India, Dec. 13 -- There's no other way to put it. One day, someone, somewhere looked into an airport camera, blinked, and was allowed to pass. The next day, social media warriors had declared: "Your biometrics is now the property of a private cartel." If they are to be believed, Digi Yatra had cloned users while they slept. This is the India we live in: we trust facial unlock to open our banking apps. But fear it will betray us at an airport. Three tribes power this drama. The first tribe is the activist-expert class-people who discovered cybersecurity last Tuesday and now broadcast warnings with the confidence of prophets. They shout "Black box!" and "Surveillance!". Nobody stops to ask a basic question: Where exactly are these billion faces being stored? In whose server room? On what infrastructure? Funded by whom? The details don't matter. But their volume does. The second tribe is inside the government. Half earnest, half terrified. A senior bureaucrat told me recently: "Every time a WhatsApp forward starts going out, officers stop signing files. Nobody wants to be the next headline." He wasn't joking. In Delhi, a rumour can destroy a month's work faster than incompetence can. The third tribe is the public-sharp, impatient, and fuzzy on technicals. They know Digi Yatra speeds things up. They also know someone online warned them that "the system is harvesting your data." But what data? Harvested by whom? For what purpose? Unclear. So let's get to the part nobody explains properly. Digi Yatra's legal structure makes people uneasy. It is a Section 8 not-for-profit foundation. Private airports hold most of the shares. But the paranoia machine hears this and immediately concludes: "Private cartel". The reality is boring. The AAI holds 26%. Someone from here sits on the board. Then, there is a Ministry of Civil Aviation representative who attends every meeting. Long ago, Digi Yatra started as an IT cell inside the Ministry before being spun out when the system grew too big to run from a department desk. Now the fear: Are these government bodies storing your biometrics? Short answer: No. Long answer: I asked someone who actually knows. "Your identity stays on your phone," says Siddharth Sharma, the chief and innovation officer (CIIO) of Digi Yatra. "It doesn't get stored on a central server. The airport only receives a flight-specific biometric token. Nothing more. And that token is deleted automatically within 24 hours-not because someone promised to delete it, but because the system is built to purge it." This should end the rumour mongering. But it doesn't. Activists demand audit trails as proof of honesty. But Digi Yatra cannot. "There is no identity data in our backend," Sharma says. "So, what audit trail should we serve? The Aadhaar logs that exist under protocol are held by the authorised user agency as per UIDAI norms. We don't have them." Journey logs retained for 14 days are not linked to any personally identifiable data. But the public never hears this long answer. They hear the viral one. Meanwhile, the real oversight architecture is invisible to them. The deletion mechanism, potential leak points, and system plugs are audited every year by CERT-In. These aren't ceremonial rubber stamps. CERT-In tries to break things. Their findings go to departments such as NIC, MeitY, and MoCA. They are not public, but they exist in a formal chain of accountability. The bureaucracy fears noise more than flaws. Whispers in Delhi have it that Civil Aviation is so risk-averse it rejected proposals to integrate with Apple Wallet and Google Wallet. Too many unknowns. Too much potential for embarrassment. And questions in Parliament can come hard and fast. Then there are the activists. Some mean well. Some enjoy the spotlight more than the substance. Both end up shaping a narrative that overwhelms nuance. Ajay Kumar, chairman of UPSC wrote on the theme in Business Standard last week: "While openness is both desirable and necessary, unrestricted accountability becomes persecution; transparency without context becomes exposure; and scrutiny without proportionality becomes injustice." In one line, he captures the paralysis inside the government today. A ministry trying not to get it wrong is being accused by critics who don't have to make anything work. The oddity of the Digi Yatra debate then is this: the system designed to keep your data nearest to you is the one everyone fears. Meanwhile, the apps that genuinely mine your behaviour such as messaging apps, the social media on our phones and quick commerce apps to begin with, float above the conversation untouched. The deeper truth lands quietly: Digi Yatra isn't exposing our privacy. It is exposing our anxiety. The real threat here isn't that Digi Yatra knows too much about us. The real threat is that the rumours know more about our fears than we know about the system....