If you live in the UK, you have probably met one of them by now: a page that will not load until you prove how old you are. Upload a photo of your passport, let an algorithm estimate your age from your face, or confirm your identity through a third-party verification firm you had never heard of ten seconds earlier. Since the Online Safety Act's age-assurance duties began to bite, these checks have been spreading well beyond the sites the headlines were written about.
Let us say the fair thing first: the goal is legitimate. Keeping children away from genuinely harmful material is a reasonable aim, and the people implementing these rules are mostly trying to comply with the law, not to build surveillance for its own sake. This is not a post telling you the sky is falling. It is a post about a quieter, duller problem: what all this verification does to the amount of identity data sloshing around the internet.
Every check creates a copy
An age check is never just a yes-or-no answer that evaporates afterwards. Somewhere, a system processed your document, your face, or your credit record, and produced a result that had to be linked to something - a session, an account and, very often, an email address. Multiply that by every site that must now ask, and by the handful of verification providers most of them share, and you get a growing set of databases that connect real legal identities to online activity.
Each of those databases is run by people doing their best. Each is also a single point of failure. We do not have to speculate about what happens next, because breach history is not on anyone's side: data that exists long enough, in enough places, eventually leaks. The most reliable way to protect data has not changed in decades - do not collect it, or fail that, collect as little as possible and delete it quickly.
Where email fits in
Your email address is the closest thing the internet has to a national insurance number. It is the join key. A verification record here, a shopping profile there, a forum account somewhere else - separately they are fragments; matched on the same email address, they become a dossier. That is precisely how data brokers assemble profiles today, entirely legally, from sources that each looked harmless on their own.
So as more of British online life gets an identity layer bolted on, the discipline that matters most for ordinary people is unglamorous: stop using one address for everything. Compartments work. An alias for shopping, another for forums, a relay address for one-off checkouts - fragments that never share a join key cannot be joined.
Try Scroogle Mail
Unlimited aliases on Plus, tracker blocking by default, and a provider that keeps access logs for three days, not three years. From £2.99 a month.
Create your addressWhat we do about it, concretely
We are an email company, so our contribution is to be the part of your digital life that hoards the least. Scroogle Mail does not ask for your identity to open a mailbox. Your messages are stored zero-access, encrypted with keys derived from your password, so the content cannot be read, sold, scanned or subpoenaed into usefulness by anyone - including us. Access logs are kept for three days and then destroyed. What we can be compelled to produce under Swiss legal process, and how often anyone has tried, is counted in our annual transparency report rather than left to your imagination. The full detail is in our privacy policy - it is written to be read, not to be scrolled past.
None of that exempts us from the law, and we will not pretend otherwise; Swiss courts can order what Swiss law allows. The point of minimal data is different: when the honest answer to "what do you hold about this person?" is "almost nothing", every failure mode gets smaller - the breach, the rogue insider, the over-broad request, all of it.
A habit worth building now
The age-verification rollout will keep evolving, and some of its rough edges will get sanded down. The data-collection creep underneath it will not reverse on its own - creep never does. You do not need to be angry about it. You just need to be slightly harder to join up: separate addresses for separate contexts, a provider that cannot read your mail, and a healthy suspicion of any form that asks for more than the task in front of you requires.
Your inbox is the index of your life. Whoever holds the index should know as little as possible about the book.