alt Hacker Newshttps://discord.com/press-releases/discord-launches-teen-by-...
> For the majority of adult users, we will be able to confirm your age group using information we already have. We use age prediction to determine, with high confidence, when a user is an adult. This allows many adults to access age-appropriate features without completing an explicit age check.
> Facial scans never leave your device. Discord and our vendor partners never receive it. IDs are used to get your age only and then deleted. Discord only receives your age — that’s it. Your identity is never associated with your account.
> We leverage an advanced machine learning model developed at Discord to predict whether a user falls into a particular age group based on patterns of user behavior and several other signals associated with their account on Discord. We only use these signals to assign users to an age group when our confidence level is high; when it isn't, users go through our standard age assurance flow to confirm their age. We do not use your message content in the age estimation model.
I work with corporate privacy all of the time, and there is actually something really interesting going on here. We're basically never allowed to claim legal compliance using heuristics or predictive models. Like, never ever. They demand a paper trail on everything, and telling our legal team that we are going to leave it to an algorithm on a user device would make them foam at the mouth.
They are basically trusting a piece of software to look at your face or ID in the same way that, like, a server at a restaurant would check before serving you alcohol.
I am curious to see if this kind of software compliance in the long run is even allowable by regulators.
Replies
Even wilder - they're claiming to look at a user's activity on the platform - like what servers they're on, what games they play, and what hours they're active - and infer adulthood from that. No way that'd pass legal muster.
For the United Kingdom specifically, I've suffered the misfortune of reading the Online Safety Act, and this kind of age estimation is both mentioned and permitted by the Act. (Not a lawyer blah blah blah)
Part 3, Chapter 2, Section 12(4) specifies that user-to-user service providers are required to use either age verification or age estimation (or both!) to prevent children from accessing content that is harmful to children. Section 12(6) goes on to state that "the age verification or age estimation must be of such a kind, and used in such a way, that it is highly effective at correctly determining whether or not a particular user is a child."
Part 12, Section 230(4) rules out self-declaration of age as being a form of age verification/estimation.
So I suppose it'll come down to whether or not Ofcom deems Discord's age estimation as "highly effective".
[Part 3, Chapter 2, Section 12(4)]: https://www.legislation.gov.uk/ukpga/2023/50/part/3/chapter/...
This is unrelated, but something I find interesting is that Category 1 user-to-user services (of which Discord is one, as per The Online Safety Act 2023 (Category 1, Category 2A and Category 2B Threshold Conditions) Regulations 2025) are required by Part 4, Chapter 1, Section 64(1) to "offer all adult users of the service the option to verify their identity (if identity verification is not required for access to the service).".