Unfortunately, the genie is already out of the bottle, with or without the Digital ID.
In Australia, the world’s first social media ban for teenagers under 16 is coming into effect on 10th December 2025. A lot of people are cynical about this ban because they see it as a plot by the government to push people into using the Digital ID.
There is widespread distrust about Digital ID. As I wrote before in Is Australia’s Digital ID bill dangerous?, the Digital ID is seen as a means for the government to monitor and control our every move. As a result, there is widespread fear and distrust of the Digital ID.
The question is, is this fear and distrust warranted?
The problem is, as I see it, is not whether we should be afraid of Digital ID. We should have been afraid long before the Digital ID bill was introduced in 2023. Unfortunately, we are like the proverbial frog that is slowly being boiled, unaware that the temperature has already risen to a dangerous level. The Digital ID bill is the final stage of panic, which by now is already too late. The Digital ID only makes a marginal difference to the already precarious position that we are currently in.
DON'T GET HACKED!
Let’s go back to the Australia Card debate…
The mid-1980s saw a major political and civil liberties controversy in Australia centred around the proposed “Australia Card”. This national identification card was introduced by the Hawke Labor government in 1985 as a compulsory photo ID linked to a central population register. The aim was to combat tax evasion welfare and health fraud and improve government administration. The card consolidated multiple existing identifiers into a single number for citizens to use in various government and some private transactions. However civil liberties and privacy advocates raised concerns about extensive surveillance, increased state power and a fundamental shift in the citizen-government relationship. Critics from across the political spectrum also feared function creep (the ID being used beyond its original purpose), data matching across agencies and the risk of abuse or security breaches.
Take yourself as an example
You will most likely have a Tax File Number (TFN) from the Australian Tax Office (ATO). If you are a recipient of Centrelink welfare, you will have a CRN. If you travel overseas, you will need to apply for a passport with a separate passport number. If you are a naturalised citizen of Australia, you will have yet another citizenship certificate number. All of us who drive will have our state’s driver’s license number.
Basically, we all have lots of different ID numbers for the various state and federal government entities that we have to deal with. All these different ID numbers imply that there is no centralised government database to connect all our ID numbers together. A decentralised database will make it very difficult for the government to piece together all our interactions with the various government departments and entities into one cohesive picture, which implies greater privacy for us.
Singapore’s NRIC
The “Australia Card” number was similar in concept to Singapore’s NRIC. Instead of having multiple ID numbers from multiple government entities, you only need a single NRIC. Sure, it is convenient, but you have no privacy.
Back in the 1980s…
Back then, we had a mixture of paper and electronic records. Digital storage was prohibitively expensive, and network bandwidth was extremely slow. Multiple disconnected databases and paper records made it very expensive for the government to piece together all our interactions and transactions with the government.
Therefore, a centralised ID number made a big difference for the government back in the 1980s and 1990s. Conversely, a centralised ID number made a difference in the erosion of our privacy back then.
But look at today, we are already screwed
Today, digital storage is dirt cheap. Network bandwidth is extremely fast. Computer processing power is astronomically more powerful than what we had back in the 1980s and 1990s. Also, we hardly have disconnected paper records anymore. Almost all of our interactions and transactions with the government are stored digitally somewhere in the government’s database.
Not only that, all our interactions and transactions with banks, insurance, telecommunications, finance, retail, and other private companies are recorded digitally. Since we are living in a cashless society, most of our financial transactions are stored somewhere digitally.
To make matters worse, today’s government has access to the private databases of Big Tech, Big Finance, and Big Business. For example, the ATO has access to the electronic records in the banking system such that they can perform extensive data matching to find out whether you have paid your fair share of tax.
This is the crucial thing to understand in this article:
Today, the government does not need a centralised ID (e.g. ‘Australia Card’ number, Digital ID) to monitor and control us. With powerful information technology that can scan, process and match data in a colossal scale, decentralised databases across the public and private sector can be easily re-centralised!
In fact, the entire purpose of a mysterious company called Palantir does exactly that. This company develops software platforms that integrate, analyse, and visualise massive datasets from diverse sources, enabling AI-powered insights for decision-making in government, defence, and commercial sectors.
Make no mistake, Palantir is in the service of the government. Most of its revenue comes from the government.
