So I just set up on Substack and one of the first things I noticed is that UK users are being asked to verify their age using biometric face scans, the company doing the scanning is called Persona.

The surveillance loop hiding inside your age check.

I looked up what Persona actually means. It’s Latin, and it means mask. Originally a theatrical mask, the thing actors wore on stage so you couldn’t see who they really were. Jung used the word to describe the social facade people present to the world as opposed to their true self.

A company called Mask is asking you to remove yours. Funny, that.

I dug a bit deeper. Persona was founded in San Francisco in 2018 and is now valued at two billion dollars. Its biggest investor is Founders Fund, the venture capital firm co-founded by Peter Thiel. Thiel also co-founded Palantir, the surveillance and data analytics company that provides tools to US Immigration and Customs Enforcement, has partnered with the Israeli Ministry of Defence, and holds contracts with the UK’s NHS.

Persona says it does age verification, but what researchers actually found when they examined the system is that it performs 269 separate checks; including screening against watchlists, lists of politically exposed persons and adverse media across 14 categories including terrorism and espionage. That’s not age verification. That’s profiling.

Oh, and nearly 2,500 of Persona’s files were found sitting on a US government-authorised server. The researchers said they didn’t even have to run an exploit, it was just openly there. Discord dropped Persona after that. Substack hasn’t.

The CEO of Persona, Rick Song, was criticised for not having a photo on his own LinkedIn profile. His response? “It’s dystopian that we want people to facedox themselves to everyone to be real online.” The man running the face-scanning company thinks face-scanning is dystopian. You couldn’t write it.

But here’s the thing, none of this happened overnight. Think about the sequence. First we accepted CCTV cameras on every high street, then cameras in every shop, cameras on your neighbour’s doorbell, your face as your phone password, your voice as a bank login, and now your face as age verification on a website. Each step felt small, every one framed as safety, convenience, or protection. Nobody really notices the distance between the first step and the last. They only measure each step in isolation and before you know it, it feels normal.

Now widen the lens. The UK government has just launched a consultation on a national Digital ID scheme, closing 5th May. They’re proposing a universal unique identifier that links you across all government services, they retain the power to revoke it, and if you delete it from your device, the government keeps the underlying records anyway.

Meanwhile, the biometric authentication market is growing at 22.7% a year and is expected to nearly triple to 183 billion dollars by 2030. The biggest customer? Government. The same governments writing the laws that force platforms to verify users are the biggest buyers of the verification technology. That’s not a market responding to demand. That’s a market being created by legislation.

Here’s how the loop works. Government passes the Online Safety Act. Platforms are forced to verify users. Verification is outsourced to a private company funded by surveillance money. The system collects far more data than “age.” That data sits on government-authorised servers. Government is the biggest customer of the industry it just mandated into existence. The taxpayer pays twice, once through taxes to fund the legislation, and again with their face.

The system doesn’t need to contain dissent by force, it just needs to make dissent feel unreasonable.

I’m calling it the Digital Feedback Loop.

It’s probably just a coincidence, though right?

configure YOUR system. contAIn™ the chaos. control YOUR outcome.

This article was originally published on Substack.