> Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber-attack.
However, their senior director states in this Verge article:
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
This is also contradicted by what Discord actually says:
> Quick deletion: Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.
Well since you have these IDs, for national security (AML, criminals and whatnot), we will need you to keep them if our endpoint says so, here's the endpoint
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
Everyone says this, including the TSA. But they never say they don't keep a hash, or an eigenvector of your biometric. Which is equally as important.
They also never say it goes through datacenters in room 641A or though Utah before it's "deleted", because it's a US company and they can't refuse that.
> We do not keep any information around like your name
But they might be sending a copy to the NSA, similarly to how Alphabet, Yahoo, Apple, Meta etc. have been doing (PRISM program, part of the Snowden revelation [1]). The US has the legal mechanisms of requiring this to happen, secretly, such as NSLs [2].
Until we have some kind of "One Time ID Verification" service that would work, the ID will never be deleted. Or a hash of the info or some kind of identifiable info.
Humm yeah, like a government digital ID of some sort. Except people go mental about that, so sending scanned copies of my personal ID documents to every bank/solicitor/estate agent/mortgage broker/random internet service it is then...
They're a nonsense company, and trusting them with any information is foolish.
They'll store everything and anything, because data is valuable, and won't delete anything unless legally compelled to and held accountable by third party independent verification. This is the default.
The purpose of things is what they do. They're an adtech user data collection company, they're not a user information securing company.
TL;DR: The IDs were used in age-related appeals. If someone's account was banned for being too young they have to submit an ID as part of the appeal. Appeals take time to process and review.
Discord has 200,000,000 users and age verification happens a lot due to the number of young users and different countries.
Sigh, I guess it's time to move platforms again or get your identity stolen. The more a company makes a fuss about trusting users, the more likely they store all of their shit in plaintext with vibe coded server security.
*CANCEL YOUR NITRO SUBSCRIPTION NOW IF YOU'RE PAYING FOR ONE* (for whatever reason)
This was just announced today and a flood of canceled payments within the next 24 hours are the easiest way to send a message. And also tell people on the servers you're on to do the same. It's not like they give you anything of real value for that money.
It boggles my mind that they need a photo ID to prove that my 9-year-old account with a saved credit card belongs to an adult. The linked Steam account is 18 years old.
`For most adults, age verification won’t be required, as Discord’s age inference model uses account information such as account tenure, device and activity data, and aggregated, high-level patterns across Discord communities. Discord does not use private messages or any message content in this process`
Y’all forgot that the only reason we’re on Discord was because MS actively killed Skype. Skype was much better software circa 2012 before MS let vulnerabilities run rampant, degraded the UI, and moved off the remarkably robust P2P calling system.
Just cancelled mine after reading this comment, I only really cared about the bigger file uploads and the HD screen-sharing anyways and I can live without those.
Now that I think of it, I bet I could host a decent instance of some open-source alternative in a public cloud for around the same cost as what I paid for Nitro ($100 a year)...
>I only really cared about ... the HD screen-sharing
I bought and canceled nitro in a single day because it's a bad product.
They promise HD screen-sharing, but it's only for _my_ screen. When I hopped into a call, the other user's screen share is illegible. Higher quality is still locked behind a "Buy Nitro" message.
If I'm paying for an improved experience, I should be able to get it.
Cancelled. Was a right job trying to get in as it just refreshed everytime I tried on mobile. When I went to the site separately after clicking subscribe it magically let me in.
The cancel login flow didn't inform me that it found my login suspicious but the subscribe one did
Not a subscriber, but I understand your call for retribution.
I suppose the silver lining is that they are putting the responsibility for age verification adults. Which imo is better than requiring everyone; kids get a free pass to the kids stuff...
Unless they're changing things with some sort of automated classification, then it's users who designate which servers and channels have adult content.
In my experience, you run the risk of getting your server shut down in small servers if someone reports it. Or risk losing your community server status in larger public servers until you come back into compliance.
Also in my experience what teenagers are going to do when they hit an age gate is use a fake picture/video. Sometimes they'll get banned for that and then they'll make a new account and do it again.
Thank you for reminding me, I've been meaning to cancel for months but it's only 2.50EUR and having to sign into my apple account was such an effort I never got around to it.
I'm sure I'm in the minority here, but I read the announcement and other than the risk of a slippery slope into more invasive ID demands, I'm not sure I have a huge problem with it.
The default experience will be the "teen" experience - they list what that entails - stuff that's flagged as adult/NSFW/etc. is blurred out until your age is verified, which for most(?) people will require ID or face scan. DMs/friend requests from people you don't know take some extra clicks to view. Fine.
It depends on how broad the definition of adult content ends up being I guess, but I'm simply not convinced that requiring ID to view "adult" content is the end of the world. If that means porn, I'm 100% OK with it, put porn behind gates. It has become far too easy to access. It's 2026 and we now have a generation of gooning addicts out there who never have actual sex and it's basically a guarantee that they won't find partners or start families any time soon, exacerbating an already problematic decline in the birth rate. This is not a version of society or anyone's "rights" that I care to defend. You want to goon, show ID. That's how it was before the Internet anyway.
On the other hand if it means any speech that the platform deems to be "controversial" will be blurred out then my response will not be to submit ID, I'll simply limit how I use the platform. Anonymous speech continues to matter and needs protection. But Discord was never the entity that was going to provide that protection.
I mean Discord is a gaming chat room. Expectations should be set by that fact. I don't need a gaming chat room to be NSFW, or even host i.e. political speech really. I get that people have used it for more than gaming, but it was always pretty clear what it was. If people don't like that this gaming chat room no longer supports other uses, they should switch to an alternative.
Clearly the outrage is about the slippery slope and the current techno-fascism gripping the US. I'm not being sarcastic.
You do it for the children now, you poo-poo concerns because "who uses discord for non gaming anyway" and you're just letting the foxes in the henhouse.
Twelve months from now and they'll want it for every chat.
I'm biased, as I lead the Zulip project. But I think this is a reasonable place for me to post some thoughts.
Given current events in the USA, I can't emphasize enough how worried one should be about the fact that a few companies like Discord, Google (Gmail), and Meta have databases with access to the private conversations of hundreds of millions of people with their closest friends and family members, linked up with their identity.
Some of the big strengths of running a self-hosted Zulip server for your community are:
- Zulip servers are operationally simple, highly stable and easy to upgrade.
- Zulip is much better than Discord or Slack for managing the firehose of busy communities. Or at least, a lot of people tell us that they prefer the user experience to everything else they've tried, after a few weeks of getting used to it. :)
- Your community leaders get to make the policy decisions about data protection, identity, etc.
- It's 100% FOSS software, with an extremely readable and maintainable codebase that ~1500 people have successfully contributed code to. I don't think you'll find modern alternatives with a comparable featureset to Discord that are more resilient to the sponsoring company being acquired or going out of business.
- We are a values-focused organization (https://zulip.com/values/) where providing a public service is important to us all.
- Each server is completely self-contained and independent, with the only centralized services needed from us being desktop/mobile app publication and mobile push notifications delivery (which is free for community use and soon to be E2EE).
Because I have some experience with FOSS, I know you don't get the recognition that you deserve. So on behalf of everyone who's too distracted to say thank you.
Thank you!
Admittedly, it did take a day (less than), but once I got used to the interface Zulip provides. It's better than what I would have asked for! It's phenomenal software! The whole experience is better than anything else that exists. And everyone charging for the same features should feel embarrassed given how much better Zulip is!
Genuinely, it's impressive what y'all have created. So thank you!
Yes, hear hear! As someone who've run a couple of FOSS communities, many of them having chats via IRC, Slack, Discord, forums and more, using Zulip has always been one of the most welcome options, yet also the one that takes the longest for people to understand if they've never seen it.
But it's easily worth it, as you can actually come back and read through old discussions and understand things and it isn't a mess. It's like if you could force Slack/Discord to only do threads, and the entire UI is optimizing for that specific UX. Overall pleasant experience once you get over the initial bump :)
I'm asking because I hate Matrix and actually want you to convince me: why should I accept the risk of migrating my friend group from Discord to Zulip, which has already "broken the seal" of restricting features behind a monthly fee even for self-hosted users, when I could migrate us to Matrix instead? Matrix seems like the much less risky option.
I see that you have a "community" tier that's free and doesn't restrict notifications, but it's not clear to me exactly what's involved in proving that we should qualify.
Mobile push notifications are a special case because it's literally not technically possible to self-host them. Or rather, it's possible if you build the iOS and Android apps from source and distribute them through TestFlight or an analogous Android channel, but it's not possible for the developer of an App Store or Play Store app to allow its users to point it at a different push-notification server, because the public key has to be hardcoded in the app binary. So if you want your self-hosted Zulip server to work with the Zulip client apps in the App Store and Play Store, you have to use Zulip's push server, and there's nothing Zulip can do to fix that.
Matrix works analogously; if you use the Element app from the App Store or Play Store, then you're using Element's push notification server, even if your Matrix homeserver is self-hosted. It's possible that Element allows their server to be used gratis in situations where Zulip charges a fee, I don't know their policies or anything, but in principle Matrix still leaves you exactly as dependent on a third party's goodwill unless you make your friends install a privately distributed mobile app.
Zulip IIUC does not restrict self-hosting of any feature that's technically possible to self-host.
I don't think we've ever charged a friend group or other non-incorporated group of people a dime for self-hosted notifications.
For the community tier, you don't have to do anything up to 10 users.
If your server has more than 10 users, you fill out a brief form (https://github.com/zulip/zulip/blob/main/templates/corporate...). We work hard to consistently process these requests within a couple business days, and the vast majority of communities are approved for full sponsorship without further interaction.
(Large communities managed by a business are quoted nonzero but extremely discounted pricing for self-hosted notifications).
Regarding risk: I certainly won't blame you for feeling risk-averse given the history of the tech industry. I can tell you about some unusual choices we've intentionally made to minimize risk for our users:
- We eschewed VC funding. A big part of my motivation was that I felt that VC funding usually requires eventual enshittification. https://zulip.com/values/ talks more about this.
- Zulip has been 100% FOSS software for more than a decade.
- At the very beginning, we built a complete data import/export system that allows migrating between our Cloud hosting and self-hosting; we put a lot of care into maintaining it well.
I can't promise that we'll never have something to sell for self-hosting communities. For example, I could imagine offering a paid add-on for encrypted backups.
That said, I'd like to push back on the idea that charging businesses for a tool that's an important part of their daily work "breaks the seal". Organizations with a software budget should be happier to pay a fair price for ethical, user-first software from a friendly vendor than for a closed-source product from a megacorp. And Zulip's full-time development team should be able to make a living building ethical FOSS software.
I really like Zulip, and I'd like to migrate my friend-group onto it, but it probably won't happen. I think Zulip is just a bit too heavy-duty for a friend group chatting, and also lacks the visual polish that a lot of people want.
For now, my friends and I mostly just use Signal for group chats, which leaves a lot to be desired, but IMO is still just a better experience for our purposes than Zulip or Matrix.
That said, if you have friends who are keen to try things out, I would definitely recommend at least trying Zulip and see what you like and what you don't. It has a lot of really nice features and things to love.
Having interacted a fair amount with the Zulip devs over the years, and being an open-source product, I believe that they have no plans or intention of trying to fleece or milk self-hosted users or small communities.
The federation of Matrix seems risky to me to the person self-hosting. I don’t want to host random people’s content. I’ve read some interesting articles about the design flaws of Matrix that led me to believe that it’s not a good option.
What is confusing to you about the community tier? It is basically describing any type of community of people who are not a for-profit business. Groups of friends, non-profits, volunteer groups, etc.
Zulip isn’t charging you anything unless you’re a business with more than 10 users and need push notifications, and that is still only $3.50/month/user if you don’t need more enterprisey things like SSO and compliance stuff.
I recently moved a small community group from Slack to Zulip. Half because of the UX for infrequent visitors (topics are so much better than "50 unread messages in #general"). And half because of your organisational values, which are more aligned with ours than are those of Salesforce.
The Bluesky team talks about "credible exit", and Zulip has that in spades - which makes me not want to exit.
Thank you for the work you do. Hanging out in CZO watching the Zulip team work in public is inspiring!
Hey, just wanted to say that I am a happy Zulip customer.
I used it at my previous employer and after a month of hangringing from people- many did not desire to go back to what we had before. (though some people did say they wanted Slack for the emojis and “prettiness”).
Now I started in a new position and I’ve positioned Zulip (on prem) as the only viable solution since we’re shirking SaaS as a strategic move.
The people who followed me to the new place are quite glad of this, or at least thats what I am told.
Some of the big weaknesses of running a self-hosted Zulip server for your community are:
- Your server admin can see DMs (or at least metadata, not sure if Zulip does E2E for DMs). The same is true for centralized services in theory, but unless you're a terrorist or a person of interest to a major government, it's extremely unlikely that a Discord employee will have an incentive to spy on your messages specifically. Your admin is likely part of your community and may know you personally, so the temptation is much, much higher.
- If the admin dies and nobody else has the keys to the kingdom, the server can go down at any point, and there's no way for users to reconstitute the network semi-automatically. Discord servers don't just go away unless somebody actively makes them to.
- It's much less secure in practice, it relies on your admin to always be on guard and constantly update their server to prevent vulnerabilities, either in Zulip or in the myriad of other self-hosted services running on it. One guy in his basement that goes on vacation once a year and has family responsibilities is far more likely to make mistakes than a team of trained cybersecurity professionals.
- Many Discord users are in 20+ servers. Anything that doesn't provide a one-click server joining experience (for users who already have an account on a different server) is nowhere near a Discord replacement.
- People want bots (for things like high-fidelity Youtube music streaming on voice channels), and those are mostly Discord-only.
- Anything open source will be worse at phishing and fraud / abuse prevention by definition, as many fraud-prevention approaches rely on the fraudster blindly guessing at what the code and ML models (do you even have ML models for this) are doing.
> it's extremely unlikely that a Discord employee will have an incentive to spy on your messages specifically
No, but history shows some unscrupulous staff members will always snoop, whether its just pure interest or something more nafarious like intent to sell on the black market. This makes the risk of your private data being leaked > 0, which should always be treated as a valid risk.
> If the admin dies and nobody else has the keys to the kingdom, the server can go down at any point
This is how infrastructure works, and supposed to work, besides the point that servers "die by themselves" which of course isn't true in reality. You decrease the bus factor if this is a problem for you.
> Discord servers don't just go away unless somebody actively makes them to
If all the sysadmins at Discord died and nobody else has the keys, exactly the same problem happens. Discord though surely have multiple backups of the keys and so on, something you too can do when you have your own infrastructure, so overall that argument feels almost dishonest, since you don't compare the two accurately.
> Anything open source will be worse at phishing and fraud / abuse prevention by definition
What? Completely orthogonal concerns, and if your main "fraud-prevention approaches" depend on security by obscurity, I'm not sure you should even attempt to be involved in those efforts, because that's not what the rest of the industry is going by a long mile.
> People want bots (for things like high-fidelity Youtube music streaming on voice channels), and those are mostly Discord-only.
Actually, the further I get in your comment, the more it seems like you don't actually understand what Zulip offers nor what the parent comment is about. Music streaming on voice channels? Completely outside the scope of Zulip...
----------
I think you have to understand the comment you're replying to a bit better, before attempting to lift Discord above Zulip. They're specifically talking about Zulip as an alternative "for managing the firehose of busy communities", not as a general replacement for every single Discord "server" out there. Yet you've responded to the comment as that's what they've been doing.
Glad to hear E2EE is coming soon, but it’s been “soon” for probably a year now. It’s a bit odd that encrypted notifications still don’t work, and I’d argue it’s a very big caveat with regard to privacy and security.
Our main reason for using Zulip is that we work in a highly regulated space (healthcare) and would like to be able to safely talk about things. I suspect this sort of situation is a major motivator for Zulip adoption, so it’s weird that transit encryption was left as an afterthought.
(There has always been an option to just not include message content in mobile notifications).
Cryptography is not something you can do sloppily, and requires coordination between the mobile and server teams. Zulip 11.x included the protocol, but while doing the mobile implementation, we decided to make several more changes which have delayed it to the upcoming Zulip 12.0.
Some important context is that we retired the old React Native mobile app this summer in favor of the new Flutter apps (https://blog.zulip.com/2025/06/17/flutter-mobile-app-launche...), which has been an enormous improvement in the quality of the app and developer experience.
But as you can imagine, the cutover and relentlessly addressing feedback after it took a lot of time for the mobile team. We've also experienced an AI slop bombardment in the last few months that has consumed a lot of time. I'll save that story for another time.
What is Zulip's position on speech they/(you?) disagree with -- if someone is paying for non-selfhosted Zulip, are you going to delete/shutdown/dox users/operators that you politically disagree with?
If say the hyprland people were using a Zulip instance and someone astroturfed/brigaded/massreported a campaign to shut them down because they didn't agree to some external code of conduct and external enforcement of such, what would Zulip's response, as a company, be?
Moderation of self-hosted servers is entirely the responsibility of the server's owners (and perhaps hosting providers, if it's extreme enough). We have no way to know what's happening on self-hosted servers, and it's none of our business.
Regardless, there is no technical mechanism through which we could block access to a self-hosted Zulip server via the web application (which is hosted by the self-hosted server itself and designed to work on both desktop and mobile devices).
For Zulip Cloud, you can read https://zulip.com/policies/rules. One of the nice things about Zulip's model is that communities that we do not want to host can just migrate to self-hosting.
Doesn’t exist in Zulip, theres a “camera” button that generates a jitsi link, I tried (and failed) to make it a google meet link, but it works surprisingly well, though it is a context switch.
I'm really hoping for Zulip to succeed, which is why I'm even commenting. But it really needs people with UI/UX expertise. E.g. good user onboarding does not mean showing them a 2 minute video, as another comment on here mentioned.
Thanks for your work. Moved my company from Slack to self-hosted Zulip after Salesforce unilaterally decided to transfer our account to Alibaba Cloud and the transition has been very smooth. We especially appreciate proper markdown support !
This is great to hear and ironically we (Pidgin) just decided that Zulip was going to be the next protocol we were going to add support for just barely 24 hours ago before all this Discord nonsense!
Awesome, feel free to start a thread in #integrations in chat.zulip.org! We'd be happy to chat about some of the things that will make your life easier to do carefully when writing a new client.
The main thing regards our double-entry API changelog system. Basically, the API documentation for individual endpoints, say https://zulip.com/api/get-user, natively cover for each endpoint all the changes relevant for that endpoint from https://zulip.com/api/changelog... and how to write nice code using feature level checks to support all server versions.
Happy to hear Pidgin is still at it after all these decades. I still fondly remember using it when it was still called Gaim and only spoke OSCAR, back when Rob was involved before he started Asterisk. I lurked on IRC back then and even made a simple TUI when libpurple first came out.
So while there's some features we don't have that are present in other products, and we don't have dozens of designers on staff to do cool end-of-year animated reports like Discord does, you can expect few bugs and a lot of interaction design polish.
-----------------------------------------
The one mistake that I think a lot of folks make in evaluating options is focusing on buzzwords like E2EE without thinking through their threat model. E2EE doesn't add much practical security over self-hosting for many threat models, and it comes with significant usability trade-offs. And some current E2EE systems don't actually protect against a malicious server, say because they only protect message content, not metadata like who has access to what... just against raiding the server's disk.
(For example, WhatsApp has E2EE for message content, but I expect Meta's databases know everyone who's had a conversation with me on WhatsApp and the precise timestamps and approximate lengths of every message I've sent or received on the platform. And apparently some keyboard apps send what you're typing to remote servers!).
It's kind of weird that e2ee is kind of afterthought everywhere. If I was making a chat system I'd obviously didn't want to keep anything that the users talk about on my servers unencrypted or decryptable. Why would you? If something is supposed to be public then keep it. If not, don't.
The weird "we pinky promise to try to keep it non-public for some time" is a weird idea.
Most consumers don't know the difference between "encryption" and "end-to-end encryption".
Zulip uses standard TLS encryption, where the messages are encrypted in transit, but the server has access to the messages.
The server having access to the messages is extremely useful for many key features. Access control policies. Search. Markdown rendering that can make guarantees to clients about its behavior. Mobile notifications for mentions. And many more. There's options for all of these problems, but it's /hard/ and you end up having a lot of risk of nasty bugs where "all the message history become unreadable" and a lot of performance issues.
This is why why end-to-end encrypted messenger apps like Signal are extremely minimal with basically no chat features, and can take a while to load long conversations ... there's a lot of expensive cryptography happening in the background. AFAIK it's not realistic to use the Signal protocol with the volume of messages people do in high-traffic Discord or Zulip communities.
Some other E2EE chat systems have more features but fail to actually provide end-to-end security. (For example, the server provides the source code for the web app and can freely modify that code to steal all the messages the user can still read, or the server is still in charge of metadata like channel membership ... so a malicious server could just add a fake user to every channel).
You get almost all of the security benefits of these "E2EE" chat systems by having a trusted person self-host the server, and setting a message retention policy if you want messages in certain channels to be automatically be deleted after a period of time.
Our vision for Zulip is not billions of people on our Cloud service. People should own their own communities, not corporations. And in that world, usually the person who runs the community can be trusted to host it.
I'd say so, especially if you start on desktop and have them watch the 2-minute onboarding video. We are satisfied with what we see with our internal usability studies with nontechnical users.
Among customers, one reference that I can quickly cite is this one:
> Agents at GUT contact use Zulip every day to communicate with their team leads. “Most of our agents are in their 60s or 70s, so the software must be as simple as possible. That’s why we love Zulip,” says Erik Dittert, who’s been leading GUT contact’s IT team for the past 20 years.
