This week begins a multi-part proposal that strengthening the connection between our online and real-world identities could help defend our rights and foster digital democracy. This is a complex question with a lot of risks of accidental harm, and many experts who I deeply respect see this issue much differently than I do. I will do my best to represent other points of view as well as my own. I hope this will start a healthy reader mailbag discussion — please let me know your own thoughts about identity at [email protected].

I contain multitudes (of accounts)

Regular readers know my core thesis: we deserve to participate in the governance of our online lives, instead of being subject to secret decisions by unaccountable corporate employees. I’ve written a lot about the platforms, but I haven’t yet defined who “we” are. In political science terms, this is the question of demos: who should be part of decision-making in a democratic regime?

This isn’t as simple as it sounds. In Democracy and Its Critics (1989), Robert Dahl spends chapters talking about the fine points of the demos – who is qualified, why can’t children vote, risks of collapse into minority rule or secession, the (continuing) battles over voting rights in the US, and so forth.

Going online opens a new dimension, because you can present yourself as a totally different person, and build strong communities without physical proximity. This duality was thoroughly explored decades ago in cyberpunk science fiction books like Neuromancer (1984) and Snow Crash (1992), from which Mark Zuckerberg poached the term Metaverse.

The modern Internet unfolds even further into an N-dimensional space, because we now live many distinct online lives at once. There are 466 separate accounts in my password manager. You can even have multiple distinct identities on the same platform – consider how many Instagram users maintain a Finsta for their close friends (or to evade parental nosiness).

E pluribus, unum caeruleum signum (blue check, I think - I dunno, I didn’t take Latin)

This multiverse of identities is possible because platforms don’t tie your new account to your real-world identity. I was able to create a new Google account in a few minutes with only a phone number for a confirmation code. I used my own number for convenience, but could have easily set up a burner. Discord let me start my own server and invite other people before even asking for an email address.

If you want to establish a stronger online identity, most social media platforms offer optional verification services to get the (in)famous blue check, but it’s a patchy and inconsistent process that isn’t available to everyone. 

  • Facebook and X charge money; Facebook requires extra identification, but X seems to just care that you have a valid form of payment and aren’t an obvious scammer.

  • YouTube requires you to have over 100,000 subscribers, and only says they “may also ask for more info or documentation.”

  • TikTok wants you to have your own domain name and to have “been featured in multiple news sources.”

[Note that all these platforms say they make exceptions for notable accounts who don’t meet all of their criteria, but this is just another secret decision made by company employees behind closed doors.]

Papers, please

An open-door policy isn’t the only way to handle online accounts. Financial services tightly link your account and real-world identity to comply with KYC (know-your-customer) regulations. In the United States, even convenient online services like Wise or Venmo require a government-issued ID, a social security or individual taxpayer identification number, a proof of address like a utility bill, and a video selfie. And, of course, getting a government ID in the first place is an increasingly strict process (see RealID).

Mandatory KYC is now seeping out of finance and into the rest of the online world as a convenient solution to fraud and safety fears.

  • There are many cryptocurrency exchanges that still don’t require KYC, but financial regulators are pushing to apply the same rules as other financial products.

  • YouTube advanced features require either enhanced identification through ID or video selfie, or a lengthy track record of good behavior.

  • Facebook now sometimes asks for a video selfie when creating a new account, although they claim to delete it after 30 days, which would make it mostly useful for detecting high-frequency bad behavior like bulk account creation. [This makes people mad.]

  • The UK Online Safety Act requires platforms to use age verification to prevent children from seeing a wide range of content defined as harmful. Platforms are mostly using government IDs to comply. [This makes people really mad.] Note that this goes much further than pornography. When I visited London in August, I hit the ID requirement trying to visit r/whiskey on Reddit. (FWIW, I got around it in 30 seconds with Mullvad VPN.)

Pay no attention to that brigade behind the curtain

Coming back to my thesis, let’s say you are a platform who wants to give your community a voice. In a world of infinite and overlapping online lives, how do you decide who should have a say? Can you have a demos without KYC?

With a small-enough online community, you can probably assume one account equals one voice. Things get complicated quickly, though. If someone asks you to reset the password for an account that’s been abandoned for years, how do you know if it’s the same person or a scammer? If your community doubles in size overnight in the middle of a governance controversy, how do you know if it’s real growth or an attempt at brigading (spamming online polls to sway the outcome)?

If you’re small, maybe you can investigate each case. But if you have millions or billions of users, how can you possibly know which accounts represent a real person with rights, versus duplicates, hackers, bots, or hostile brigades operated by a geopolitical adversary? Especially if the vast majority of new accounts are fraudulent, as I mentioned last week? If you’re a business that profits from growth and scale, do you even want to know? Advertisers and investors are paying for those big user counts. Cracking down could cost you a lot of money.

Throws up hands, walks away

I warned you that identity is complicated. It took me this entire post just to describe the current situation. The next two weeks will be high school debate style, looking at the case for and against real-world identity standards online. Then I will (finally) get to some new ideas, inspired by work of my former colleagues at Google and Harvard, that I hope might point the way to a workable path forward. See you then!

If you found this post worthwhile, could you do me a favor and share it with a friend or colleague? Hate-watching is OK, too. Thanks.

Ideas? Feedback? Criticism? I want to hear it, because I am sure that I am going to get a lot of things wrong along the way. I will share what I learn with the community as we go. Reach out any time at [email protected].

Keep Reading

No posts found

© 2025 Jonathan Bellack.

Privacy policy

Terms of use

Powered by beehiiv