Discord cuts ties with identity verification software, Persona

Original Article ↗ Hacker News Discussion ↗

Surveillance, Persona, and the Breach

  • Commenters see the real story not as “Discord drops a vendor” but that Persona’s code is tied into U.S. government surveillance and watchlists.
  • The exposed files showed facial recognition checks against sanctions/PEP/watchlists and “adverse media” screening; many say they assumed this, but are disturbed to now know it.
  • People are alarmed that this was discovered only because of obvious operational incompetence (2,500 files on an exposed gov-authorized endpoint), implying more sophisticated setups may never be found.

Discord’s Age / Face Verification Strategy

  • Confusion over whether Discord is scrapping face verification; commenters clarify:
    • k-ID: “on-device” age checks marketed as privacy-preserving.
    • Persona: cloud-based KYC-style verification, retaining data; tested in limited markets.
    • 5CA: another vendor previously breached in UK/Australia rollout.
  • Two vendors breached in a few months is cited as evidence the model is inherently dangerous.
  • Discord said vendor-held IDs were deleted “immediately,” but the article mentions up to 7‑day retention in the test; this contradiction deepens mistrust.

User Trust, Privacy, and Centralization

  • Many say “too late” and report deleting Discord, switching to E2E or self‑hosted (Matrix, IRC, Mumble/TeamSpeak, forums/wikis).
  • Strong skepticism that any closed-source, networked app truly keeps sensitive processing “on device.”
  • Broader critique that central platforms like Discord hoard communities behind walled gardens, harming information discovery and making mass surveillance easier.

Culture Wars and Age Gating

  • Several see age verification as part of a coordinated (or at least convergent) right‑wing strategy:
    • First, normalize porn age-gates in law.
    • Then, classify LGBTQ content and women’s health/abortion info as “mature,” gate it, and criminalize circumvention.
  • Others argue much of this is bottom‑up prudishness rather than a single master plan, but agree the effect is erosion of rights.

Peter Thiel and Investor Backlash

  • Large subthread treats “Thiel‑backed” as a warning label; some advocate systematically avoiding any product tied to a small cluster of tech billionaires.
  • Others criticize headlines that foreground his name as meta ad‑hominem that distracts from the concrete privacy/ID‑handoff issues.

Persona Tech and Reporting Quality

  • Security write‑up of Persona’s frontend is linked; some readers see standard KYC/AML practices plus worrying retention mismatches.
  • Others complain secondary reporting is sensationalist (e.g., fixation on an “Onyx” codename, assumptions about Datadog RUM), and urge reading Persona’s post‑incident review to separate real risks from hype.