Will Hackett is an Australian software engineer based in London, currently serving as CTO of Flowstate.

What does Will Hackett do?

Will Hackett is the CTO of Flowstate, where he leads technical strategy and development of dynamic workforce planning tools. He brings expertise in AI/ML, software engineering, and FinTech, with a background in building SaaS platforms.

Where is Will Hackett based?

Will Hackett is based in London, United Kingdom. Originally from Australia.

Is Will Hackett the character from Hollyoaks?

No, this Will Hackett is a real person - a software engineer and entrepreneur based in London. He is not the fictional character from the Channel 4 soap opera Hollyoaks. This is the professional website of Will Hackett, CTO at Flowstate.

How can I contact Will Hackett?

You can connect with Will Hackett through his professional profiles on LinkedIn (linkedin.com/in/willhackett).

Reclaiming the commons: the case for an accountable internet

On December 14, 2025, a father and son opened fire during a Hanukkah celebration at Bondi Beach, Sydney—killing fifteen people in what authorities have called Australia's deadliest terror attack.¹ The investigation revealed a familiar pattern: two men radicalised by Islamic State ideology, in an attack that follows years of foreign adversaries using anonymous, bot-driven content to exploit the darkest corners of human psychology.

Days later, the Australian Federal Police issued a warning: AI-generated deepfakes were circulating on social media, distorting the Commissioner's statements about the investigation.² The information ecosystem itself had become a battlefield.

We've spent thirty years pretending that the "Wild West" of the internet was the only way to protect free speech. We've allowed ourselves to be convinced that anonymity is a requirement for freedom, even as that same anonymity is weaponised by foreign adversaries to fracture our societies and target our children.

But a shift is happening. From the UN to the EU, the world is moving away from "ghost" accounts and toward a more pragmatic internet—one where we can protect the vulnerable without silencing the dissident.

The human cost

Before we discuss the "right" to be anonymous, we should discuss what that right has cost us.

In the UK, online bullying is cited as a contributing factor in roughly 40% of youth suicide-prevention calls.³ The phenomenon rises because anonymity grants aggressors a detachment from their victims. Without the visual cue of a human face or the social weight of a real name, empathy evaporates.

We require a licence to drive a car because of the risk to others. We don't let people buy explosives without identification. Yet we've granted a licence-free global megaphone to anyone with a keyboard and an internet connection—no accountability required.

The distinction that matters

Now, the privacy-conscious reader might argue that this is a price worth paying. That the dissidents, the whistleblowers, the activists in authoritarian regimes depend on anonymity for their safety. They're right—but they're conflating two different things.

Your private messages should be encrypted. Your medical records should be protected. Your browsing history is nobody's business. That's privacy, and it's worth defending. If anything, I think tech companies should do more to protect our data, our communications, and our ever-cloud-hosted private lives.

But when you step into the public square—when you publish content that others will see, share, and potentially be harmed by—that's a different act entirely. In the physical world, we don't wear masks when we debate ideas in public. We don't get to scream threats at strangers and then vanish into thin air. The internet has created an asymmetry that doesn't exist anywhere else in society: the ability to act publicly while remaining completely unaccountable.

The question isn't whether you should be able to call someone an idiot online. You should. Robust debate requires the freedom to be wrong, offensive, or just plain rude. The question is whether a single person should be able to deploy thousands of bot accounts to amplify hateful content, harass individuals into silence, or radicalise vulnerable people—all while hiding behind a mask that makes consequences impossible.

The tipping point

This isn't a fringe position anymore.

A 2025 study by Oxford and the Technical University of Munich found that 79% of respondents across 10 major democracies believe incitement to violence should be removed immediately—with support reaching 86% in Germany and Brazil.¹¹ In the UK, 70% of adults support the Online Safety Act, with 71% identifying anonymous and fake accounts as a serious societal problem.¹²

Even among young people—supposedly the most "online" generation—faith in the internet is fading. Recent surveys show British youth increasingly view the internet as harmful to society.¹³ That's a stark reversal from the techno-optimism of a decade ago.

The majority of citizens no longer view absolute anonymity as a protected right. They see it as a loophole that tech companies have been too comfortable leaving open.

What the privacy advocates get wrong

The loudest critics argue that any regulation is a step toward a Chinese-style social credit system. It's a fair concern. But here's what they miss: Russia and China are already using our digital openness to destabilise us.⁶ Our commitment to absolute anonymity isn't protecting us from authoritarianism—it's being exploited by it.

A global framework shouldn't regulate opinions. It should regulate attribution.

The goal isn't to unmask everyone. It's to verify that every account is operated by a real person, posting from a real location. You can still use a pseudonym. You can still criticise your government. But you can't pretend to be a thousand people. You can't hide the fact that you're posting from a bot farm in St Petersburg while claiming to be a concerned citizen in Sydney.

Protecting the people who actually need protection

A gay user in the Middle East must be protected from state persecution. A woman speaking out should be protected from anonymous pile-ons. A Russian officer exposing corruption needs a path to safety.

