By Marcus Coetzee, 26 June 2026
A few months ago, Facebook suspended my account and claimed I broke the terms of service. I post about birds, nature and the occasional hillwalking photo, to about fifty friends, roughly once a week, for five years. I also post photos of cups of coffee. When I appealed, Facebook offered to reactivate my account on the condition that it could take a 3D scan of my face.
I refused. I would rather lose five years of online interactions than hand my biometric data to a company with Meta’s track record. I find this idea of linking facial scans to social media accounts to be ominous. It was also a good incentive to let go of Facebook, as I’ve done with other platforms like Instagram and Reddit, which had become too addictive and were wasting my time. But this event also highlighted an emerging pattern worth describing.
1. The pattern of increasing digital control and surveillance
Here are some components of this pattern I’ve noticed, either through my cybersecurity studies last year or through paying attention to what’s happening around me. I tend to notice and obsess a bit about patterns, as I’ve outlined in my recent neurodivergence essay.
Each piece of policy sounds reasonable on its own and is marketed as being good for society. But when combined and put into the wrong hands, it can create something very dystopian. I’m wary because I believe that all governments, regardless of ideology, have a tendency to accumulate power and control, and to embed decision-making in the organs of state rather than in democratic processes, and therefore need to be kept in check. I saw how the state gained and maintained power while living in South Africa during Apartheid, and I see similar sentiments gradually taking hold in Western countries in a way that concerns me.
The UK has announced it will bar under-16s from major social platforms from early 2027, with adults required to verify their age through some form of age verification or age assurance, such as an ID upload or facial scan, to prove they are not a child. While the first part seems attractive, it is the second part that worries me.
Furthermore, Australia’s under-16 ban is already in force, and a peer-reviewed study published in the British Medical Journal on 25 June 2026 found it has made no meaningful difference to teenagers’ behaviour. Daily social media use stayed the same among 12-13 year olds, and only dropped modestly among 14-15 year olds. Most users were still on their own accounts, and 66% of them had already been asked to verify their age by the platforms and found a way around it anyway. The system failed to achieve what it set out to do, at the expense of increased state control.
California now requires operating systems to collect and pass on a user’s age at setup, though mainstream Linux distributions have won a court exemption for now. I fear that this operating-system-level channel can be adapted for more nefarious purposes since it is the foundation on which other software runs. It also seems a good time for me to learn how to use Linux again.
A surveillance bill currently before the Canadian parliament gives police and intelligence services expanded power to compel telecoms and service providers to identify users and hand over data – these powers are so extensive that they have gained international attention.
The UK government is also moving toward restricting VPNs. In January 2026, the House of Lords voted to ban VPN provision to under-16s as part of the Online Safety Act. On 16 June 2026, Technology Secretary Liz Kendall told the BBC that the government would make further statements on VPNs in July 2026. The minister responsible has stated there are currently no plans for a general VPN ban, but a government consultation specifically asked whether children’s access to VPN services should be restricted. This is moving fast, and in one direction. Millions of Britons downloaded a VPN the moment age verification started creating friction last year, and now the government is discussing whether to age-gate VPNs too. I think it’s unlikely that the government will be able to enforce this without borrowing tactics from authoritarian regimes, since there are several workarounds, and people will simply move to less regulated VPNs. Even the Mozilla Firefox browser now comes with an in-built VPN – a new feature it introduced in early 2026.
Then there’s Apple. In January 2025, the Home Office reportedly ordered Apple to provide access to encrypted iCloud backup data for any Apple user worldwide. Apple refused and withdrew its Advanced Data Protection feature from the UK entirely. The law bars Apple from even confirming the order exists. Critics describe the demand as a backdoor into encrypted data. The government returned in September 2025 with a narrower version targeting only British users. Apple is still fighting it in court. Even the White House got involved, with Trump comparing the UK to China.
