Given current events in the USA, I can't emphasize enough how worried one should be about the fact that a few companies like Discord, Google (Gmail), and Meta have databases with access to the private conversations of hundreds of millions of people with their closest friends and family members, linked up with their identity.
Some of the big strengths of running a self-hosted Zulip server for your community are:
- Zulip servers are operationally simple, highly stable and easy to upgrade.
- Zulip is much better than Discord or Slack for managing the firehose of busy communities. Or at least, a lot of people tell us that they prefer the user experience to everything else they've tried, after a few weeks of getting used to it. :)
- Your community leaders get to make the policy decisions about data protection, identity, etc.
- It's 100% FOSS software, with an extremely readable and maintainable codebase that ~1500 people have successfully contributed code to. I don't think you'll find modern alternatives with a comparable featureset to Discord that are more resilient to the sponsoring company being acquired or going out of business.
- We are a values-focused organization (https://zulip.com/values/) where providing a public service is important to us all.
- Each server is completely self-contained and independent, with the only centralized services needed from us being desktop/mobile app publication and mobile push notifications delivery (which is free for community use and soon to be E2EE).
I'm happy to answer any questions.
Rules for thee, free love for me.
A month later, the account was suspended for supposedly breaking guidelines. I never posted a single message, never reacted to any posts.
They then required me to upload a video scan of my face to prove I was a person.
We aren’t quite at the end of the internet, but man I can really see the end of this journey coming sometime soon.
*CANCEL YOUR NITRO SUBSCRIPTION NOW IF YOU'RE PAYING FOR ONE* (for whatever reason)
This was just announced today and a flood of canceled payments within the next 24 hours are the easiest way to send a message. And also tell people on the servers you're on to do the same. It's not like they give you anything of real value for that money.
https://www.bbc.com/news/articles/c8jmzd972leo
> Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber-attack.
However, their senior director states in this Verge article:
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
Why they didn't do that the first time?
Although I know it's not really about protecting the kids. I wonder if the politicians are exempt from this too as they were chat control.
> The scanning would apply to all EU citizens, except EU politicians. They might exempt themselves from the law under “professional secrecy” rules.
https://nextcloud.com/blog/how-the-eu-chat-control-law-is-a-...
What about my "PERSONAL SECRECY" ?
Discord is used by a bunch of closeted users having pseudos, who wouldn't do the same activities on it if everyone had their names.
A part of the Discord users is from countries from which Discord isn't even officially accessible (eg China) or where involvement in LGBT discussions could result to death row (Afghanis are still on Discord)
For me, a company that open sourced 70,000 IDs and ask for moooooore just weeks later is just a joke about the sharing economy
The problem isn't even for new users. Some users have over a decade of private hobbies and will now need to associate their governement ID to their profile. Discord pinky swears they ask but don't keep this time, which isn't enough.
Companies shouldn't be allowed to change such fundamental ToS after an account is created.
I wouldn't mind showing my ID to a person (in person), but there's no way I'm letting some company get a scan of my ID or passport to store in some giant database that's a rich target for hackers. Might as well give them access to all my bank accounts (Plaid) too.
(It sure would be nice if there were a national privacy law in the US.)
Also, it's illegal for companies to use facial recognition in my jurisdiction, so if I allowed them to "verify" me, they'd be breaking the law.
Are they shipping a video classifier model that can run on all the devices that can run Discord, including web? I've never heard of this being done at scale fully client-side. Which begs the question of whether the frames are truly processed only client-side...
People's livelihoods and safety are threatened when there's people's personally identifying information associated with their Discord chats - even if linked by "anonymous" identifiers.
Imagine your photo ID next to the horniest thing you've stated next to some random asshole on the Internet.
Discord has no moral right to make such a dramatically consequential decision about the personal privacy of its users in jurisdictions where such age verification tech is not mandatory.
Pardon me if I don't have a lot of trust in their ability to keep it safe.
- Matrix
- Stoat, previously revolt (https://stoat.chat/)
- IRC + Mumble
- Signal
[1] https://techcrunch.com/2026/01/07/discords-ipo-could-happen-...
(here's part of it: https://digital-strategy.ec.europa.eu/en/news/commission-rel... )
As startups grow beyond a critical threshold, they start to attract a certain type of person who is more interested in mercenarily growing within the company / setting themselves up for future corporate rise than building a product. These people play to the company's internal court and create deeply bitter environments that leads to more mission-driven individuals leaving the company.
Which is why we end up with decisions like OnlyFans hitting $1B / yr in revenue (with extreme profitability) off of porn and then deciding to ban porn, https://www.ft.com/content/5468f11b-cb98-4f72-8fb2-63b9623b7...
Or, Digg deciding to kill its "bury" button and doing a radical "redesign" that made Reddit worth billions.
Unity's decision to update its pricing. Sonos' app "redesign" etc etc.
Corporate vampires will cheerfully slaughter your golden goose. Or, in the best case, severely cripple it.
Watch:
A) Discord relaxing its rule because of mass exodus B) People moving elsewhere where no personal information is required
Why isn’t this delivered via some sort of notification, menu, pop-up, etc? DMs seem prime for phishing
I didn't even realise discord scans all the images that i send and recieve.