I would recommend doing a little training/handholding call/video when moving over a community -- but this is true for any new app.
My mom needed training to do basic things in Squarespace, and I had a friend who worked at Slack whose manager started every chat message with "Hi <name>" and ended it with a signature, like you would an email. :)
man, I want to support something like Zulip, I would even want to work on a product like this but one thing I'd say is you have to go back and study why Slack beat Hipchat and others. It's so simple in hindsight but it was the marketing and the UI/UX of Slack that made it so much easier to use. If you'd like, I have a ton of ideas and experience building UIs and would love to give you some of my input. Too much typing for a comment at the moment.
You should stop by #feedback in chat.zulip.org and share your ideas!
Regarding the history: Slack had very effective marketing, powered by a lot of venture capital. And HipChat was a weak product that had an embarrassing total hack, which did not leave customers with confidence that their data was safe there.
Zulip is not venture-funded, so we're reliant on people sharing it with others to get the word out.
As a side note, I don't think Slack could have succeeded if it launched today. Microsoft Teams has far far more users as Slack, and it's slopware. You can thank the end of anti-trust enforcement for that.
Based on some (admittedly very surface level) research, one spot where Zulip will still struggle to replace Discord is Voice/Video chats and Screensharing - the little I could find about voice chatting in zulip is that it has to be configured to use an external service (jitsi, zoom, etc)
> Zulip is much better than Discord or Slack for managing the firehose of busy communities. Or at least, a lot of people tell us that they prefer the user experience to everything else they've tried, after a few weeks of getting used to it. :)
Slack has basically one main hierarchy level (messages are grouped into channels) while Zulip has two, streams and topics. So you can create a stream for each project (say) and create a different topic for any given point that needs discussion about that project.
Kind of like if each slack thread discussion had a title and was discoverable from the left sidebar and didn’t get in the way of the other threads.
Check out https://zulip.com/for/communities/ and some of the linked case studies; they explain it better than I'll be able to in a quick comment.
But the main reason is that the topics-based organization and ability for moderators to move/split conversations means one can read and participate in a community much more fully given a fixed amount of time.
Hi Tim. For pricing, it would seem that large, public-facing, Discord-style organizations would have to go with the free plan to avoid the pricing being prohibitive. Think something like the new Limewire community on Discord which has 2 million members. Or am I missing something about what a 'user' is considered in terms of being billable or not?
On a related note, I'm gonna check out Zulip for PortableApps.com. Any interest in having the Windows desktop app be portable? (We'd love to do that if we wind up using it)
The advertised pricing is for workplace use where the users are on payroll; if you read the plans page carefully you'll see we have free or highly discounted pricing for other use cases, both in Cloud and self-hosted.
Zulip is not designed to support 2M user accounts in a single organization. But if you enable the public access option (https://zulip.com/help/public-access-option), such that no account is required just to read content, you can end up with 1-2 orders of magnitude fewer "total accounts" that just wanted to see something once and don't actually use the server.
Just dropping in on a completely unrelated note to thank you for developing PortableApps - as a kid with no UAC access almost two decades ago now it helped me immensely to develop my interest in IT :-)
I'm curious whether you feel you're actually in control to actually make policy decisions about data protection or whether you feel you could be hit any day by the "$5 wrench" by the government any time they feel it necessary. I'm starting to feel that in this environment, nothing is safe, even if encrypted and on FOSS platforms.
Personally, I advocate for self-hosting communications software, ideally on physical hardware that someone in your community has control over. Zulip runs great on old laptops, if you can solve the IP address problem for hosting it in your house.
And if you want to be extra careful, put your chat system behind a VPN/firewall, so it's difficult to identify what software is being used externally.
And if you're not going to do that, because it sounds like too much work, the next best thing is to at least pick a Cloud service where you can migrate your group to paranoid self-hosting overnight if you decide the work is now worth it.
Self-hosting this way doesn't protect against all threat models. I am human and have children who I love dearly, so it's hard to rule out the possibility of my being compelled to make a malicious release.
But at least the Zulip source code is entirely open and highly readable; so users would at least have a chance to notice and not upgrade. With a centralized architecture like Discord, you're entirely reliant on whisteblowers.
Do you know if migrating from Mattermost to Zulip is remotely possible?
I had been using Mattermost because it's also (mostly) FOSS. However, they've recently been changing their released OSS edition to restrict capabilities... Unfortunately the org I maintain it for is having some issues with it now and I have metaphorical egg on my face.
Also your website (https://zulip.com) is so fast and snappy, I was surprised to see everything load instantly when clicking around. I have not tried the app yet, but seeing a static website like this is quite refreshing.
First time hearing about this project and it feels mature. However, the landing page example of the app on web is…messy and noisy to the point i am totally lost.
This is not the case for slack or discord. I think having an awesome clean first impression would do wonders to sell what younare doing.
Hi tabbott. Thanks kindly for offering to answer questions. :)
I signed up on your site just a bit ago, but I'm a bit concerned with the paid upgrade. Unlike Discord, I need to pay per user, which I find onerous and would get out of control fast for the group I run with around 100 members. Is there any plans for a flat fee model? I'm even happy to pay twice what I pay for Discord Nitro, but yeah, $8/mo per user is too expensive.
If it helps at all, it's for a retro computing community group, and not for profit.
I don’t have any questions as of yet, but reading your site; it speaks to me and those values align with mine. Just wanted to say that I think the world could use a bit more of this.
Hi @tabbott I've been meaning to pass this feedback on for 5 months, and I hope it comes across in the spirit it's meant.
I tried Zulip (cloud offering) with some techie/designery friends, so we should have been right at home but... the desktop app on macOS and the web app was visually unappealing and clunky, and we ended up going back to a paid Slack plan.
I looked for docs on how to theme Zulip (so I could contribute), or for existing theme packs that would soften the transition but found neither.
tl;dr: The functionality was good (Love the threading!) but the UI feels like the 2000s came calling. Some UI polish would go a long way.
As a former user of Zulip at a previous company, thank you for this software, I enjoyed using it. Maybe I'll setup a private instance for friends and family so I can enjoy it once again.
How well does Zulip protect users' privacy against snooping admins? I.e., does it have E2EE DMs? Unfortunately, this is a legitimate threat to be concerned about
The built-in Jitsi integration lets you create a voice chat call via a single button click. You can also put those call links in a channel description if you like.
We do have plans to make the integration offer some additional ways to jump into a call, and have been talking about adding video chat. But our focus has been on building the best text chat possible, given there are multiple actively developed FOSS video call systems that we can integrate with.
very good take. IMO "current events" goes back to The Patriot Act if not further. Aggressive digital surveillance by 3-letter-agencies has been active for 20-60 years
so instead of discord, google, meta having access to private convos... we should all switch to Zulip and have Zulip being the one with access to those convos? Or join someones self hosted instance and let them have access to those convos?
I spent 7 hours or so yesterday installing Zulip. It was a huge pain; for one, it wants to own an entire server and the only supported installation method is this mega-script that clobbers everything, so I had to try to use the Docker container. Documentation on installation is scarce; other than telling you to use the script, and the fact that a docker container exists (though the GitHub repo it linked me to was no longer accurate, and I had to find the updated image name elsewhere), there's practically no information on how it works or how to use it, or what it depends on or how to configure it.
- Had to use ChatGPT to help generate me a docker-compose.yml, except it forgot about memcached, set the wrong environment variables and just generally did a sloppy job.
- Once it was running it was a huge pain to set up reverse proxying properly, because Zulip apparently doesn't even pay attention to proxy headers if you're talking to it on port 80, even if X-Forwarded-Proto says https. It would get stuck in an endless redirect loop trying to redirect https to https. I could only properly debug this with tcpdump. The only solution I could find was to expose port 443 of the container and then have the reverse proxy talk to that, but Zulip still won't respect X-Forwarded-For, and login emails still show the Docker network address for whatever reason. No idea how to fix this as I couldn't find documentation on how to do it for Docker; the doc for reverse proxying without Docker says to edit zulip.conf, which is impossible (or I don't know how, as again, I couldn't find documentation on any way to do it for Docker.)
- Even once I could access Zulip it was a huge pain to get it to access the databases it needs, because again, I couldn't find documentation on how to do this for Docker. This was after it was a pain to figure out how to generate an org creation link because I don't think I could find documentation for that either, I had to find the script and read the source to figure it out.
- Even once it could access the databases it needs, and I could get it to use the right passwords (which was annoying as it generated SOME of own secrets, but not others, and started ignoring the corresponding settings, like the email host password), I tried to set up push notifications but that required a setting I didn't know how to set because I couldn't find documentation on how to do that for Docker; I eventually figured it out but it was annoying.
It was so awful and took up practically my entire day. Once I could finally get it to work, it works pretty well, but it's not an experience I would recommend until the docs start supporting this use case.
I'm sure it would've been easier if I read the entire documentation, the entire source code, the entire build script of the Docker container, etc. but I just wanted something to work...
I typed "Zulip docker compose" into DuckDuckGo, the first result was https://github.com/zulip/docker-zulip which has commits from today, so doesn't seem out-of-date.
> Had to use ChatGPT to help generate me a docker-compose.yml, except it forgot about memcached, set the wrong environment variables and just generally did a sloppy job.
It has a docker-compose file in it, has memcached in it.
That's very understandably annoying. If can you confirm that that is what happens, a bug report either with Zulip or ReadTheDocs (not sure which) might be in order.
It has modern features. It stores message history. It has a fairly unique feature of letting you create ad-hoc "topics" (that go under a "Channel") that make it easier to manage the flood of conversation.
Understandable, but sometimes there isn't a better alternative that doesn't do user support via Discord. That's why it's important to have alternatives that work, so unrelated companies don't pick centralized platform chat software that happens to be convenient for their immediate needs.
Yes, American Hitler is in fact Hitler perhaps you're cool with:
1. Extrajudicious execution of US citizens
2. Construction of concentration camps
3. Openly saying that you'll interfere with state elections
4. Openly saying you'll take away guns and dimish gun rights
Let's just be honest with ourselves. No one. And I mean no one, can support Donald Trump and be a principled decent human being, conservative or otherwise.
I mostly got hate on HN every time I posted about it LOL. I think something about "decentralized" gets some people really riled up (maybe it's the association with crypto / blockchain?) but frankly, it's the ONLY solution to extreme centralization.
Someone's got to build a platform with all the features of Discord, but make it decentralized and open source.
I've spent over $1M and 10 years on it. I have to package it so that it's easy to install. But I'm working on something to take care of that, in the next few months, that will also include actually safe AI agents inside.
I'm happy to welcome anyone aboard who takes the time to learn the platform, but I won't lie, it's huge. As you would expect an open source decentralized clone of Facebook / Discord to be. I just hope it's architected well enough for developers to pick it up quickly. At the very least, I think it's a lot less spaghetti than Wordpress and Joomla :)
PS: In 2018 I launched something that HN hates even more... a Web3 company that released open source smart contracts at https://github.com/Intercoin . Why you ask? Because once a lot of value is at stake (whether it takes the form of money, votes, or even just community roles), it's better to have thousands of computers secure it than "just trust" the central site.
When founders of famous centralized messengers criticized decentralization, I had to write this:
Don't forget, it's not just Discord. As of Jan 1, Texas is now requiring digital ID to download any app at all or visit many internet sites, and forcing Apple/Google to build it in "to protect the children" of course. And Utah is following suit soon too. The Supreme Court last year said that digital ID can be required by states.
You need someone to rework that ecosystem.pdf file if you're serious. You spent a million dollars on this but your ecosystem pdf looks like it was created by a 12-year old trying out slides for the first time.
>>Given current events in the USA, I can't emphasize enough how worried one should be
I've been putting my pants on every morning for the last several years, had breakfast, gone to work, and come home without worrying about any current events in the USA and my life seems no different than 50 years ago except I have modern gadgets.
Social media is not the world. In fact, it's 10% of what the real world is like and how the real world thinks. It's why I ignore social media except for HN and one other but I only scan the headlines and rarely pop into comments like this.
And I'm happy.
EDIT: And the comments below are proof why you, too, should ignore all social media and why you, too, will be happier.
Thousands of people have put their pants on, had breakfast, gone to work, and then been intercepted by militarized federal agents, thrown to the ground, locked up in prison camps, then deported overseas.
If your eyes are closed, then things look the same whether you're in the middle of a calm meadow or on a highway about to be run over by a truck.
If you prefer not to look, maybe because you're convinced there's no truck, or you don't think it would help avoid the truck if there is one, fair enough. But the fact that your personal experience is unchanged is meaningless.
That is not a good analysis because it insinuates that everything stays the same. This is clearly not the case. Besides - no matter whether in a democracy or in a dictatorship, almost everyone puts on pants.
It is also incorrect to confine this "merely" to social media. This is clearly government overreach. They want data from The People.
I hope Discord understands the risks they pose to their audience when they open source their IDs again.
Discord is used by a bunch of closeted users having pseudos, who wouldn't do the same activities on it if everyone had their names.
A part of the Discord users is from countries from which Discord isn't even officially accessible (eg China) or where involvement in LGBT discussions could result to death row (Afghanis are still on Discord)
For me, a company that open sourced 70,000 IDs and ask for moooooore just weeks later is just a joke about the sharing economy
The problem isn't even for new users. Some users have over a decade of private hobbies and will now need to associate their governement ID to their profile. Discord pinky swears they ask but don't keep this time, which isn't enough.
Companies shouldn't be allowed to change such fundamental ToS after an account is created.
> Discord is used by a bunch of closeted users having pseudos, who wouldn't do the same activities on it if everyone had their names.
Exactly. I am sure they won't share their face or ID and will move somewhere else. Big opportunity for other platforms to stand up and grow their user base.
Discord also calculates a whole lot of (inferred) demographic information. Estimated age, gender, and surely much more. They also feed all the messages into a ML model, which guesses what people are talking about, and pushes a notification to other users. This is probably the culmination of all that, this is why they refuse to be e2e like every other reasonable messaging app...
Discord is focused on large groups. E2EE doesn't work in this case. Group management overhead traffic is too high and too unreliable, and a bad actor could just join the group under a pseudonym to log messages. Discord isn't E2EE for the same reason Hacker News isn't.
I REALLY doubt anyone XYZ while XYZ is illegal/pursued/banned in their country hasn't already extensively thought about their own threat model, and that disclosing this kind of infomration on a public platform is not safe.
To protect my privacy, I have a photoshopped drivers license with a photo of my dog that I've successfully used for verification (e.g. AirBnB) in the past.
Though, with AI being used I suspect it wouldn't pass any longer.
Huh. Can you do that? I wonder what is legal status of this. I used to make all sorts of fake IDs (pretty good ones!) when I was a teen (you know, for purposes such as going to clubs, buying alcohol), but of course this is literally a crime, and not even a "minor" one. Apparently, back then it didn't bother me much, but with age I became more cowardly, I must admit. So now I use my passport data more often than not, even though I am not really a fan of the idea of giving a scan of your documents to some random guy on AirBnB (although, with some obvious caption photoshopped on top, to make the scan less re-usable). I mean, it's just a matter of fact that everyone requires them, and it also has that weird status of "semi-secret thing" that you are somehow aren't supposed to give to anyone, and I still have close to zero understanding of how that works.
So, I suppose you shouldn't give your fake id (digital or physical) to a government officials. It also seems "obvious" that it's similarly unwise to give it to a bank. But you can do that to a random guy on AirBnB? A hotel? To a delivery service (Uber/Wolt/whatever)? Dicsord? Where is the line between a bank (a private commercial corporation) and Discord (a private commercial corporation)?
Youtube flagged one of my accounts as a teenager because I watched a few pop videos (lol) and I was not able to trick it with fake IDs, though I didn't try all that hard.
I tried to do this when LinkedIn forced me to upload an ID. It didn't work unfortunately. I see the good in this but I know it will be abused. I want to run away but I don't foresee any way that the powers-that-be will let the common person use the Internet without an approved ID in the future.
I have discord for gaming communities, but also for political communities. Pod Save America has a discord with thousands of users talking political things. While I don't mask my identity there, I sure don't want Discord preemptively linking my state ID to my person. Screw that.
If you're worried about government retaliation they can already figure out who you are from what discord has, especially with a justice department that doesn't really even care about looking like they're following the law
Nope, I want the social media companies to be shut down, I want smart phones to go away permanently, and I don't want kids to be handed laptops or ipads in school.
1 - Piles of parents too stupid or lazy to, well, parent the children they made;
2 - A very reasonable societal expectation that it shouldn't be easy for young kids to access, or even be exposed, to the worst dregs of the internet;
3 - Very different use cases (gaming, kids stuff, free/affordable slack for communities) all on the same platform;
4 - A pile of morons in legislatures who insist there's a magic highly private way to do all this, but (see Australia) refuse to lay out the actual method. It's a government-wide game of underwear gnomes.
> A pile of morons in legislatures who insist there's a magic highly private way to do all this, but (see Australia) refuse to lay out the actual method.
This is a case where there's plenty of evidence that it's actual malice, not just incompetence. Leaving aside that this shouldn't be done at all, there is no desire to do this in a privacy-preserving way, because destroying anonymity and controlling online discourse is the point for governments, not the "unintentional" side effect to be avoided. "Think of the children" is just the excuse to get people to unknowingly buy in, just as it has been for generations.
How reasonable is this expectation? All you do by intituting these draconian 'wont someone please think of the children' ID laws is make it marginally more difficult to access mainstream services where there's not much crazy bad stuff anyway. The rest of the internet is the wild west, and good luck controlling that.
The whole thing is security theater designed to conceal the fact that child security is not the objective, it's the justification.
All social media websites should require id tbh. This is the new public town square - everyone should have a voice, but nobody should escape the consequences of using that voice to peddle bullshit.
Except that is clearly not how it works. Spend 5 minutes on facebook, and you will quickly realize that people have absolutely no problem spewing the most disgusting racist, xenophobic shit you have ever seen in your life, while their full names and pictures of them hugging their granchildren are there for everyone to see.
I believe what you said is correct and this headline is incredibly misleading. Most people should not need to upload any ID. If you are so addicted to NSFW content on Discord, then it is a different story.
I’m giving it exactly 2 weeks after implementation for most people to just suck it up and upload their IDs. I can’t think of a single “this new thing will break the service, people will mass quit!” thing every working out. Sure, some users left. But super majority, who has already built communities and are depended on it just keep churning.
Privacy and all that jazz aren’t that important to an average person. Everyone’s IDs are already circulating in a mix of Tinder, AirBnB, Twitter, <any random other app that just requires it>.
I deleted my Facebook account in 2011. After finding out how much critical neighborhood information I have been missing, I finally registered a new Facebook account fifteen years later to follow my neighborhood groups.
A month later, the account was suspended for supposedly breaking guidelines. I never posted a single message, never reacted to any posts.
They then required me to upload a video scan of my face to prove I was a person.
We aren’t quite at the end of the internet, but man I can really see the end of this journey coming sometime soon.
I helped an elderly woman create her first FB account. She'd just lost her husband and wanted to notify his friends about his upcoming memorial service. She knew their names but didn't have contact information.
We created the account from an Apple device, registering from her home cable modem IP, giving FB her cellphone number and ISP issued email address — all strong signals of consumer authenticity. But after she added five of her relatives within half an hour, her account was locked for suspicious activity.
There was an appeal button; she was asked to take a picture of her face from many angles and upload ID. She gave them everything they asked for, but when Facebook reviewed the appeal, they closed her account permanently.
> There was an appeal button; she was asked to take a picture of her face from many angles and upload ID. She gave them everything they asked for, but when Facebook reviewed the appeal, they closed her account permanently.
I can't speak for every company, but I know with Facebook and Paypal, these requests generally are from automated systems and the chances of successfully reopening the account is well under 1%. The info you submit is not viewed by a human and the systems are mostly treated as a way to lighten the load on human support staff. They don't care if your account is reopened, they just want you to feel like you had a chance, did all you could, and then just give up.
I discovered this about 20 years ago dealing with Paypal. I happened to know someone who worked in Paypal engineering at the time. I had a well established account, a Paypal debit card, linked accounts, etc., everything you could need to feel good about an account.
Out of the blue it was suspended and I was sent into this system to send in verification documents. I gave everything it wanted. First it was ID, then a "utility bill" so I sent over my phone bill. That wasn't acceptable because it didn't prove I lived at my address for some reason, so I sent a natural gas bill. Even though that did have to be tied to a physical address (you can't deliver gas wirelessly!) I was asked for an electric bill. Then the lease. Then a bank statement. Every time I gave it pretty quickly. Then I was asked for a passport. I didn't have one. Suddenly that was the only thing that could unlock my account and as soon as they had the passport my account would be reopened. Nothing further would be done without a passport, not even communication.
I asked my friend to look into it. She said, "that's on purpose, that's the NoBot. It gets people out of support's hair." Turns out if you let unhappy customers complain to humans on the phone they will, so some exec decided to improve call center metrics by forcing customers into a system designed to keep them occupied until they gave up. You funneled people into it, and it would continue to reject their submissions with new reasons infinitely. It just went through a list of things to ask for, and when it found one you couldn't provide, suddenly that was the key and without it you were screwed.
Many consumer banking apps have begun integrating similar identity verification third-party providers. They are very inaccurate.
Sometimes it works with the front camera on one smartphone but doesn’t with another (iPhone 17’s distortion), sometimes it recognizes your face on one day, but desperately fails to recognize you on another. I had to repeatedly record videos for it only to fail over and over again. Anything their system flags as suspicious, anything, will trigger the same video identification flow again, which effectively blocks your money in the account.
