SCI/TECH

CHAT CONTROL V. – Why and How to Resist the Identified Internet (last article not being satire here)

The familiar response to privacy concerns is that people who have done nothing wrong should have nothing to hide. That argument reverses the intended dynamics between the individual and the state. Citizens are expected to trust governments, technology companies and verification contractors with increasingly sensitive identity data, although all of them have demonstrated that their systems can be breached, misconfigured or exploited.

vlgr 11 reads 6 min read
CHAT CONTROL V. – Why and How to Resist the Identified Internet (last article not being satire here)

Distrust is Rational


Recent incidents show that even major institutions and critical service providers repeatedly lose control of identity-related data.

  • The European Commission suffered two separate breaches in 2026, with attackers accessing cloud systems and government infrastructure.
  • In late 2025, Eurail, the operator of the popular Interrail and Eurail passes, had the data of over 300,000 travellers stolen, including passport numbers and other government-issued identifiers.
  • Larger in scale, the 2024 Change Healthcare ransomware attack exposed medical records, insurance details and identity data of nearly 193 million people in the United States.
  • India’s Aadhaar biometric identity system, covering more than a billion citizens, has suffered multiple leaks over the years, while platforms such as Facebook have seen hundreds of millions of user profiles scraped and published.
  • Corporate breaches like Adobe’s 2013 incident, which compromised 153 million customer records, follow the same pattern.
  • Microsoft disclosed in 2023 that attackers had forged authentication tokens and gained access to email accounts belonging to government agencies and related individuals.
  • Google shut down its consumer Google+ service after API defects exposed private profile information, while Adobe’s 2013 breach compromised customer identities, encrypted passwords and payment-related information.


Identity systems make the consequences of failure more serious because the leaked information - identity documents, age credentials, device identifiers and records of online activity, etc - become valuable targets for criminals, hostile elements, intelligence services and insiders.


Refusing to hand over unnecessary personal data is therefore not paranoia, hostility to technology or evidence that someone intends to commit a crime, but a rational response.

The safest identity database is still the one that was never created.


What to do?

No single tool or setting can solve the structural problem. The realistic response is therefore narrower: reduce the amount of identifiable data that accumulates in one place, keep unrelated activities from being linked, and maintain practical control over the devices and software that generate signals about you.


Compartmentalise Identified and Private Activity

Most people cannot avoid identified accounts. Banking, employment, taxes, contracts and many official services require real identity and payment details.

The problem is not the existence of these accounts. It is the assumption that every other activity - reading, research, political interest, medical questions, private conversations - should take place inside the same environment.


Maintain a normal, identified setup for what actually requires it. Keep everything else separate.

Use different email addresses, browser profiles/browsers and user accounts for subjects you do not want connected to your legal identity, payment history or social graph.

Refuse to build a single, permanent dossier of lawful behaviour that can later be searched, leaked or reinterpreted.


Universal login systems make separation harder by design. Avoid them wherever possible. Do not hand over telephone numbers, recovery addresses or payment methods simply because a platform requests them. Disable or delete advertising identifiers at the operating system level where the option exists.


Device Attestation Is the Real Escalation

The next layer of control is the cryptographic proof that your device and operating system are approved.

Linux does not make a user anonymous. It reduces dependence on a single company that can link the operating system, application distribution, cloud services and advertising identity into one controlled environment.

On phones the options are narrower, but projects such as GrapheneOS show that it is still possible to run mainstream services without granting them privileged system access.

Supporting open-source software and independent operating systems is therefore not only a technical preference. It is a way to keep exit options open before device attestation becomes a widespread condition for ordinary access.


Tools Have Limits

A VPN hides your IP address from websites and your internet provider. It does nothing against browser fingerprinting, account tracking or software running on the device itself. It is useful for bypassing simple geoblocks and reducing what your local network can see, but it does not create meaningful separation if you remain logged into identified accounts.


Tor Browser is designed for a different threat model. It attempts to make users look alike and conceals their origin from the destination. It is appropriate when the goal is to prevent a specific activity from being linked to a persistent identity. Logging into a real-name account inside Tor largely defeats that purpose.


End-to-end encryption still protects messages in transit from service providers and network observers. It does not protect against compromised devices, spyware or operating systems that can read content before encryption occurs. Strong device security and careful permission management remain necessary alongside encryption.


Cookies are no longer the dominant tracking method!

Third-party cookies are being phased out, and fingerprinting + account login are stronger, but they still matter for two reasons:

  • They help connect activity across sites when you’re logged in or have persistent cookies.
  • They’re one of the easier things to compartmentalise with relatively low effort.
  • They have brought us that annoying banner.


Reduce Dependence on Concentrated Platforms

Email, search, discussion and publishing do not technically require the largest platforms.

They have become concentrated there because those services already contain the audiences and material people want to reach.

Independent email providers, search engines, forums, websites and self-hosted services reduce reliance on the systems that profit most from connecting everything.


Information that exists only inside one platform can disappear without notice.

Keep important documents, research and publications in local, open formats (like this page is trying to do).

Direct subscriptions and independent sites allow creators to reach readers without algorithmic approval - if you find these, use them.


Technical Measures Are Not Enough

Compartmentalisation, encryption, Tor and independent operating systems can reduce exposure.

They cannot recreate rights that the legal system has removed.


If major services are required to reject users or devices that do not provide approved identity, technical workarounds become increasingly fragile.


Supporting and recommending working alternatives is one of the few things individuals can still meaningfully do.


Privacy Is Not an Admission of Guilt

The claim that people with nothing to hide have nothing to fear reverses the proper relationship between the individual and the state.

A person does not need to prove innocence before being allowed a private conversation, an unread search or an anonymous political opinion. The authorities must demonstrate a specific, lawful reason before they may connect those activities to a legal identity.


The absence of privacy does not only expose wrongdoing. It changes behaviour in advance.


When people assume that their searches, associations and conversations may later be examined outside their original context, they avoid difficult subjects, stop asking certain questions and withdraw from movements long before any formal prohibition appears.

That self-censorship is not a side effect of an identified internet.

It is one of its central intended functions.


A free society is not one in which innocent people are permitted to hide crimes.

It is one in which ordinary people are not required to expose their entire lives in order to prove they have committed none.


Dear reader, if you made it this far, thank you. Go get yourself an ice cream.

You’ve earned it <3

This is a satirical piece. vlgr is not a real news outlet - it's parody and exaggeration for entertainment purposes only.
Share: X / Twitter