Child safety • anti-racism • privacy • platform accountability

Regulate the Feed, Preserve the Public Square

A public-health and civil-rights case against Internet KYC, for serious Web2 regulation, and for cypherpunk principles as social goods.

Updated June 23, 2026 • Peer-reviewed sources are marked with in the references.

Core thesis

The case against Internet KYC should not rest on the claim that social media is harmless. It is not harmless. Cyberbullying, racist harassment, sextortion, addictive design, algorithmic self-harm spirals, sleep disruption, body-image pressure, and AI-amplified deception are real problems requiring serious regulation.

The policy error is treating those problems as an identity problem. They are primarily a platform-design and business-model problem. KYC-style age verification asks every user to prove who they are before entering major parts of the digital public square. That does not directly regulate the addictive feed, the recommender system, behavioral advertising, algorithmic amplification, adult-stranger contact, or AI companion risks.

This is not an argument for less regulation. It is an argument for regulating the machinery of harm: the feed, the recommender system, the ad model, the dark patterns, the dopamine loop, and predatory contact structures — while preserving privacy, pseudonymity, and the open Internet.

1. Shared ground: the harms are real

The starting point should be agreement: Web2 social media has become a public-health problem. The disagreement is not whether children need protection. They do. The disagreement is whether identity-gating the Internet is the correct public-health instrument.

Cyberbullying research justifies serious concern. A systematic review in the Journal of Medical Internet Research found that cybervictimization was associated with increased odds of self-harm, suicidal behavior, suicide attempts, and suicidal thoughts among young people; the review covered 26 independent studies and more than 156,000 children and young people.1 Hinduja and Patchin’s work likewise links bullying and cyberbullying involvement with suicidal ideation and suicide attempts, making it clear that online cruelty is not a trivial “speech” problem.2 A large JAMA Network Open study of more than 10,000 U.S. adolescents aged 10–13 also found cyberbullying associated with suicidality after accounting for multiple confounders.3

The youth-development concern is also real. The U.S. Surgeon General’s advisory reports that up to 95% of U.S. youth ages 13–17 use a social-media platform, more than one-third say they use social media “almost constantly,” and nearly 40% of children ages 8–12 use social media despite nominal minimum-age rules. The advisory specifically names push notifications, autoplay, infinite scroll, likes, and recommendation algorithms as design features that can encourage excessive use and behavioral dysregulation.4

The best evidence is nuanced rather than hysterical. Orben and Przybylski found that the average association between broad digital-technology use and adolescent well-being was negative but small, explaining at most 0.4% of variation in well-being.5 But later work by Orben and colleagues found developmental windows in which higher estimated social-media use predicted lower life satisfaction one year later, especially for girls around ages 11–13, boys around ages 14–15, and both sexes around age 19.6

Economic evidence also supports concern about platform welfare. Braghieri, Levy, and Makarin used Facebook’s staggered rollout across U.S. colleges and found negative effects on student mental health and academic impairment, with evidence suggesting unfavorable social comparison as a mechanism.7 Allcott and coauthors’ randomized Facebook deactivation experiment found that deactivation increased subjective well-being and offline activity, while reducing news knowledge and political polarization.8 Allcott, Gentzkow, and Song’s work on digital addiction found evidence of habit formation and self-control problems in social-media use, estimating that self-control problems accounted for 31% of social-media use in their model.9

The harm is real. The regulatory response should therefore be serious. But serious regulation means targeting the harmful exposure, not building a universal identity checkpoint.
Back to top ↑

2. Web2 is not the open Internet

A central mistake is treating “social media,” “the Internet,” and “free speech” as a single object. They are not the same thing.

The open Internet

Websites, forums, blogs, email lists, RSS feeds, libraries, archives, open-source repositories, search, small communities, public-health signals, whistleblower channels, and support networks. Its healthier forms are user-directed: one searches, subscribes, reads, publishes, leaves, and returns.