I’m closing my accounts with a couple of banks with these video id flows. Simply because it’s way too easy to lose access to my money in the account with them. If their QA is not good enough for this vital requirement, I don’t want to know how they treat other requirements. They simply outsourced the id verification to some third parties that are way too unreliable.
It sure beats the Reddit system where you think you are interacting with people, only to find out a couple of days later that your fresh account is shadow-banned and nobody is seeing your comments and that none of your likes went through.
Not to defend, but to understand. Last year our old "High School class of 19NN" group received about a dozen join requests per week from bogus accounts for a couple of years. At first they were trivial to discriminate because they were folks located on the opposite side of the Earth. But over time they became filled with pictures and names of (randomly generated?) Americans.
I could still tell because their profiles were sterile and had few normal comments or likes etc. Also a high school class has a very narrow age range. We recently landed a fatal blow by disallowing joins by "pages" and adding a few questions. A trickle continued but stopped recently.
The hamfisted false positive response you described is probably a result of the above.
Last year I finally caved and tried to sign up for instagram. It's tragic but it's almost like a second internet. So many small business and bands only have instagram. So many lil communities post their events only on instagram. I always have to ask friends with instagram to tell me when a brewery is open, when a show starts, etc.
So I tried to sign up (and I already HAVE an active facebook account from high school, with hundreds of friends) and it wanted me to scan my face. I did it, which I regret, only to be told five days later that I am too suspicious. So here I am, still locked out of all this information lmao
My sister died a few years ago. A couple of months later, someone created an account with her name and profile pic and started inviting family members. Quite frankly, I would have been ready to brawl with this person if I were in a room with them.
I feel very badly for your friend. Unfortunately, those completely benign actions look identical to a common identity theft pattern.
It's as if all the other problems Facebook has done in the past never mattered. Nobody stops to think about how Facebook's _repeated and exhaustive history of abuse_ might actually impact them. If only there was some evidence of what might happen...
Mark Zuckerberg, folks. It matters when his default philosophy is "They trust me dumb fucks". Copying Snapchat 9 times is more of a priority than account security. He wasn't "making a good point". He's a malicious asshole who deserved jail years ago
Ironically, this may be one of the many straws that breaks the proverbial internet camel’s back. We all wax and wane about the old internet, the pre-homogenized, non-corporate, Wild West internet.
Perhaps these constant restrictions will finally spur us to create our own spaces again Our own little groups that exist independent of the corpo-sphere.
The only reason ‘the way things used to be’ went away was because the new thing was convenient. Well, now it isn’t anymore. So let’s just go back to the old thing.
I yearn for the days of yore when a few of us would co-lo some boxes at a small local ISP we were friendly with, where we'd get to take advantage of their always-on and (at the time) blazing-fast T1 connectivity. It was low-cost for everyone, and we'd host our own services for whatever was useful to us and our friend groups.
On the other hand: It was kind of awful when even my dialup access would get screwed up because someone's IRC server got DDoS'd -- again -- and clogged up the pipes.
---
These days, the local ISPs are mostly gone. But the pipes are bigger -- it's easy for many of us to get gigabit+ connections at home. Unfortunately, the botnets are also bigger.
> Perhaps these constant restrictions will finally spur us to create our own spaces again Our own little groups that exist independent of the corpo-sphere.
The normies already did this. They just did it on centralized platforms like Discord. Until their backs get broken we're not getting anywhere. (Although I may be being a little too cynical.)
> Perhaps these constant restrictions will finally spur us to create our own spaces again
We had forums using forum software but moderating the spam got too hard. If you create your own space using any common software platform then you'll be pwned (a la PHP-Nuke et al). I presume even pure custom web pages would end in tears these days (DoS complaints seem to be a more recent reason; also Bot form submission is pretty good at being bad).
I have my small little groups. I've walked away from big sites constantly and this won't be an exception. Definitely going to cancel my Nitro today until/unless they revert this.
But leaving is never free. There's a lot of gaming communities (especially niche subcommunities like emulation, speedrunning, modding, etc) that are mostly on Discord and not anywhere else. Many probably won't move. A lot of tribal knowledge will be lost as it's locked in these communities.
Heck, even some FOSS communities communicate mostly on Discord. I have more faith they will move. But not all.
The interests of the people who own/control technology, and have the most influence over standards, will make sure you are forced to participate.
And they have always organized society to make sure this is the case. It's not a wacky conspiracy theory. These are just the interests of the people who create and have most influence over tech, and these interests are shared in common amongst most elements of that class. So, this class, the capitalist class, will just plan (conspire) to make it necessary for you to participate.
Viewing tech in this way makes one see that the historic development of tech is not happenstance occurrence, just tech skipping along, unconsciously, into authoritarianism, but as tech being influenced by the interests of the people who have the most influence on its development: those who own it, who are often the same people who determine standards.
The internet was never a free form idea upon which everybody could sway, its a technology owned, controlled and influenced by those who produce it.
They WILL absolutely try to place social/state/labor functions behind this wall of authoritarianism. As they already have, and are currently doing with the growing ban on VPN usage, anti phone rooting measures, anti-"side loading", etc.
It should not be absurd to suggest that the people in power have used, are using, and will use power in their favor.
I have a similar story. I quit in like 2016 or so and 9ish years later I wanted to shop for a used car for my oldest kid. I know already, of course, that Facebook now holds a monopoly on peer to peer sales of goods like that so I tried to make a new Facebook account. I was denied at the creation and told I had to try again with a video of my face (which I begrudgingly did) at which point I was denied AGAIN and told there was no appeals process.
> a monopoly on peer to peer sales of goods like that
I don't know ... around these parts (Santa Fe/ABQ) while Marketplace is very popular, Craigslist continues to be widely used for this, especially since an ever growing number of younger people are not on Facebook (either at all, or not regularly).
FB/Discord/etc were never the internet. They were walled gardens you could enter via the internet. This could be a revitalization of the internet - pushing people back to decentralized ways of communications.
Perhaps you may have not read about how Iran is moving to a whitelisted internet. Or perhaps you believe this will not happen in your country.
However, “think of the children” will always result in more restriction in western countries, not less. We are watching countries prove that it works to isolate from each other. Europe is not isolating from America in exactly the same way, but is isolating business processes from American services.
We are not on the cusp of the end of the internet, but the cliff sure seems in view to me.
My friend has a restaurant and showed me the ad he wanted to promote on Instagram about a pizza coupon was suspended for breaking the guidelines, they mentioned gambling or something. I was quite impressed. When you see that one of the "magnificent 7" is dysfunctional to that level, it's hard not to think we're living the last decades of American economic hegemony, by now propelled mostly by inertial monopolies than anything else.
The big ad networks want a cut from business users and will actively suppress posts from business accounts that haven't paid up.
But instead of paying Instagram for reach, consider taking the same budget and spending it delivering samples and coupons to other local businesses mid/late morning. Bonus points if you make the coupons unique for each delivery so you can track which local businesses are your biggest fans. Office managers are generally receptive to this kind of cold call and you can leave a catering menu. Catering gigs can keep your kitchen busy during the off hours.
Had a similar experience after rejoining a few years ago. My account wasn't suspended for breaking guidelines AFAIK, but rather flagged as a suspicious account that required an upload of my face and driver's license. I think the account still exists in this limbo state because I'd rather not upload all of that to Facebook, and yet still not able to login to request for the account to be deleted.
Twitter (before Musk) and Facebook did the same thing to me... and that was a long time ago.
Discord tried to do it to me a few months ago but I refused, contacted support instead. Eventually they made it work but it took forever. Lucky for me I hate Discord so tried to avoid it anyway.
Instagram did a similar thing for me back in 2016-ish.
A family member had been sharing some photos they were taking, but only on Instagram.
So I signed up an account, verified via email and phone number. I wasn't initially able to find the family member's account. A week later after I got the spelling of their username right, Instagram popped up "Your account has been suspended". They then sent me an email saying I needed to take a photo of myself holding government ID, and a piece of paper with a hand-written code they supplied, plus a close-up photo of said government ID. No way was I supplying all that just to be able to browse some photos.
I had the same experience when I deleted my FB then years later reregistered one using the same email. I think thats kind of a good thing in some ways, specifically in the FB case because I wouldnt want someone to go online saying they are me when they are not.
I’m actually excited for it. We have a lot of infrastructure already in place so I’m looking forward to the internet being a deanonymized space where people watch what they say and there’s accountability.
Oh yay, the company that told me to "just use your wife's phone" when I couldn't verify my own phone number, instead of even trying to fix the problem, now wants a copy of my face?
Pardon me if I don't have a lot of trust in their ability to keep it safe.
One thing most of those lack is an easy way to share screen.
Now if anyone wants to differentiate their Discord alternative, they want to have most of discord functionalities and add the possibility to be in multiple voice chats (maybe with rights and a channel hierarchy + different push-to-talk binds). It's a missed feature when doing huge operations in games and using the Canary client is not always enough.
I use MiroTalk for it. Within Element you can set up widgets (basically PWAs) and so you can call via Element’s built in Jitsi widget (or a more reliable dedicated Jitsi link) and then use MiroTalk to share screens. It is a LOT better, especially for streaming video.
In terms of ease of use, it’s like three clicks. Technically more than Discord, but it’s p2p streaming so it’s far nicer quality.
Hard to say, I don't really use discord so I think of it as voice chat as a service, and for pure voice chat it is hard to do better than mumble. However from the way people talk about discord, it is also a text chat screen sharing file server. and it is hard to find one product that does all that well.
For video, both video chat and screen sharing I have had a lot of success with Galene, it
offers text chat and file sharing, but they are sort of anemic and bare bones, which could be good or bad based on the needs of your users. https://galene.org/
What I usually do is start with a fossil server, this is trivial and gives you files, a wiki and a forum (none of them super good but like I said trivial to set up) then if I want voice, mumble is my normal route, but galene is growing on me more and more, the web interface makes buy in from the end users trivial and despite it being nice you almost never need the cool room stuff you can do with mumble.
But I am a sys-admin, I like running servers, hell, I find I enjoy running the servers more than I like playing the games. Plus, statistically, I have zero-friends, it is fine to say a server is great when only one other person has used it. That is to say, my results may not be typical.
I think Matrix is the closest equivalent that's reasonably popular, at least for text messaging. There are both web and mobile clients and they interoperate seamlessly. It's also at the point where it somewhat reasonably works for the average user, rather than being the usual UX nightmare that teaches people that anything open source or anything pushed by their nerdy friend should be avoided.
Honestly, this is HN and founders should pay attention to this. People don't want to host their own shit, they want a one-click easy switch. All of these alternatives have baggage.
This is your chance to start Bluesky for discord. A competently built, VC backed competitor to exploit a misstep only caused by government overreach due to their colossal market share. 26 million daily active users is a nice guaranteed market to start whittling away at, with an effective marketing campaign to drive a wedge between "little gamers, and big corporate enshittification."
Argh. If there's no stoat emoji, petition the Unicode Consortium for one, don't just use a beaver. It's not even the right family; the badger emoji would be closer.
Does matrix have decent 1:N client desktop broadcasting with low latency (and high fps) yet? I use discord for "watch parties", video and tabletop gaming...
Diode Collab - not fully open source but network and client are all open source. It has dramatic privacy commitment (stores no data on servers, decentralized user-to-user routing, no PII/phone/emails). Diode team just added STUN/TURN to the network last month and streaming will come soon. https://collab.diode.io
I wonder how Stoat will fare, and how it is currently maintained, in terms of "making money"; my fear is that it would steer into the direction of Discord itself.
Currently financed on user donations. The future plan is to intoduce further features which are costly to provide behind a paywall to remain sustainable.
Check out Diode Collab. It’s private communities to join/create, no IDs/personal info needed, fully encrypted, and keeps your data under your control. Not a voice clone, but great if privacy and community joining/creating is the main thing.
For me, the closest alternative to Discord is Stoat. Matrix with Element (or other clients) would be great, but it feels so slow on both desktop and mobile.
IRC does not support group voice & video calls, which is one of the primary features of Discord (and previously Skype, from which everyone migrated to Discord in the first place)
For most Discord users IRC simply does not have the feature set that people need. Basics like simple drag and drop media sharing, threaded conversations, emoji reactions and voice comms, up to more complicated stuff like screen sharing and video calling.
The real sin is that if they went with electron, they probably could have gone with a web app, and while web apps have downsides, they make fellow user buy in trivial, instead of "download this client" it's "go to this web page"
I am especially bitter because electron advertises as being "cross platform" by which they mean that it also runs on linux and as a openbsd driver I get to go "cross platform my ass" and then weep because of how close I am, if it were a web app it would probably be trivial for me to to run. What I really want is a method to unelectronify electron apps.
I keep wondering why Zulip is so often left out of reviews and tooling comparisons. For me it ticks a lot of important boxes, yet it barely gets mentioned. Is there a downside I'm missing, or is it just under the radar?
The concept that every message belongs to a topic and the async communication focus makes so much sense to me. I read conversations, not timelines.
Last I checked Signal was not fully open source, which is iffy, believe their encryption protocol is still closed. That said its the best of a bad bunch for E2EE messaging. If you're on android I'd recommend doing what I do, which is installing from the APK on the site, manually verifying the sig locally (you can use termux for this), and then lagging ever so slightly behind on updates to avoid potential supply chain or hostile takeover attacks. This is probably over cautious for most threat profiles, but better safe than sorry imo. Also their server side stuff is close sourced, technically this isnt an issue though as long as the E2EE holds up to scrutiny though.
Edit: My information may be out of date, I cannot find any sources saying any part of the app is closed source these days, do your own research ofc but comfortable saying its the most accessible secure platform.
They'll have to "partner" with some company that's in the business of building a database of IDs and biometrics to do AI things with. Other companies in this space (Jumio) have a bad habit of ignoring privacy laws and will keep your information for years.
I wouldn't mind showing my ID to a person (in person), but there's no way I'm letting some company get a scan of my ID or passport to store in some giant database that's a rich target for hackers. Might as well give them access to all my bank accounts (Plaid) too.
(It sure would be nice if there were a national privacy law in the US.)
Also, it's illegal for companies to use facial recognition in my jurisdiction, so if I allowed them to "verify" me, they'd be breaking the law.
To add context to the discussion, it is important to recall that Discord was reported to have recently filed paperwork with the SEC for an IPO [1]. Thus it seems likely that the real reason for the age verification (i.e., user identification) policy is to boost its perceived earnings potential among Wall Street investors. According to this theory, Discord is the new Facebook.
Ignoring the implications of this for the moment, let me broach a related (and arguably more important) question: what do you do when you have multiple communities you interact with only on one platform, and suddenly that platform becomes intolerable for a subset of your community?
It is the same as what everyone did after the reddit fiasco i.e. protest, boycott, grudgingly use it while complaining and then finally accept the change.
May be this discord episode will have better outcome for the masses.
Platforms lose momentum when these events strike, and momentum loss is the death knell for social platforms. Reddit's missteps have put it on a downward spiral. They may hang on, even for an impressively long time, but recovery from this point is very difficult and usually involves transforming or re-forming the vision.
It can be done. It takes the right leaders. Most are unfit for this particular challenge.
It seems like the answer is pretty obvious. That subset of the community stops using it and uses something else, and the others either follow them or don't.
You, if you're not in the first group, can continue to use both to communicate with everyone, but some of them lose the ability to communicate with each other.
The ideal outcome is for everyone to stop using the intolerable thing and switch to a tolerable thing. That's even what often happens over time, but not always immediately. Probably do anything you can to make it happen faster.
People tried warning that moving all your discussion forums into a proprietary, closed, unsearchable platform was a bad idea. And it was. But nobody cared.
I'm seeing Groups.io show up more for hobbies/interests I have. It seems email can be a way to slow down heated discussions. Perhaps at the expense of push-back on using more email?
Anyone have any experiences to share with moving their discussion groups from Discord to Groups.io?
If this happened 15+ years ago, a huge chunk of the userbase likely would've migrated to alternatives, potentially resulting in Discord being replaced and falling into irrelevance.
Today, though, no chance that happens. The current generation literally grew up with it, same for most of the other established social media apps. The concept of alternatives largely does not exist for them. And besides, they were probably already sending pictures of themselves and other personal data to each other through the app, so it's not like Discord doesn't already have all of that.
I mean, I grew up with AOL AIM, Yahoo Messenger, and IRC... yet I switched every time a new tech came out with more of my friends on it. Why do we think discord will be any more sticky than Digg or Slashdot, or any of the above?
People will migrate, some will stay, and it will just be yet another noise machine they have to check in the list of snapchat, instagram, tiktok, reddit, twitter, twitch, discord, group texts, marco polo, tinder, hinge, roblox, minecraft servers, email, whatsapp and telegram, and slack/teams for work.
... With the only caveat being that general experience of using Matrix is awful.
I second the other commenter's suggestion of using https://stoat.chat/ or as it used to be called: Revolt, which matches the "Opensource Discord" requirement perfectly.
Mumble already exists. IRC exists. Matrix exists. Discord is a surveillance tool by design. Jason Citron pulled the same hijinx with Aurora Feint, but I assume he has been betraying users to CIA-and-Friends from the start so he gets a pass for breaking the same laws.
Nobody scales free, high-bandwidth services without some dark money support from feds or worse.
Remember when Tumbler banned porn? People migrated to other platforms like Reddit, and it died.
Musk being a Nazi made twitter lose big enough chunks of their community to start Bluesky. Not big enough to do any real damage to the platform, but it still provided critical mass to a fledgling app.
WhatsApp having a sketchy relationship with the US government boosted Signal.
Oh I think it definitely did damage, just not enough to kill such a massive platform overnight. Twitter has lost a significant amount of users while other social networks grew or held steady, and the cultural impact seems to have waned a lot.
I've never been a regular user of Twitter, pre or post elon era, but a lot of people I follow in other ways used to be very active on there and discussions would often spill over into other venues. That still happens a bit, but much less than before.
Most everyone will go down the path of least resistance. A few outliers will try to resist, get old and/or tired. A few of the few will reach acceptance, comprehend the serenity prayer. A few of the few of the few will reach enlightenment.
What you do depends on where you're at - statistically, you'll go down the path of least resistance which is totally, totally fine.
Try to tell them it's a bad idea. And be ready to leave that community if nothing changes. That's pretty much the way of life for an internet vagrant. Maybe you hope the community migrates too. Maybe you try to remake the community. But those aren't in your control.
I left Facebook, left Reddit (never really had a Twitter). This won't be different.
One of the starkest social desirability biases in tech is between federated and centralized platforms. Most people, in public, say they support distributed, federated systems, but when push comes to shove, they all use centralized platforms anyway.
I hope that this causes enough outrage that Discord starts to lose its effective-monopoly for gamers and other folks. The platform has been getting more and more shitty over time and it isn't healthy for one product to have this much power.
I would guess that there needs to be a clear, cheap, easy to use alternative to discord in order for a large numbers of communities to move over. It probably has to be a single clear alternative as well – multiple will exacerbate the decision cost
Gilded used to exist but it's seemingly gone now. The power Discord has is quite insane, to the point where people haven't even seriously tried to compete it seems.
The sad thing is that I think many people will en masse pony up their ID or snapshot without a second thought. I'm not sure if enough people will refuse to actually force Discord to back off this decision (unless their idea is to grab as much data as possible at once with the understanding that they are going to back off either way).
I don't imagine this was a 100% their decision, it's more like a response to the epidemic of all the world's governments suddenly coming up with adult verification schemes. Discord has already required it in some countries, and it's definitely easier to get everybody to verify themselves than require it on a per-jurisdiction basis. The personal data they get is a cherry on top.
Also, this is just the beginning, more social networks will require the same soon.
I wouldn't call it a response, but rather another thing that normalises ID verification online. Now all these governments can use Discord as a reference that (1) this is possible at scale and (2) companies are willing to do this.
Especially if it's presented as a pop-up upon launching the app that suggests the user won't be able to talk to their friends/servers without showing ID. Carefully worded language would could spur some % of users to panic at losing years of history and immediately show ID. Folks with less privacy discernment hear "jump" and reply "how high".
If it helps, it really seems like Netflix is only "making money" these days off of cutting programming and workers. It's not a sustainable way to grow and it will hit a wall soon.
I had the same thing with Reddit and let it see my face. It didn't bother me much - I don't really do anything more exciting there than this sort of hn comment. If I wanted to post controversial / illegal stuff I'd make a separate account.
I have done that for stripchat which was also requiring it. Not happy with it but I'd rather use a selfie than a whole ID document which includes an image anyway.
I'll continue using Discord in teen mode, I guess. I'd rather not lose the current connections & servers I have on there, and I'm not optimistic about people migrating away, especially non-tech people.
I get the draconian side of things, but I am also tired of thousands of russian, indian, domestic-funded etc. bots flooding the zone with divisive propaganda.
In theory, this seems like it would at least be a step in the direction of combating disinformation.
I'm curious if there are any better ways to suppress these propaganda machines?
I don't see how disallowing viewing "age-restricted" content through Discord without giving them your ID would have any impact on the spread of disinformation, outside of like, disinfo in the form or pornographic or gory images.
In practical terms, it just ensures that the only bots flooding the zone with propaganda will be the ones owned by governments in whose jurisdiction Discord is.
I was planning to do that. My work chat is on Discord. I am an adult. Google and Netflix have my legal name and credit card number. I don't see how Discord having my ID is any worse.
I have mentioned this before, but age verification can be solved by hash chains. They can prove age without compromising privacy.
