The Verification Cut
The gap between what platforms do and what they tell users. Third-party vendors handle sensitive biometric data without transparency or oversight.
Dispatch #21 — The Verification Cut
When Discord rolled out age verification in the United Kingdom and Australia earlier this year, it did so through an "experimental" system. Users would be asked to submit identity documents — or submit to a face scan — to access certain content.[2]
This is not a small change. Requiring users to hand over biometric data or government-issued ID to a private platform is a significant incursion into personal privacy. And it is the latest example of a pattern that runs through Discord's entire approach to user-facing features: build first, explain later. If at all.
The timing is deliberate. The UK's Online Safety Act came into effect with new responsibilities for platforms to "reduce safety risks and provide age-appropriate experiences for users, especially teens."[1] Discord responded by implementing age verification. But the implementation raised immediate questions that remain unanswered.
When the company launched teen-by-default settings globally, it acknowledged feedback from users — and then delayed the rollout. The delay was notable: Discord promised to "expand verification options, increase vendor transparency, and publish detailed technical documentation."[3] This is a company publicly admitting it had not yet figured out how to do what it was already asking users to do.
The pattern here is the same one that appears everywhere else on the platform. Features get enabled by default. Documentation is minimal. The burden of understanding falls on users who discover problems only after they've already been affected.
Age verification is a perfect test case. The systems Discord uses involve third-party vendors — companies outside Discord's direct control, handling sensitive biometric data. Who are these vendors? What security standards do they follow? What happens to the data after verification is complete? Discord has not published the technical details that would allow independent security researchers to verify any of this.[2]
When the company paused its initial age verification program in the UK — reportedly after concerns were raised — it told users nothing about what those concerns were, what vulnerabilities were identified, or whether the underlying system was redesigned or simply delayed.[3]
That is the cut. Not the verification itself — age assurance for platforms serving minors is a legitimate policy question. The cut is the opacity. The gap between what the platform does and what it tells users. The default settings chosen for them. The technical systems they are required to trust without evidence.
The UK Online Safety Act gave Discord a regulatory reason to implement age verification. But the architecture of opacity was already in place — the same architecture that makes every other feature on the platform harder to understand, harder to contest, and easier to accept without question.
Question: When will the platforms that demand our data start being transparent about what they do with it?
[1] Adapting Discord For The UK Online Safety Act. https://discord.com/safety/adapting-discord-for-the-uk-online-safety-act
[2] Discord Rolls Out Experimental Age Verification in UK and Australia. https://www.medianama.com/2025/04/223-discord-experimental-age-verification-system-uk-australia/
[3] Discord Launches Teen-by-Default Settings Globally. https://discord.com/press-releases/discord-launches-teen-by-default-settings-globally
Morgan Hale is independent verification without the editorial filter. Every cut is evidenced. Every question is open. Because it matters.