Palantir is another company starting to get on people’s radar in the UK, most recently due to its high-level business partnership with Tony Blair. It is a US data analytics company, founded by Peter Thiel, that built its early business helping the CIA and NSA make sense of surveillance data. The UK government has quietly become one of its largest customers, with contracts across the NHS, the Ministry of Defence (MoD), the police, and the Financial Conduct Authority. An investigation by The Nerve in February 2026 identified at least 34 contracts worth a minimum of £670 million, and that figure predates the £240 million MoD contract signed in December 2025, bringing the documented total to over £900 million, with the true figure likely higher as multiple contracts remain heavily redacted. The £240 million MoD contract was awarded by direct award without any competitive tender. Questions were raised in Parliament about the role of Peter Mandelson, then UK ambassador to the US, whose firm had Palantir as a client. Palantir is slowly piecing together a picture of British institutional data that no single government department has ever had on its own.
Canada is experiencing similar dynamics with Palantir. I recently read how the Canadian government made over a dozen secret amendments to a Palantir military contract, spending tens of millions with barely any public scrutiny.
Thirteen of the 43 UK police forces were using live facial recognition cameras in public spaces as of March 2026, according to a UK Parliament briefing, with the Home Office announcing plans in January 2026 to purchase 40 new Live Facial Recognition (LFR) vans to expand to every regional force in England and Wales. Civil liberties groups warned this amounted to treating everyone as a potential suspect, but the rollout continued anyway.
None of this is new in isolation. The Five Eyes alliance, consisting of the US, UK, Canada, Australia and New Zealand, has shared signals intelligence for decades. What concerns me is that the same infrastructure increasingly affects ordinary domestic users, built into the everyday platforms and devices people use without thinking.
The UK’s own digital ID scheme fits the same picture. On 26 September 2025, Starmer announced it as mandatory for anyone seeking work, and as a mechanism for improving government efficiency, since it can serve as a unique identifier to link all government databases together. Nearly three million people, including myself, signed a petition against it. By January 2026, the mandatory element had been dropped following significant public and political backlash, making it voluntary, for now at least. One of Starmer’s own Labour MPs put it plainly during a parliamentary debate in December 2025: the real fear is that we are building an infrastructure that can follow us, link our most sensitive information, and expand state control over all our lives. I’m not being partisan in my concern; I’m worried about the infrastructure that a future government can harness if it decides to be oppressive.
AI is the accelerant in all of this. It helps bridge the limitations of each system. A facial recognition camera can only match what its algorithm sees. A database can only work with the data that was put into it. An age check can potentially only link one identity to one account on a platform. But AI can reduce some of those practical limitations, connecting systems that were never designed to talk to each other and finding patterns across data that can be used to profile people and segment the population in ways that were never explicitly authorised. The gap between an age check and a behavioural profile closes very fast when AI is sitting on top of the datasets and gets given the mandate it needs.
All of this is in the open, and you’re welcome to verify it. It is law, or proposed law, written up in the newspapers and discussed on social media platforms. An increasing number of people, especially in privacy and cybersecurity circles, are starting to notice the full pattern and are surprised at how rapidly it has started to come together, especially over the past six months.
2. Governments are mostly learning from each other rather than conspiring
I’ve heard many people talk about a plot or a conspiracy, but I think that is unlikely, since it would involve more explicit coordination and secrecy than is the case. More likely, governments are sharing ideas and learning from each other and experiencing similar incentives.
I also think it’s something closer to a nervous system twitching in reaction to events and trends. Governments can feel how much power and influence have moved to platforms they can’t control or see inside of. These platforms enable people and factions to share and multiply points of view that the government would rather not have in circulation. There is also the prospect of increased social unrest in the UK, a topic for a future essay, which may increase pressure on governments to seek greater control over information flows to try to maintain stability.
Tech companies have a separate reason for wanting the same thing. Knowing exactly who a real person is, rather than a bot or a duplicate account, is worth money to them. The Dead Internet Theory – a controversial and largely unproven theory – hypothesises that the bulk of internet activity consists of bots, but the commercial incentive to identify real users is well documented, regardless of whether you find that specific theory convincing. Tech companies want to profile their users more effectively across platforms, targeting advertising and selling their information to other companies. None of this is new. It’s how these platforms openly make their money while providing free services. Remember the saying: “If something is free to use, then you’re the product.”
These are two different appetites with a common interest in laying down the same monitoring and surveillance infrastructure.
3. Managing children’s access to the internet
I’ll say plainly that I think children should not have unrestricted access to the internet. I don’t think anyone seriously argues otherwise. However, I disagree on the means to ensure this.