It is crazy that the solutions Discord goes for are IDs and selfies. It definitely gives the impression that there are shady ulterior motives.
Hash chains are simple. If they were adopted, Discord would clearly be in bad faith taking the steps that they do now. If you search you will find quite a bit of information. My introduction to hash chains is for for age verification specifically:
https://spredehagl.com/2025-07-14/
The EU is working on a actual privacy-preserving initiative [0] that allows owners of ID wallets to verify their age, without their actual age or personal data being transmitted. The standard and reference implementations are open source on GitHub. Yet everybody screams uploading IDs and total government surveillance.
Dear littlecranky67, as overseer for your digital wallet, I am happy to inform you that the owner of the discord server kinkydwarfporn doesn't know who you are and your privacy is protected.
Signed your friendly EU official.
As long as someone in the chain is able to physically connect the dots it is game over for privacy.
If the input is "give ID", what the software claims to do is almost meaningless since you cannot prove that software was running. What do I care that someone can tell me they built a privacy-first way of validating IDs/age if I cannot be sure that is the software they are running?
They can just as easily save the ID to disk and return "all good" for all I know.
It requires that Bob proves posession of a private key, that only he has ever had. That private key could be generated specifically for the commitment that he got from Alice.
Well your solution includes handwritten signatures and everyone being a handwriting expert so that they compare handwritten signatures. I wouldn't call this an elegant solution.
That is what the example uses. In the real world that would be a digital signature. Look under the heading "Fitting the parts together" to see what the real world solution could be like.
Even easier, just get tokens that carry no other information from ones government, and the government runs an API, that for a given token tells whether that token is valid. Can tokens be stolen? Maybe. Can your face be stolen? Today yes.
Hash-chains allows the solution to be token-less. You no longer need those per transaction information leaking API calls. You also avoid dependency on a single provider.
The communication in connection with a transaction would only go between the identity owner (Bob) and the provider (Cycle shop).
No API, they sign the tokens with the government's private key and you verify them with the government's public key
If discord needs to contact an API, then the government can associate the token with you, and you with discord, and know what you browse online. No thank you.
Something like half of Israel's economy is intelligence gathering wtf do you think is happening here it's pretty obvious. economic leverage, surveillance, foreign influence, tech exports being used politically, etc.
I'm not sure how hash chains would resolve the fundamental issue of needing to send your ID or similar to some random third-party company that does god-knows-what with it (probably stores it in a publicly accessible path with big "steal me" signs pointing at it). That they need to attest to your age means that they need to trust what your age is, which has really just moved the problem one layer deeper (as far as I can tell).
I assume by third party you mean the authority, and yes, the authority would need to know your personal information. At least enough of it to verify your age. So the ideal is that the authority is the entity that already knows your personal information. Like the entity that issued your passport to you, or the one that issued you drivers license.
But even if the authority was a private company, I think it would be an improvement compared to the current situation. In this situation your personal information would be held by this one company, and not whatever provider that needs to verify your age. Also, you would be able to use the commitments, that this private authority gave you, without any coordination afterwards. The authority would not know about your transactions.
How would that mechanism work in practice, though? If every parent needs to become a trusted authority, wouldn’t that just move the goalpost? Who would be the trusted authority, and who would implement that?
I agree that the mechanism is elegant, but figuring out which entity should be trusted in a way that scales globally is somewhat difficult.
How difficult would it be to add further anonymization? Let's say I want to prevent the bike shop from building a usage profile on the basis of the age check (e.g. because I'm buying booze). Would I just need to get more chains from Alice, or is there an easy way to integrate e.g. group signatures into the scheme?
I think that whatever organization that issues your passport, would be a natural choice for setting this up. But it could be some other authority. In a way it is the identity owners and the providers that decide who they will trust as authorities.
I talk to three people on Discord. If I have to choose between A) giving Discord my ID, B) giving Discord a fraudulent ID, or C) just chatting with them on some other program, I'll just go with C. If I cared about Discord more I guess I'd figure out B. May get started with C ahead of time anyway.
It will impact me since I've decided to go with plan C ahead of time. Hard to keep track of everything every company does, but I'd rather not use a service that is unnecessarily aggregating facial scans + IDs of its users.
What am I missing? According to this, the only difference is you get a warning popup when someone new DMs you, right? And they can't send you images flagged as porn?
I'm generally opposed to services unnecessarily wanting IDs, content filtering for direct messages from my contacts, unwanted popups (it's already annoying when my friends send me a link to a site I haven't visited from discord before and it "warns" me and you cannot disable this entirely useless popups), and things generally becoming worse.
A lot of these things are normalized already, but requiring IDs is not and I don't want to see it become normalized.
Ultimately, they are free to do what they like (or perhaps being unnecessarily pressured by various govts) and I am free to leave the service.
I think she is a polarizing figure to some, but journalist Taylor Lorenz has been complaining about this sort of thing for a long time. She has been increasingly warning about a future in which we need to scan IDs for all of our online services, in the name of protecting kids. (With the obvious implications about that data leaking, governments using it to track dissidents, etc.)
Please do not fall of the deceptive language that is used here. They're calling this "teen experience".
This is not about "i see gentila we ban". They're very vague about what is obscene, sticking to that level of a consistent definition, and they're very heavy handed in punishing.
They're introducing a highly restricted experience unless you hand over your details to either a "technology" (which that's very unclear about how honest they're being) or a company that has been caught for leaking sensitive details.
It's a relief to finally read that Discord is indirectly shutting down and getting rid of it's users. It was inevitable but dragged out far too long with all the VC money to burn. Hopefully everyone can figure out how to use XMPP and/or get back on IRC. It is a genuine shame how much culture and information will be lost inside their walled garden though.
XMPP and IRC are great and all but a massive part of what people use Discord for is group voice calls with screen-sharing. I'm not sure what the alternative is for that. TeamSpeak is the closest I can think of but it's not a 1:1 replacement for a number of reasons.
IRC is a much more impoverished chat experience than Discord/Slack in a bunch of ways. Suggesting that people "get back on IRC" is not a serious proposal for making it possible for groups of people to chat online without being subject to identity verification or censorship.
This only applies if you take all those "protect the children" initiatives at face value. It seems to me that the actual reasons are different. Governments want to police speech online and be able to arrest people who say things they don't approve of, so they are pushing platforms to collect user's PID. Some also want to discourage people from doing things they don't want them to do but that are politically unfeasible to criminalize (watching videos of consenting adults engaging in all kinds of sexual acts) and adding more and more friction to the process (no pun intended!) is the best thing they can get. And the internet companies want more of your data to track you.
Yeah I 100% agree - but if you give them an alternative way to do the same thing without everyone having to get IDed - then I’d they still want that they’ll have to come out and be explicit.
That would either mean you can tell the device to lie (which makes it useless), or that you don't own the device you use (which makes it unacceptable).
Apple actually has this already. For countries that support IDs in Apple Wallet there is a "Verify with Wallet API" [1] and for other countries the app developer can get the age range from the iCloud Account [2] - but that is not verified with any legal authority and only based on user input.
I really think on device verification is the way to go - and I don’t even see why we need to use ID.
Parents are always in control of a kids device. Just mandate devices have a child mode that parents can activate and have it send a ‘this is a child’ flag to all websites and apps.
But this assumes this isn’t all about ID checking everyone online, which is what it’s really about.
I have my Gmail account since they were on invitations, circa 2004, and Google certainly knows this. That's the ultimate proof I'm an adult :-) That information could be exposed and used by 3rd parties.
IIRC EU was going for a zero-knowledge-proof of age system, but I guess discord isn't going to be using that then. (I don't think the ZKP system is available yet)
> The first option uses AI to analyze a user’s video selfie, which Discord says never leaves the user’s device. If the age group estimate (teen or adult) from the selfie is incorrect, users can appeal it or verify with a photo of an identity document instead.
Are they shipping a video classifier model that can run on all the devices that can run Discord, including web? I've never heard of this being done at scale fully client-side. Which begs the question of whether the frames are truly processed only client-side...
Can't you just modify the client to send the resulting signal then? I'd anticipate a ton of tutorials like: Just paste this script into the console to get past the age gate!
I understand the frustration towards Discord, especially because this is a global rollout of a policy they're only required to enforce in specific countries, but it's IMO misdirected. They're likely trying to get ahead of the legislation. The way the winds are blowing indicates the Western governments that haven't already passed legislation mandating ID verification soon will.
You can move to $ALT_PLATFORM but unless it's self hosted they'll eventually have to enforce the same policy.
Direct your anger at the geriatrics in government who don't understand the risks of these laws first. You only have to watch the TikTok CEO's hearing in Congress to see how American politicians don't understand technology.
Platforms want this, they're happily implementing it because they'll get a mountain of data to train on and sell, and they'll finally get to sell their userbase as real monetizable humans to their partners.
This. Still canning my nitro sub for now as I do think they should hold off until necessary, but people ignore that the root of this trend of ID verification is governments who are willfully ignorant to having staff who can accurately assess the technological landscape and enforce smart regulation.
> Direct your anger at the geriatrics in government who don't understand the risks of these laws first.
No offence but I think you are being extremely naive if you think that the people in power and the lobbyists who have spent the last 10 years relentlessly pushing for ID verification online and mass content scanning in the US and in the EU do not know what they are doing.
Here is the thing, most people are increasingly unhappy about the way things are going whether they are on the right or the left of the political spectrum. Governments can see that and don't want to see what happened in Nepal recently repeat itself. So they are getting ahead of the curve.
First require everyone to ID themselves online, then tie everything you say to your ID then use that against you one day if you decide that enough is enough.
The western countries are looking at what China is doing and simply iterating on it. They wrap it in a nit little bow to either "fight terrorism" TM or "protect the children" TM.
This is a pure power play meant to save their asses and the people who have been warning that this was always going to be going in that direction have been ridiculed and called conspiracy nuts but here we are.
Look at OFCOM in the UK. First it was to protect children form porn. Now they are looking to expand their powers to moderate speech online based on what THEY think is acceptable. If the EU gets it's way, you'll have client scanning in all messaging apps across the EU. And it won't stop.
This sort of thing is never about protecting kids, reducing harm or whatever they call it. It's about control about what you see, what you write, all done with the purpose to determine if you as an individual will become a problem for them in the future.
Platforms want this because it means they can get rid of the mountains of money they were paying for moderators to keep "child unfriendly" content off their platform
"If your kid is on Discord, and sees something they shouldn't, it's their or your fault, not ours"
> They're likely trying to get ahead of the legislation. The way the winds are blowing indicates the Western governments that haven't already passed legislation mandating ID verification soon will.
Isn’t that the first rule from On Tyranny? “Do not obey in advance"
Who implements these idiotic policies? We do! Politicians could not code their way out of a paper bag! Giving up is not the solution. Refuse to do it. Make ID pass for a full-white jpeg.
I'm not necessarily opposed to age restrictions, but letting each website figure out its own age verification system is a terrible idea. Uploading your ID to lots of websites opens you up to identity theft.
Any government that demands age verification from websites, should offer an eID system where each site can redirect you for the age verification. That way random sites don't have to worry about handling sensitive data.
It's kind of surprising that no-one has really come out with a proper privacy-preserving approach to this yet. It is clearly _possible_; there are reasonable-looking designs for this. But no-one's doing it; they're just collecting photos and IDs, and then leaking them all over the place.
The problem is privacy activists and free speech activists (though there's some overlap between the two they aren't the same) oppose age verification by any means since it has the potential to infringe on both ever so slightly. Meanwhile age verification gates are being demanded and thrown up all over the Internet at a frightening pace. So we get only the maximal data collection solutions implemented by people who don't give a shit about privacy or free speech. And the mass surveillance cheerleaders egg them on.
If privacy and free speech activists understood that a proactive, privacy-preserving approach to age verification is the best outcome we'd be better off.
Much like DRM, there is no good option. Its a fundamentally bad thing. If parents want to abdicate their parental responsibilities, their children should bare the cost of that, not millions of strangers.
The issue with your solution still comes down to yet another centralizing middleman with no real incentive to be efficient. And all the incentive to lobby governments and extract more wealth from the people.
This can of course be done government by government, but that isn't scalable for a global company.
There is no 'half-pregnant' option. Compromise is synonymous with 'bring into danger' for a reason. They are right to be dogmatic about rights - believing that is like believing it will really be 'just the tip'.
It’s not “slightly”. They’ll start with claiming to protect people under 18 from obviously problematic content — porn, grooming, etc.
It won’t stop there. The scope creep will extend to expressing or reading “incorrect” or “dangerous” views.
They’ll probably call some of it “hate speech”, but hate speech is whatever the people in power say it is; on X, “cisgender” is designated as a slur and gets your post censored.
The slippery slope fallacy is only a fallacy if the slope isn’t slippery — “think of the children” is a wedge bad actors are once again trying to use to open the floodgates of censorship.
They don’t even need to target adults; if you control what children can see and express, you have enormous control over all future generations of voters.
They do not want to solve the problem, they want to collect our IDs. If they would have wanted to actually solve it they would not have done this on legislations where it is not a requirement.
It would seem like a naive solution would be some arrangement where Discord would ask for a proof-of-age from an official service ran by the State (which issues your ID)
Well you could have government-run cryptographically signed tokens. They're already in the business of holding ID data (i.e. they don't need to collect it and this wouldn't increase the attack surface).
But assuming it has to be a private solution, you could do the same thing but make it a non-profit. Then at least _new_ services you wish to use don't need to collect your ID.
many countries already have a working system mostly integrated, so yes, i would say it is possible.
the government should issue physical tokens that are sold wherever you can buy booze or smokes. when you login to a service that needs age verification, you type in the code from your age token.
its pretty cheap, its low-tech, we are already accepting of showing id to a store clerk privacy-wise, we generally trust the enforcement mechanisms around smoking/drinking already, it would be easy to expand existing laws to accommodate selling them/punishing misuse.
What are your thoughts on Apple's approach? You still have to provide your birthdate to apple. But after that, it only only ever shares your age range with other companies that request it, not your birthdate.
This is great, but if and only if it remains an opt-in choice that enables parents.
There is a stark difference between enabling choice or compelling it.
Somehow in the last 15 years, we have completely lost sight of agency-based ethics as a founding and fundamental principle of western liberalism.
This has been replaced with harm-based ethics. Harm has no fixed definition. There is no stopping rule — when will we have eradicated enough harm? It’s declared by fiat by whoever has the means to compel and coerce — and harm inherent in that enforcement are ignored.
As others have said, it’s obvious that no real attempts have been made by anyone to create a privacy-focused solution because the end goal is to collect photo IDs.
Occasionally in my free time I have been tinkering with a certificate-based solution that could fulfill this sort of need for age verification. It’s not the most robust idea but it’s simple enough using most of what we already have. Creating a minimal protocol which doesn’t share actual identifying information nor metadata of the site you’re accessing is trivial. If I can make an 80% solution in less than 100 hours of my free time then some groups with more money and intelligence could propose a dead-simple and easy-to-adopt solution just as easily.
No privacy is simpler and the simpler solution is cheaper. If there's no real incentive to go with another option, companies will go with the cheaper option.
There's a special phenomenon that happens as startups grow large. They begin to drift away from the ground truth of their product, their users and how it's used. It's a drift away from users. And a drift towards internal politics. A lot like Rasmussen's drift towards danger, https://risk-engineering.org/concept/Rasmussen-practical-dri...
As startups grow beyond a critical threshold, they start to attract a certain type of person who is more interested in mercenarily growing within the company / setting themselves up for future corporate rise than building a product. These people play to the company's internal court and create deeply bitter environments that leads to more mission-driven individuals leaving the company.
I think this decision is more defensive than "losing touch with their customers." The winds are shifting in other countries that are cracking down on social media use for children. Discord does not want to get caught in the shit storm of legal issues if they fail to comply. This is a proactive measure.
That is prioritizing internal politics over the realities of their product. The Discord userbase is young. And it serves a variety of use cases / the same account can be used to access open source communities, coordinate video game time with friends, interact professionally, and have a supercharged group chat for close IRL friends.
Any decision that isn't along the Apple's hard privacy stance lines, "we'll protect user privacy" is prioritizing the discomfort of that decision over the user base / use case.
This is the real issue, and it's why just cancelling your discord subs and moving to stoat or etc isn't a solid long-term strategy. If KOSA passes in the us basically every platform will have to do something like this.
I think this is about "losing touch with their customers" and the need to IPO and make money from the customers.
The thing is, most of discords users are in countries which haven't yet passed laws that ban children from using apps like discord. If they were privacy focused they could do this only where the law requires it, like Australia.
In pretty much all cases, the companies in question had peaked were experiencing declining growth and attempting to do a hail-Mary... and failed miserably.
Compare Digg and slash. One completely died, the other has stuck with its formula and hasn't disappeared, but has just faded into irrelevance.
I don’t think this is a phenomenon. At the best places I’ve worked, I’ve seen success correlated with actual user value. You do find climbers at certain places but I tend to think it’s a large reason they fail.
Also, I don’t think your OnlyFans analogy holds up. My understanding is that their threat to ban porn was a stunt. A pretty effective one.
Do you have reading on it being a stunt? That seems like a huge gamble. You’re basically inviting competitors and pissing off your supply (content creators.)
If they view you as unstable, unreliable, or adversely motivated, they will look for alternatives to at minimum diversify. It’s their livelihood.
I think this is actually a different growth problem, which is that they became so large that several countries are designing new regulations that specifically target them. I think discord is trying to spin this into a regulation-as-moat opportunity instead of dying by a thousand papercuts.
Discord isn't under pressure to implement these measures globally.
I fully agree that they shouldn't be blamed for kick-starting age verification, because governments are pushing for this all around the world. But it's simply ignorant to pretend that Discord isn't helping these governments to normalise this process with their actions. They're also signalling that businesses are willing to comply and that they have all means necessary to do this.
Really I've come to the conclusion that anything I send out of my LAN is probably kept on a server forever and ingested by LLMs, and indexed to be used against me in perpetuity at this point, regardless of what any terms or conditions of the site I'm using actually says.
Speaking of hosting, Discord used to be one of the biggest (inadvertent) image hosts, so they might have set up the system to reduce legal exposure than to monitor conversations per se.[1]
A lot of the internet broke the day they flipped that switch off.
Weren't external Tumblr hotlinks also a thing back in the day?
And E2EE platforms like Mega are now being censored on some platforms specifically because they're E2EE, and so the name itself must be treated as CSAM.
As people who want to talk about words like "megabytes" or "megapixels" or "megaphones" or "Megaman" or "Megan" on Facebook are finding out.
My social group are moving to a private IRC server already. This is probably the best outcome really. I don't think any of us are under 50. But we have relatives who remember when this would have resulted in some of us being killed. I wish I was sensationalising but I'm not.
For the happy-clicky-emoji types one can put TheLounge [1] or Convos [2] or other web front-ends [3] in front of IRC. They don't scale as well but it would allow for those that don't care for the underlying IRC network. If it does not exist yet there is probably a way to write in a voice chat link handler for Mumble. It's a separate app but very low CPU/memory footprint and maybe that could weed out some low quality members.
I set up this exact combo (thelounge + mumble) for my friends last night after this news. It's not a complete 1:1, but I think it'll meet our needs. I'm going on a road trip and as a fun experiment I'm going to try to get Claude to churn on integrating Mumble into thelounge, somehow, to mimic the Discord client. I'd really prefer something other than Jitsi for screen sharing, since I'm a weirdo and don't like the UX of making a 'call' and much rather prefer the 'hop in' style VC like Discord or Mumble.
That’s why you never promote anything, or if you do, you do it with full awareness that you are being irresponsible, because you don’t know what the future holds, and acting like things won’t change is incredibly shallow.
I really don't understand the demise of usenet as a way to have a public message board. It worked perfectly well for decades and then died off all at once when the bigtechs did everything in their power to squelch it and instead replace with their walled gardens.
I think this will be the kneejerk reaction of many, but then you'll have to face the consequences (de facto social isolation) and probably acquiesce.
I had the same reaction when platforms started asking for my cellphone number... after some years I just started giving it to them. Now I don't even think about it.
>but then you'll have to face the consequences (de facto social isolation) and probably acquiesce.
Nah I'm used to being lonely. Leaving these platforms shows how few truly deep friendships you have.
You get used to it.
>I had the same reaction when platforms started asking for my cellphone number... after some years I just started giving it to them.
Even when I gave Facebook my number, that wasn't enough. I drew a line at some point. If everyone else wants to sacrifice privacy for the sake of pseudo-community, so be it.
Then you and I are not the same. If a platform asks for more than I'm willing to give it, it's time to leave. I've done this enough times that it's simply routine. If it means I suffer "defacto social isolation", whatever that is, so beit. I'm old and I've cultivated a group of close nit friends that live nearby most of the year, we'll manage just fine without discord.
"I used to resist the boot, too. Then I was successfully conditioned by the environment that's been engineered around me. Now I just lick it subconsciously."
So how do we know (other than obvious, NSFW servers) if we are in a server that is not "teen appropriate"? I don't feel the need to prove I'm old af, so if I'm in a server for sports betting, is that not teen appropriate? What about a pokemon server with a lot of swearing? Or just a custom server made by a friend for web dev, but has lots of random politics thrown around?
I really just don't know what isn't "safe" for teens, so hopefully this will be pretty clear somewhere.
Discord does not care about you old coders, they want the faces of the young. Moses traveled the deserts until the idol worshiping generation died out. Big Tech sees you as the problem and knows the young will fall in line.
This clearly doesn't work and they're surely aware of it. Perhaps it's even intentional as a choice to give kids a way out, just trying to cover their own asses in regards to regulation.