Examples for you to think about
Let me give you some examples to show you the frightening precariousness of our privacy situation.
Government ID numbers are re-centralised?
Have you ever wondered whether the government knows that your Tax File Number (TFN) and driver’s license number belong to the same person (you)?
I think so.
When you apply for a TFN, you need to prove your identity. It can be your passport, birth certificate, citizenship certificate, and so on. The same goes for your state driver’s license, Medicare card, Centrelink CRN, and so on. To apply for your passport, you need to either supply your birth certificate or citizenship certificate, which have their own ID numbers. The moment you supply your identity documents in your application for another government ID number, you create a link between them.
Chances are, all your disparate government ID numbers (e.g. TFN, CRN, driver’s license number, Medicare number) are probably linked together and re-centralised in some backend government database somewhere in the form of a shadow centralised government ID number. This shadow government ID number can be as simple as a technical database index number.
So, make no mistake: with or without the Digital ID, all of us probably already have a shadow government ID number. Boycotting the Digital ID is not going to make much of a difference.
Your phone’s location can be tracked
Every phone has a globally unique IMEI number. Every activated SIM has a globally unique IMSI number. The moment your phone is turned on, it connects to the nearest mobile communications tower, which in turn will reveal your IMEI and IMSI. Not only that, its physical location can be easily tracked to the nearest tower in real time. So, if you carry your phone wherever you go, your whereabouts can be easily tracked.
IMEI & IMSI blows away your anonymity
Let’s say you buy a brand-new phone from JB Hifi. You will notice that its MAC (another globally unique number that identifies the Wifi adapter in your phone) and IMEI are nicely printed on the retail box.
You will probably pay for the phone with your debit or credit card. Your debit and credit card are linked to your identity. Therefore, the MAC and IMEI in your phone are linked to your identity. When you activate a SIM (or eSIM), you need to verify your identity. After activation, it will be issued with an IMSI that is linked to your identity.
So, even if you can manage to procure a phone anonymously (e.g. pay cash for it on Facebook Marketplace) so that its IMEI is not linked to you, the moment you pop in an activated SIM into it, you create a link between its IMEI and IMSI. Your IMSI is linked to your identity. Therefore, the anonymous IMEI is now being de-anonymised.
Paying cash protects your privacy?
Let’s say you pay for your phone in JB Hifi with cash. There are two ways for your privacy to be blown.
First, when you pay for the phone with cash, its IMEI and MAC will be logged in the system. The system will have a record of when and where the phone with the particular IMEI and MAC was first purchased from a retail store. To find out who purchased the phone with the particular IMEI, all it needs is to check the retail store’s surveillance cameras. The video footage will have your face recorded. The government has a copy of your face in their database because you have a government-issued photo ID document. So, with facial recognition technology, the government can find out that you are the one who bought the phone with that particular IMEI from the surveillance video.
Next, every piece of cash has a unique serial number. That serial number can be traced to the exact ATM that issued that cash, along with when it was issued. The banking system knows exactly who withdrew that cash from the ATM because that withdrawal transaction is linked to the debit/credit card that was inserted into the ATM. The debit/credit is linked to the person’s identity. Worse still, every ATM has surveillance camera that records the face of the person doing the withdrawal. So, if you withdraw cash from the ATM with your own debit/credit card, the government knows exactly the serial numbers of the cash that was issued to you, and when and where you got your cash.
When you pay cash for the phone in JB Hifi, that cash will have to be deposited to the bank soon. The moment that cash re-entered the banking system, its serial number will be recorded.
So, let’s say you withdraw $600 cash (12 x $50 notes) from the ATM to buy the phone from JB Hifi, the government can track the physical movement of the cash (ie. from the ATM to JB Hifi and then re-deposited to the bank branch). When the JB Hifi retail store deposits the 12 x $50 notes to the bank, and all the 12 x $50 notes’ serial numbers exactly match the serial numbers of the cash from your ATM, the government can pretty much guess that you bought something in that JB Hifi retail store.
Is Digital ID needed to track your visit to the RSL club?
Let’s say you sign up to a Digital ID. You use the Digital ID to sign in to the RSL club.
As I wrote in Is Australia Digital ID bill dangerous?, there is a privacy issue with the Digital ID. By using the Digital ID, the government knows that you signed in to the RSL club. But will you protect your privacy by NOT using Digital ID to sign into the RSL club?