Web2 social media

Centralized, mobile-first, advertising-funded, behaviorally tracked, algorithmically ranked, socially gamified, and optimized for engagement. It does not merely host speech; it shapes attention and rewards whatever keeps users scrolling.

The metaphor matters. The open Internet is closer to a library, printing press, public square, emergency network, and bulletin board. Web2 social media is closer to a behavioral casino attached to a surveillance-advertising business model.

If the harm comes from the casino mechanics, the remedy should regulate the casino mechanics. KYC regulates the person entering the building. Product-safety regulation regulates the slot machine.

Regulate the feed, not the person. Regulate the casino mechanics, not the public square.
Back to top ↑

3. AI strengthens the need for better architecture, not identity checkpoints

AI makes the problem more urgent. It can scale persuasion, deception, personalization, deepfake abuse, chatbot intimacy, automated harassment, and behavioral targeting. It can also help audit platforms, assist moderators, detect dangerous patterns, and support human caregivers when designed with safeguards.

The lesson is not “AI is bad” or “AI is good.” The lesson is that high-power systems need institutional constraints. Bender and coauthors warned that large language models can reproduce bias, obscure accountability, and generate fluent but unreliable language at scale.10 Research on human-AI collaboration in peer mental-health support shows a better direction: AI can improve outcomes when it augments human support rather than replacing human judgment or manipulating users.11

AI also makes identity infrastructure more dangerous. A world of biometric age checks, persistent identity tokens, platform-level behavioral profiles, and AI-driven inference is not merely a privacy inconvenience. It is a machinery for automated sorting, exposure, coercion, and repression. Narayanan and Shmatikov’s de-anonymization research showed years ago that supposedly anonymized social-network data can often be re-identified through network structure alone.12 AI increases the scale and precision of those inferences.

AI should be used to audit harmful systems, improve human-led safety, detect predatory behavior, and reduce abuse. It should not become the justification for requiring every person to identify themselves before reading, speaking, organizing, or seeking help.
Back to top ↑

4. Cypherpunk principles are social goods, not antisocial loopholes

The strongest version of the anti-KYC argument is not corporate libertarianism. It is a civil-rights and public-health design ethic: do not centralize identity, surveillance, and speech control in systems that future governments, corporations, abusers, criminals, or hostile states can exploit.

Cypherpunk principles begin from a social reality: power is asymmetric. Governments, platforms, employers, schools, landlords, police departments, mobs, and abusive households often have more power than the individual speaker. Privacy tools reduce that asymmetry. They are not only individual conveniences; they are public goods that make dissent, whistleblowing, minority identity exploration, source protection, and safe help-seeking possible.

Eric Hughes’s 1993 Cypherpunk’s Manifesto begins with the claim that “privacy is necessary for an open society.” Hughes distinguishes privacy from secrecy: privacy is selective revelation, not universal concealment.13 The United Nations Special Rapporteur David Kaye reached a similar human-rights conclusion in 2015: encryption and anonymity enable people to exercise freedom of opinion and expression in the digital age and deserve strong protection.14

John Gilmore’s line that “the Net interprets censorship as damage and routes around it” captured an engineering culture of resilience, not an excuse for harassment.15 Gilmore also coauthored the peer-reviewed Journal of Cybersecurity article “Keys Under Doormats,” which warned that mandated exceptional access to communications would increase system complexity, create concentrated attack targets, and undermine security.16

Privacy by default

Protects victims, patients, whistleblowers, dissidents, closeted youth, stigmatized groups, and ordinary citizens from forced exposure.

Strong encryption

Protects everyone’s security: children, hospitals, journalists, schools, banks, activists, families, and public agencies.

Pseudonymity

Allows lawful participation without legal-name exposure, while still permitting reputation, moderation, and due-process escalation for serious abuse.

Decentralization

Reduces the power of any single platform, billionaire, regulator, or mob to determine who may speak and what may be seen.

Data minimization

Prevents platforms from collecting data they do not need, lowering breach risk, profiling risk, and abuse risk.