When you try to use the law (or the threat of legal action) to force people to "do something" about anonymous, unsupervised kids on the public internet using their free platform, this is the type of solution you're going to get: the cheapest, most scalable one they can get away with.
Previously that was a checkbox or a line in their ToS saying "I'm over 18". Now that lawmakers are pushing to make that no longer sufficient, "AI face scanning" is the next step up.
Which goes to show that lawmakers probably should be working more hand-in-hand with technical experts before making such laws. A regulation that provides a good technical solution would be more useful, especially if lawmakers could have helped work on ways to prove a person's age cohort estimation without say checking an entire physical ID (and all of the identity theft that can enable), or yes relying on "AI detection" that is quite game-able (literally so as reports are Death Stranding's Photo Mode is a reliable workaround for Discord's primary AI scanning vendor k-ID).
Here's how Discord works. A third or so of its features, such as forum channels (EDIT: I think this specific example was wrong; stage and announcement channels, but not forum channels) or role self-assignment, are locked behind Community Mode. After enabling Community Mode, server owners are NOT ALLOWED to turn off content filtering anymore, meaning that by default, content in every channel may be filtered out by systems you cannot configure.
The only way for the server owner to circumvent the filter is to mark a channel as "NSFW", which doesn't necessarily mean the channel actually contains any NSFW content.
This change will not actually require ID for content confirmed to be NSFW. It will require ID for each and every "NSFW mode" (unfiltered) channel. The end result is that you have three choices:
- Ditch Discord features implemented in recent years (or at least this is currently possible) - this prevents a server from being listed as public;
- Require ID checks from all your users (per channel);
- Have everything scanned from all your users (per channel).
Are you saying that you can "mark" the channel as "NSFW", and Discord will stop scanning your content, possibly allowing you to share very illegal content through their servers?
Sounds weird to me. Pretty sure that they legally have to make sure that they don't host illegal content. Or does "NSFW" enable some kind of end-to-end encryption?
Sorry, the era of free communication is fading. Across middle powers, developed countries, and increasingly North America, governments are tightening the rules around online speech—and often jawboning platforms into going further than the law strictly requires. The list of examples is so long I can’t even begin to type them all.
Instead of "free communication" I would say "free large public social media", because without going all DPRK, there's no stopping people from using the internet, a means of free communication.
I predict out-of-the-box deepfake live-camera software will get a bump in popularity, there's already plenty solutions available that need minimal tinkering. It should be trivial to set up for the purpose of verification and I don't see those identity verification providers being able to do anything about it. Of course, that'll only mean stricter verification through ID only later on, much to the present-and-future surveillance state's benefit.
How many times do we need to praise the simple XMPP server? It does everything you need it to do, has done so since the 90s, and doesn't require any PII, ever. I remember 20 years ago MS trying to cram Lync down our throats. That pile of crap was inferior in every way, yet it still succeeded. Does anyone remember it? No. So don't jump to another platform. Stick with the original solution and hold onto it for the rest of your life. https://xmpp.org/
Bleh. I still get through for now. I'll be sorry when I need to go find an alternative, because I don't know of another that works as reliably as archive[.ph|.is|.today] for me currently
I remember the internet from '99.
Before facebook, before messangers.
People were communicating via usenet mailing groups - think online forum but via email - and it was quite common that they were not only signing their mails with full name, but often with a home address so others could send them postcards - think patreon for caveman.
IRC users had frequent local meetups and regulars could easily put a face behind an username.
I understand it was different time at different place, but oh boy, it was so much better.
Well, yes, you could argue the internet was like "harvard", a proper secret society club, where only wealthy and approved were invited, but still, even in '99 the internet was freely available at unis and I remember we had a whole plethora of weirdos.
The other weird artifact of that era were "gaming caffes" - much like internet caffes, but before the internet was widely available and people were often bringing their own PCs to play starcraft or quake on LAN.
I play competitive games online to this day and I really miss these days. Today's online scene is extremely toxic. I still remember my den which was often frequented by local gopniks, outmost disgusting creatures, but when we played the game there was a strong sense of chivalry and sportsmanship that's nowhere to be find in today's online games.
The amount of time and energy that I have to put in to keep my 3 individual kids safe online while still allowing some access is mind-blowingly high. It shouldn’t be as hard as it is. It’s so hard, in fact, 99.9% of parents give up on it. I’m not one to do that but I’ve strongly considered it many times.
Parental controls are fractured across every platform, they can’t enforce everything in one place, domain filtering isn’t practical, some sites (like YouTube) are needed for schoolwork and they include adult content intermingled with no sane way to bifurcate those. It’s also impossible to disable the forced short-form video push onto toddlers and teens.
There is a simple and better way to do this, which is device-wide age status attestation. That is, the whole device or user account has a 'minor' flag set, and passes it on to software, and so on.
Governments are not pushing for this because this is not about protecting children, it is about removing privacy and increasing control.
This only addresses one axis of your concern, but if they are accessing YouTube via desktop browser (or Firefox on Android!), the "Youtube-shorts block" extension gets rid of the Shorts UI. You can still watch Shorts, it will just display them in the normal video UI without infinite scrolling. It's a huge quality of life boost.
Although obviously this does nothing for those using the mobile or TV apps.
I sympathize with this a lot. What you’re describing really is exhausting, and it shouldn’t be this hard.
My take is that parental controls fail because they’re trying to solve a social and psychological problem at the technical layer. No amount of filters or settings can keep up with the internet, and kids are better at routing around them than we like to admit.
What’s worked better for us is treating this like other hard topics. We talk to our kids directly about social media, disturbing content, and strangers online, the same way we talk to them about drugs or sex.
We’re explicit about why some things aren’t allowed, what kinds of content exist out there beyond just sex, and that if something upsetting happens, telling us is always the right move and won’t cost them our trust or love.
That doesn’t remove all risk, but it shifts the burden from constant surveillance to shared understanding. To me that feels more realistic than trying to centrally control an environment that isn’t controllable.
I have a friend who is a social worker. Hearing stories from them, I think people severely overestimate the level of involvement that many parents have with their kids. Social workers who are checking in on middle school kids at the hospital with burn marks on their arms or elementary school kids who showed up under the influence of cannabis aren’t also going to have time to enforce online safety.
If this is what it means for a parent to “do their job” then what do you propose happens to parents who are unwilling or unable to police their kids’ Discord account?
For this reason, I think we are seeing the beginning of the end of low-trust social media. They can’t tell if a user is a child or even a human. People will move to things like group chats because they don’t rely on sending your ID to a verification service in the Philippines.
Parents are just burnt out, I think. Online spaces have become so consolidated and enshittified that it’s seriously a choice between basically keeping them offline - which is a very socially isolating thing to be these days - and letting a small number of faux-accountable monopolies ranging from Discord to Google and Meta call the shots. It’s kind of a no-win situation.
I’d love to have my kids in relatively small, intimate online spaces where I can’t necessarily assume they will be perfect (nor do I want them to be - they deserve to have some room to learn to navigate problems for themselves) but I can at least assume they won’t be overwhelmed by the impossibility of successfully navigating life in a globalized fishbowl. But if there’s one thing late stage capitalism abhor, it’s a self-contained community of real humans from which the powers that be can’t extract “value”.
Sure, but the ID solution is an "if everyone just gives up their privacy / anonymity / sensitive data" and the mechanism is by denial of service
In fact its worse. Every site must also implement this security check. Or everyone must agree to just use sites and services that follow this policy. Otherwise anyone can just use another, often 'less safe' website.
Pass a law that requires devices and software to support a per-device or per user account 'child' or 'minor' flag. The flag must be lockable with a password or another account. Pass a law that mandates that websites and content handle the flag appropriately, whether that means denying service or limiting access.
This would protect children while only minimally infringing on privacy.
The mechanism by which we make everyone 'just' is laws. The laws that are being passed are telling of the actual goals.
Are parents also supposed to be blamed if society as a whole would let thrive streets with permanent civil war, drug barrons, organized child prostitution networks and so on?
Of course parents must take care of their children. And of themselves. But they are only fragile humans and can bear only that much of a load in a day. Certainly there are people that drawn in negligent or even mistreating behaviors. That's not a valid reason to blame individual in general and abstract the societal constraints they all have to deal with. That's actually nothing special to parents.
Passing off responsibility to parents is already the status quo. Hardly political suicide.
Saying that companies should face some level of responsibility for their products is the dangerous move. That’s part of why the Internet has barely been regulated.
The UK/US haven't even spent widely on internet addiction education or built widescale programs like they did for drugs or even speech therapy. Jumping immediately to banning and gatekeeping everything on the internet is silly and naive. The world won't be a better place because we fear other kids parenting skills, it will be highly locked down and these ID checks/bans will hit every part of the internet.
It's giving my identification to a no face company, that I don't know will handle the data correctly. And if they don't I have absolutely no recourse.
Also, why should I need to identify myself at all ? I used to use IRC for the better part of my life, I still do infact. So to have to Identify myself by sending my ID to a random company is insulting to me.
That article is making quite a stretch from "the laws have exceptions for intelligence agencies, police, and the military" to "EU politicians will use those exceptions for themselves". It does this with zero evidence.
What I don't understand is why not have designated actors/ombudsman like notaries in the society that can verify your age/id without anyone knowing what it's for.
One can easily implement a nationwide system like this. You can trust people in your own community. There are no central govt actors. In such a system no one has any knowledge of which service you are proving your identity/age for and the cryptographic approval can be done without any ids being exchanged. The input to the ombudsman is a hash you provide which he can sign with his key and send to a server, that can ask the ombudsman: "this thing you are signing is for age verification > 18, check persons ID and press confirm if that's the case". The ombudsman presses confirm after checking the id and you are done. Every city municipality can elect a local councilman/notaries to do this, for a small fees.
Eu actually plans to introduce something similar through its EUDIW initiative. It will be a digital wallet focusing on privacy preservance and user control over attributes that are shared.
It will take some time tho before it is successfully implemented.
Discord is also rolling out an age inference model that analyzes metadata like the types of games a user plays, their activity on Discord, and behavioral signals like signs of working hours or the amount of time they spend on Discord.
“If we have a high confidence that they are an adult, they will not have to go through the other age verification flows,”
How does anyone know whether a family is engaging in that time-honored tradition of passing down accounts from grandfather, to father, to son, to child, and their posterity, in perpetuity?
Seriously though, unless you have positively identified the person who created the account in the first place, you have 0% chance of knowing whether it is the same person using it today.
Gamers sell their high-level accounts all the time. It would be a simple matter of economics that the Discord users with the oldest accounts sell them to 12-year-olds. Likewise, accounts are shared willy-nilly, whether or not that violates the rules. And accounts can be stolen or compromised, if you're really hard up.
No law or regulation is ever 100% effective in real life. Income tax is not collected 100% effectively. Should we not do it? Criminals are not caught 100% of the time, should we not do it?
Of course this won't be 100% effective, maybe 80-90% effective. That's all they need and expect from this system.
But under that argument, you would have to prove your age on a regular basis, the plan right now appears to be that each account would only need to do so once.
Just ban that in TOS. As we know TOS is inviolable. As such it is not possible to sell, gift or otherwise transfer an account. At least this should be considered how it works for age verification. If account transfer is found out account can be terminated thus closing the loop hole.
It's been around for 11. However, you can reasonably assume that kids aren't registering accounts below the age at which kids are generally literate; if we spitball an age of five this means old accounts cannot be younger than 16.
Yeah, my youtube/google account is almost as old as youtube itself is, but will constantly ask me to verify my age when clicking on something as marked 'not for kids'. Can we just get the leisure-suit-larry age-verification system ;)
Really really surprised there isn't more discussion about the background inference service that's mentioned in passing here. If you thought Electron/wrapped web apps were a performance problem, I can't imagine the weight of _also_ running a local AI model that's constantly playing Guess My Age.
> On-device processing: Video selfies for facial age estimation never leave a user’s device.
If true, there's little problem with just this from a privacy perspective, but that also makes it useless. Someone is going to make a browser extension to bypass/feed it a fake webcam feed.
> Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.
However if they ask me to submit my ID to any third party, I'd sooner ditch discord. My default assumption is that this will get leaked, tying everyone's discord account to their real identity publicly. Discord seems to have halfway decent opsec, but I don't trust their "vendor partners" at all. I'll try submitting a fake ID, but if I get banned for it, then so be it.
This would, most likely, go hand in hand with “Discord is no longer allowed on rooted devices” and “Discord desktop is disallowed from client-side effort”, given the necessity of attestation to make it viable on mobile and the near-total absence of third parties taking advantage of the necessary protections on desktop.
I doubt it'd work here though. You know you can just print out a fake ID and show it to the camera. I doubt the app will be able to tell. Attestation doesn't really change this.
If it truly never leaves your device, you'd also be able to use the same fake ID for your entire friend group.
The cynical and best-case take is they don't actually care, and it's just a gesture to show to authorities to prevent further regulation. In which case they wouldn't try especially hard, which is a good thing.
Yes, this shitty world where we can't control our devices we need to have (as they need to work against us) seems to be inevitable.
But I'm actually happy that these "protections" don't yet exist on desktop (albeit DRM already does).
If something really needs to work against my interest (for greater good), be it a smartcard, not my smartphone and definitely not my PC.
If you have any hope of replacing Discord, you need to actually understand Discord. Among many other things, people use Discord because it has persistent history, integrated images and videos, video and audio calls, and screen sharing.
It is a great irony that the heavy handed push for "protect da kids" is all happening while we learn, day by day, that the richest and most powerful members of our society have no problem hanging out with a convicted child sex trafficker.
People don't realize that all of our problems lately are stemming from lack of truly representative government. Until we find a way to ensure political candidates aren't corrupt and bought off, there will always be corruption, double standards, and lack of accountability from them.
Isn't it just so much easier to make sure that wealth isn't concentrated in so few hands? Tax wealth, not work.
And before everyone gets upset, tax serves two purposes; 1) control inflation (it in effect burns money that was issued when the govt previously paid for things), 2) disincentivises selected behaviours. and one side effect, when the govt runs a tax deficit it increases inflation, and of course the contrapositive is also true.
>People don't realize that all of our problems lately are stemming from lack of truly representative government.
Hard disagree.
I fully believe that we are collectively responsible for all of our problems because we are a shitfuck tragically tribal species who, in a world of ever expanding tribe sizes, desperately cling onto tribe sizes that our tiny brains can handle, hence becoming tribal about a myriad of trivial and pointless things like sports, racism, which bathroom someone uses or which policy on immigrants one supports. Dunbar's number.
And we're so tied up in these micro tribal problems that we completely ignore the macro tribal problems that affect every single one of us. We're shit out of luck we literally evolved to act like this and there's nothing we can do to stop the behaviour; it's innate.
Global temperatures are still rising and will continue to do so. We can try to stop it but we won't be able to.
My solution for this is to rate-limit political contributions --- they may only be made in an amount equal to what a minimum-wage worker might reasonably be expected to donate from a week's wages (say 10% of hourly min. wage * 40), as a physically written out check or money order physically signed by hand (at least an "X" mark) and mailed in a first-class envelope with at least a similarly signed cover letter explaining the reason for the donation.
If this causes the extinction of the political lobbyist, I'm fine with that.
You can't find that because any concentration of power means the corruption forces have only very limited surface to pressure, and all the more that surface is actually easy to swap with one molded for even more corruption convenience.
People ever rule through direct decisions or are enslaved into alien agendas on which they have no agency.
The issue isn't representation, it's division. The party that won is being well represented with respect to the values of their constituents, whereas the opposition views it as a daily nightmare. These two visions of the world cannot be reconciled.
Power will always attract the corrupt and corruptible. The problem is the power. Reducing the size and scope of the federal government and devolving power to the states, communities, and individuals is the only way to minimize the negative effects of humans with too much authority.
You can't have truly representative government if the people voting don't understand or care that they're not being represented particularly well.
It is apparently not much of a risk to your seat if you don't represent the interests of your people because the people have become tribal and it is only their tribe they vote for with very little effective criticism of the leaders in their tribe. (it's not that complaints are nonexistent, they just don't result in anything)
That's a lot of work to do. It ultimately works off the issue that most voters are disengaged, while the most interested parties are very engaged.
Corruption is happening out in the open and there's still so many people shrugging in response. One good push back from everyone all at once would fix a lot of things quickly. But that implies the people are united and not instead driven into manufactured conflict by said interested parties. It's basically enough that we're in a post truth era as of now. I don't know how we come back from that
Anyways, repealing Citizens United would be a good first step.
The US should have direct referendums at the national level, just like most of us have at the state level
Most - maybe all - hot button issues have much more moderate takes than any party national committee positions, in the bluest of blue states and reddest of red states the actual individuals have much more consensus on every issue
Whatever the founder’s initial reasoning or lack of inspiration for national referendums for federal law passage doesn’t seem to be relevant today
You either win big enough under the current system, with its system problems, or you never win to improve it.
Imagining better systems before doing that is just a form of xkcd’s nerd sniping.
And the biggest challenge to representative government might well be that most people are terrible at engaging it productively. Voting is the bare minimum and most people don’t vote (let alone organize and lobby effectively). Some significant portion of those that do vote can’t correctly draw a line between policies they’d like and candidates who intend to work on delivering, and that’s before we get to the portion of the population that may not correctly anticipate policy outcomes or even really understand policy as a concept.
The system has actually been functioning surprisingly well considering, and as catastrophic as recent elections could be seen as, the outcome arguably represents a reasonable degree of fidelity to the input from the electorate.
If we still hold free and fair elections, the task of those who want representative government is to change enough of the electorate first.
The only thing that changes behavior is consequences.
If there is no justice system enforcing the law and its requisite consequences, then there is no justice. I don't think those in power understand the anarchy that their intentional dismantling of the justice system has and will cause, and how the blowback from that anarchy will be visited upon them.
If that were true, people would be unhappy with their representatives. For the most part they seem pleased with them. They think everyone else's representatives are corrupt, but in fact they are also doing what their constituents have told them to do.
The corrupt ones are us, the voters. We hate each other and send our Congresspeople to do as much damage as they can to the others.
What is interesting is that, as demonstrated by mass media and social media’s influences over our politics in the last century we can be motivated, but we have let power become too concentrated in the wrong hands.
China’s qualifications for influencers thing is interesting by fundamentally doesn't address the power of social media publishers.
I think this is entirely the wrong way to think about this. While better elected representatives and officials would always be a nice thing, what we need is to ensure that we design systems around them that mitigate their corruption and double standards. We were even (collectively, across humanity) doing better and better at that until not that long ago.
>there will always be corruption, double standards, and lack of accountability from them
The hard part is this has been true going all the way back to the stone age ever since we elevated the first person arbitrarily to chief. There has been no model of government developed since that is immune to this. I really don't know how to get around this and it depresses me that we will always be held back by the slimiest who abuse systems.
There is no such thing as (truly) representative government. To the limited extent that groups of people can at all be represented (which is a whole other questions) - governments are generally not about doing that. Yes, many world states have electoral systems where people can vote for one of several (lists of) candidates or parties, but the claim that in the normal and uncorrupted scenario, the elected properly represent the populace/citizenry - does not, I believe, stand scrutiny.
Which is to say, don't try to "find a way in which candidates aren't corrupt and bought off"; that is in the core of democracies in money/capital-based economies. At best, the elected will act according to some balance of influences by different social forces, some being more popular and some being powerful and moneyed elites or individuals. If you want that to change, the change needs to be structural and quite deep, undermining state sovereignty and exchange-based economy.
Implement campaign spending limits, regulate or ban PAC's, and commit to an ongoing effort to stomp whatever new methods big-money comes up with to influence politics.
We do most of this in Canada and our leaders seem to be less influenced by big money. (Nevermind that we recently elected a billionaire PM...) The vast expense of running a U.S. style election campaign virtually guarantees that U.S. politicians are all bought and paid for.
Colossally awful take. Corruption is an intractable problem in human history. Power is a magnet for the worst people, and every system we invent can be exploited in innumerable ways. The only variable is how long the people of any individual society can remain free and prosperous before their decline. Temporary recoveries have only happened by lopping off massive chunks of empire, implementing extreme monetary reforms, and/or a switch to full autocracy. Every other outcome is terminal decline.
No, our problems are much bigger in that we have a populace easily led by tribal sensibilities. Theses scumbags aren’t coming from nowhere, we’re electing them to these positions.
It’s not irony. It’s by design. Politics is for controlling people. Rules don’t apply to rulers. No one cares about children or anything. Even manipulating the public opinion is outdated. Technology helps them to control. Freedom is an illusion today. We are not free anymore.
Politics is simply how a society governs itself. Whether or not a society values the rules being enforce to rulers is itself politics. Dismissing politics like this is how we end up with exactly the problem of rules not applying to rulers.
Get involved with politics. Be part of politics. That is how freedom is earned & maintained.
We have known this to be the case, for quite some time, yet majority of the public still thought that a convicted felon was good enough to be president.
That is the uncharitable interpretation. I think it is at least as likely that voters consistently get to chose between a turd sandwich and a giant douche, so it will always be possible to accuse them of preferring a terrible candidate.
Also, nitpick: it was neither a majority of the public, or a majority of the eligible voting population, or even a majority of the people who voted.
I think a really good first step, at least in the US, towards making our candidate selection better would be to mandate open primaries.
It is kind of obvious that once someone reaches such a power they should be monitored all the time.
Criminality among the rich and the politically connected is off the charts. It’s way beyond any group of immigrants for example that these same people are trying to demonize.
Chat control? Every single politician should have that on their phone.
I think politicians should be the least privileged people in a society except those in prison.
