Australia’s under-16 social media ban required Substack publishers to give up personal data – We refused and found a way to beat the system.
Australia’s under-16 social media ban was sold as a narrow measure to protect kids. What it has become is a system where everyone is treated as a minor until they submit proof otherwise—proof that increasingly involves cameras, biometric scans, device fingerprinting, location data, IP logging, and third-party “digital identity” providers you never chose.
Protecting minors matters. But mass identity capture is the laziest possible solution, and one that assumes every adult is lying until a database says otherwise. Substack chose to use a company called Persona Identities, a startup company with a valuation over 2 billion dollars.
Persona Identities has connections with some of the biggest companies in the world. OpenAI, or ChatGPT, for example, uses Persona Identities behind the scenes.
“With Persona, OpenAI automatically screens over 99% of users behind the scenes in seconds. To offer safe AGI, we need to make sure bad people aren’t using our services.” (Open AI).
You may be surprised how much Persona Identities know about you, even if you haven’t heard of it. Persona verifies someone visiting a partner site like Chat GPT. Even if you have never had a Persona account, the company already has your (IP, device, behaviour) and any one-time ID or selfie provided. It runs authenticity and risk checks for that single session and returns a confidence result.
Do you really want to give such an intrusive company even more data? – We didn’t.
Recently, the Chitchat Newspaper’s Substack account was locked and blocked unless we complied with intrusive digital ID measures. Pose for the camera, tilt your head. Hand over visual and technical data. No alternative. No appeal. Comply or lose access. Substack feared the Australian government and went on an ID blitz to comply with new laws.
We refused – We were locked out.
I spent a few days thinking of how to get around this invasion of privacy.
My first step was to send an email. I alerted Substack management that, to be a company owner in Australia, a Director had to be over 18. I asked for a manual waiver. While I waited for a response, I got to work on some other alternatives.
My musings led to some interesting experiments… I went down to the King Kong Sales bargain shop and bought a mannequin head for $10 and applied makeup, a wig, and a beard. While I prepared the dummy, I also purchased an online Lionel Messi cloth mask, just in case that failed. Apparently, people have been fooling the technology with Halloween masks.
Here’s the part you won’t hear from policymakers or platforms: there are ways to operate, publish, and do business without handing over biometric data on demand. Legal ways. Boring ways. Effective ways.
Before I got a chance to try out my other tactics, I received a reply to my email from Substack asking for a driver’s license upload. I refused and asked again for a manual waiver. Management replied, asking for a credit card to be uploaded to the site, which would prove that I was over 18.
I responded by stating that I would be happy to upload a credit card, however, their system has locked the Chitchat out of the user dashboard until we complete the Persona Identities verification. Finally, after realising the circular reasoning, Substack management manually approved our account.
Success!
I have it on good authority that a similar approach works with government agencies “requiring” digital ID information apps such as Director ID and ABRS. Sometimes all you need is an email or old-fashioned phone call to beat the system… for now.
Chitchat Newspaper. February 2026.