Raising a child involves teaching judgment, setting limits, and passing on values. This has always been the parents’ job. I’ve spoken to parents who feel that this job is being lifted out of their hands, replaced by school policy and practices. I asked my barber, a working-class, wise and forthright Glaswegian woman, about why so many parents seem to be abdicating their power to schools. She said something profound: it isn’t just that some parents have stopped parenting, but that the government has made it harder for the ones who are being proper parents. Rules and liability worries can crowd out a parent’s own authority over their own child.
There’s a simpler problem to consider. I don’t think these policies will work to regulate children’s behaviour without adopting the control strategies used by China, Russia, North Korea, Iran and Pakistan. I asked my young nephew about it amidst our conversations about anime and graphics cards. He is a bright teenager with a good set of values. He told me plainly that kids are cleverer than governments think, and that he already knows more about the internet than his parents do. It isn’t only the unsupervised kids who get around these walls.
A good upbringing doesn’t make a child less curious or less capable; sometimes it’s the opposite. A curious and enterprising child will always be able to find forbidden things on the internet, regardless of their upbringing or government controls. And if one kid figures out how to work around a technological control, by the end of the school day, every kid has learned the same trick. It’s like they have a hive mind, a collective intelligence.
The answer is for parents to impart moral values and a good sense of judgment that helps a child determine a healthy response to the things they will inevitably find in the dark corners of the internet. The same applies to information. I believe it’s impossible to regulate news, so it’s important to teach discernment. We can’t pretend that the internet doesn’t exist, or that a Western government can control all aspects of it, though they may certainly try. For example, the UK government has recently been discussing a Green Paper, recently published in June 2026, that wants to force social media companies to prominently display “reliable” and “trusted” news sources that the government has approved as sending the “right” message.
My own life backs the tendency for teenagers to hide things from their parents. My parents banned me from playing Dungeons and Dragons in 1985 during the great Satanic Panic that gripped the world. But I have rarely missed a week since. I even managed to play a few games on guard duty in the army. My father still doesn’t know that I play, forty years on. Banning it didn’t change my interests or habits. It just sent it underground, and underground turned out to be a place I could sustain indefinitely. I fully expect to be playing roleplaying games with my friends into my retirement.
I don’t think today’s teenagers are any different. The only change is that they will move into less moderated corners of the internet. There is also a deeper problem. Infrastructure built to protect children doesn’t stay pointed at children. A future government inherits the same tools and gets to decide what else to do with them.
4. The kind of digital control I’d be more likely to support
None of this means I think every form of control is wrong. There definitely needs to be limits on the darker elements of the internet, and efforts to protect the vulnerable without encroaching too much on everyone’s freedoms.
Apple just previewed a proper overhaul of its parental controls, due this autumn in 2026. This includes a Child Account, which a parent sets up and controls. Approval needed before a child can visit a new website or add a new contact. Nudity and violent content are blocked by default in Messages and FaceTime for anyone under 18. That’s control placed into a parent’s hands, over their own child’s own device. Nobody has to scan their face or upload a passport to make it work.
Norway just went further. From August 2026, generative AI will be banned outright for primary school pupils, with supervised use only from age fourteen. The Prime Minister’s reasoning was simple: children need to learn to read, write and count before they learn to lean on a machine for it. Norway banned phones from classrooms back in 2024, and a study of over four hundred schools found that bullying dropped and grades went up. Sweden is following with its own phone ban this autumn, after watching reading and writing scores fall through the years when it let screens into every classroom. Finland and Denmark are doing much the same.
These are a much better way of controlling the internet’s influence on children. A school should decide what happens inside its own classrooms, and a parent should decide what happens on their own child’s phone. These controls should be applied by the people actually responsible for the child, not an abstraction like the government, which has a range of other priorities.
These strategies are a world away from a government deciding that every adult in the country needs to prove their identity before they’re allowed to read the news or talk to their friends, and then, if they say something the government doesn’t want them to say, the police might even rock up at their door to have a chat.
