Apple's Mandatory ID... GrapheneOS is the Exit

Apple rolled identity verification into iOS 26.4 for UK users under the Online Safety Act, requiring credit card scans or government photo ID to confirm users are over 18. If you decline, app downloads and in-app purchases get restricted on a phone you already own. The system is expanding to Australia, Brazil, and Singapore, with US lawmakers pushing identical requirements.

They call it age verification. What it actually does is collect government-issued identification and biometric data, then run it through identity screening infrastructure that has nothing to do with age. Persona, the San Francisco startup handling this for Reddit, Discord, OpenAI, and Roblox, performs 269 distinct verification checks on every identity including terrorism watchlist screening and politically exposed person lookups. Persona received $350 million in funding led by Peter Thiel's Founders Fund, the same Thiel who co-founded Palantir, the surveillance operation powering ICE's deportation infrastructure.

The security track record is exactly what you'd expect. Hackers breached 5CA, a third-party contractor used by Discord, in September 2025, exposing approximately 70,000 government ID photos. Researchers later found Persona's code running on a US government-authorized server. Discord cut ties with Persona but the company still serves OpenAI and Roblox.

UK Reddit users now submit government ID through Persona to access sexual assault support communities and addiction recovery forums. More than 550,000 people petitioned parliament to repeal the Online Safety Act. It was debated in a mostly empty room with no vote taken. The House of Lords then voted 207 to 159 to extend identity verification to VPN providers. Smaller forums and independent communities are shutting down under compliance costs. The solution is not petitioning the institution building the surveillance, it is using systems like GrapheneOS that make the identity collection infrastructure irrelevant.