The problem is, most people will use their debit/credit card when they make purchases in the RSL club. Your debit/credit card is linked to your identity. So, the moment you use it, your privacy is blown, with or without the Digital ID.
Even if you use cash, your face will be recorded by surveillance cameras. Since the government knows your face (because they issued the photo ID to you), they can be sure you’ve visited the RSL club through facial recognition technology. Not only that, they can track your phone’s movement to confirm that.
Does the government know what books you read?
Many of us buy books from Amazon. And we use our debit/credit card to make our purchases. So, even without the Digital ID, there is a link between our identity and the books we purchase.
When you apply for a library card, you need to verify your identity. If you do not use a Digital ID to prove your identity, you need to show a photo ID issued by the government. That photo ID is linked to your library card. So, whatever books you borrow with that library card, there will be a digital record that links to your identity.
And since the government probably has a shadow centralised ID number in its backend database, they can link that photo ID to that centralised ID number, which in turn will link it to all the other government ID numbers.
So, with or without a Digital ID, there is hardly any difference. The advantage of the Digital ID is that the librarian who processed your library card application will not be able to see the contents of your photo ID (e.g. home address).
Your car is being tracked even if you have a dumb car
In Australia, our roads are filled with cameras that can read car license plate number. This is called the Automated Number Plate Recognition (ANPR). Whenever your car goes past one of the ANPR cameras, its license plate number, location and time are being recorded. That means wherever your car goes, it will be tracked by the ANPR system.
Digital ID and social media
Many people are concerned that one day, they will have to verify their identity on their social media accounts with Digital ID. Will this be a great privacy disaster for us?
Let’s look at it on a case by case basis.
Most of us use LinkedIn with our real name. Not only that, we put our professional headshot on our LinkedIn profile.
Since the government knows our face (because they are the one who issued our photo ID), they can match our LinkedIn professional headshot to our identity.
So, the government can easily match our LinkedIn profile to our real identity, with or without Digital ID.
Facebook, Instagram, TikTok
Chances are you have given these social media platforms your phone number. Since your phone number is linked to your identity, the government will easily know who you are, without Digital ID.
Even if you do not give away your phone number to them, there’s another problem (see below).
X
In X, you can sign up to an account anonymously. But are you really anonymous?
First, the government can force X to reveal your IP address when you access X through your Internet Service Provider (ISP). From your IP address, the government can know which ISP you are using. Based on your IP address, the government can ask your ISP for your identity.
What if you only connect to X through a VPN? Can you still protect your anonymity?
When you sign up to X, you usually have to supply an email address. The question is, did you sign up and always connect to your email service account through a VPN? It only takes a moment of carelessness to connect to your email service using your real IP address, and your anonymity will be blown.
Shadow banning of VPNs
Even if you are careful to always connect to every online service through VPN, you will eventually run into problems. As I wrote earlier,
First, in my experience, websites and platforms are already ‘shadow banning’ VPNs even before the SM ban. For example, try signing up for an Apple account through a VPN and you will find unexplained problems and issues. Try watching YouTube anonymously through a VPN and you will encounter issues. Even Apple’s iCloud Private Relay are not exempted from ‘shadow banning’. For example, some parts of Telstra’s website will not work when you use Safari web-browser through iCloud Private Relay. Also, try doing Google searches through iCloud Private Relay and sometimes you’ll be greeted with CAPTCHA tests to prove you’re a human.
Eventually, for the sake of convenience and getting online services to work, you will end up connecting to online services with your real IP address. You only need to do it once to blow your anonymity.
So, you can see by now, we are all already screwed, with or without Digital ID. As I wrote in Is Australia Digital ID bill dangerous?, there is a privacy issue with Digital ID, which means we are only marginally worse off in terms of privacy with Digital ID.
By now, you should be able to see that it is extremely difficult (probably impossible) to remain anonymous from the government even without signing up to a Digital ID. Even without a Digital ID, your operational security and discipline have to be perfect. All it takes is a moment of carelessness, and your anonymity will be blown, with or without the Digital ID.
So, the panic over Digital ID is a distraction from the serious loss of privacy we have already suffered.
DON'T GET HACKED!