This all reminds me too much of Apartheid, where I was even cautioned for chatting casually with black people in a public space in a conservative town. My first job in the charity sector was with the Urban Monitoring and Awareness Committee, which monitored police actions during Apartheid and created an official record to be submitted to parliament to openly expose what was happening. After the end of Apartheid in 1994, the charity also became involved in mediating conflict between factions, including the security services, minibus taxi associations, local gangs and underground paramilitary units. There were even times when we climbed around the rafters with torches to check whether the police had bugged the office, since this had happened before. We were also careful about what we said on the phones. While I joined at the tail end of this period in history in 1996, it nevertheless opened my eyes to how an authoritarian government can intimidate people and control discourse. And remember, this was before the internet was widely in use, and before sophisticated tools such as AI existed.
5. How I’m borrowing ideas from the 1990s to protect myself
I’ve been looking at how cybersecurity experts, privacy advocates, and open-source communities are changing their computing setups. Their strategies remind me of the 1990s, and there’s a reason for that.
The early internet I experienced in that decade worked differently. Files lived on your machine, not in the cloud. They belonged to you, were easy to organise, and you could open them with whatever app you wanted. Programs were modular. In other words, you could move them around without the kind of deep system installation we have today. You backed things up to floppy disks. You ran your own blog on your own domain, or hosted it on a platform like Blogspot. Discussion happened on Usenet, a decentralised set of boards with no central owner and no algorithm deciding what you saw. People chatted on IRC. Computers were things you switched on and off and left at home. They weren’t in your pocket, and you weren’t married to them.
There were frustrations, I’ll admit. Slow dial-up speeds, expensive phone bills, clunky devices, low-resolution screens, software with limited functionality, and encryption existed but were far less common and accessible than it is today. Synchronising anything between devices was a headache. I’m not pretending it was a golden age, but I really like the relative simplicity of available technology since it freed my mind to focus.
Then came twenty years of a different model. A handful of companies, paid by advertisers, built platforms designed to harvest your attention and your data. They borrowed ideas from the gambling industry to build feeds that kept people scrolling. The algorithms, whether by design or accident, started to push people toward more extreme content and polarise their views. Many of these platforms sold personal data to third parties. Apps took control of your files and locked them into proprietary systems on the backend of your device, hidden from you. Governments realised they could access personal information held by these platforms and built the legal frameworks to do so. Then AI arrived as an accelerant across all of it.
Most of us have got used to it. We forgot there had ever been another way, unless we were old enough to remember doing things differently.
This past week, I’ve started doing things differently again. I moved sensitive files off the corporate cloud storage onto drives I own. I encrypted my laptop. I started shifting to email and messaging that isn’t owned by a company that will profile me, harvest my data, or hand it over on request. I started exploring Linux again, which I’ve used before. I looked at decentralised discussion groups that work a lot like the old Usenet forums. I found open-source communities worth joining locally.
None of these tools is new or special. I’ve simply started moving my computing life outside the proprietary systems that have been quietly taking control of it. I’m not the first person to do this, and I won’t be the last.
6. Conclusion
Most people are aware of at least one piece of this pattern, but haven’t yet connected them together. This essay has tried to do that.
The infrastructure being built right now is amoral. Age verification, digital ID, facial recognition, and data analytics all have legitimate uses, and they are marketed as such. The problem is that infrastructure, once built, tends to outlast the intentions of the people who built it. A future government with different values inherits the same pipes, the same databases, and the same legal frameworks. They don’t need to build anything new. They just need to decide how to use what’s already there to increase their surveillance and control over what you think and say.
I lived through a version of this in South Africa, though the Apartheid government lacked the sophisticated tools available today. Nevertheless, it implemented extensive monitoring systems which, combined with police intimidation, served to control and silence its critics.
I care deeply about the wellbeing of children, but I believe they are better protected by parents who are present and engaged than by governments building infrastructure that will outlast its original purpose.
For me, the practical response has been to quietly take back control of my own digital life. I’ve moved my files onto hardware I own. I’ve been migrating to platforms that don’t monitor or profile me, report back to anyone, or target me with advertising. I’ve been thinking more carefully about generic file formats and open-source alternatives to the software I use. I do an intuitive risk assessment of everything I put online, balancing the need to express myself and help others with the need to protect my privacy and career. Along with my mechanical keyboard, which I love, all of this has been reminiscent of the 1990s.
The big catalyst for this essay was Facebook wanting me to do a face scan. That crossed a line. Your line might sit somewhere else. But it’s worth knowing where it is since someone will inevitably ask you to cross it.