Tea, ID, and You
Happy August!
Summertime isn’t the only thing hot right now. Privacy worries are smoking like Canadian wildfires. Two separate events happened recently that crashed through the summer haze into the mainstream conversation about privacy and its decline.
The Tea app hack highlighted exactly how not to do privacy and security.
Tea is a popular app women use to share safety tips and concerns over men on dating apps. While the ethics of this sort of app is questionable, the need for it is not. To verify users of the app are women, the app required people upload a photo of themselves, and in some cases to provide a photo ID. The app promised it would only use these images to verify the user was a woman and then delete them. Shockingly, the app makers didn’t do that. Instead, they left all this personal data sitting on vulnerable cloud services with bad security measures. 4chan users mad about the existence of the Tea app hacked the data and shared it publicly. It continued to go down hill from there with DM content and other personal information also exposed. A class action lawsuit has already been filed.
The UK’s Online Safety Act age verification hot mess of a roll out.
The UK passed the Online Safety Act back in 2023. On July 25, 2025 companies covered by this act were required to protect children from harmful content by verifying their age, often by uploading an image or video or their face. Of course, people immediately found ways around this. Taking a picture of Sam, the main character from the video game Death Stranding and submitting it, or using a VPN to look like you weren’t using the internet in the UK have been super popular. Proton VPN saw a 1800% spike in downloads in the days after the law took effect. Turns out, people are creeped out at having to submit their face to use the internet.
What happened next?
These two events have gotten people talking. On Reddit threads and social media comments all over the place, people are freaking out about the future of privacy and asking questions like how do I prepare myself for the age verification era, and what would you do tomorrow if internet access required linking your ID to all your messages and mail?
People are rightly worried about being forced to attach their face and official ID to access the places on the internet they might want to go. Whether that be listening to their favorite songs on Spotify, mental health, substance abuse help, or period support subreddits on Reddit, or even Wikipedia. We’re used to feeling anonymous on the internet – even though it’s been well documented we’re tracked and surveilled nearly everywhere we go these days. Age verification laws popping up all around the world are driving home the reality that online (and offline) privacy is melting faster than an ice cream cone in the hot summer sun.
What can data transfer do about this?
So what can data transfer do for us in a world of age verification, ID surveillance, constant data hacks, and astronomical amounts of our personal data scattered everywhere on the internet putting us at risk? Well, here’s one idea. We use the powers of data transfer to take back control of our personal data.
What could that look like? Right now, countless companies, governments, and data brokers collect our data – just about everyone does, really. They use that to provide a service, as well as learn about us to keep us clicking, shopping, buying, and paying attention. Often the services we get for giving up our data are cool, useful, and make our lives better. But after years – decades at this point for many of us – of giving up our personal information to everyone and their brother (it seems), there is simply way too much of our personal information littered about and it’s just not safe. So now when places like Spotify, Tea, or YouTube ask you to verify your identity with an image or video of your face or your government ID to prove you are the right age, the right gender, or who you say you are, it’s extremely creepy.
What if we lived in a world where companies didn’t have control over that data, you did? What if that data wasn’t always collected and kept, but could be … borrowed, for a time, for a specific use case, on your terms? Imagine a world where you’ve got a data wallet (or pod, locker, black box, whatever you want to call it) and all your data lives there, under your control.
Take that identification data that’s causing trouble for both Tea app users and people now needing to verify their age in the UK and elsewhere. What if you could keep that in your own wallet, just like your drivers’ license? And then when you want to listen to Taylor Swift’s version of Red with all those explicit lyrics you don’t have to give Spotify your face or ID. Spotify can simply ping your digital wallet where a trustworthy service has already verified your age and all Spotify gets is a “yes” to its verification question and away you go. Spotify doesn’t need to face or ID or personal information when all it really needs to know is you are old enough to hear dirty words.
How does that change the world we live in today, where everything is already everywhere? Think about it this way. Data is necessary in our world. There’s no getting around that. The goal is to take all that personal identifying information – basically you – and keep it safely in your control. When a company needs that data to provide you a service, they don’t take it and keep it. We already know that way of working is hugely flawed with all the security breaches and irresponsible data use we’ve gotten used to today. Instead, your personal information, like your ID, your credit card information, your age, address, and more, is kept safely by you in your data wallet. And when the company needs that info to provide the service you want, it asks permission to access it, use it, forget it, and leave it behind. This is what taking back control of your data looks like.
Doesn’t it sound lovely? And it is possible! Data transfer can help make this future happen. We just have to push for it.