The username wars: India’s small fight over a very big question

The Government is asking why citizens should be allowed to talk without sharing phone numbers. In a democracy, that question runs the other way
Sometime on July 2, a letter left the Ministry of Electronics and Information Technology carrying one of the strangest regulatory questions ever put to a technology company. Addressed to Telegram and Signal, it asked, in essence: why should Indians be allowed to talk to each other without exchanging phone numbers?
Strip away the legal language and that is the whole dispute. Not encryption. Not national security. A handle - a string of characters beginning with @ - that lets a woman message a stranger on a marketplace without handing over the number that rings in her pocket at midnight.
The sequence tells its own story. On July 1, WhatsApp was ordered to pause the rollout of its optional username feature until the Government was “satisfied” with its safeguards. Within a day, notices reached Telegram and Signal demanding they justify features they have offered for years - Telegram since 2014, Signal since 2024. Zoho’s homegrown app Arattai did not wait to argue; it announced it would simply switch its usernames off. In forty-eight hours, a design choice made independently by four companies on four continents became a matter requiring explanation in New Delhi. None of the notices has been made public. Citizens are learning what their Government demands of their communication tools through press leaks.
To see what is actually at stake, rewind nine days. On June 23, the Government notified the authorisation rules under the Telecommunications Act, 2023 — the statute that finally retires the Indian Telegraph Act of 1885 and the Wireless Telegraphy Act of 1933. The word “licence” vanishes from Indian telecom law after 141 years; “authorisation” replaces it, applications now flow through a digital portal, and a colonial framework written for a world in which the state owned the copper wire is gone. This is genuine, overdue modernisation, and the Government deserves credit for it.
But the new law carries a definition with enormous gravitational pull. It describes telecommunication in technology-neutral terms — the transmission of messages by wire, radio, optical or other electromagnetic systems.
Lawyers have warned that this language is broad enough to pull internet messaging apps into the telecom net whenever the Government chooses to notify them. Read against that backdrop, the username notices are not a stray consumer-protection exercise. They are a sounding line, dropped to measure how far the new perimeter can reach. Here, a little engineering honesty would rescue the debate, because the public conversation has collapsed two very different things into one: an identifier and an identity.
A username is not a cloak of invisibility. It is a pointer - a human-readable label that a server translates into an account, exactly as the internet’s address book translates “thepioneer.com” into a string of numbers. On an end-to-end encrypted platform, the message itself is unreadable to everyone except sender and recipient, whether it was addressed to a phone number or a handle. Banning usernames decrypts nothing. Permitting them encrypts nothing. The mathematics is serenely indifferent to what you call yourself.
What a username does disturb is an arrangement the Indian state has quietly enjoyed for two decades. Every SIM card in this country is issued against verified identity documents. When your messaging account is welded to your mobile number, the state inherits — free of charge, without passing a single law — a chain of custody linking every conversation to a KYC-verified human being. Usernames loosen that weld. That, not fraud, is the deeper anxiety, and we should have the honesty to debate it as what it is: a question about how much anonymity a free society owes its citizens, not a squabble over an app setting.
The fraud concern is real, and it deserves respect rather than dismissal. Digital arrest scams, phishing and impersonation have exploded. A Ministry of Home Affairs cybercrime report, submitted to the Delhi High Court, reportedly logged over 6.8 lakh Telegram-linked complaints with losses exceeding Rs 71,000 crore. Telegram - banned for a week in June ahead of the NEET-UG re-examination over paper-leak fears - has earned much of its scrutiny.
But a remedy must connect to the disease, and here the engineering refuses to cooperate with the politics. The overwhelming majority of scam calls and messages in India arrive today through phone numbers - spoofed, virtual, international, or procured on forged documents. Two decades of KYC-verified SIMs have not stopped them. If verified numbers cannot stop number-based fraud, it is magical thinking to believe unverified fraud will stop because usernames were banned. Criminals route around identifiers; that is practically their job description. Meanwhile, the people usernames genuinely protect are exactly those the state claims to champion: women dodging stalkers, journalists shielding sources, doctors and teachers who must be reachable without surrendering a personal number to a thousand strangers. Signal designed its usernames to be invisible by default for precisely this reason — the feature exists to shrink the personal data a conversation exposes, not enlarge it.
There is also a rule-of-law problem that should worry us even if the technology bores us. Digital rights groups, including SFLC.in, have pointed out that neither the Information Technology Act nor its rules create any prior-approval regime under which platforms must seek permission before shipping a feature — and have demanded the ministry publish the notices and cite their legal basis. Analysts see the real lever: Section 79 of the IT Act, the safe-harbour provision meant to shield intermediaries, being quietly brandished as a threat. When software features require a nod from a ministry, delivered through unpublished letters, we have not regulated technology. We have built a permission raj for code.
India, of all nations, should recognise the superior alternative, because India invented it. We did not fight payment fraud by banning UPI handles - which are, let us be honest, usernames for money. We engineered trust into the rails: the beneficiary’s verified name appears before you pay, limits cap the damage, grievance systems run in public view. UPI now moves billions of transactions a month precisely because identity assurance was built into the architecture rather than bolted on through prohibition. The same template fits messaging: enforce rapid, due-process responses to law-enforcement requests; mandate proactive impersonation detection; hold grievance officers personally accountable; require public transparency reports. Regulate outcomes. Leave the architecture alone.
The new telecom rules themselves mark the boundary the Government is now blurring. They require carriers to store network logs in India and route satellite traffic through Indian gateways — defensible sovereignty measures aimed at companies occupying spectrum, a genuinely scarce public resource. But an app is not a carrier, any more than a conversation is a highway because it happened in a moving car. The 1885 Telegraph Act conflated the message with the wire because, in 1885, the state owned both. The 2023 Act was written to end that confusion. It would be a bitter irony if its first real-world test smuggled the Victorian instinct back in digital clothing.
Which brings us back to the question in that July 2 letter — why should you be allowed to offer usernames? and to the quiet scandal inside it. The burden of proof is upside down. In a constitutional democracy, citizens do not petition the state for permission to speak without disclosing a phone number; the state must justify why they cannot. India is building the most ambitious digital public infrastructure on earth, and its credibility rests on one proposition: that we govern technology through law, in the open - not through the leverage of letters no one is allowed to read. On that proposition, this very small fight over a very small feature has become a very large test.
The writer is a physicist at the University of North Carolina at Chapel Hill and a columnist on AI, infrastructure and global systems; Views presented are personal.















