• Discord partners with Persona for age verification, requiring facial scans before full platform access. • Researchers uncovered a publicly exposed Persona frontend on a US government‑authorized server. • The exposed code contained 2,456 files, now removed but revealing deep surveillance logic. • Persona performs 269 verification checks, including facial recognition against watchlists and PEPs. • The system screens 14 adverse media categories, assigns risk scores, and stores data up to three years. • Collected data includes IPs, fingerprints, IDs, phone numbers, names, faces, and selfie analytics.
Article Summaries:
- Researchers discovered a publicly exposed frontend of Persona Identities, the biometric identity‑verification vendor used by Discord for age checks. The exposed code, hosted on a U.S. government‑authorized server, contained 2,456 files that revealed Persona’s extensive data‑collection and surveillance capabilities-beyond age estimation, the system performs 269 verification checks, facial‑recognition against watchlists, adverse‑media screening across 14 categories, and stores IP addresses, device fingerprints, government IDs, phone numbers, and facial analytics for up to three years. Discord has announced it will discontinue using Persona, while other platforms such as Roblox, OpenAI, and Lime continue to rely on the service. The exposure raises significant privacy concerns amid ongoing debates over age‑verification practices.
Sources: