By Cliff Potts, CSO, and Editor-in-Chief of WPS News

Baybay City, Leyte, Philippines — June 18, 2026, 17:35 PHST

One of the most effective control surfaces on the modern internet is identity. What began as a narrow technical requirement—verifying that a user or system is authorized to perform a specific action—has expanded into a persistent mechanism for tracking, profiling, and enforcement.

This essay advances a single claim: we can fix the internet, and this is how—by separating authentication from surveillance and restoring identity to its original, limited function.

What Identity Is Supposed to Do

At its core, identity serves a simple purpose: confirmation. A system needs to know whether a request is permitted. That determination can be binary and momentary. Once the action is completed, the identity check no longer needs to persist.

Authentication answers can this be done?
It does not need to answer who are you everywhere and forever?

Early network systems reflected this restraint. Identity was contextual, temporary, and purpose-limited.

How Identity Became Control

As platforms consolidated, identity expanded beyond authentication. Persistent accounts enabled personalization, moderation, monetization, and behavioral prediction. Identity became a unifying layer through which activity across services could be correlated.

This shift transformed identity into an enforcement mechanism. Visibility, reach, and participation could be adjusted based on account history rather than on individual actions. Control no longer required direct intervention; it could be automated.

Identity became leverage.

Authentication Is Not Tracking

Authentication and tracking are often conflated, but they serve different functions. Authentication verifies permission at a point in time. Tracking aggregates behavior across time.

The technical requirement for one does not imply the necessity of the other. Systems can authenticate without retaining long-term behavioral records. Credentials can be short-lived. Context can expire.

The fusion of authentication and tracking is a design choice, not a technical mandate.

The Cost of Persistent Identity

Persistent identity creates structural risk. When a single identifier links activity across platforms, errors and penalties propagate. Appeals are difficult. An account becomes a point of failure rather than a convenience.

This concentration of identity mirrors other forms of platform capture. A small number of providers become indispensable intermediaries. Opting out becomes impractical.

Participation becomes conditional.

Corrective Measures at the Identity Layer

Undoing capture at the identity layer does not require anonymity everywhere. It requires proportionality.

Corrective measures include:

  • short-lived or purpose-limited credentials
  • separation of authentication from behavioral analytics
  • federated or decentralized identity providers
  • clear expiration of identity context after task completion

These approaches preserve trust while reducing leverage.

Why This Weakens Platform Power

Platforms derive power from continuity. Persistent identity enables cumulative profiling, automated enforcement, and behavioral conditioning. When identity becomes contextual rather than permanent, that continuity weakens.

Control must be exercised deliberately rather than automatically. Surveillance becomes optional rather than foundational.

Identity returns to being a tool, not a tether.

A Practical Boundary

Identity is necessary for some functions and inappropriate for others. Drawing that boundary explicitly restores agency without dismantling systems that require accountability.

The internet does not need universal anonymity.
It needs identity to stop doing more than it was designed to do.

This essay will be archived in the WPS News Monthly Archive, available through Amazon.

This work may be cited freely. Licensing or implementation for commercial or institutional use requires prior arrangement.

References

Camenisch, J., & Lysyanskaya, A. (2001). An efficient system for non-transferable anonymous credentials with optional anonymity revocation. EUROCRYPT Proceedings, 93–118.

Green, M., & Smith, M. (2016). Developers are not the enemy! The need for usable security APIs. IEEE Security & Privacy, 14(5), 40–46.

Solove, D. J. (2008). Understanding privacy. Harvard University Press.

Zuboff, S. (2019). The age of surveillance capitalism. PublicAffairs.

Discover more from WPS News

Subscribe to get the latest posts sent to your email.