Discord’s Age Verification Sparks Privacy Outcry in UK
▼ Summary
– Discord faced immediate backlash after announcing it would default users to teen experiences until their age is verified.
– A major complaint was the plan to collect more government IDs, which alarmed users following a recent breach that exposed 70,000 IDs.
– Discord stated most users would verify via AI-estimated video selfies, raising separate privacy concerns, and suggested future checks might use behavioral signals.
– The company confirmed it would still request IDs for appeals, a process linked to the prior breach, but claimed most ID data is deleted immediately after verification.
– Backlash intensified after Discord posted and deleted an FAQ note revealing a UK experiment where IDs could be stored for up to 7 days by an unlisted partner, Persona.
The popular messaging platform Discord is facing significant privacy concerns following its announcement of stricter age verification measures, particularly impacting users in the United Kingdom. This move, which will default all users to a restricted “teen experience” until their age is confirmed, has ignited a firestorm of criticism focused on data security and transparency. The backlash intensified due to the platform’s recent history with a third-party breach that exposed tens of thousands of government IDs, making users wary of any new data collection efforts.
A core complaint centers on Discord’s plan to collect more government-issued identification documents as part of a global age verification rollout. This decision alarmed many, coming so soon after a security incident involving a former age-check partner. That breach reportedly compromised the sensitive government ID data of approximately 70,000 Discord users, highlighting the inherent risks of storing such information.
In an attempt to calm fears, Discord officials stated that most users would not need to submit an ID. Instead, the company proposed using AI to analyze video selfies for age estimation, a method that itself raises separate privacy questions. Discord also suggested that future systems might use behavioral signals to bypass age checks for regular users, seemingly minimizing concerns about the storage of sensitive data.
However, the platform was clear that it would continue to request official identification from any user who wished to appeal an incorrect age assessment. This policy did little to reassure the community, as the previous major breach occurred through exactly this type of appeals process. In response to critics, Discord asserted that the majority of ID data is deleted promptly. Savannah Badalich, Discord’s global head of product policy, emphasized that identification documents shared during appeals “are deleted quickly, in most cases, immediately after age confirmation.”
The situation grew more confusing when Discord posted and then mysteriously removed a disclaimer from an FAQ page about its age assurance policies. This note appeared to contradict the company’s earlier assurances about rapid data deletion. An archived version of the page revealed a warning specifically for UK users, stating they might be part of an experiment with an age-assurance vendor named Persona. The disclaimer noted that submitted information could be “temporarily stored for up to 7 days, then deleted,” and that for ID verification, all document details except the photo and date of birth would be blurred.
This incident led critics to accuse Discord of obscuring not only potential data storage durations but also the identities of the companies involved in collecting information. The platform did not clarify what the experiment was testing, how many users were involved, or why Persona was not listed as an official partner, further eroding trust in its privacy safeguards.
(Source: Ars Technica)
