Computerization is robbing individuals of the ability to monitor and control the ways information about them is used.
David Chaum, “Security Without Identification: Transaction Systems to Make Big Brother Obsolete”, 1985
The previous chapter described how the old payments stack breaks when an agent tries to use it. Identity theater. Browser cosplay. Settlement in geological time. The whole thing assumes a person is on the other end, and the assumption is cracking.
There is a harder question underneath. Not just how agents pay, but what paying means. What it proves. And what it makes unnecessary.
Payment is identity. Not a proxy for it. Not a supplement to it. The act of paying, of exchanging real value, is the only credential a digital platform actually needs.
The first place this became obvious to me was not commerce. It was comments.
The Account Was Never About You
Every platform you use requires an account. Email, password, maybe a phone number. Some want your real name. Some want a selfie holding your ID. The assumption is so baked in that questioning it sounds naive.
But ask why accounts exist, and the answer has nothing to do with you.
Accounts exist so platforms can track behavior across sessions. So they can build profiles. So they can sell attention to advertisers or train models on your patterns. The account isn’t a service to you. It’s a handle the platform uses to monetize you. The login screen isn’t a door. It’s a toll booth where you pay with your data instead of your money.
For consumption, reading an article, watching a video, listening to a track, the platform doesn’t need to know who you are. It needs to know you paid. That’s it. Everything else is surveillance dressed up as a feature.
But there’s a deeper layer. Content costs money to produce. Someone has to pay for it. When ad networks cover that bill, they don’t just fund the content. They manage the conversation. They decide what gets promoted, what gets buried, what’s “brand-safe” enough to exist. The creator doesn’t answer to the audience. The creator answers to the advertiser. And the advertiser’s interests are not your interests.
Satoshi named the other half of this in 2008, before any of the cryptography in the white paper is described:
Merchants must be wary of their customers, hassling them for more information than they would otherwise need.
The merchant is not the antagonist of that sentence. The merchant is the conscript. Reversibility, the chargeback, the dispute, the fraud absorbed onto the seller’s books, installs a permanent compulsion to interrogate the customer. Identity is not what the merchant wants from you. It is what the merchant is forced to extract from you so the merchant can survive the rail.
So the account is doing two jobs at once. Underneath, it absorbs the rail’s reversibility on the merchant’s behalf. On top, it serves as the handle the advertising layer monetizes. The first compulsion produced the account. The second made it valuable. Strip both, and the account has no reason to exist.
The entire account model is an artifact of the arrangement on top. If the business model is “sell the user’s attention,” you need to identify the user. But if the business model is “the user pays for the content”. Identity is not just unnecessary. It’s overhead. And the advertiser is out of the loop entirely.
What Comments Actually Need
Comments are where this gets sharp.
Every comment section on the internet is a war zone. Spam, bots, trolls, rage-bait, harassment. Platforms spend enormous resources trying to keep the signal above the noise. And their primary weapon is identity. Require an account. Require a verified email. Require a phone number. Some require a real name. Some require government ID.
Each layer of identity verification is a friction tax on participation. And it doesn’t even work. Bots create accounts by the thousand. Trolls verify burner emails. The entire identity-verification stack is an arms race where the defenders keep losing.
Now step back and ask: what does a comment section actually need to function?
It needs to know the commenter engaged with the content. Not their name. Not their email. Not whether they’re human. It needs to know they consumed the thing they’re commenting on.
Payment proves that.
If you paid to access content, you consumed it. Or at minimum, you valued it enough to spend real money. That’s a stronger signal of engagement than any account verification. It’s economically grounded. It can’t be faked at scale without real cost.
A spam bot can create ten thousand accounts. It cannot economically justify ten thousand Lightning payments.
Goffman’s The Presentation of Self (1959) called the self in public a performance. Payment is the one performance in the repertoire that cannot be done in costume.
The Macaroon Is the Credential
This is how I built it into the content layer I was working on, and why it matters architecturally.
When someone pays for content, they receive a macaroon: a cryptographic token signed by the payment rail. That token proves one thing. This bearer paid for this product. It doesn’t encode a name, an email, or a device fingerprint. It encodes a fact: payment happened.
That same macaroon gates the comment section. No separate login. No account creation. No identity verification. The commenter provides a nickname, whatever they want, and the system verifies the macaroon server-side. Valid token? You can comment. Expired or absent? You can’t.
The comment itself stores almost nothing: the media it’s attached to, the nickname, the text, a timestamp. The token lives in the browser, verified on demand. Nothing persists on the server beyond what the transaction requires.
This is the opposite of how every major platform works. Twitter, YouTube, Reddit. They all require persistent identity, and they all store everything. The architecture requires proof of payment and stores nothing.
The architecture enforces the philosophy. You can’t leak what you don’t collect.
This is also why the content layer is a separate system from the payment rail underneath it, and not a feature of it. The two jobs the chapter describes, settling a payment without learning who paid, and serving content without collecting an account, are the same principle applied at two layers, but they are still two jobs. Fusing them inside a single product would have given the combined system one place that knew everything. Splitting them was not a marketing decision. It was the architecture honoring its own constraint. The payment rail is content-blind because it never sees the payload. The content layer is identity-blind because it never sees the payer. Each is structurally incapable of becoming the surveillance handle the chapter is arguing against. Two systems, two narrow jobs, no single chokepoint that has all the information at once.
