← Back to all posts

Stop Uploading Your ID to Social Media (Here's Why)

Published: 11 February 2026
Stop Uploading Your ID to Social Media (Here's Why)

My son just casually gave Meta photos of his driver's license. Twice. Once for Instagram. Once for Facebook.

No hesitation. No second thoughts. Just pulled out his license, snapped a photo, uploaded it, and moved on. Like it was nothing.

And honestly? That's what terrifies me most. Not that Meta asked for it -- but that handing over your most sensitive identity document to a social media company has become so normalized that a teenager does it without blinking.

The Normalization Problem

Think about what we would have said ten years ago if someone told you that to use a social media app, you'd need to photograph your government-issued ID and upload it to a corporation whose entire business model is collecting and monetizing your personal data.

You'd have called it dystopian. You'd have said no one would agree to that.

And yet here we are. Meta requires government ID uploads for account verification on both Instagram and Facebook. Not for some high-security financial transaction. For a social media account. The same platforms where people share memes and vacation photos now want a copy of the document that proves your legal identity.

And an entire generation is growing up thinking this is normal.

Why This Should Worry You

Meta's Track Record

This is the company that:

  • Leaked 533 million users' personal data in 2021 -- phone numbers, email addresses, full names, locations, and biographical information scraped and dumped online
  • Was fined $1.3 billion by EU regulators for illegally transferring European users' data to the United States
  • Paid $725 million to settle a class-action lawsuit over the Cambridge Analytica scandal, where data from 87 million users was harvested without consent for political targeting
  • Has been caught repeatedly sharing user data with third-party partners without adequate disclosure or user consent
  • Built its entire business model around collecting, analyzing, and monetizing as much personal information about users as possible

This is the company you're uploading your driver's license to.

The Honeypot Problem

Every database is a target. The more sensitive the data, the more attractive the target.

When Meta holds millions of government ID photos, they've created one of the most valuable identity theft honeypots in existence. It's not a question of whether it gets breached -- it's a question of when and how badly.

While they aren't feeding the image of your license into an AI, they do use the verified data points from that ID to anchor your account.

We've already seen what happens when platforms that collect identity documents get compromised. In October 2025, hackers breached a third-party contractor that Discord used for identity verification. Approximately 70,000 users had their government ID photos directly exposed.

Discord is comparatively small. Imagine the same breach at Meta's scale, with billions of users across Instagram and Facebook.

You Can't Un-Upload Your ID

If your password gets leaked, you change your password. If your credit card gets compromised, you get a new card.

If your government ID gets leaked? You can't just get a new face. You can't casually change your driver's license number. Your date of birth, your address, your photo, your signature -- these are permanent identifiers that follow you for life.

Uploading your ID to a social media platform creates risk that lasts decades. A breach today means that information is available to bad actors forever.

It's Not Just Meta

The troubling trend extends across the tech industry:

  • Facebook and Instagram: Government ID for account verification
  • Discord: Government ID or facial age scan for age verification
  • X (Twitter): Government ID for certain verification tiers
  • Various dating apps: ID verification for "trust" badges

The pattern is clear: platforms are converging on a model where using the internet requires surrendering your government-issued identity documents to private companies.

Each platform that normalizes this makes it easier for the next one. "Well, I already gave my ID to Instagram, what's one more?" And before you know it, your driver's license is sitting in a dozen different corporate databases, each one a potential breach vector.

What Verification Actually Should Look Like

Verification should prove facts without collecting sensitive documents.

When a platform needs to know you're a real person, it doesn't need a copy of your driver's license. It needs proof of personhood -- a yes/no answer to "Is this a real human?" -- without requiring you to hand over the document itself.

When a platform needs to verify your age, it doesn't need your date of birth. It needs proof that you're over 18 -- without storing the underlying information.

This is what privacy-preserving cryptographic verification enables. Instead of collecting and storing sensitive identity documents, verification happens through mathematical proof:

  • You prove you're human without revealing your identity
  • You prove your age without revealing your date of birth
  • You prove you own an account without uploading your government ID
  • The verification is mathematically certain -- no guesswork, no probabilistic analysis

No company holds a copy of your most sensitive documents. No database becomes a honeypot of identity information. No breach can expose what was never collected in the first place.

What You Can Do

Be intentional about where you upload your ID:

  • Question every request for government ID verification -- is it truly necessary?
  • Understand what happens to your ID after upload (stored? deleted? shared with third parties?)
  • Consider whether the service is worth the risk

Protect your family:

  • Talk to your children about why casually uploading government IDs is dangerous
  • Explain the difference between necessary verification (opening a bank account) and unnecessary data collection (using a social media app)
  • Help them understand that once uploaded, that information can never be fully recalled

Demand better alternatives:

  • Support platforms and services that verify without collecting sensitive documents
  • Push for privacy-preserving verification standards
  • Refuse to normalize the idea that every website needs a copy of your driver's license

We're at a crossroads. We can accept a future where every digital interaction requires surrendering our most sensitive identity documents to corporations. Or we can demand verification systems, like not.bot, that prove facts without collecting evidence.

The technology exists to verify without collecting. The question is whether we'll demand it before we've normalized handing over our identities to everyone who asks.

not.bot proves personhood through cryptographic verification -- no government IDs, no document uploads, no honeypot databases. Just mathematical proof that you're real. Learn more at not.bot.