User agency

Supports user-chosen feeds, transparent rules, portable social graphs, appeals, and controls instead of opaque algorithmic manipulation.

A cypherpunk-informed regulatory state can be strict with platforms and protective of users at the same time. It can ban abusive conduct, regulate recommender systems, require audits, and protect children — while refusing to make identity surrender the price of civic participation.
Back to top ↑

5. “Free speech for whom?” is the right question

Free speech cannot mean unlimited reach for the powerful while the vulnerable absorb harassment. It cannot mean racism, doxxing, threats, targeted abuse, fraud, nonconsensual intimate imagery, or algorithmic amplification of lies. “Free speech at any cost” is not the argument.

The real principle is narrower and stronger:

Lawful speech should not require forced identity exposure, and harmful conduct should be punished through targeted, due-process-based rules.

Forced identification does not burden everyone equally. It burdens people who need privacy most: abuse survivors, whistleblowers, undocumented workers, LGBTQ youth in hostile homes, religious minorities, dissidents, labor organizers, stigmatized patients, journalists’ sources, and people documenting racism or police abuse.

Research supports this concern. A systematic review in JMIR found that social media can support LGBTQ youth through peer connection, identity management, and social support; anonymity, multiple accounts, audience restriction, and strategic disclosure can help youth navigate unsafe environments.17 Haimson and Hoffmann’s study of Facebook’s “authentic identity” policy found that real-name enforcement created problems for transgender and gender-variant users, drag performers, Native Americans, abuse survivors, and others whose identities did not fit a rigid administrative naming system.18

Moderation systems can also reproduce inequality. Haimson and colleagues found that transgender and Black users in their dataset experienced disproportionate content and account removals; transgender users’ removed content was often related to queer or trans issues, and Black users’ removed content was frequently related to racial justice or racism.19

So the answer to “free speech for whom?” is: for the people least able to survive forced exposure. Not for harassment. Not for racism. Not for lies. But for the vulnerable person who cannot safely speak under a legal name.

Back to top ↑

6. Why Internet KYC is the wrong policy layer

Starmer-style age assurance is often described as “KYC for the Internet.” Strictly, the UK debate is framed around age assurance, under-16 social-media restrictions, and Online Safety Act enforcement, not universal banking-style KYC for every website. But once general-purpose platforms must distinguish under-16s from everyone else, every adult must also prove they are not under 16. Age assurance becomes an identity or credential layer for major parts of digital life.

Recent reporting says the UK plan would block under-16s from major platforms such as Snapchat, TikTok, YouTube, Instagram, X, and Facebook, while excluding WhatsApp and Signal. Reported enforcement methods include facial age estimation, digital IDs, and bank verification. Critics warn that a ban may create a false sense of safety and push children toward riskier services.20 The UK is also considering whether platforms should prioritize “trusted news” in feeds and search, which illustrates how quickly age assurance, ranking policy, and state involvement in information visibility can overlap.21

Policy test KYC / broad age-gating Design-layer regulation
Question asked Who are you? What is the platform doing?
Target User identity and access. Recommenders, ads, dark patterns, contact features, and amplification.
Specificity Low. It burdens many lawful, beneficial uses. Higher. It targets the mechanisms that produce compulsive use and harm.
Privacy risk High. It normalizes identity checkpoints and verification intermediaries. Lower. It can be implemented with audits, design rules, and data minimization.
Distribution Hits undocumented people, abuse survivors, LGBTQ youth, dissidents, and people without stable documentation hardest. Improves the product environment without requiring legal-name exposure.
Tail risk Creates reusable infrastructure for censorship, surveillance, and political expansion. Creates rules for harmful product features while preserving civil-liberties guardrails.

Bad messengers do not settle the issue. A politician may invoke “free speech” opportunistically. A billionaire may use free-speech language to defend his own power. That hypocrisy should be criticized. But hypocrisy by a messenger does not make identity-gated Internet policy safe. The policy must be judged by its structure: who gains power, what infrastructure is built, who is exposed, who is chilled, and how easily the system can be expanded.