Any protections or exceptions for them alone are unconstitutional.
An idea I like to bounce around is that everyone at the highest offices of power (not going to define that here) should be forced to live in monastic conditions during the term in which they hold power.
You are fed, clothed, and housed by the state. You have no luxurious amenities, no exercise of personal wealth, no contact with anyone other than for official business.
If you honorably discharge your duties to the completion of your term of office, you will be compensated for life to such a degree that you will never have to work again.
There's a lot of nuance that I'm glossing over, but the gist is that holding powerful positions ought to require severe personal sacrifice, but you will be handsomely rewarded after-the-fact if you bear that burden with dignity.
No, only one rule - kill internet pseudo anonymity because it’s dangerous in the same way as large gatherings are. The age circus is just convenient pretext / collateral damage depending on perspective
When the Gen Z protests happened and internet was cut…wasn’t to protect innocent from porn
> It is a great irony that the heavy handed push for "protect da kids" is all happening while we learn, day by day, that the richest and most powerful members of our society have no problem hanging out with a convicted child sex trafficker.
They are hypocrites. In the UK there are hundreds of thousands of girls who have been raped between the 1990s and now (17 000 cases of sexual exploitation in the UK in the year 2024 alone). At least one UK politician refer to the girls who've been raped as "white trash" and recently people are shocked because many are implying that these girls, who are typically mass-raped, have been considered to be consenting.
It's known for a fact they tried to bury the story once it's been revealed. Turns out the same method is used by these grooming gangs in countless cities nearly all across the UK.
It's not just that the richest and most powerful do frequent child sex trafficker: it's that many politicians and judges all over the west are totally fine closing their eyes on the mass raping of girls (some boys are victims of rapes too but it's mostly girls).
I'm just going to go ahead and say that "free love" is a terribly inappropriate way to refer to sex trafficking, regardless of the age of the victims, unless you're being facetious (e.g., The Onion's "Penis Goofin'" allegations against Epstein).
If you look at almost all "protect the kids" initiatives, they are targeting mostly to deter free speech or cover other shenanigans. Same people who "want to protect kids" have no problem exploiting kids.
General public should be more intelligent and look a bit deeper than a cool title, but I really can't realistically expect that.
To be fair, the people in that group were literally writing articles about how meetoo went too far and sponsored lawsuits against feminists exposing the stuff.
So like, their ideal vision of the world was "every man can treat women and kids this way, they belong to kitchen anyway".
The extremely cynical take: All of this is by design for well-connected billionaire pedophile rings to kill competition from millionaire pedophile rings.
The less cynical take: Billionaire pedophilia is just a really dramatic consequence of us building a society that cannot make billionaires accountable for their crimes. There's not much connection between that and the government overreach being done in an attempt to put regular pedophiles to justice.
Discord is overcompensating for their extremely lax child safety record. It's not terribly difficult to find servers full of child groomers on Discord that are rarely banned. Same thing with Roblox. The business model of social media presumes that the average user is going to require almost no attention from the moderation team. That's why, for example, removing CDA 230 safe harbor provisions in US law would be so catastrophic to online discourse. The only way any company can justify the risk of publishing Someone Else's Speech is if that risk is literally zero.
The same calculus means that when we start requiring social media companies care about children on their platform, they immediately reach for the solutions that are trivially automated: ID and face scans. These companies are shoestring operations for their size, so everything has to "scale" on day one.
You might point out how this will protect children and what the trade offs are. You might also address the point that the same people who keep trying to do these "protect the children" attacks on privacy seem to be one or two steps away from people like Epstein. They didn't need to decrypt anyone's communications because they were the recipients - what did they do about it?
It seems many of them continued to "hang out" with him.
I am not a native English speaker, I may be missing a cultural nuance, but I wouldn't call any of what they did love. That word enters nowhere in a sickening child abuse island.
It's a question of scale. Neither crime is less serious but far more children are groomed and abused over Discord than flown in via some super rich sicko's private jet for a 'costume party'.
This is no worse than Discord just banning NSFW content wholesale throughout the platform (which they would be entirely within their rights to do). It's a big fat nothingburger.
"The victims described herein were as young as 14 years old at the time they were abused by Jeffrey Epstein... Epstein intentionally sought out minors and knew that many of his victims were in fact under the age of 18, including because, in some instances, minor victims expressly told him their age."
> why do we assume that the people he was hanging out with knew the details of what he did wrong?
Some of them were emailing long, long after his conviction.
We're going to need decentralized open source alternatives with E2EE for any major communication services, unfortunately. It's just too temping of a target for Governments. They're never going to give up trying to destroy anonymity online.
They already exists except that most people don't know about it and also it is extremely hard to move over all the existing users from Whatsapp to something less popular and less user friendly.
Until that changes, then the governments around the world are going to keep pushing to get access to all our messages in order to "protect the children" TM and ask you to prove that "you are not a child" TM
Based on the (lack of) people I see refusing the optional facial recognition check at the TSA checkpoint for flying, I can't imagine this will be anything other than an overwhelming success for Discord and the surveillance state.
The company that Discord uses lists the methods they accept above. Notably, they do not accept any privacy-protecting digital identity standards from US or EU citizens; they only implement national ID verifications where they receive a full birthdate, with the sole exception of AU where they allow banks to attest to age-majority.
Leveraging this press to highlight their clear desire-for / dependency-on being provided an explicit birthdate, rather than simply a bool backed by the government, would be an effective lever to pull through e.g. New York and California governmental privacy efforts — especially if one somehow got them classified as a data broker in California and therefore bound to a much more expensive set of laws, due to their insistence on being provided PII when more privacy-protecting alternatives are available there.
Yes, this isn’t a scorched earth response. Every other thread of discussion here has that covered already and I have nothing new to add there. But for anyone looking to force privacy into the budding age checks verification market at an early stage rather than trying to shut it down, here’s your roadmap to effecting real change on the matter. Good luck.
My first reaction is, what a disaster. More of the web becomes gated behind sacrificing your privacy to companies who by and large don't give a damn about it.
Then I remembered when I was a teen, thought about how I'd have reacted to this, and realized over the long term youth will rediscover old-school tools like IRC or migrate to new alternatives outside the claws of big corps and government.
And I felt a little better about the future of human civilization.
The endgame I see is that it will be illegal to communicate on the internet without having a proven bank account. At least in the USA where all ID verification is settling on banks (ie, Plaid). And the banks will tolerate 10,000 false positive denials of service to avoid a single false negative and be happy about it. Plaid even more so. Human beings will have no recourse as they are private companies. This really should be a service that the states of the federal government provide. It's a dark future we're speeding towards.
Sorry if I was inexact in my wording. It's settling on the existence of your bank account proving who you are. The ID services require you to give them your bank login credentials (ie, Plaid). So there are two levels of denial, at Plaid (and related ID services) themselves and the banks deciding weather or not they want to allow it (work with Plaid, or Plaid with them, etc) and if they want to give you a bank account.
If you're a Slack user, I don't think they need your ID to tell that you're an adult
More seriously, it will become a problem on there is a significant user migration to there and a repeat of the mass hysteria. Due to being more niche, these smaller platforms are probably not in danger right now.
I'm being completely serious, but what is the current fav open source forum software these days? I'd love to host a forum for a small community I'm involved in. Not a stranger to hosting other things across a variety of stacks, so I'm not particular about technology used.
TeamSpeak and Ventrillo still work great. It was a monumental mistake to switch to these 3rd party services that are bugged by every intelligence apparatus on earth.
I gave up running my TS3 servers (after nearly a decade) because they added a trialware system that required getting approval/serial code from the company every month to continue operating. They were squeezing everyone on TS3 trying to force them to TS4/5/etc. Have they stopped this or walked it back?
And to be clear, Teamspeak from version 5 on is not teamspeak. It's matrix with a skin. Not that that's terrible, but it's not great for running it on low power/cost VPS like actual teamspeak was.
Seconding campfire. Straightforward, easy to host, easy to backup, no monetization strategy. Most self-hosted alternatives have complicated deployments to enable scaling to >1,000s of users which I will never, ever need.
Hey our small company is making a privacy focused alternative to discord, it launches on Sunday and if you’re interested you can join the waitlist here
Even if you don't want to use the beta, your support to show it's a valuable use of our time would be great
With the current US administration all the worlds citizens should be careful about their data in the hands of US corporations. Unlike China, US has and can kidnap you from your own country if they feel like it even if not citizens of US. This was the case with previous US administration but they tried to at least follow their own laws if not international laws. This administration does not care about US laws or International laws.
It's bad enough that Discord seems to be vulnerable to attack. But now they want to hold on face scans and ID's that directly tie to their accounts? It's already not smart, but especially dangerous for public figures like streamers and vtubers. Not only can it dox their appearance (if they are hiding it) but also give the insane stalkers direct ways to harass them or assault them at home.
However I think Discord is far too embedded for communities. Whether that be social or development. So I don't think we'll see a big exodus. Having teen mode be the default will just mean that NSFW flags on channels or content will be a death sentence for that board or community. Similar to how Reddits big push to shove NSFW into a corner has gone. There are obvious examples like adult content that are NSFW intentionally. But things like art or cosplay can easily be twisted as NSFW and it just shuts down the reach of these kinds of artists.
Unfortunately most people are dug in now and it takes absolute extreme actions to get people to move. The fact that X is still around should be clear evidence of that. It's draining over time but that kind of universal community has not be replicated. Just a couple different echo chambers.
I wonder if Discord is legally forced to do that, or if they would rather do it themselves (and collect the data $$$) rather than wait to be imposed a solution they don't own.
I feel like age verification will come, there is no way around it (unlike ChatControl and the likes, age verification seems reasonably feasible and has a lot of political traction right now).
But I would rather have a privacy-preserving solution for that, e.g. from the government (which already knows my age).
There are probably enough regions where it is required or will be required soon, that it makes sense to just get it over with.
The Internet is more or less becoming a locked down, controlled and fully observed thing for end users and citizens, so adapting to that world sooner and working within it is just sensible future-proofing.
This also lets them more safely target older users with ads, purchase requests, etc. and new integrations for gambling and other high ROI systems.
GeoIP this nonsense. Legal liability is solved as a "good-faith effort" and those living in jurisdictions where this doesn't apply (or use a VPN) don't need to be stripped of privacy.
Discord is just the next biggest canary in the coal mine of increasing regulatory pressure in the EU, UK (which has had this Discord verification for months now due to laws there), and various US states.
I do wish that the lawmakers had worked more hand-in-hand with technical exports on more privacy-preserving solutions ahead of enforcing these laws. But Discord is doing this because enforcement has already started.
> but the implication is that the government now sees what you are using.
No. The whole point of privacy preserving technology is that they don't.
The idea is that the government checks your identity (they know who you are) and give you an anonymous cryptographic proof that you are above, say, 18. They don't know what you do with it.
You give this cryptographic proof to Discord, and they know that if you have access to that proof, then you have access to someone who is above 18. They don't know who you are.
Sure, you could ask an adult to give you a token. But you can also ask an adult to buy you alcohol or to do the age verification scan for you.
The writing has been on the wall for a while. I moved off of Discord about a year and a half ago, after they started gating long-time free features behind Nitro. Then later, I find out that nothing is encrypted in transit on their application. I haven't had much luck moving friends off of the platform and on to things like Matrix, or Signal yet... but I'm trying all the time.
There are many ways to do anonymous proof of age. E.g. go to a physical store and buy a proof of age token, the store will ID you as much as they would for buying alcohol or cigarettes.
But that doesn't meet the requirements which is proof of identity.
As a parent I pay for my child's phone and sim, and thus I have parental controls and I can limit access to discord, or youtube, or porn sites, both on the device level, on the sim card level, and on the home internet level.
I'm all for making parental controls easier to use, if you want to pass laws, enforce minimum standards on companies, encourage or mandate pan-company cooperation (why can't I control my child's microsoft account from my apple parental control page, or an EA account from a steam control page). I'd even be happy with sites being mandated to add say a DNS record saying "this is a site for over 18s only due to $reason", and then I, as the bill payer, can choose to allow that or not.
It serves UK, EU, and various US States' regulations to "protect the kids".
Discord is only the next biggest canary in the coal mine. These regulations are going to force a lot more websites and apps to do this, too.
I wish these sorts of regulations had been written hand-in-hand with a more directly technically-minded approach. The world needs a better technical way to try to verify a person's estimated age cohort without a full ID check and/or AI-analyzed video face scan before we start regulating "every" website that may post "adult content" (however you choose to define that) starts to require such checks.
We need something vendor agnostic that still allows having a community. Something thats essentially a protocol like bitcoin, email, text, torrents. Probably some of this exists. Then there will be providers offering this a commodity, just like how email and hosting can be rented from any company with simmilar quality (kinda).
It took all of 2 minutes to delete my account and block Discord from my network. Credit to Discord for making the process very easy using the mobile app. I'm not going to put up with this crap just to occasionally use this app to play games with friends. My kids sure as hell aren't going to comply with this policy either.
As an adult that interacts only with other adults in good faith, it's easy to look at this and feel outraged.
But there is a very real and dangerous situation where children and adolescents are using Discord with zero guardrails, constantly interacting with adults - many of whom are predators. This is happening every day. Millions of children around the world "meet people" playing games online, take the conversation to Discord, and then get brought into a very dark world online that their brains are simply not ready for.[^1]
I don't like the idea of blanket face scans/ID scans with that data stored in perpetuity - but age verification of some kind is a must IMO.
Discord has parental controls. There's a myriad of services out there that restrict and monitor phone usage for kids. Use them and lock their phone and discord accounts down to nothing.
Restricting adults because parents decide to give little Timmy unrestricted access to technology is stupid.
I set up a forum when I started my site for Linux content creation. Discord had become a black hole for technical know-how on a scale IRC could never dream of, and finding answers to common questions was nigh impossible since the technology has changed and the modern way to solve problem X was never asked in a forum and never indexed by a search engine. Granted, Reddit provided a bit of a stopgap over the last decade, but the solutions in the comments these days are more often than not a confidently incorrect copy-pasta from GPT.
I use Discord for chat and voice calls since that is what I expect from a chat app, but the amount of companies that have built their community / knowledge base / support system around Discord is worrying. You know they can just delete that, right?
I'll continue to use Discord for chat until prompted to put my face in the hole :)
This won't stop at Discord. Banning websites/apps and ID gating is going to be everywhere in a decade.
Protect the kids puritanism is on max level right now, throw in some future terrorist attack or political issues that scare people enough like they fear TikTok and the internet will be fully controlled.
I'm based in Australia and had to do this early shortly before the teen social media ban came into place here.
I chose the face scan option as I simply don't trust most providers when it comes to uploading my ID. Countless data breaches have happened over the years where driver's license and passport details have been stolen from databases.
For those unaware, a driver's license is often referred to as the "golden ticket" for identity thieves. A single license usually contains all the information needed to open credit in that person's name.
Yes, they will claim their process is super secure, and they take security seriously. But then again, they all say that.
Genreally this is the part of the slope when most everyone perks up and realizes what game is being played.
Combined with recent AUS,UK laws mandating the same across most online services - im sceptical that even opensource offering could evade te dragnet.
We already knew that any ID verification for kids would inevitable mean everyone gets carded then sorted.
With this AI profiling essentailly piggybacking on the likes of Facebooks decades long shadow profile shenanigans , and the recent Ring revalation that theyare essentially doing the same via their cameras.
Its a bleak panopticaon that has all the essential building blocks in place.
it's like there's an inherent user-hostility in every platform that is expressed in a less-than-ideal user experience in it's usage or in the ways that the host will harvest all of your personally identifying information for various purposes (which it will also inevitably fail to properly secure, resulting in a near guaranteed leak at some point in the future).
I personally don't find ease-of-use to be worth the price of my privacy but most people are more than happy to sell themselves out piecemeal in the form of data until there's nothing left but a bunch of numbers in a spreadsheet to attest to their ever having existed.
> Teen-by-default settings to roll out globally for all Discord users
Does it mean that even people who reside outside jurisdictions touched by the age verification craze will have to deal with all this?
> use facial age estimation
Surely a kid won't be able to ask someone else to pass the check for them. But let's talk about false positives. If the estimator falsely declares someone an adult, is Discord legally liable?
> submit a form of identification
If you have a picture of an ID document, can you verify that it's real? You'd have to ask the government for that. And at least in one country there is no process for that.
On-device doesn't have to mean on "your" device - they might refer to smartphones with remote attestation (like AVF pKVM) which of course are not really controlled by you..
There's a bright side to this. With people getting used to every website casually requiring a face scan and ID pic, setting up phishing campaigns and opening rogue bank accounts is going to become easier than ever.
Sad to see we're going with a "child by default" internet. It'd be so easy for device and OS makers to align on an API that could tell the browser/app whether the user is under 18 or not.
I know Discord is popular, but I've tried about 3 dozen servers on a ton of hobby topics (linux , raspberry pi, golang, various games, politics) and I've found the caliber of conversation to be very poor. Nothing like forums, stack exchange or even reddit (especially pre-2012) in terms of topic focus, support quality, creativity, technicality. Convos tend to be banal, cliche, monoculture.
I would love to hear a testimony from someone who finds their Discord servers to be edifying or uplifting. What worked?
It excels for small communities, groups of friends and the like. My IRC channel migrated because it's user friendly, embeds images, and voice chat is a breeze.
People's livelihoods and safety are threatened when there's people's personally identifying information associated with their Discord chats - even if linked by "anonymous" identifiers.
Imagine your photo ID next to the horniest thing you've stated next to some random asshole on the Internet.
Discord has no moral right to make such a dramatically consequential decision about the personal privacy of its users in jurisdictions where such age verification tech is not mandatory.
If you're looking for an alternative to Discord, check out Stoat (formerly Revolt). [1] Especially if you're an iOS dev with some free time as the iOS client could really use some love... [2]
(not affiliated with the project, just really want to see it succeed)
And how much does Discord commit to paying in damages if my face scan or ID scan leaks from their servers? Via security vulnerabilities or employees making some money on the side?
Does it matter? The problem is that everyone uses discord for everything. It's not an isolated platform, it's THE platform if you want to have friends.
If you don't access adult stuff, you don't need to verify age. I'm not giving them my ID, I'm not expecting anything to change about my Discord experience.
Ratings aren't legally binding though are they? I bought games older rated than I was, and it's totally up to people's parents what they're allowed to play. Are you suggesting a 15 year old should be allowed to play the 16 rated game but not discuss it?
I don't think there is anything anyone can do about this trend, other than come up with viable age-verification schemes that preserve privacy, and don't require things like scanning your face or sending random companies your ID.
There are plenty of approaches to this, and I won't spam this comment with all the thoughts I have on the subject. But my frustration is people want things like "cancel your nitro subscription" well I don't have one. What else? It's just small things that will not impact anything. Every service out there will require this sort of verification soon. Being angry doesn't stop it. Even voting doesn't seem effective to me. But better solutions might.
If they could verify your age as accurately as a store attendant a physical store could, what else could they want? And if that could be done without giving random websites any identifying information about yourself, wouldn't that be better than this mess? Two things can be done, you can resist this nonsense while supporting alternatives to it.
It took so long to have a decision like that from Discord.
I use Discord everyday and I know that a lot of teenagers use it and I think a decision like that can help to keep safe these teenagers from the internet.
When last year Discord introduced that AI face scanning I thought that it was a serious problem for the security of our data but if, as they say, they remove all of the data of the ID extimation.. why not?
People are pretty skeptical that discord will actually delete it (because they had a data breach showing a lot of undeleted face scans and id pictures already) or that their partner organization who does the validation won't just save it instead.
Also I don't really think this solves the grooming issue - it stops them from going in certain channels or getting pictures from non friends but an adult who wants to get past that to get to kids probably will. You'd really want like "teen only" servers with verification going the other way, if anything. I've never seen that proposed oddly
It’s hard to trust a company when when they’ve already demonstrated that they [can’t be trusted](https://arstechnica.com/tech-policy/2026/02/discord-faces-ba...). And i’m sure there will be an argument of “but this will make it more likely that they’ll be safe about it to not have a repeat”, which will likely be true for a while. Then cost-cutting offloading to a third party that promises to not keep the data, or a new feature will come in that needs the photos, or a misconfiguration will happen where things that should be deleted won’t be, and we’ll be in the same boat again.
Thank you to Discord for making it easy to cancel my Nitro subscription from the mobile app. I've had Discord Nitro since it started being offered, buh-bye.
Both social media and chats need a truly open decentralized protocol that is accessible and usable by the general public. It feels like with clawbot becoming popular that people are open to the idea of self hosting something if it has an easy enough interface.
The same thing could be done for social media and messaging. People should hold control over their own content and the application layer should just be content organizers and consumers.
to take control of your own content while preventing it from being harvested for ai training, there’s a straightforward method.
- use a browser extension to encrypt comments sent to any social media platform. - by sharing your public key with intended recipients via a third-party channel, the platform only sees gibberish.
this makes ai training impossible, keeps corporations in the dark about your conversations, and ensures that any government surveillance only yields encrypted strings.
however, the platform might ban you as a bot, since this effectively prevents both the company and the government from snooping on your data.
This makes it non social media, the reason I post on social media is to ALLOW the world to view what I speak about. I don't mind if my data is harvested or trained off of.
Posting with encrypted data makes no sense as you are disrupting the social network with worthless garbage for 99.999% instead it would just be better to have an RSS type feed that your consumers (friends) can subscribe to and it shows the comment you made and the link to what you commented on.
Or if you just want to say something about it to 1 friend just send it to them.