Mandatory age checks with biometric or ID data can create long-term privacy and reuse risks that the ecosystem has not fully reckoned with yet.
(not affiliated with the project, just really want to see it succeed)
[1] https://stoat.chat/ [2] https://github.com/stoatchat/for-ios
I really just don't know what isn't "safe" for teens, so hopefully this will be pretty clear somewhere.
This clearly doesn't work and they're surely aware of it. Perhaps it's even intentional as a choice to give kids a way out, just trying to cover their own asses in regards to regulation.
* SCREEN Act age verification with huge implications for all online privacy: https://www.youtube.com/watch?v=8bnp3nmpK9g&list=PLu4srHCWJr...
* Abolishing Section 230, the law that protects platforms like this from being sued for user content (just published today): https://www.youtube.com/watch?v=_eqt8vrtP-U&list=PLu4srHCWJr...
* UK online safety act (it's not just the U.S.) - interview with the lawyer defending 4chan: https://www.youtube.com/watch?v=DD3PGp9RhTw&list=PLu4srHCWJr...
I personally don't find ease-of-use to be worth the price of my privacy but most people are more than happy to sell themselves out piecemeal in the form of data until there's nothing left but a bunch of numbers in a spreadsheet to attest to their ever having existed.
For example, if we are in a server for coding, maybe we will have to use zoom or google meet as a stopgap. Curious if others have better alternatives.
I use Discord for chat and voice calls since that is what I expect from a chat app, but the amount of companies that have built their community / knowledge base / support system around Discord is worrying. You know they can just delete that, right?
I'll continue to use Discord for chat until prompted to put my face in the hole :)
It seems to me that the "logical" solution to this is some sort of local key like "sudo" that the user enters/has access to. This key is on a cookie or request or something that says "This request is being done by a verified adult" and then the website goes "cool here's your data". If the request does not have it, then the website says "Sorry you need one of these keys/permissions to access".
I see this as elegant because like modern IDs, YES THEY COULD GET AROUND IT, but at least it gives parents and users who want to abide and try the ability. Kids get fake id's, they get stuff they shouldn't. So long as audits show that the businesses are trying to catch this and punishing those who ignore procedures properly, things are "fine".
How infeasible is this from a coding perspective? I get that we're fucking with standards here, but I figured it would make most sane users and companies happy. Companies don't have to keep PII, just a log of "yes this access from this IP was approved, but we discovered is was used falsely and banned that key", and users have a tool that's setup once locally (or refreshed when you want a new key).
I guess you'd need some way to authenticate these as if it's too easy to spoof whats the point, but it strikes me as leagues better of "store everyone's colonic map"
How off base am I here? Is the theory somewhat sound or is this just dead from the ground up?
On one hand, I'm not surprised.
But on the other hand-- I would be terrified to be in charge of a company who needed to make this ask. It's just such a big deal, such an important bit of information to protect from hacks.
I hope they lose most of their customer base. But I'm terrified they won't.
The gradual erosion of privacy is no longer gradual.
The company that Discord uses lists the methods they accept above. Notably, they do not accept any privacy-protecting digital identity standards from US or EU citizens; they only implement national ID verifications where they receive a full birthdate, with the sole exception of AU where they allow banks to attest to age-majority.
Leveraging this press to highlight their clear desire-for / dependency-on being provided an explicit birthdate, rather than simply a bool backed by the government, would be an effective lever to pull through e.g. New York and California governmental privacy efforts — especially if one somehow got them classified as a data broker in California and therefore bound to a much more expensive set of laws, due to their insistence on being provided PII when more privacy-protecting alternatives are available there.
Yes, this isn’t a scorched earth response. Every other thread of discussion here has that covered already and I have nothing new to add there. But for anyone looking to force privacy into the budding age checks verification market at an early stage rather than trying to shut it down, here’s your roadmap to effecting real change on the matter. Good luck.
Yay to further fragmentation:D
They’re not gonna use Slack or phpBB.
- ID verification to see porn on Discord.
- Also, some warnings to not befriend stangers.
Not very heavy handed, you can google porn anytime. I am not sure who this serves.
phpBB never made me scan my face.
Does it mean that even people who reside outside jurisdictions touched by the age verification craze will have to deal with all this?
> use facial age estimation
Surely a kid won't be able to ask someone else to pass the check for them. But let's talk about false positives. If the estimator falsely declares someone an adult, is Discord legally liable?
> submit a form of identification
If you have a picture of an ID document, can you verify that it's real? You'd have to ask the government for that. And at least in one country there is no process for that.
> On-device processing
Oh, a client-side check. Must be secure.
It's just a small step ahead of "phone number required" auth.
And this will reduce spam from random accounts. Will see if it remains usable without uploading my Id.
I made a lot of friends on those communities growing up, and it inspired me to go into software because I saw how it brought people together.
And I still sorely miss the WhatCD forums. While I didn’t make any friends there, it shaped my early experiences with music which still reverberates through me today.