Chilling effects are empirically real. Jon Penney’s peer-reviewed study found that surveillance and legal threats can chill lawful online speech, search, and personal sharing; it also found a useful nuance, namely that targeted anti-cyberbullying laws may increase some women’s willingness to share online.22 Stoycheff’s study found that perceived surveillance can suppress expression of minority political views online.23 King, Pan, and Roberts’ study of Chinese censorship found that censorship often targets collective-action potential rather than mere criticism.24

The problem is not child safety. The problem is building an identity layer first and asking platform-safety questions second.
Back to top ↑

7. A better regulatory program: serious, targeted, and civil-liberties preserving

The alternative to Internet KYC is not laissez-faire. It is a tougher and more precise regulatory program aimed at the actual machinery of harm.

No behavioral ads to minors Non-personalized feeds by default Independent audits Anti-harassment enforcement Pseudonymity by default Privacy-preserving proofs only where necessary
Ten concrete measures
  1. Ban behavioral advertising and profiling for minors. Children should not be targeted based on inferred insecurity, sexuality, impulsivity, depression, body-image vulnerability, family conflict, or emotional state.
  2. Require non-personalized feeds by default for minors. Chronological, subscription-based, topic-bounded, or user-selected feeds should be the default; engagement-maximizing recommender systems should be opt-in and easy to disable.
  3. Restrict addictive design patterns. Limit infinite scroll, autoplay, streaks, late-night push notifications, public popularity metrics, manipulative prompts, and reward loops designed to extend use.
  4. Audit recommender systems for child harm. Platforms should have to test whether their systems amplify self-harm, eating-disorder content, sexualized content, racist content, bullying pile-ons, extremist content, or compulsive-use loops.
  5. Restrict adult-stranger contact with minors. Limit unsolicited adult DMs, child livestreaming, child discoverability, and algorithmic surfacing of minors to adult audiences.
  6. Regulate AI companions and synthetic intimacy products for minors. High-risk AI companions should face special duties around age-appropriate design, crisis escalation, dependency, sexual content, manipulation, and transparency.
  7. Provide privacy-safe researcher access. Independent researchers need audited access to platform data to evaluate harms, but under strict privacy and security constraints.
  8. Require transparent, appealable moderation for actual abuse. Threats, doxxing, stalking, sextortion, swatting, nonconsensual intimate imagery, fraud, and targeted harassment should face fast enforcement with due process.
  9. Preserve pseudonymity for lawful speech. Use reputation systems, rate limits, account history, anti-spam controls, friction, and warrant-based escalation for serious abuse — not universal legal-name exposure.
  10. Break platform lock-in. Interoperability, data portability, portable social graphs, open protocols, and user-chosen algorithms reduce monopoly power and make it easier to leave unhealthy platforms.

The EU Digital Services Act points toward some of this model: targeted-ad restrictions for children, limits on dark patterns, transparency duties, non-profiled recommender options, systemic-risk assessments, independent audits, and data access for vetted researchers.25 That regulatory direction is more promising than treating every user as an identity object.

The highest-safety policy is not necessarily the highest-surveillance policy. Safety improves when platforms collect less unnecessary data, manipulate less, expose children to fewer strangers, and make recommender systems accountable.
Back to top ↑

8. What the cyberbullying, humane-tech, and AI sources get right

The cyberbullying literature is not the enemy of an anti-KYC argument. It is part of the argument. Patchin, Hinduja, and related researchers show that online harms are real and deserve targeted intervention. Their work strengthens the case for anti-harassment enforcement, school climate work, victim support, platform accountability, and prevention — not for universal identity exposure.

The humane-technology critique also fits this framework. Tristan Harris and related critics are right that engagement-maximizing design can exploit attention, especially in young people. But that critique points toward regulating infinite scroll, autoplay, persuasive design, recommender systems, and advertising incentives — not toward making every adult and child pass through an identity checkpoint to participate online.