You could still have pub/priv keys and an autodecrypt system though or use traditional authentication for allowing content pulls.
Alternative: run your own self-hosted messaging server for you, your family and friends. No company should ever get such sensitive data as private conversations.
Use Discord with a throw-away account. Create a character in GTA 5 on your laptop and show its face (in "selfie" mode) to the web-camera on another computer with Discord open. All face scan checks so far gladly accept it. Instagram has been requiring occasional face checks for ages already.
This growing trend of accounts for everything enables the collection of all your data and attacks such as this gating your access behind sending in more personal info.
Your IDs and biometric data for most services is sent to multiple companies, governments, and who ever else comes asking, armed only with a piece of paper. It is never deleted. It is used to create a profile of you and your activities.
Finally I feel validated complaining for the last decade about the move away from IRC/teamspeak to centralized services. I've been called all kinds of names.
Now those same people are complaining they're gonna have to submit their faces to discord. Which will eventually be used to prosecute or commit fraud. I'm left wondering if "tech enthusiasts" are ever actually correct.
Heh, that happened with phony nostalgic gen-z kids trying to recreate 'old times' with Discord and turd themning for Windows AKA called 'Frutiger Aero' while bitching against XMPP calling it 'malware'.
It's clear "age verification" is not something we'll get rid of, so I think instead we should push for a publicly verifiable double-blind (zero-knowledge proof) solution that can ensure it only gives the websites a boolean and doesn't allow correlation from either side.
The alternative is having to give your ID to Facebook, Google, Microsoft, and all the other bad actors...
I miss the era of Internet forums. They didn’t need to be federated, just simple deployments of MyBB, vBulletin, PHP, Xenforo and so on.
I made a lot of friends on those communities growing up, and it inspired me to go into software because I saw how it brought people together.
And I still sorely miss the WhatCD forums. While I didn’t make any friends there, it shaped my early experiences with music which still reverberates through me today.
Even with the reinvigoration of new ideas from LLMs, tech feels like it has been languishing for well over a decade at this point. The playbook is to disrupt traditional industry at a loss, then enshittify when competitors are gone. A lot of tech plays really feel like some form of: bring the yellow pages into the digital realm and overcharge for facilitating that access. Finding a firm that even uses AI outside of a chatbot UX is rare.
>And I still sorely miss the WhatCD forums. While I didn’t make any friends there, it shaped my early experiences with music which still reverberates through me today.
Could not relate to this more. Spent my formative years in those forums and they genuinely helped mold many of the tastes and interests that have stuck with me into adulthood. Not to over-romanticize, at the end of the day it was just a forum on a music tracker - but the sense of community and sheer diversity of thread topics made it such an interesting place to peruse.
Discord certainly has its applications. But since it became the defacato community tool, I find it essentially useless. Discussions are ephemeral (from a UX standpoint at least), and much more constrained. Its difficult to lurk and only chime in now and then unless you're regularly online.
I think discord has been terrible for the internet. A lot of open information has become gated. And now it's gated behind a platform that many of us are not willing to use anymore. Let's hope this pushes out people and communities back to forums and such, but in reality other platform will take over.
But on the other hand-- I would be terrified to be in charge of a company who needed to make this ask. It's just such a big deal, such an important bit of information to protect from hacks.
I hope they lose most of their customer base. But I'm terrified they won't.
The gradual erosion of privacy is no longer gradual.
I've needed a nudge to cancel my 5 year Nitro streak. This was it. I guess if they reverse course before March when the billing cycle is over, I'll renew. Hope I'm not alone in this. The only way they'll decide to not move forward with this is if enough people do the same.
I am attempting to revive my once fairly large Minecraft server, and not being present there means suicide. What I can do is signal to them that not only am I not giving them my ID, I am no longer giving them my monthly payments ever again. Which is the metric investors want to see increase, not decrease. I have given them hundreds of dollars in monthly payments. That will now cease as a result of this decision.
You don't have to go pedal to the metal to signal disapproval in a way that hurts.
There is a bit of an arms race between id verification systems and users bypassing them when AI gen. Which is really just ai generated images vs. AI generated image detection.
In practice, nothing will stop it, the tooling will gradually get better at detecting prior fakes and banning those users while the newer fakes will go undetected for longer.
Putting up the requirement satisfies their CYA requirements here. The race between AI fraud vs. detection is something they can just ignore and let happen on its own.
It was nice while it lasted. Account removed. I understand the rationale and I don't care anyway. It is a shame, because one of the niche forums I was occasionally visiting there does not offer other locations.. but I would like to think this may change people's mind.
That's a solid no from me. Looks like I'll be moving my gaming friends back to Steam and the others to a secure messaging platform or one I can host myself. Before Discord I was running a Mumble server that everyone could connect to and everyone liked it a lot.
Well I've spent the better part of 7 years building a community on my own discord server with dozens of friends, many of whom I interact with daily in voice.
So... what now? I just have my life literally turned upside down because of a greedy surveillance state?
The child predators are not stalking the adult forums. They're in the "for kids" ones. This "protect the kids" nonsense needs to be called out for what it is - a sham.
Well maybe misdirected. I remember the first few times my dad caught me looking at hardcore BDSM pornography. I was probably 13 and definitely gay. The first time he cancelled our internet for a month and the second time he started shutting off the breaker to the computer at night. I was hooked though.
I can see how parents are wary, that was probably a big shock for him . Luckily he was able to process his feelings with the belt so didn’t have to go calling his senator.
Thanks to all the OSS projects that adopted this in preference to mailing lists to better appeal to zoomers. (And note that while these projects often do still have mailing lists, most of the actual discussion now takes place on Discord, behind an authwall.)
I've had a Discord account for 10 years. They seem to assume all discord users are at least teenagers, so surely they can't think I was 8 when I created the account. So can't I have the "full" experience automatically?
My understanding is non-stage voice channels are E2E encrypted, and Discord retains no recordings, whereas stage channels are not. Is this a liability thing—Discord not wanting to have voice recordings of non-adults?
So now all the open source projects that use this walled off closed platform (even though scores of people complained and warned about it) can go back to hopefully using something open and searchable.
This is a really misleading title. It doesn't "require" either. The majority of adults will not see any verification as the system is already able to verify they are old enough through other data/means.
Sounds reasonable particularly given age of account implementation. And even if new account, if I don't have my face scanned then they won't show all the garbage. I have no problem with that.
Just another instance of companies participating in the creation of the police state.
These companies do not do this under external pressure from the state, they do this because it benefits and consolidates their power as well.
It's bricks for their castle wall.
Corporations should not be considered a separate entity from the state. Corporations form state power. This doesn't mean they are always in-line with the state, but that they lead the state as a block, as a class, defending their common interests.
I use Discord to talk to university students (top 10 in CS) and it only works with university email. I am wondering if I am going to be treated as <13 from now on as well or if they waive it in our case.
I like this a lot. That being said my response to this whole biometric/ID push is going to be to leave every space that asks for it. I don’t think I’m going to miss these all that much.
One thing that could happen is that someone might decide to vibe code a Discord clone, without all the extra crap. I'm sure there are people out there doing this already.
There's this interesting arc of growth for apps which are successful.
At first users love it, company grows, founders get rich, they hire expensive people to develop the product and increase revenue until eventually the initial culture and mission is replaced by internal politics and processes.
Software starts getting features which users don't want or need, side effects of the company size and their Q4 roadmap to 'optimize' revenue|engagement|profits|growth|...
Users become tools in the hands of the app they initially used as a tool.
This model worked well so far and built some of the biggest companies in history.
AI could make this business model less effective. Once a piece of software becomes successful and veers off into crap territory, people will start cloning it, keeping only the features that made that software successful initially. Companies who try to strong arm their users will see users jump ship, or rather, de-board on islands.
Discord says immediate deletion. They already leaked 70k IDs. Your biometric enters the permanent record somewhere. Discord, their vendor, or Utah. Someone keeps it.
You can, of course, not do this (you meaning the company, Discord)
You can choose to be respectful of people who have valid reasons for not providing ID
But you want that sweet IPO money (as stated elsewhere in this thread). You don't actually care about the internet and how anonymity is a cool thing for certain vulnerable groups
All these tech CEOs should face prison time and I'm not joking. They've displayed a complete laissez faire attitude to all of these concerns
Somewhat related: I created an HN users Signal group, following the massive success and utility of creating a friends-and-associates Signal groupchat (that ends up discussing privacy/security/AI/etc).
lot of people complaining, but, seems like they rolled it out already in UK and Australia... no real complaints I know of, and I'm in NZ and are on NZ/Aussie discords. Also teen mode doesn't actually seem that restrictive. Seems an ok move to me. But for whatever reason people seem to froth at the mouth when it comes to discord on here.
Uk, Effective from July 25, 2025, regulated platforms must use "highly effective" methods, such as facial age estimation, credit card checks, or ID verification to prevent children from accessing harmful material, with potential fines or bans for non-compliance. (extents to any platform with user uploaded content)
Australia, as of 10 December 2025 Australia requires social media platforms to take reasonable steps to prevent users under 16 from accessing accounts.
No wonder there where "no real complaints" those countries are already under heavy age verification law.
> Also teen mode doesn't actually seem that restrictive.
Doesn't mean it can't get more restrictive in a few months. Ease people into it would actually be the smart move since there will be less complaints.
> But for whatever reason people seem to froth at the mouth when it comes to discord on here.
Because Discord has not handled their data well in recent memory (actually ever).
Also it is a global rollout not mandated by the countries law. This indicates that it is a business decisions and therefore probably they stand to gain from it financially.
or.... for simplicities sake, everywhere operates the same way. More countries are going to require this, this makes it pretty simple for them I'm guessing, just roll it out everywhere.
they had a breach last year...they didn't leak their core data, the 3rd party they used leaked data to do with age verification. Which was bad. What other data problems you see? Nearly everything else is unconfirmed/scraping public data.
They could make it more restrictive? sure.... but why? a core demographic for them is teens playing games and joining servers related to their games, why would they make it worse for one of their biggest target audiences? Any company who are targeting kids (Roblox did something similar) really do have to show they are doing at least something to protect that demographic. The consequence of not doing that is governments coming after you. That's their financial incentive, not to be shutdown, fined, sued etc.
I have a discord account that I use very rarely, and just tried it (from the UK) and it didn't ask me for any ID or face scan. If they do start doing that, I'll simply stop using the service.
A lot of whining here about how this is an imperfect response to the issue of children being exploited on Discord / using the platform to engage with inappropriate content.
Until someone offers up something better, I take these types of initiatives from social media platforms as huge wins. Ignoring the problem will not make it better. We've been ignoring it for about 20 years now, and it's only gotten worse.
The thing stopping kids from getting "exploited on Discord" ought to be the same thing that stops them from stabbing each other with pencils. Raise your kids better, and stop expecting everyone else to tolerate your failure to do so.
Have you ever considered that it's the other way around? Maybe the security needs of a minority shouldn't block policies with wide support that will protect children online?
Either way, the whole "parent better" argument doesn't work. It's victim-blaming. Thousands of kids download Discord every day to play video games with their friends only to eventually be invited to servers which host explicit content / bad actors that we know can permanently harm them. A bunch of software engineers on HN may understand the risks that online platforms pose to their children, but much of the population cannot/will not fully comprehend this. We should not allow their children to experience terrible things just because their parents aren't read up about which platforms will gladly allow creeps to interact with or message their kids.
The answer here is simple: if you don't like age verification, move on to a different service. Creating spaces where there are rules and order on the internet for those that are vulnerable is much more important than you not wanting to upload a picture of your ID to a platform that you're using completely voluntarily.
If you believe that all parents are intelligent, informed, and put their children's well-being before everything, you are unfortunately wrong about society. Kids don't deserve to suffer just because they have neglectful parents.
Discord, on the other hand, should be at least somewhat responsible for the interactions of children (which they profit off of) on their platform.
And finally, you, a sentient adult with free will, can use another platform. Not your problem unless you want to make it yours, which is the response of choice on this thread.
I was speaking of the “face scan” option listed as #1 option on Discord’s “How To Complete Age Assurance”. It’s well known minors are using and/or gaming the face scanning on other platforms. Some adults are even having their accounts downgraded to a minor-level restricted account based on their face scan. All around it’s a terrible implementation for age verification.
Hard no. Reality is that this push is everywhere. Authoritarian governments are cracking down hard on dissent, they're not going to leave huge platforms for communication untouched. We'll need open source decentralized alternatives.
I’m always amazed that despite decades of evidence… there are people that not only don’t know that you can do anything if you say “it’s for the children” but they’ll actively support it.
Children generally have these things called "parents" who are supposedly responsible for their well being. Oh hey, suddenly there isn't a contradiction.
Honestly I think this is necessary. I'm not sure how heavy handed their exact implementation of stuff like content filtering would be, but I've seen way too much sketchy stuff on discord servers. Predators, blackmail, harassment campaigns, it's not great and a lot of the servers I'm in already require ID verification by mods to even chat in general. It'd be great if this was opt-in on a server by server basis but I could see that being a problem too.
I've seen way too many governments / companies use "protect the children" as a way to try and push overreaching garbage policy, however I think this one actually might help.
That said, depends on exact details of how they want to do this. We'll see how it goes.
Also curious how people like Epstein and James Alefantis are just casually using Gmail and Instagram to post CSAM and suggestive torturing of kids. Seems like the onus should be on the companies, not the users..
So my friend group has been looking for alternatives for a while now that feel like discord, works on mobile and desktop, and has voice chat.
I use Signal but the UI is very different from Discord.
I've had very mixed experiences with Element + Matrix, Element keeps crashing on mobile, and while voice chat kinda exists in Element it's not been great imho.
I looked into hosting Rocket.chat, Zullip, and Mattermost but from what I recall voice + mobile were either missing or paywalled at a per-user price.
By Discord's own ToS you can't use Discord if you are under 13, so this change is just to make sure users that are 13, 14, 15, 16, and 17 years old are appropriately labelled.
Why doesn't Discord require ALL users to upload their faces to prove that they are at least 13 years old and eligible to use the service?
Okay, i'm not very good at coding, especially web.
It seems to me that the "logical" solution to this is some sort of local key like "sudo" that the user enters/has access to. This key is on a cookie or request or something that says "This request is being done by a verified adult" and then the website goes "cool here's your data". If the request does not have it, then the website says "Sorry you need one of these keys/permissions to access".
I see this as elegant because like modern IDs, YES THEY COULD GET AROUND IT, but at least it gives parents and users who want to abide and try the ability. Kids get fake id's, they get stuff they shouldn't. So long as audits show that the businesses are trying to catch this and punishing those who ignore procedures properly, things are "fine".
How infeasible is this from a coding perspective? I get that we're fucking with standards here, but I figured it would make most sane users and companies happy. Companies don't have to keep PII, just a log of "yes this access from this IP was approved, but we discovered is was used falsely and banned that key", and users have a tool that's setup once locally (or refreshed when you want a new key).
I guess you'd need some way to authenticate these as if it's too easy to spoof whats the point, but it strikes me as leagues better of "store everyone's colonic map"
How off base am I here? Is the theory somewhat sound or is this just dead from the ground up?
> How do you know one party isn’t 15 when the other is 25?
You don't. That's why parents need to be involved in their children's lives.
CSAM is the easy excuse, anyway. That's the one lawmakers use, and most people are against CSAM, myself included, so the excuse goes down easy. But the impetus they don't talk about is monitoring and control.
The answer isn't to destroy privacy for everyone. The government and these corporations don't need to know what you're doing every second of the day.
This is just the latest in a long trend of increasing spying on users. Why bother having to guess who your user is, or fingerprint a browser if you can just force them to show you their national ID?
This is transparently about spying on people, not "protecting children". The real world doesn't require you to show your ID to every business you frequent, or every advertiser you walk by. Someone can yell a swear word on the sidewalk, and not everyone within ear shot has to show ID.
This might be an unpopular opinion, but imo this is a directionally correct decision from Discord. I feel that it's important that there exist privacy preserving, anonymous communication platforms; not that every platform must have or must not have these qualities.
Platforms need to adapt to how they're used (or how they want to be used). The amount of child exploitation that happens on Discord should make any civilized person working in that company uncomfortable, and its natural and good to want to do something about it, not out of external or governmental pressure, but because you yourself can see the dashboards and logs, and can see what's happening.
There's a needle of difference between a government mandating identity verification, and a private organization saying this is how we want to run our company. Threading that needle is living in a free and safe society. If we can't thread it, and we fall to one side or the other, then you have to choose whether you prefer safety or freedom. Personally, I'd rather have both.
You have got to be kidding me. What is it with these lawmakers and websites demanding people do all of this stuff using services that nobody has ever heard of? I myself (as someone who is blind) have never been able to do the face scanning thing because the information they provide (for, you know, getting my face focused) is just massively insufficient. And a lot of the ones I've seen also require me to (as an alternative) do some weird ID scanning with my camera instead of, you know, just allowing me to upload my ID or something? (Then again, I really wouldn't want to give my ID to some service nobody has ever heard of either, so there.) I also am concerned when tfa says "a photo of an identity document" what does this mean? If I have to scan my ID with my camera, that's not exactly going to be simple for me to pull off. I get that we need to protect kids, but this is not the way. Not when it is discrimination by another name for individuals with disabilities (as just one example).
Another company jumping on the bandwagon to data-farm in the pretext of safeguarding children. I really wonder if there's an actual method to actually safeguard children while also not holding on to data. Because, genuinely, you can't question this.. Companies would just say "we are trying to protect kids" and that'd be the end of the argument.
I really wonder if when this is fully implemented if they will have any safe guards against selling "adult verified" accounts. With AI being a possible work around for those who don't want to share an ID, selling accounts would be another big issue unless they check for IP addresses and block based on locations and logins. EDIT: I see in another comment that its against TOS to sell accounts, I doubt that has stopped anyone before though.
So many comments but i dont see anyone mentioning llm to replicate Discord, or others Twitter, Facebook. If claude can create a C compiler this would be trivial. And demonstrate the actual real world benefits of AI.
Midjourney is primarily a Discord bot that generates images from text prompts within the Discord app. Now many paying Midjourney users could be forced to verify themselves.
I don't know what people need as lesson. We already have so many FLOW options, and yet they are so many running after the last shiny ready for enshitification ready to go platform.
Expect them to sell your whole life to whatever party with enough money to throw at their face.
Nitro cancelled, all boosts for my servers cancelled, have recommended my communities all do the same. It'll be a lot less smooth but we can go back to IRC + Mumble.
Enshittification and profit-maxing strikes down yet another decent piece of software. Rest in piss.
I am not one for conspiracy theories but I notice a pattern... Did you know Chrome now offers to save your passport and other ID data in their keychain? Why, after so many years, do they now offer to save this information that, if leaked or backdoored, will easily bind login information with their owners?
I will go against the grain and say that I am happy that Discord is doing something about the NSFW content that is being fed to children on its platform. I don't use Discord that much personally but I heard from friends that it is a goto for NSFW content, similar to reddit.
Every time the topic of ID for 18+ content comes up, the entire internet melts down over "big brother" and "privacy", yet no one flinches at presenting ID for alcohol at the store. And further more, nobody offers an alternative solution the problem. Status quo isn't acceptable. "Kids will always find a way to bypass measures/access their porn", is also not an acceptable answer.
We as a society need to do something about the unprecedented levels of porn addiction in today's youth. "Enter your date of birth" prompts are performative and do nothing.
I will say I am usually the first person to oppose any sort of government overreach, I am very pro privacy.
I believe the energy put into the criticism and boycott of Discord should be put into finding solutions for verifying ID in a secure and private manner online. Something like Apple Pay for IDs?
I think the issue here is that companies (and govs) are choosing the worst possible solitions to a real problem because it benefits them. Gov wants it for control, companies want it to sell ads and mine data. They team up, and screw everyone over while overlooking other viable solitions
> We as a society need to do something about the unprecedented levels of porn addiction in today's youth. "Enter your date of birth" prompts are performative and do nothing.
I agree, however show your ID is just a "Enter your date of birth" prompt with obfuscation.
Buying alcohol is physical and therefore has some advantages, for example you can be sure that your ID is not copied/sold as you are there and get it back.
In another comment the idea was presented to make a "I am adult" card you can buy (physical like the alcohol). I think that would work a lot better than upload your government id and face to random app/website.
Maybe I'm old school but I was always told "don't make a copy of your ID" by the government, a photo was included in that definition.
They’ve been rolling out a bunch of stuff like this in Australia and the UK. As an Australian I’m fairly certain I was made to do some sort of facial recognition some time ago.
I kind of hate it, but honestly it’s had minimal impact on me and my usage of these services if I’m being real.
Honestly they're probably big enough to get away with it.
If it was only friend groups it would kill them for sure, we've seen that many times, but given the absurd amount many large online communities on Discord, I'd wager they can force it down and be relatively unscathed.
They played the long game - they provided a good service for 10 years, and got REALLY big before they started the enshittification process.
Amazing how this coordinated attack on internet privacy has been so effective, the amount of people in my country who see this as an attack on "Big Tech" or even "The Tech Bros" is astonishing. I do not even know what one can do about people who are so unaware of what behooves them especially given the recent coverage of Epstein and just how prevalent all sorts of blackmail is and how useful this would be for gather kompromat not just by their government intelligence agencies but also foreign intelligence agencies and even just scammers come blackmailer.
not to mention the recent prevalence of so called sextortion on teenagers.
disturbing stuff, hope the kibosh gets put on all these policies and their is a public push-back, but that is really seeming like a fantasy.
They sold the kids' souls to the algorithm. They caused the Mental health crisis. They caused Dysphoria. The Depression. The "Ghost" we fight against—they fed it.
