Hackers Expose The Massive Surveillance Stack Hiding Inside Your “Age Verification” Check

We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare.

Well, here we go again.

A couple weeks ago, Discord announced it would launch “teen-by-default” settings for its global audience, meaning all users would be shunted into a restricted experience unless they verified their age through biometric scanning. The internet, predictably, was not thrilled. But while many users were busy venting their frustration, a group of security researchers decided to do something more useful: they took a look under the hood at Persona, one of the companies Discord was using for verification (specifically for users in the UK).

What they found, according to The Rage, was exactly what we would predict:

Together with two other researchers, they set out to look into Persona, the San Francisco-based startup that’s used by Discord for biometric identity verification – and found a Persona frontend exposed to the open internet on a US government authorized server.

In 2,456 publicly accessible files, the code revealed the extensive surveillance Persona software performs on its users, bundled in an interface that pairs facial recognition with financial reporting – and a parallel implementation that appears designed to serve federal agencies.

Let me say that again: 2,456 publicly accessible files sitting on a government-authorized server, exposed to the open internet. Files that revealed a system performing not a simple age check, but a ton of potentially intrusive checks:

Once a user verifies their identity with Persona, the software performs 269 distinct verification checks and scours the internet and government sources for potential matches, such as by matching your face to politically exposed persons (PEPs), and generating risk and similarity scores for each individual. IP addresses, browser fingerprints, device fingerprints, government ID numbers, phone numbers, names, faces, and even selfie backgrounds are analyzed and retained for up to three years.

The information the software evaluates on the images themselves includes “Selfie Suspicious Entity Detection,” a “Selfie Age Inconsistency Comparison,” similar background detection, which appears to be matched to other users in the database, and a “Selfie Pose Repeated Detection,” which seems to be used to determine whether you are using the same pose as in previous pictures.

This was the same company checking whether a teenager should be allowed to use voice chat on a gaming platform.

Beyond offering simple services to estimate your age, Persona’s exposed code compares your selfie to watchlist photos using facial recognition, screens you against 14 categories of adverse media from mentions of terrorism to espionage, and tags reports with codenames from active intelligence programs consisting of public-private partnerships to combat online child exploitative material, cannabis trafficking, fentanyl trafficking, romance fraud, money laundering, and illegal wildlife trade.

So you wanted to verify you’re old enough to use voice chat, and now there’s a permanent risk score somewhere documenting whether you might be involved in illegal wildlife trafficking.

What could go wrong?

As the researchers put it to The Rage:

“The internet was supposed to be the great equalizer. Information wants to be free, the network interprets censorship as damage and routes around it, all that beautiful optimism. And for a minute it was true.”

[….]

“The state wants to see everything. The corporations want to see everything. And they’ve learned to work together.”

Discord, to its credit, has now said it will not be proceeding with Persona for identity verification. And to be fair, Discord and similar internet companies are in an impossible position here—facing mounting regulatory pressure in multiple jurisdictions to verify ages while being handed a market of vendors who keep turning out to be security nightmares. But this is part of a pattern that should be deeply familiar by now.

Just last year, Discord’s previous third-party age verification partner suffered a breach that exposed 70,000 government ID photos, which were then held for ransom. Discord said it stopped using that vendor. Then it moved to Persona, which was already raising concerns due to connections to Peter Thiel. Now Persona’s frontend is found wide open on a government-authorized server, and Discord is dropping them too.

See the pattern? Discord keeps swapping vendors like someone frantically rotating buckets under a leaking roof, apparently hoping the next bucket won’t have a hole in it. But the problem was never the bucket. The problem is the hole in the roof — the never-ending stream of age-verification government mandates.

And this brings us to the bigger, more important point that almost nobody in the “protect the children” policy crowd seems willing to engage with honestly. Every single time you mandate age verification, you are mandating the creation of a centralized database of extraordinarily sensitive personal information. Government IDs. Biometric facial data. The kind of data that, once breached, cannot be “changed” like a password. You get one face. You get one government ID number. When those leak—and they will leak—the damage is permanent.

Even the IEEE Spectrum Magazine is now publishing articles that detail how age verification undermines any effort to protect children by putting their privacy at risk.

These systems fail in predictable ways.

False positives are common. Platforms identify as minors adults with youthful faces, or adults who are sharing family devices, or have otherwise unusual usage. They lock accounts, sometimes for days. False negatives also persist. Teenagers learn quickly how to evade checks by borrowing IDs, cycling accounts, or using VPNs.

The appeal process itself creates new privacy risks. Platforms must store biometric data, ID images, and verification logs long enough to defend their decisions to regulators. So if an adult who is tired of submitting selfies to verify their age finally uploads an ID, the system must now secure that stored ID. Each retained record becomes a potential breach target.

Scale that experience across millions of users, and you bake the privacy risk into how platforms work.

We have been cataloging these breaches for years. In 2024, Australia greenlit an age verification pilot, and hours later a mandated verification database for bars was breached. That same year, another ID verification service was breached, exposing private info collected on behalf of Uber, TikTok, and more. Then came the Discord vendor breach last year. And now Persona.

This keeps happening because it has to keep happening. It’s the inevitable result of a system designed to aggregate the exact kind of data that attackers most want to steal. Computer scientists and privacy experts have been sounding this alarm for years.

And what makes this even more galling is that these age verification systems don’t even accomplish what they claim to accomplish.

Take Australia’s infamous ban on social media for under-16s, the poster child for this approach. It’s been a complete failure on its own terms: plenty of kids have already figured out ways around the ban, while those who can’t—particularly kids with disabilities who relied on social platforms for community—are being actively harmed by their exclusion. As the security researcher who helped discover the Persona leak, Celeste, told The Rage:

“Normies won’t be able to bypass these,” while less benevolent people “will always find ways to exploit your system.”

So we’ve built a system that fails to keep out the people it’s supposedly targeting, while successfully creating permanent biometric dossiers on millions of law-abiding users. Not great!

Meanwhile, what’s happening at the legislative level is perhaps even more cynical. Governments around the world are pushing harder and harder for mandatory age verification online. And as these mandates create a captive market worth billions of dollars, a whole ecosystem of venture-backed “identity-as-a-service” startups has sprung up to serve it. Persona, valued at $2 billion and backed by Peter Thiel’s investment network, is just one of many. These companies make grand promises about privacy-preserving verification, get contracts with major platforms, and then — whoops — leave 2,456 files exposed on a government server.

And, of course, these very firms are now lobbying for stricter age verification mandates. They’ve positioned themselves as protectors of children while actively working to expand the legal requirements that guarantee their revenue stream.

Lawmakers mandate an impossible task, VC-backed startups pop up to sell a “solution,” those startups then lobby for even stricter mandates to protect their market, and the cycle repeats.

“Child safety” has simply become the marketing department for a rent-seeking surveillance industry.

As long as the law demands that these biometric gates exist, the “security” of the data they collect will always be a secondary concern to “compliance” with the mandate. Companies will keep rotating through vendors, each one promising that their system is the one that won’t leak, right up until it does. And the age verification industry will keep lobbying for stricter laws, because every new mandate is another guaranteed revenue stream.

The researchers who exposed Persona’s frontend hope their findings will serve as a wake-up call. Given the track record, it probably won’t be. Discord dropping Persona changes nothing—the next vendor will collect the same data, make the same promises, and eventually suffer the same breach. Because the problem was never which company holds your biometric data. The problem is that anyone is being forced to hand it over in the first place.