Global rollout delayed as Discord pauses global age verification after Persona exposure
Discord has pushed back a global age-verification rollout after wide user backlash and security concerns, the company’s chief technology officer said, moving the program into the second half of 2026. The decision follows researchers’ disclosure of an exposed Persona frontend and new details about the vendor’s surveillance and data-retention practices.
Global rollout moved to second half of 2026, CTO says
Stanislav Vishnevskiy, Discord’s chief technology officer, wrote that the company "missed the mark" and that the phased rollout — originally supposed to begin in early March — will now be delayed to the second half of 2026. The planned rollout would have applied video selfies to determine a person’s age group and allowed users to submit a form of identification to vendor partners, with underage accounts set to a "teen-appropriate experience" that included updated communication settings, content filtering and restricted access to age-gated spaces.
Vishnevskiy said the platform will not require face scans or ID uploads from everyone and that "over 90% of users will never need to verify their age to continue using it. " He added, "If you’re among the less than 10% of users who do need to verify, we’ll give you options, designed to tell us only your age and never your identity. " He also wrote that if a user chooses not to verify their age, they can keep their account, servers, friends list, messages, and voice chat, but will be unable to access age-restricted content or change certain safety settings. Vishnevskiy acknowledged past errors and said Discord no longer works with the vendor tied to last year’s breach. Minyvonne Burke is named in context as a senior breaking news reporter.
Researchers found Persona frontend exposed on a US government–authorized endpoint
Independent researchers discovered a publicly exposed frontend belonging to Persona, the identity-verification vendor Discord had been testing. The exposed code sat at a US government–authorized endpoint and contained 2, 456 accessible files. One researcher, identified as "Celeste, " said the exposed code has since been removed and appeared to have been isolated from Persona’s regular work environment.
The discovery prompted scrutiny because the files revealed a more expansive surveillance and financial-intelligence stack than a simple age-checking tool, the researchers’ analysis in the provided context.
Persona’s checks run far beyond simple age estimation
Persona Identities, Inc., described in the context as a biometric identity verification start-up, offers Know Your Customer (KYC) and Anti-Money Laundering (AML) solutions that rely on biometric checks to estimate age. The exposed files show the software performs 269 distinct verification checks, runs facial recognition against watchlists and politically exposed persons, and screens "adverse media" across 14 categories, including terrorism and espionage.
Persona assigns risk and similarity scores and collects a wide range of data that it can retain for up to three years: IP addresses, browser and device fingerprints, government ID numbers, phone numbers, names, faces, and a suite of "selfie" analytics such as suspicious-entity detection, pose repeat detection, and age inconsistency checks. Examples of the 269 checks cited in the context include estimated age, phone carrier checks, and social security number comparison.
Short-lived Discord partnership, UK testing, deletion promises and prior breach
Discord cut ties with Persona after a partnership that lasted less than a month, a move disclosed in a February 24 statement. The context says Persona has ties to U. S. government surveillance and is partially funded by Peter Thiel’s Founders Fund. Researchers are in direct contact with Persona’s CEO, Rick Song, who has been described as responsive and "engaged in good faith. "
A Discord spokesperson is quoted as saying "only a small number of users’ data was part of this test, " and that information submitted to the company is deleted after seven days. An archived Discord support page noted that UK users "may be part of an experiment" in which age-verification information is processed through Persona; the context also indicates Persona was tested by Discord in the UK.
The disclosure and partnership debate came amid renewed anger over an October security breach of a third-party provider that exposed government ID photos for thousands of users and, in another statement in the context, an admission that approximately 70, 000 users may have had government-ID photos exposed after a vendor hack. Discord later rolled back its original mandatory-verification stance, saying age verification would be optional unless users wanted to view age-restricted channels.
Polling noted in the context indicates over four in five Americans support some form of required age verification, while advocates have argued that such measures can lead to censorship and endanger children’s privacy and online anonymity. The context also records that Discord banned misgendering and deadnaming in 2023 as part of an update to its Hateful Conduct Policy.
What remains unresolved in the provided context
It is unclear in the provided context how many users were included in Persona tests beyond "a small number, " which vendors beyond Persona Discord no longer works with, and the detailed timeline for any new or replacement age-verification plans. The exposed Persona files have been removed from the government-authorized endpoint, and the company’s short-lived partnership with Discord has been terminated, but many procedural and technical questions remain unclear in the provided context.