These are real concerns. But we can solve for them without protecting the 99% of anonymous trolls who hide behind the same shield.

The UN Convention against Cybercrime, adopted in December 2024, gets partway there.⁷ It includes provisions for dual criminality—the principle that a country can refuse to assist in an investigation if the alleged conduct isn't a crime in their own jurisdiction. In theory, this means Switzerland could refuse to unmask a citizen who criticised the Chinese government, because political speech isn't a crime in Switzerland.

But the convention doesn't require dual criminality. It's optional. Human rights organisations have rightly criticised this gap—without mandatory safeguards, countries could end up assisting investigations into activities that are protected under their own laws. The spirit is there. The teeth are not.

What we need is a coordinated international framework where identity stays locked unless a globally sanctioned law—terrorism, incitement to physical violence—is breached. Not optional. Mandatory.

Similarly, the UNODC's 2025 Whistleblower Toolkit⁸ provides guidance for countries to build protection frameworks for people who report wrongdoing. It's comprehensive on paper—legal measures, institutional safeguards, practical implementation. But it's still just guidance for national frameworks. There's no global coordination, no mechanism for a whistleblower to receive internationally recognised protected status that shields them from unmasking even by their own government.

The technology to protect dissidents while eliminating bot farms already exists. What's missing is the political will to implement it—and to implement it globally, not as a patchwork of national policies that bad actors can exploit.

The pace of change

This brings us to the uncomfortable truth: governments move too slowly on this.

Seventy-nine percent of citizens across major democracies want incitement to violence removed immediately.¹¹ Seventy-one percent of UK adults see anonymous accounts as a serious problem.¹² The majority has spoken. But the majority isn't being heard.

Why? Perhaps because the same tools being used to radicalise individuals are being used to influence the people who make policy. In July 2024, the US Department of Justice disrupted a Russian bot farm that used AI to create nearly 1,000 fake American profiles on social media, spreading pro-Kremlin narratives and attempting to influence the 2024 election.¹⁴ The operation was funded by the Kremlin and run by Russian intelligence officers through RT, the state media outlet.¹⁴ This wasn't a one-off—US intelligence officials have called Russia "the preeminent threat" to election integrity, with sophisticated operations targeting swing state voters.¹⁵

The same anonymity that allows trolls to harass teenagers allows foreign adversaries to pose as concerned citizens, amplify divisive narratives, and shift political discourse. Research suggests that during the 2016 US election, bots generated approximately 20% of political content on Twitter.¹⁶ When the loudest voices in the room are fake, is it any wonder that policymakers struggle to hear the real majority?

The Online Safety Act in the UK is a step forward. The EU's Digital Services Act is a step forward.⁵ Australia's age verification laws are a step forward.⁴ But they're national solutions to a global problem. They're slow. They're cautious. And they're not enough.

We need frameworks that protect individual privacy—your messages, your data, your browsing history—while demanding accountability in public discourse. These aren't contradictory goals. The EU's Digital Identity Wallet aims to prove it.⁹ Estonia has operated a national digital identity system for over two decades—every citizen can securely authenticate to government services, sign documents, and even vote online.¹⁰ The limitation is that it's a closed ecosystem; you can't use your Estonian e-ID to verify yourself on Twitter. The EU Digital Identity Wallet is designed to bridge that gap, making verified identity portable across services and borders. The technology exists. The public support exists. What's missing is leadership willing to act at the pace the problem demands.

The simple principle

The ultimate goal isn't to silence anyone. It's to make people treat each other online the same way they'd treat each other in person.

You can still call someone a douchebag. You can still tell the government they're idiots. You can still be wrong, offensive, or unpopular. What you can't do is incite violence without consequence. What you can't do is run a bot network that drowns out legitimate discourse. What you can't do is harass someone into suicide while hiding behind a username that can never be traced.

Should we really be treating each other differently online than we do in the street? I don't think so. Accountability isn't the death of the internet—it's the only way to save it.

Additional reading

Why the Past 10 Years of American Life Have Been Uniquely Stupid — Jonathan Haidt, The Atlantic (2022)
Democratic Defense Against Disinformation — Daniel Fried & Alina Polyakova, Atlantic Council (2019)
Social Media Messed Up Our Kids. Now It Is Making Us Ungovernable — Jonathan Haidt, Noema (2024)
America Needs a Digital Identity Strategy — Will Wilkinson, Fortune (2025)
ID Verification Is Rising as Social Media's Next Big Issue — Bloomberg Law (2024)
Anonymity and Identity Online — CEPR/VoxEU (2024)
How Can Online Anonymity Affect Hate? — ADL (2023)

References & legislation

Will Hackett

I'm Will Hackett, CTO at flowstate™. I'm a technology leader who's led engineering teams across startups and larger organisations. Previously I co-founded Pragmatic an AI company, built product at Pactio and led engineering teams at Blinq and Linktree. I'm passionate about distributed systems, product engineering and helping teams ship great software.

Website•LinkedIn