I did not get into digital identity because it was fashionable, profitable, or technically interesting. I got into it because of my children.
The moment that crystallised it for me was disarmingly ordinary. My son came to me one afternoon and said, "Hey, Dad, Roblox wants to take my photo to prove my age."
I remember reacting instinctively. No analysis. No debate. Just a clear, immediate response: no. Do not turn on your camera. Do not upload anything. Stop.
Not long after, my older son came to me with a similar question. He wanted to join a Fortnite competition and had been told he might need to provide a copy of his passport to prove his age. Again, the same alarm bells. A child being asked to expose permanent identity documents just to participate online did not feel like protection. It felt like something had gone badly wrong.
At the time, these felt like isolated incidents. But they were not. Once I started paying attention, the pattern was everywhere.
I was being asked to complete additional KYC checks for professional platforms. Friends were being asked to verify their age on social media. Online forums were discussing workarounds, VPNs, and ways to avoid uploading documents. At the same time, governments were discussing banning VPNs, characterizing them as tools for wrongdoing rather than what they actually are for most people: a basic layer of online privacy and protection.
What became clear very quickly was that we were not solving problems anymore. We were shifting risk.
I fully support protecting young people online. Children should not be exposed to adult content. They should not be mixing freely with adults in unmoderated spaces. Grooming, exploitation, and abuse are real problems that demand serious solutions.
But asking children to upload identity documents, capture biometric data, or permanently link their real-world identity to online activity is not a serious solution. It creates lifelong exposure in the name of short-term compliance. Once biometric data or identity documents are captured, they cannot be recalled. They cannot be reset like a password. The risk follows that person forever.
The same logic applies to adults. Over time, we have been conditioned to accept identity requests as the price of convenience. Click yes. Upload a document. Take a selfie. Move on. But consent given under pressure, fatigue, or lack of alternatives is not meaningful consent at all.
What troubles me most is that this did not happen because of malice. It happened because technology progressed more rapidly than governance. The internet scaled. Platforms grew. Data became valuable. Regulation arrived late, was often written by people without a profound knowledge of the systems they sought to control, and was frequently influenced by the very companies that benefited most from data collection.
Convenience became the justification for overreach. Protection became the excuse for exposure.
We can build digital identity systems that protect people without exposing them. That reduces risk instead of redistributing it. That earns trust rather than demands it.
I care about this because the consequences are real, permanent, and human. And because if we do not get this right now, we will spend decades trying to undo the harm.
Kayne Brennan
CEO of Zekret Labs