Fury Over Discord's Age Checks Explodes After Shady Persona Test In UK

Source: Slashdot

Background

Discord announced a global age‑verification rollout that would require users to submit a government ID or a video selfie for “full access.” The plan sparked concern after a previous breach exposed the IDs of roughly 70,000 Discord users 【source 1】.

Discord’s Age‑Verification Approach

• Primary method: Video selfies analyzed by AI to estimate age, reducing the need for ID documents for most users.
• Fallback: Users who appeal an incorrect age assessment must provide a government ID.
• Data handling claim: Discord’s global head of product policy, Savannah Badalich, told The Verge that ID data “are deleted quickly – in most cases, immediately after age confirmation.”

Persona Test in the United Kingdom

Discord briefly disclosed a UK‑specific test that involved the third‑party vendor Persona. An archived FAQ note warned:

“Important: If you’re located in the UK, you may be part of an experiment where your information will be processed by an age‑assurance vendor, Persona. The information you submit will be temporarily stored for up to 7 days, then deleted. For ID document verification, all details are blurred except your photo and date of birth, so only what’s truly needed for age verification is used.”
— Archived Discord support page

Issues Raised

• Lack of transparency about the experiment’s scope and duration.
• Persona was not listed as a partner on Discord’s platform.
• Discord’s later disclaimer suggested a shorter storage timeline than originally implied.

Backlash and Criticism

• Critics argued Discord was obscuring how long IDs might be stored and which entities were collecting the data.
• The test was described as involving “a small number of users” and lasting “less than one month,” but details remained vague.
• Hackers exposed a workaround to bypass Persona’s age checks and discovered a Persona frontend exposed on a U.S. government‑authorized server.

Responses from Discord and Persona

• Discord confirmed the test has concluded and that Persona is no longer an active vendor.
• Discord pledged to inform users when new vendors are added or updated.
• Rick Song, CEO of Persona, told Ars Technica that all data from the verified individuals involved in the Discord test has been deleted.

Findings About Persona’s Surveillance Capabilities

The independent publication The Rage reported that analysis of 2,456 publicly accessible files revealed extensive surveillance features in Persona’s software, combining facial recognition with financial reporting and a parallel implementation that appears designed for federal agencies 【source 2】.

• Persona does not hold any government contracts, but the exposed service appears to be powered by an OpenAI chatbot 【source 3】.
• Hackers warned that OpenAI may have created an internal database for Persona identity checks, potentially aggregating data across all OpenAI users.

Conclusion

The controversy highlights ongoing tensions between age‑verification requirements, user privacy, and third‑party data handling. While Discord has ended its partnership with Persona and asserts rapid deletion of ID data, the episode underscores the need for clearer transparency and stronger safeguards when implementing biometric and document‑based verification systems.