper to have a single policy everywhere. This forces every country into the same authoritarian policies, whether they wanted them or not.
But these recent requirements didn’t appear overnight. Platforms have been slowly adding more identity verification methods for years. Did all these companies independently decide to create more friction for their users? Of course not. User friction is rarely the goal.
Instead, much of this seemingly voluntary cooperation was a response to implicit government pressure. This tactic is known as “jawboning”.
Jawboning: Silent coercion
Jawboning is informal, behind-the-scenes pressure from lawmakers and regulators. No new legislation is needed. Instead, governments make quiet but clear suggestions.
Officials might tell a tech company, “we’re concerned about misinformation spreading on your platform”, or quietly warn “this app poses a national security risk, you might want to address that before we’re forced to intervene”.
The threat is implicit.
As a result, platforms have been steadily increasing their identity checks, whether through phone number verification that ties accounts to real identities, or directly asking users to submit ID documents.
Governments don’t always need legal authority. Sometimes they simply suggest something strongly enough that compliance is inevitable.
In recent years we’ve seen this tactic intensify, with governments increasingly engaging directly with social media companies to shape moderation decisions. Without formal subpoenas or official orders, platforms receive subtle yet persistent suggestions about the type of content to flag or remove, effectively steering public narratives. This informal pressure quietly influences what users can see and say online.
Some people suggest that this sudden global crackdown on privacy must have been a coordinated and deliberate strike. But there’s a simpler explanation. None of what’s happened this past week appeared out of nowhere. We’ve been setting the stage for years.
After years of incremental normalization, surveillance culture reached a critical mass. Each small change seemed minor and tolerable. Governments nudged. Companies complied. Users accepted. Bit by bit, surveillance became normalized, until we reached a tipping point. When enough incremental intrusions pile up, they set the stage for something much bigger. By the time major restrictions arrived this week, we’d already grown numb to privacy incursions. The world was primed, and now a wave of regulation has swept in almost unopposed.
The cultural shift we must fight
The internet was conceived as a tool for freedom and connection. But almost overnight, it has become a surveillance landscape where every click, view, and conversation is gated by ID checkpoints. Our greatest tool for free expression is now our greatest instrument of control.
We can’t accept this shift passively. The normalization of mandatory identity verification is deeply harmful. Privacy isn’t suspicious or criminal; it’s normal, and we must vigorously push back against these cultural changes.
This is a landslide of lost freedoms, and it’s happened in mere weeks.
Decentralized infrastructure: Our last hope
Decentralization is critical in the fight for online freedom. Centralized systems, such as those mandated by regulations like the UK’s Online Safety Act, provide easy targets for governments to enforce identity checks, age limits, and surveillance. These centralized checkpoints enable extensive monitoring and control. Decentralized infrastructure, on the other hand, distributes control across many independent participants, making it inherently resistant to intrusive mandates and significantly harder for governments to impose surveillance and censorship.
Here are just a handful of powerful decentralized tools already available, each combining decentralization with robust privacy protections:
Bitchat
Bitchat is a Bluetooth Low Energy mesh messaging network launched by Jack Dorsey’s team in July 2025. It enables peer-to-peer communication among nearby devices without requiring internet access, user accounts, or phone numbers. Users can communicate via public channels or password-protected private groups. Bitchat also supports direct private messages secured by end-to-end encryption with forward secrecy, ensuring only the intended recipients can decrypt messages. Additional privacy features include timing obfuscation and dummy traffic to protect metadata, as well as a panic mode that instantly erases all locally stored data. The mesh network becomes stronger, more secure, and more resilient as additional users run the app in proximity.
Meshtastic
Meshtastic uses small radio devices to create local mesh networks independent from the internet, helping resist centralized censorship. Users send either public or private messages. Public messages are visible to everyone, while private channels use a shared encryption key (shared securely outside the app). Meshtastic also supports direct messages encrypted end-to-end via public-key cryptography.
SimpleX chat
A serverless, peer-to-peer messaging app with no identifiers or phone numbers required. All messages are end-to-end encrypted using a double-ratchet protocol. Metadata, contact lists, and message logs remain solely on the user’s device. Private message routing further obscures IP address or network information from relay servers. More participation, by either running relay nodes yourself or using independent relay servers, makes the system stronger and more censorship-resistant.
IPFS (InterPlanetary File System)
Distributed file storage with encryption. Instead of relying on centralized servers, files are split and stored across independent nodes. Once content is pinned to multiple nodes, there’s no single point of failure. IPFS resists censorship because no central authority can easily remove or block files. More participants equals greater redundancy and resilience.
Filecoin
Filecoin provides a decentralized marketplace for data storage. Unlike centralized cloud storage, Filecoin allows users to securely contract with independent storage providers directly through its blockchain, without third-party intermediaries. Files aren’t automatically distributed; instead, they’re stored with specific providers that users contract with directly, and the Filecoin blockchain ensures data integrity through built-in cryptographic proofs verifying providers actually store your data as promised.
Zero-Knowledge proofs (ZK proofs)
Zero-knowledge proofs are a type of privacy-preserving cryptographic validation. Initially pioneered by the cryptocurrency Zcash, ZK proofs have since become essential tools in a wide range of applications beyond cryptocurrency, including decentralized identity systems, secure age verification, and anonymous credentialing. They allow you to prove sensitive attributes, such as being over a certain age, without revealing any personal details, offering robust privacy protections in many digital interactions.
Several decentralized social media platforms have emerged as promising alternatives to centralized giants like Twitter and Facebook. Platforms such as Mastodon, Nostr, Bluesky, and Matrix offer decentralized architectures in theory, spreading control across independently operated servers or nodes. In practice, however, most users currently congregate around just a few widely used nodes, creating potential points of vulnerability. Still, these platforms represent meaningful progress, and I’m genuinely optimistic about the future of decentralized social media. As more people learn to run their own independent servers and nodes, these platforms will grow increasingly robust, resilient, and truly censorship resistant.
Why these tools matter
Together, decentralization and encryption directly undermine the systems that the UK Online Safety Act and similar laws rely on, such as central checkpoints, mandated identity verification, and mass data collection. These authoritarian measures become much harder to enforce when control is distributed, data remains with individual users, and identity can be verified anonymously.
Decentralized technology is still young, and many tools currently lack the polished interfaces and extensive user bases of centralized platforms. You won’t yet find the same network effect as mainstream social networks. But decentralized technology holds immense promise. As governments increasingly mandate backdoors, identity checks, and documentation simply to communicate online, these decentralized alternatives represent the future of digital freedom. Their strength and resilience depend directly on collective adoption: running nodes, hosting relay services, and contributing to open-source development.
The moment to act is now
Privacy isn’t about hiding; it’s about autonomy. Decentralized technologies aren’t mere ideals. They’re practical tools for reclaiming power online. The more widely adopted these tools become, the more robust and resistant they are to centralized control. Let’s actively build, support, and embrace decentralized, encrypted alternatives, and reclaim the internet while we still have the chance.
Yours in privacy,
Naomi
