Discord Updates User Privacy Measures
Messaging platform Discord has informed users that they don’t need to disclose their identities in most areas, although some regions still require facial recognition or government ID checks.
After a data breach in October that exposed around 70,000 images of IDs, including passports and driver’s licenses, Discord has been revising its security protocols. The breach also involved sensitive information like user IP addresses and conversations with support staff, as reported.
By February 2025, Discord announced that users who do not provide a facial age estimate or identification would automatically revert to a teen-level account. This limitation restricts access to political discussions and various forms of sensitive content.
In response to significant backlash, Discord has begun to relax the stringent identification requirements, at least temporarily. However, this doesn’t mean that the company is abandoning plans for user authentication entirely.
According to their official statement, “Where we have legal obligations, we continue to meet those obligations.” In places like the UK, Australia, and Brazil, laws may necessitate age verification through approved methods, including facial age estimation.
Discord clarifies that for the less than 10% of users required to authenticate, the process will focus on confirming age without revealing personal identities. Essentially, age-restricted access will persist.
Additionally, Discord has imposed restrictions on companies utilizing facial age estimation and is considering alternative means of user verification, like credit card checks. “All partners providing facial age estimation must do so on-device,” noted the company.
Interestingly, they halted further collaboration with Persona, a firm that fell short of their set standards during limited tests in the UK. Detailed reports indicated that Persona’s practices included numerous cross-checks of facial data, raising concerns about government access.
While Discord aims for transparency, it’s essential to recognize that user data and biometric information will still be collected as part of their verification processes.
