The UK’s so-called Online Safety Act, promoted as a safety net for children, was launched with all the foresight of a banana, leaving a wealth of identifiable information exposed to anyone with a link.
Not only does the breach underline how words are cheap, but it’s also an indictment of the UK’s Online Safety Act, a law that promises safety but creates data honeypots for hackers.
Far from shielding anyone from harm, Digital IDs are 21st century snake oil – luring users into a false sense of security whilst exposing them to real-world harm.
This is the grim reality of platforms treating user data as a commodity. The obvious solution?
Don’t collect the data to begin with.
Safety’s Mask: The Surveillance Trap
The Tea app is one of many examples. It cloaks its data hunger in the rhetoric of proteciton. Its “verification” process, pitched as a bulwark against abuse, required users to surrender sensitive data—selfies, government IDs, and even location data—under the guise of safety.
This seductive assurance is a sleight of hand, obscuring opaque practices that treat all data as a commodity to be bought and sold, with security as an afterthought at best.
These practices are not innocent oversights but deliberate choices, elevating corporate interests above user trust, rendering “safety” a synonym for surveillance.
The KYC Delusion: Another False Promise of Security
The Tea app’s failure illuminates a broader, insidious shift: the internet’s creeping demand for identity as the price of access. Know Your Customer (KYC) mandates now infect social platforms, forums, and dating apps, far beyond their financial roots.
We’re fed the lie that verification equals safety, that surrendering IDs and selfies guards against chaos. Yet this promise crumbles under modest scrutiny. Centralised databases are breached regularly, IP logs are weaponised, and photos meant for fleeting checks are immortalised on the dark web.
True safety demands a radical rethink: reject the surveillance fetish, embrace pseudonymous systems, and decentralise data to dismantle gatekeepers who barter access for identity.
Equating KYC with security isn’t just flawed; it’s a deep betrayal of a free and open internet.
As Naomi Brockwell notes in this brilliant piece, the idea that “data will be deleted” is pure fiction. Betrayal is the state of play. Companies routinely collect high-risk personal information with vague promises and false assurances, only to routinely go back on those assurances.
And on the off-chance that there’s actual follow-through, temporary storage is still storage.
Users would be far safer if these databases never existed.
Dismantling the Honeypot
To reclaim a safer internet, we must reject the gospel of KYC and its honeypot pipelines. The solution is not tighter security for bloated databases but a radical refusal to collect data at all.
Pseudonymous systems, decentralised platforms, and minimalist data practices offer a path forward, freeing users from the tyranny of identity-as-access.
The Tea breach and the Online Safety Act are not mere failures; they are symptoms of a deeper malaise—a reckless faith in surveillance as salvation.
To protect users, we must demand systems that prioritise privacy over profit, dismantling gatekeepers who barter trust for control. Until then, every ID collected is a vulnerability waiting to be exploited, and every promise of safety is snake oil peddled to the unsuspecting.
If you found this article useful, consider sharing it.