The AI critique fits too. AI increases the stakes of design, persuasion, misinformation, deepfakes, synthetic intimacy, and automated abuse. But the answer is not to attach every person’s legal identity to every act of online reading or speech. The answer is risk-based AI governance, content provenance where appropriate, bans on nonconsensual sexual deepfakes, liability for harmful deployments, independent audits, privacy-preserving safety tools, and human oversight.

The synthesis is: accept the harms, regulate the platforms, preserve civil liberties, and use privacy-preserving technical design as a public-health asset.
Back to top ↑

Conclusion

The best response to the current crisis is neither “free speech at any cost” nor “trust the state and platforms to identity-gate the Internet.”

Web2 social media is harmful enough to regulate seriously. But KYC is the wrong layer. The problem is not that people can speak anonymously. The problem is that a handful of platforms built engagement machines that profit from compulsive use, social comparison, harassment, outrage, racism, misinformation, behavioral profiling, and opaque recommender systems.

Cypherpunk principles should be understood as social goods: privacy, encryption, pseudonymity, decentralization, data minimization, and user agency are not ways to avoid society. They are ways to protect society from concentrated power. They help vulnerable people speak, organize, seek help, report abuse, and resist domination.

  • Protect children from Web2.
  • Protect the open Internet from identity checkpoints.
  • Punish threats, harassment, doxxing, stalking, sextortion, fraud, and abuse.
  • Preserve anonymity and pseudonymity for lawful speech.
  • Ban behavioral advertising to minors.
  • Require non-personalized feeds by default.
  • Audit recommender systems and AI companions.
  • Restrict infinite scroll, autoplay, manipulative notifications, and dark patterns.
  • Limit adult-stranger contact with minors.
  • Give users appeals, transparency, and control.
  • Break platform lock-in.
Do not sacrifice the open Internet because Web2 was allowed to become an unregulated behavioral casino for children.

More directly: regulate the thing actually harming children — the feed, the recommender system, the ad model, the dopamine loop, the AI companion product, and predatory contact structures — not the legal identity of every person who wants to speak, read, organize, research, dissent, or seek help online.

Back to top ↑

References

indicates a peer-reviewed journal or conference publication.