Even with the reinvigoration of new ideas from LLMs, tech feels like it has been languishing for well over a decade at this point. The playbook is to disrupt traditional industry at a loss, then enshittify when competitors are gone. A lot of tech plays really feel like some form of: bring the yellow pages into the digital realm and overcharge for facilitating that access. Finding a firm that even uses AI outside of a chatbot UX is rare.
I genuinely wonder which proportion of the users want access to age-restricted servers and channels...
Feels like it should be just fine not to verify the age.
There's this interesting arc of growth for apps which are successful. At first users love it, company grows, founders get rich, they hire expensive people to develop the product and increase revenue until eventually the initial culture and mission is replaced by internal politics and processes.
Software starts getting features which users don't want or need, side effects of the company size and their Q4 roadmap to 'optimize' revenue|engagement|profits|growth|...
Users become tools in the hands of the app they initially used as a tool. This model worked well so far and built some of the biggest companies in history.
AI could make this business model less effective. Once a piece of software becomes successful and veers off into crap territory, people will start cloning it, keeping only the features that made that software successful initially. Companies who try to strong arm their users will see users jump ship, or rather, de-board on islands.
At least I hope this will be the case.
I feel like age verification will come, there is no way around it (unlike ChatControl and the likes, age verification seems reasonably feasible and has a lot of political traction right now).
But I would rather have a privacy-preserving solution for that, e.g. from the government (which already knows my age).
I've seen way too many governments / companies use "protect the children" as a way to try and push overreaching garbage policy, however I think this one actually might help.
That said, depends on exact details of how they want to do this. We'll see how it goes.
Facial video estimates or submit an id card.
Option 3: if we analyze all of your data we have and see you are not going to bed at 8pm for middle school, you get adult status.
Until someone offers up something better, I take these types of initiatives from social media platforms as huge wins. Ignoring the problem will not make it better. We've been ignoring it for about 20 years now, and it's only gotten worse.
I use Signal but the UI is very different from Discord.
I've had very mixed experiences with Element + Matrix, Element keeps crashing on mobile, and while voice chat kinda exists in Element it's not been great imho.
I looked into hosting Rocket.chat, Zullip, and Mattermost but from what I recall voice + mobile were either missing or paywalled at a per-user price.
Any recommendations?
That presumably includes selfies?
That means that to exchange racy photos on Discord, each person must first record a facial age estimation video or upload identification documents.
That seems dystopian.
1: https://discord.com/press-releases/discord-launches-teen-by-...
I would love to hear a testimony from someone who finds their Discord servers to be edifying or uplifting. What worked?
I don't know what people need as lesson. We already have so many FLOW options, and yet they are so many running after the last shiny ready for enshitification ready to go platform.
Expect them to sell your whole life to whatever party with enough money to throw at their face.
These companies do not do this under external pressure from the state, they do this because it benefits and consolidates their power as well.
It's bricks for their castle wall.
Corporations should not be considered a separate entity from the state. Corporations form state power. This doesn't mean they are always in-line with the state, but that they lead the state as a block, as a class, defending their common interests.
Policing is one of them.
This is transparently about spying on people, not "protecting children". The real world doesn't require you to show your ID to every business you frequent, or every advertiser you walk by. Someone can yell a swear word on the sidewalk, and not everyone within ear shot has to show ID.
The alternative is having to give your ID to Facebook, Google, Microsoft, and all the other bad actors...
Now those same people are complaining they're gonna have to submit their faces to discord. Which will eventually be used to prosecute or commit fraud. I'm left wondering if "tech enthusiasts" are ever actually correct.
Use Discord with a throw-away account. Create a character in GTA 5 on your laptop and show its face (in "selfie" mode) to the web-camera on another computer with Discord open. All face scan checks so far gladly accept it. Instagram has been requiring occasional face checks for ages already.
All of my use is primarily professional and gaming and has no age concerns
You can choose to be respectful of people who have valid reasons for not providing ID
But you want that sweet IPO money (as stated elsewhere in this thread). You don't actually care about the internet and how anonymity is a cool thing for certain vulnerable groups
All these tech CEOs should face prison time and I'm not joking. They've displayed a complete laissez faire attitude to all of these concerns
If it was only friend groups it would kill them for sure, we've seen that many times, but given the absurd amount many large online communities on Discord, I'd wager they can force it down and be relatively unscathed.
They played the long game - they provided a good service for 10 years, and got REALLY big before they started the enshittification process.
During the pandemic, I was on a Discord server for folks to socialize and blow off steam about the whole situation. Yes, there were some anti-vaxx wackos, but overall the place was civil and balanced, and I met some interesting people through it. We cracked jokes and it was a little bit of fun in a tough time.
One day I came to discover that Discord had banned the server for allegedly violating... something. I wish I had written down everyone's emails because I permanently lost contact with a bunch of friends in an instant.
I never signed in to Discord again, in spite of times where some other social group wanted to use it. I vowed never to use Discord again. Fuck those guys and the Teslas they rode in on. I hope this ID verification thing is another big step towards their irrelevancy.
Why doesn't Discord require ALL users to upload their faces to prove that they are at least 13 years old and eligible to use the service?