| ▲ | anonymous_user9 7 hours ago |
| Notably, by doing this Discord lied in their initial announcement. They originally said [1] that all processing would be on-device, but that's not true for users subject to this "experiment". 1: https://discord.com/press-releases/discord-launches-teen-by-... |
|
| ▲ | Morromist 7 hours ago | parent | next [-] |
| As Argento Dragone said in the Kotaku comments: "Face scanning is used to do ID verification on your device and then deleted immediately." "By immediately I mean we send it to k-ID who said that's what they do." "By that I mean they partnered with Persona to do the actual verification." "Persona clarified that by 'immediately' they mean 'after seven days.'" "And given their ties to Palantir, it's probably fine. You trust us, right?" |
| |
| ▲ | Hawxy 5 hours ago | parent | next [-] | | > "By immediately I mean we send it to k-ID who said that's what they do." People have already validated this fyi. When k-ID was first added you could send a bogus age result to discord from your local device, which probably still works. There's no evidence your facial scans leave the device. > "By that I mean they partnered with Persona to do the actual verification." Which isn't true, it was a UK-only experiment being run for a small subset of users, which has now been discontinued. I get people are outraged, but this is sensationalism at best. | | |
| ▲ | shakna 4 hours ago | parent | next [-] | | After the last screwup, by the same company, why would you trust the data to stay on your device? > Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. And by same company, I don't mean discord. I mean Persona. https://discord.com/press-releases/update-on-security-incide... | |
| ▲ | jacquesm 5 hours ago | parent | prev | next [-] | | Trust is fragile. | |
| ▲ | toofy 4 hours ago | parent | prev | next [-] | | was it “uk only” or was it the only place that required them to notify users theyre being experimented on? we know US law allows tech companies to experiment on us without notifying at all. facebook was caught experimenting on users to see if a timeline full of sad posts would cause the users to become depressed. im guessing his companies will get ahold of discord users data in most other countries. i’d be shocked if he only wants data from a tiny number of UK people. | |
| ▲ | rolymath 3 hours ago | parent | prev | next [-] | | What good does this do for people who have already had their faces enrolled in Thiel's venture now? "oh sorry, we said it's local but forgot to tell you about the experiment that sends you data to Thiel" | |
| ▲ | cookiengineer 3 hours ago | parent | prev [-] | | Enter into Google: Discord breach october 2025 Discord probably still claims they weren't hacked. How they handle incidents like this matters to a lot of folks, and that's what this is about. 3 months after a major breach, how could anybody possibly believe that they fixed all their wrong organizational policies and security measurements within that time, while still not even acknowledging the incident? |
| |
| ▲ | eterm 5 hours ago | parent | prev | next [-] | | And by "Deleted immediately" they might mean they delete the image but keep the hash. | |
| ▲ | 2 hours ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | delecti 3 hours ago | parent | prev [-] |
| I don't want to defend Discord, but that's just not true. That announcement did not say all processing would be on-device, only when you use the face scan. > Video selfies for facial age estimation never leave a user’s device > Facial scans never leave your device. Discord and our vendor partners never receive it. Meanwhile they're also clear that uploaded IDs do get sent to "partners": > Quick deletion: Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation. |
| |
| ▲ | anonymous_user9 2 hours ago | parent [-] | | Ah, I assumed that Persona is being used for face scans too. I haven't been able to find a screenshot of the actual flow, but based on this article [1] with a screenshot of the message UK users are receiving, I suspect they are: >The information you submit will be temporarily stored for up to 7 days, then deleted. For ID document verification, all details are blurred except your photo and date of birth... [emphasis mine] To me, that implies that Persona is/was doing more than just IDs. [1] https://www.eurogamer.net/discord-advises-uk-users-that-they... |
|