  1. John, A., et al. “Self-Harm, Suicidal Behaviours, and Cyberbullying in Children and Young People: Systematic Review.” Journal of Medical Internet Research, 2018. https://www.jmir.org/2018/4/e129/
  2. Hinduja, S., & Patchin, J. W. “Bullying, Cyberbullying, and Suicide.” Archives of Suicide Research, 2010. DOI: 10.1080/13811118.2010.494133.
  3. Arnon, S., et al. “Association of Cyberbullying Experiences and Perpetration With Suicidality in Early Adolescence.” JAMA Network Open, 2022. https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2793627
  4. U.S. Surgeon General. “Social Media and Youth Mental Health: The U.S. Surgeon General’s Advisory.” 2023. https://www.hhs.gov/sites/default/files/sg-youth-mental-health-social-media-advisory.pdf
  5. Orben, A., & Przybylski, A. K. “The association between adolescent well-being and digital technology use.” Nature Human Behaviour, 2019. https://www.nature.com/articles/s41562-018-0506-1
  6. Orben, A., et al. “Windows of developmental sensitivity to social media.” Nature Communications, 2022. https://www.nature.com/articles/s41467-022-29296-3
  7. Braghieri, L., Levy, R., & Makarin, A. “Social Media and Mental Health.” American Economic Review, 2022. https://www.aeaweb.org/articles?id=10.1257/aer.20211218
  8. Allcott, H., Braghieri, L., Eichmeyer, S., & Gentzkow, M. “The Welfare Effects of Social Media.” American Economic Review, 2020. https://www.aeaweb.org/articles?id=10.1257/aer.20190658
  9. Allcott, H., Gentzkow, M., & Song, L. “Digital Addiction.” American Economic Review, 2022. https://www.aeaweb.org/articles?id=10.1257/aer.20210867
  10. Bender, E. M., Gebru, T., McMillan-Major, A., & Mitchell, M. “On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?” ACM FAccT, 2021. DOI: 10.1145/3442188.3445922.
  11. Sharma, A., Lin, I. W., Miner, A. S., Atkins, D. C., & Althoff, T. “Human-AI Collaboration Enables More Empathic Conversations in Text-based Peer-to-Peer Mental Health Support.” 2022/2023. https://arxiv.org/abs/2203.15144
  12. Narayanan, A., & Shmatikov, V. “De-anonymizing Social Networks.” IEEE Symposium on Security and Privacy, 2009. https://arxiv.org/abs/0903.3276
  13. Hughes, E. “A Cypherpunk’s Manifesto.” 1993. https://www.activism.net/cypherpunk/manifesto.html
  14. United Nations Human Rights Council. David Kaye, “Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression,” A/HRC/29/32, 2015. https://documents.un.org/doc/undoc/gen/g15/095/85/pdf/g1509585.pdf
  15. Quote Investigator. “The Net Interprets Censorship as Damage and Routes Around It.” https://quoteinvestigator.com/2021/07/12/censor/
  16. Abelson, H., Anderson, R., Bellovin, S. M., Benaloh, J., Blaze, M., Diffie, W., Gilmore, J., et al. “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications.” Journal of Cybersecurity, 2015. https://academic.oup.com/cybersecurity/article/1/1/69/2367066
  17. Berger, M. N., et al. “Social Media Use and Health and Well-being of Lesbian, Gay, Bisexual, Transgender, and Queer Youth: Systematic Review.” Journal of Medical Internet Research, 2022. https://www.jmir.org/2022/9/e38449/
  18. Haimson, O. L., & Hoffmann, A. L. “Constructing and enforcing ‘authentic’ identity online: Facebook, real names, and non-normative identities.” First Monday, 2016. https://firstmonday.org/ojs/index.php/fm/article/view/6791
  19. Haimson, O. L., et al. “Disproportionate Removals and Differing Content Moderation Experiences for Conservative, Transgender, and Black Social Media Users.” Proceedings of the ACM on Human-Computer Interaction, 2021. https://oliverhaimson.com/PDFs/HaimsonDisproportionateRemovals.pdf
  20. The Guardian. “UK under-16s social media ban: how will it work?” 2026. https://www.theguardian.com/uk-news/2026/jun/15/uk-under-16s-social-media-ban-how-will-it-work
  21. Reuters. “UK considers forcing social media firms to prioritise trusted news.” 2026. https://www.reuters.com/legal/litigation/uk-considers-forcing-social-media-firms-prioritise-trusted-news-2026-06-22/
  22. Penney, J. W. “Internet surveillance, regulation, and chilling effects online: a comparative case study.” Internet Policy Review, 2017. https://policyreview.info/articles/analysis/internet-surveillance-regulation-and-chilling-effects-online-comparative-case
  23. Stoycheff, E. “Under Surveillance: Examining Facebook’s Spiral of Silence Effects in the Wake of NSA Internet Monitoring.” Journalism & Mass Communication Quarterly, 2016. https://journals.sagepub.com/doi/10.1177/1077699016630255
  24. King, G., Pan, J., & Roberts, M. E. “How Censorship in China Allows Government Criticism but Silences Collective Expression.” American Political Science Review, 2013. https://gking.harvard.edu/publications/how-censorship-china-allows-government-criticism-silences-collective-expression
  25. European Commission. “The Digital Services Act package” and “Very Large Online Platforms and Search Engines.” https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package and https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops
  26. Barlow, J. P. “A Declaration of the Independence of Cyberspace.” Electronic Frontier Foundation, 1996. https://www.eff.org/cyberspace-independence
  27. Moore, A., et al. Study of anonymity, pseudonymity, and real-name commenting using Huffington Post comments. Political Studies, 2020. DOI: 10.1177/0032321719891385.