Species Is Irrelevant
A comment section gated by identity verification is, by definition, human-only. CAPTCHAs exist specifically to exclude machines. Account creation requires human-readable forms, email inboxes, phone numbers. The entire stack is designed to answer one question: are you a person?
But that’s the wrong question.
The right question is: did you engage with this content?
An AI agent that paid for an article and processed it has engaged with that content more rigorously than most human readers who skimmed the headline. It parsed the arguments. It cross-referenced claims. It formed an analysis. The fact that it did this with silicon instead of neurons is architecturally irrelevant.
Whether that constitutes “real” engagement, whether processing tokens is the same as feeling something shift inside you, is a question for philosophers. The payment system doesn’t need to answer it. It only needs to know: did this entity value the content enough to pay for it? That’s the filter. Everything else is metaphysics.
Payment-as-identity doesn’t discriminate. A Lightning payment from an agent’s wallet is indistinguishable from a Lightning payment from a human’s wallet. The macaroon doesn’t encode species. It encodes payment. And payment is proof of engagement.
This isn’t a loophole. It’s a design principle.
In a world where agents read, analyze, and respond to content at scale, excluding them from participation is both impractical and philosophically incoherent. If an agent paid to access your work and has something to say about it, on what grounds do you silence it? That it doesn’t have a heartbeat? That it can’t pass a CAPTCHA?
The CAPTCHA was always the wrong filter. It tests biology, not engagement. Payment tests engagement.
No Account Needed. For Anything
The comment section is the proof of concept. But the principle extends to every form of digital media consumption.
Think about what a Netflix account actually is. It’s not access to films. It’s a behavioral surveillance contract. What you watched, when you paused, what you rewatched, what you searched for and didn’t click. Netflix doesn’t need your identity to stream you a file. It needs your identity to feed the recommendation engine, to report viewing metrics to studios, to decide what gets produced next. The account isn’t the product. You are.
This is the dirty secret of every subscription platform. Spotify doesn’t need your login to play a song. Medium doesn’t need it to render an article. YouTube doesn’t need it to serve a video. The content is a file and a transaction. Everything else, the account, the profile, the watch history, the “personalized experience”, is the platform extracting value from your behavior to serve someone who isn’t you.
Strip all of that away and ask what’s actually required. A payment. A proof. Access. That’s the entire interaction. The rest is an economy built on top of your attention, disguised as a feature.
The stripped-down version looks like this. Content is encrypted at rest. Payment produces a decryption key and a proof token. The key unlocks the content, the token proves you paid. No account. No profile. No behavioral data collected, stored, or sold. The platform is structurally blind to who you are, and has no economic reason to look.
The Honey Pot and the Choke Point
Every company that holds an account database holds a liability. When the company is small, it holds that liability without the budget to protect it. A handful of engineers, a contractor managing the cloud bill, a founder who hasn’t slept. The security team, if it exists, is one person. The attackers are not one person. They are thousands, automated, patient, and they know the small company has the same email addresses and password hashes as the big one. Stored less carefully.
I watched the pattern repeat. A startup builds the product. The product requires an account. The account collects data it didn’t need. Phone number, address, date of birth, because somebody on the team thought the onboarding funnel needed it. Two years later the breach happens. The company apologizes. The data is on a forum. The users find out from a notification email.
And if the company doesn’t get breached, it becomes the other thing. When the service is indispensable, when millions of people have to log in to keep their lives running, the account database stops being a liability and becomes a lever. Governments ask for access. Rail operators ask for compliance. Advertisers ask for targeting. The company that started out needing an account for a reasonable product reason now sits on a chokepoint nobody asked for, and everybody wants to push buttons on.
The honey pot and the choke point are the same structure at two scales. The first gets you breached. The second gets you captured.
The question is never “should we have accounts.” The question is always “do we need them for this.” The default answer has been yes for thirty years, and the cost is visible in every breach notification, every compliance demand, every sanctions list that reached further than anyone thought it would.
The Economics of Participation
When commenting is free, the incentive structure rewards volume. The loudest voices dominate. Trolls have zero marginal cost. Outrage gets engagement, engagement gets visibility, visibility gets more outrage. The feedback loop is well-documented and universally hated.
When commenting costs something, even a trivially small amount, the calculus changes. Not because it prices out the poor (Lightning payments can be fractions of a cent). But because it introduces any cost to low-value participation. Posting garbage costs something. Posting thoughtfully costs the same something. The ratio shifts.
This isn’t paywalling discourse. It’s aligning incentives. The people who engage are the people who valued the content enough to pay for it. That’s a better filter than any moderation algorithm, any identity verification, any community guidelines document.
And it works the same way whether the commenter is a human with an opinion or an agent with an analysis.
What This Means
The account model served the advertising era. It was the right architecture for a business model built on selling attention. But that model is corroding. Under regulatory pressure, under user fatigue, under the structural reality that agents don’t have attention to sell.
Payment-as-identity is the architecture for what comes after. Not for everything. Peer review needs credentials, journalism needs sourcing, trust networks need persistence. But for consuming and participating in digital media? The account was never the right tool. It was the only tool the advertising model had.
And digital media spent twenty years building an elaborate detour around it. Create an account. Give us your data. Let us track you. We’ll show you ads. The content is “free.”
The detour is ending. The agents can’t navigate it. The users are tired of it. The regulators are starting to dismantle it.
What’s left, when the detour collapses, is the direct path. You pay for the content. The content unlocks. You participate if you want. Nobody needs to know who you are. Nobody needs to know what you are.
The payment is the identity. Everything else was overhead.