Privacy: Everything Changed in 2025
We launched the IncognitoCat.me blog in June 2025. Our goal was simple: we wanted to consolidate all our previous posts on protecting our digital privacy. These posts had grown directly out of the massive 2024 National Public Data breach, which exposed billions of records containing sensitive personal information.
From the start, we aimed to empower everyone to reclaim ownership of their digital lives. We focused on practical steps, such as adopting privacy-preserving tools from our toolbox. Readers could also learn how to control their data by freezing credit reports and personal information or by removing as much of it as possible from data brokers.
We set out to show that multiple effective, real-world solutions exist and that people actually use them daily, knowing that if they're too complicated nobody would use them. Importantly, we built this guidance without any corporate sponsorships or partnerships. Our recommendations remain independent and unbiased - this is a journal of our journey.
We also explained how personal data gets collected in the first place and why it poses such a serious problem. Along the way, we debunked the common myth: "If you have nothing to hide, you have nothing to fear." Privacy is not about secrecy. It is about maintaining control over how, when, where, with whom, and why others access your information. True privacy protects our autonomy and agency - it safeguards what matters most to us.
Finally, we highlighted the risks of misuse. Corporations, bad actors, and even governments can exploit collected data. When others know us better than we know ourselves, they gain undue influence over our choices. On the security side, exposed data fuels scams against individuals and sophisticated attacks on organizations, often through social engineering at help desks.
All of that shifted dramatically in the final months of 2025. Governments around the world introduced a wave of schemes framed as protections for children or measures against crime. Yet many lacked clear evidence of effectiveness and raised serious privacy concerns.
In the UK, Prime Minister Keir Starmer announced a mandatory digital ID scheme in September. It requires the ID for proving the right to work by 2029, with the stated goal of tackling illegal immigration and streamlining services. Critics highlighted privacy risks and potential for expanded use, noting it effectively makes the system compulsory for employment despite no requirement to carry physical cards.
Australia took a bold step by enforcing the world's first nationwide ban on social media for those under 16, starting December 10. Platforms must take reasonable steps to prevent underage accounts, using methods like biometric age estimation or ID checks. Early reports showed workarounds, such as VPNs or using alternate sites, were straightforward. Separately, new rules require search engines like Google and Bing to implement age assurance for logged-in users to restrict access to harmful content, with full implementation deadlines extending into 2026.
Similar trends emerged globally. Several U.S. states passed laws requiring age verification and parental consent for app stores and certain online content. The EU advanced guidelines for age verification under the Digital Services Act. These initiatives often mandate collecting sensitive personal data or biometrics from all users, not just minors.
While child safety is a valid concern, these broad mandates risk eroding privacy for everyone. They create vast new databases of identity information vulnerable to breaches and misuse. Unintended consequences include driving users toward unregulated sites and limiting access to supportive online communities.
Additional developments raised further alarms. Proposals in some U.S. states targeted VPNs, essential tools for privacy and security, in efforts to enforce age restrictions. Debates continued in the EU over measures to detect child abuse material online, though mandatory scanning of encrypted messages was ultimately avoided. Meanwhile, central bank digital currencies advanced in several countries, promising efficiency but also enabling unprecedented government oversight of transactions when linked to digital identities.
This approach often feels like presuming guilt until innocence is proven, demanding we surrender control to access basic services.
All of this to say, we are a long way from where we started. The threats to privacy have grown more systemic and entrenched. Yet the need for independent, practical defenses has never been greater. In 2026, we will continue highlighting tools, techniques, and emerging issues to help you stay ahead.
We also want to thank all of you who have read, shared, and supported us this year. Your engagement has made this endeavor a success. Here's to a secure and private 2026.
Remember: We may not have anything to hide, but everything to protect.