Now that the governments are scared to deal with it, the Governments are scrambling. They are slapping a "Band-Aid" on a gunshot wound and it's all bullshit.
Kids lie. They fake the age. They use VPNs.
The Corporate Reality is that Meta, X, TikTok want them to.
Haven't cared about Discord in a long time. In fact I'm glad they're continuing to shoot themselves in the foot.
During the pandemic, I was on a Discord server for folks to socialize and blow off steam about the whole situation. Yes, there were some anti-vaxx wackos, but overall the place was civil and balanced, and I met some interesting people through it. We cracked jokes and it was a little bit of fun in a tough time.
One day I came to discover that Discord had banned the server for allegedly violating... something. I wish I had written down everyone's emails because I permanently lost contact with a bunch of friends in an instant.
I never signed in to Discord again, in spite of times where some other social group wanted to use it. I vowed never to use Discord again. Fuck those guys and the Teslas they rode in on. I hope this ID verification thing is another big step towards their irrelevancy.
The difference with Reddit is it has way more persistent value. Everything on Discord is throwaway, but valuable posts on Reddit from years past are easily retrievable. The two aren't so comparable.
One of the unspoken reasons many people have for using Discord is they don't want what they say to easily be associated with them in perpetuity. Requiring ID really chips away at that, in spite of what Discord has to say about privacy around ID.
By no means am I saying that Discord will go extinct. I just haven't observed anything about it that's irreplaceable. Reddit, on the other hand, has a wealth of discussion dating back to the mid-to-late 00's.
It's wild that this nonsense is still floating around by people pushing "credentialed doctors", whatever the fuck they think that means. No one with any vague degree of credibility would now or ever has supported "very large number" and all of the "externalities" (are you sure you're using the right words) have been vastly outweighed by the things the vaccine provably did.
Tl;dr: The vast majority of adults will never have to interact with our age assurance systems and their experience won't change, because we know Discord and how people use it, so we're designing to respect privacy and deliver a safer experience while minimizing friction for adults.
Hey folks –
I’ve been on Discord since very early 2016 and actually joined the company in 2017. Safety is one of my areas, so today’s announcement on our blog is something I’ve been pretty involved with. I’ve always cared about Discord's approach to privacy (E2EE for A/V was another of my projects here), so I figured I’d add some more context to today's news.
I can say confidently that the vast majority of people will never see age verification. I say this because we launched age assurance in the UK and Australia in 2025, and we have some pretty good data on this now. The idea here is that we can pre-identify most adults based on what we already know (not including your messages!), and that looks to get us pretty far here. No face scans, no IDs, for the vast majority of adults.
And if you are one of the smaller subset of folks that we can't definitively pre-identify, then still, you only have to do it if you're accessing age-restricted servers or channels, or changing certain settings. That's really not most users. (Altho... might be more Redditors, tbh.)
Last, I know that there is concern about privacy and data leaks. That's a real concern. The selfie system is built purely client-side, it never leaves your device, and we did that intentionally. That'll work for a bunch of users who aren't pre-identified as adults. But if you do end up in the ID bucket, then yeah, you're right that has some risk. We're doing what we can to minimize this by working with our range of partners (who are different partners than the data leak you read about), and if it's any help, we learned a lot internally from the last issue. But I get if that doesn't necessarily inspire more confidence.
Anyway, we’ll be sharing more next month as we get closer to the global roll out about the system, including the technology behind it in March. I honestly wouldn't be happy if we didn't build something good and I am excited about what we’re launching, but please let us know what you think when we share more details.
And I really appreciate everybody's feedback here today. We’re definitely reading it!
Kids can create accounts only at age 13+, adulthood is at age 18 (at least in my country) which means any account older than 5 years should automatically be marked as an adult's account. Please tell me that's the case.
If you still require an ID for those accounts, that means you don't really care about age verification, you just want to tie people to a government ID.
> When big tech tosses money at Republicans and the Trump inauguration, they get what they paid for.
This has nothing to do with republicans in particular. This is concerted effort by lobbying groups around the world who want to get more of your data.
Case and point: all the EU countries that are currently banning teens from using messaging services and social media apps which can only be enforced if you force everyone using these services to provide some form of ID to prove that you are allowed to use them.
Not too mention the EU itself trying force a backdoor into every messaging app "to protect the children".
Be mad at the US politicians if you want but just know that the situation is not better in the EU, on the contrary it's going downhill very fast and that has nothing to do with Trump.
Many EU countries provide digital frameworks for privacy preserving age verification. Yet, Discord made an active choice to avoid using them and is asking the users to upload their photos and ids.
This will be expanded to cover everything on the service soon enough. The time to cancel Nitro and move to other platforms that respect user privacy is now.
I don't see why it would. If Discord sees its primary audience as teens (i.e. the people who by design can't verify) why would it extend the verify-only parts of the service?
Only that I don't understand why everyone here is talking as if they had just been forced at gun point to age verify. Just... don't verify until you need it?
Also pedophiles do exist (see Epstein and friends) and bad neighborhoods on the internet do exist. This is currently a problem on the internet that needs to be solved. No one here is giving any suggestions how to solve it, but we sure are quick to shot down any solutions that people are trying.
As an ethical conundrum, this one is clear. The safety of women and children online (human trafficking, r*pe and child abuse networks openly coordinate at industrial scale on Discord, Roblox and Telegram) trumps the concerns of a relatively small group of Richard Stallman-level purity obsessives. Good move on Discord's part; hopefully Roblox and Telegram shape up and follow suit. If you don't understand the severity of the current situation in 2026, Google the group "764."
Taylor Lorenz has done excellent reporting on this. It's a right wing censorial moral panic that's forced some Democrats to go along with it by positioning it as "protecting kids". This legislation is moving at a fast clip and we have to fight back.
https://keet.io is this industry's best kept secret. Encypted p2p chat with audio and video, no signups, it just works. My kids and their friends switched from Discord to Keet to avoid all the signup / authentication friction.
Here's the October 2025 Discord data breach mentioned at the end of the article:
https://www.bbc.com/news/articles/c8jmzd972leo
> Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber-attack.
However, their senior director states in this Verge article:
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
Why they didn't do that the first time?
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
This is also contradicted by what Discord actually says:
> Quick deletion: Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.
What are the non-most cases?
Also, _Discord_ deleting them is really only half the battle; random vendors deleting them remains an issue.
25 replies →
Well since you have these IDs, for national security (AML, criminals and whatnot), we will need you to keep them if our endpoint says so, here's the endpoint
How can we even confirm that they are actually deleting them. Trust me bro vibe
1 reply →
>"Identity documents submitted to our vendor partners"..
Yeah, say goodbye to those the privacy and safety of those documents.
Since when the city one lives in is mentioned in the birth certificate?
28 replies →
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
Everyone says this, including the TSA. But they never say they don't keep a hash, or an eigenvector of your biometric. Which is equally as important.
They also never say it goes through datacenters in room 641A or though Utah before it's "deleted", because it's a US company and they can't refuse that.
7 replies →
> We do not keep any information around like your name
But they might be sending a copy to the NSA, similarly to how Alphabet, Yahoo, Apple, Meta etc. have been doing (PRISM program, part of the Snowden revelation [1]). The US has the legal mechanisms of requiring this to happen, secretly, such as NSLs [2].
[1] : https://en.wikipedia.org/wiki/PRISM
[2] : https://en.wikipedia.org/wiki/National_security_letter
I bet the NSA does not even require their cooperation. They are probably already inside their systems.
And do they really actually delete it this time?
I have it on good authority that they really truly delete it this time, super duper pinky promise
Once it's out there the only assumption that holds is no trust, and therefore all bets are off.
I believe the original finding was that they were not deleting IDs that were involved in disputes.
> The ID is immediately deleted.
I call it bollocks. Likely they have to keep it for audit and other purposes.
"delete" doesn't mean delete anymore, like you say, there are always audit logs, and there is "soft" deleting.
Expect any claims that things are being deleted to be a bold faced lie.
1 reply →
They wouldn't _have to_, audit checks if you stick to law, your own policies and such, but I think they will.
3 replies →
>Why they didn't do that the first time?
The company they hired to do the support tickets archived them, including attachments, rather than deleting them.
Ah sorry our contractor did all that highly illegal stuff. Too bad we can't pierce the corporate veil anymore... shucks.
Ah, so it was the "staffer" excuse.
1 reply →
How convenient.
Until we have some kind of "One Time ID Verification" service that would work, the ID will never be deleted. Or a hash of the info or some kind of identifiable info.
Humm yeah, like a government digital ID of some sort. Except people go mental about that, so sending scanned copies of my personal ID documents to every bank/solicitor/estate agent/mortgage broker/random internet service it is then...
1 reply →
They're a nonsense company, and trusting them with any information is foolish. They'll store everything and anything, because data is valuable, and won't delete anything unless legally compelled to and held accountable by third party independent verification. This is the default.
The purpose of things is what they do. They're an adtech user data collection company, they're not a user information securing company.
They explained it in their announcement at https://discord.com/press-releases/update-on-security-incide...
TL;DR: The IDs were used in age-related appeals. If someone's account was banned for being too young they have to submit an ID as part of the appeal. Appeals take time to process and review.
Discord has 200,000,000 users and age verification happens a lot due to the number of young users and different countries.
This is corporate cover speak for “we keep all data”
6 replies →
Why should we suspect the age verification and age-related appeals would involve different teams or processes?
2 replies →
Uh... EVERYONE with a Discord account has to go through age-related appeals now. That's what the announcement is.
Sigh, I guess it's time to move platforms again or get your identity stolen. The more a company makes a fuss about trusting users, the more likely they store all of their shit in plaintext with vibe coded server security.
Deleted from some location or purged from their entire system?
> We do not keep any information around
... "around"
Compliance
Liars…
[dead]
It should go without saying but,
*CANCEL YOUR NITRO SUBSCRIPTION NOW IF YOU'RE PAYING FOR ONE* (for whatever reason)
This was just announced today and a flood of canceled payments within the next 24 hours are the easiest way to send a message. And also tell people on the servers you're on to do the same. It's not like they give you anything of real value for that money.
It boggles my mind that they need a photo ID to prove that my 9-year-old account with a saved credit card belongs to an adult. The linked Steam account is 18 years old.
from the article:
`For most adults, age verification won’t be required, as Discord’s age inference model uses account information such as account tenure, device and activity data, and aggregated, high-level patterns across Discord communities. Discord does not use private messages or any message content in this process`
they don't do this for age verification, they do this to build dataset to sell.
23 replies →
Yeah because they don’t haha. It boggles the mind because the headline is clickbait.
7 replies →
Discord has been immensely hostile to the public in general since forever, and people love to flock to it and throw money at the company behind it.
I don't expect the masses to change their incomprehensible habits just because of this.
It's not incomprehensible. Discord makes it so much easier to organize communities than most other platforms.
Telegram, Slack, Facebook, Team Speak, Reddit, GroupMe, nothing really offers the same feature set and ease of setup that Discord does.
20 replies →
Honestly... People deserve this. They deserve the consequences. They were warned. They chose this.
6 replies →
Y’all forgot that the only reason we’re on Discord was because MS actively killed Skype. Skype was much better software circa 2012 before MS let vulnerabilities run rampant, degraded the UI, and moved off the remarkably robust P2P calling system.
8 replies →
Discord used to be better, but then they got popular, got incredibly picked up and now are probably being controlled by some very shady people.
If you look up the founder he has a bit of history of shady shiz with his past companies.
It isn't surprising to me they are going scorched earth now bending to the will of the fascist government.
Just cancelled mine after reading this comment, I only really cared about the bigger file uploads and the HD screen-sharing anyways and I can live without those.
Now that I think of it, I bet I could host a decent instance of some open-source alternative in a public cloud for around the same cost as what I paid for Nitro ($100 a year)...
>I only really cared about ... the HD screen-sharing
I bought and canceled nitro in a single day because it's a bad product.
They promise HD screen-sharing, but it's only for _my_ screen. When I hopped into a call, the other user's screen share is illegible. Higher quality is still locked behind a "Buy Nitro" message.
If I'm paying for an improved experience, I should be able to get it.
I think there are actually discord client mods which let you stream in high quality anyway.
WebRTC is ridiculously easy.
Cancelled. Was a right job trying to get in as it just refreshed everytime I tried on mobile. When I went to the site separately after clicking subscribe it magically let me in.
The cancel login flow didn't inform me that it found my login suspicious but the subscribe one did
Not a subscriber, but I understand your call for retribution.
I suppose the silver lining is that they are putting the responsibility for age verification adults. Which imo is better than requiring everyone; kids get a free pass to the kids stuff...
Unless they're changing things with some sort of automated classification, then it's users who designate which servers and channels have adult content.
In my experience, you run the risk of getting your server shut down in small servers if someone reports it. Or risk losing your community server status in larger public servers until you come back into compliance.
Also in my experience what teenagers are going to do when they hit an age gate is use a fake picture/video. Sometimes they'll get banned for that and then they'll make a new account and do it again.
Yeah I agree. I actually see most of the stuff in the teens mode as a feature
3 replies →
Thank you for reminding me, I've been meaning to cancel for months but it's only 2.50EUR and having to sign into my apple account was such an effort I never got around to it.
Cancelled
Just did.
And the community im interacting with is looking into self-hosted options.
why in gods name would you ever pay for discord.
Bragging to software developers about freeloading their software?
1 reply →
cancelled. thanks for suggesting
I bet they expect the canceled payments. Management will push through.
I'm sure I'm in the minority here, but I read the announcement and other than the risk of a slippery slope into more invasive ID demands, I'm not sure I have a huge problem with it.
The default experience will be the "teen" experience - they list what that entails - stuff that's flagged as adult/NSFW/etc. is blurred out until your age is verified, which for most(?) people will require ID or face scan. DMs/friend requests from people you don't know take some extra clicks to view. Fine.
It depends on how broad the definition of adult content ends up being I guess, but I'm simply not convinced that requiring ID to view "adult" content is the end of the world. If that means porn, I'm 100% OK with it, put porn behind gates. It has become far too easy to access. It's 2026 and we now have a generation of gooning addicts out there who never have actual sex and it's basically a guarantee that they won't find partners or start families any time soon, exacerbating an already problematic decline in the birth rate. This is not a version of society or anyone's "rights" that I care to defend. You want to goon, show ID. That's how it was before the Internet anyway.
On the other hand if it means any speech that the platform deems to be "controversial" will be blurred out then my response will not be to submit ID, I'll simply limit how I use the platform. Anonymous speech continues to matter and needs protection. But Discord was never the entity that was going to provide that protection.
I mean Discord is a gaming chat room. Expectations should be set by that fact. I don't need a gaming chat room to be NSFW, or even host i.e. political speech really. I get that people have used it for more than gaming, but it was always pretty clear what it was. If people don't like that this gaming chat room no longer supports other uses, they should switch to an alternative.
We're all going to have to scan our faces and upload our IDs just to use the internet because of your weird obsession with birth rates? Wonderful.
2 replies →
Clearly the outrage is about the slippery slope and the current techno-fascism gripping the US. I'm not being sarcastic.
You do it for the children now, you poo-poo concerns because "who uses discord for non gaming anyway" and you're just letting the foxes in the henhouse.
Twelve months from now and they'll want it for every chat.
12 replies →
Why do you want the children to grow up in an Orwellian dystopia?
I canceled that shit years ago.
Why should we send a message?
I'm biased, as I lead the Zulip project. But I think this is a reasonable place for me to post some thoughts.
Given current events in the USA, I can't emphasize enough how worried one should be about the fact that a few companies like Discord, Google (Gmail), and Meta have databases with access to the private conversations of hundreds of millions of people with their closest friends and family members, linked up with their identity.
Some of the big strengths of running a self-hosted Zulip server for your community are:
- Zulip servers are operationally simple, highly stable and easy to upgrade.
- Zulip is much better than Discord or Slack for managing the firehose of busy communities. Or at least, a lot of people tell us that they prefer the user experience to everything else they've tried, after a few weeks of getting used to it. :)
- Your community leaders get to make the policy decisions about data protection, identity, etc.
- It's 100% FOSS software, with an extremely readable and maintainable codebase that ~1500 people have successfully contributed code to. I don't think you'll find modern alternatives with a comparable featureset to Discord that are more resilient to the sponsoring company being acquired or going out of business.
- We are a values-focused organization (https://zulip.com/values/) where providing a public service is important to us all.
- Each server is completely self-contained and independent, with the only centralized services needed from us being desktop/mobile app publication and mobile push notifications delivery (which is free for community use and soon to be E2EE).
I'm happy to answer any questions.
Because I have some experience with FOSS, I know you don't get the recognition that you deserve. So on behalf of everyone who's too distracted to say thank you.
Thank you!
Admittedly, it did take a day (less than), but once I got used to the interface Zulip provides. It's better than what I would have asked for! It's phenomenal software! The whole experience is better than anything else that exists. And everyone charging for the same features should feel embarrassed given how much better Zulip is!
Genuinely, it's impressive what y'all have created. So thank you!
Yes, hear hear! As someone who've run a couple of FOSS communities, many of them having chats via IRC, Slack, Discord, forums and more, using Zulip has always been one of the most welcome options, yet also the one that takes the longest for people to understand if they've never seen it.
But it's easily worth it, as you can actually come back and read through old discussions and understand things and it isn't a mess. It's like if you could force Slack/Discord to only do threads, and the entire UI is optimizing for that specific UX. Overall pleasant experience once you get over the initial bump :)
2 replies →
I'm asking because I hate Matrix and actually want you to convince me: why should I accept the risk of migrating my friend group from Discord to Zulip, which has already "broken the seal" of restricting features behind a monthly fee even for self-hosted users, when I could migrate us to Matrix instead? Matrix seems like the much less risky option.
I see that you have a "community" tier that's free and doesn't restrict notifications, but it's not clear to me exactly what's involved in proving that we should qualify.
Mobile push notifications are a special case because it's literally not technically possible to self-host them. Or rather, it's possible if you build the iOS and Android apps from source and distribute them through TestFlight or an analogous Android channel, but it's not possible for the developer of an App Store or Play Store app to allow its users to point it at a different push-notification server, because the public key has to be hardcoded in the app binary. So if you want your self-hosted Zulip server to work with the Zulip client apps in the App Store and Play Store, you have to use Zulip's push server, and there's nothing Zulip can do to fix that.
Matrix works analogously; if you use the Element app from the App Store or Play Store, then you're using Element's push notification server, even if your Matrix homeserver is self-hosted. It's possible that Element allows their server to be used gratis in situations where Zulip charges a fee, I don't know their policies or anything, but in principle Matrix still leaves you exactly as dependent on a third party's goodwill unless you make your friends install a privately distributed mobile app.
Zulip IIUC does not restrict self-hosting of any feature that's technically possible to self-host.
45 replies →
I don't think we've ever charged a friend group or other non-incorporated group of people a dime for self-hosted notifications.
For the community tier, you don't have to do anything up to 10 users.
If your server has more than 10 users, you fill out a brief form (https://github.com/zulip/zulip/blob/main/templates/corporate...). We work hard to consistently process these requests within a couple business days, and the vast majority of communities are approved for full sponsorship without further interaction.
(Large communities managed by a business are quoted nonzero but extremely discounted pricing for self-hosted notifications).
Regarding risk: I certainly won't blame you for feeling risk-averse given the history of the tech industry. I can tell you about some unusual choices we've intentionally made to minimize risk for our users:
- We eschewed VC funding. A big part of my motivation was that I felt that VC funding usually requires eventual enshittification. https://zulip.com/values/ talks more about this.
- Zulip has been 100% FOSS software for more than a decade.
- At the very beginning, we built a complete data import/export system that allows migrating between our Cloud hosting and self-hosting; we put a lot of care into maintaining it well.
I can't promise that we'll never have something to sell for self-hosting communities. For example, I could imagine offering a paid add-on for encrypted backups.
That said, I'd like to push back on the idea that charging businesses for a tool that's an important part of their daily work "breaks the seal". Organizations with a software budget should be happier to pay a fair price for ethical, user-first software from a friendly vendor than for a closed-source product from a megacorp. And Zulip's full-time development team should be able to make a living building ethical FOSS software.
9 replies →
I use Zulip every day for the julia programming language (https://julialang.zulipchat.com).
I really like Zulip, and I'd like to migrate my friend-group onto it, but it probably won't happen. I think Zulip is just a bit too heavy-duty for a friend group chatting, and also lacks the visual polish that a lot of people want.
For now, my friends and I mostly just use Signal for group chats, which leaves a lot to be desired, but IMO is still just a better experience for our purposes than Zulip or Matrix.
That said, if you have friends who are keen to try things out, I would definitely recommend at least trying Zulip and see what you like and what you don't. It has a lot of really nice features and things to love.
Having interacted a fair amount with the Zulip devs over the years, and being an open-source product, I believe that they have no plans or intention of trying to fleece or milk self-hosted users or small communities.
1 reply →
The federation of Matrix seems risky to me to the person self-hosting. I don’t want to host random people’s content. I’ve read some interesting articles about the design flaws of Matrix that led me to believe that it’s not a good option.
What is confusing to you about the community tier? It is basically describing any type of community of people who are not a for-profit business. Groups of friends, non-profits, volunteer groups, etc.
Zulip isn’t charging you anything unless you’re a business with more than 10 users and need push notifications, and that is still only $3.50/month/user if you don’t need more enterprisey things like SSO and compliance stuff.
3 replies →
[flagged]
1 reply →
I recently moved a small community group from Slack to Zulip. Half because of the UX for infrequent visitors (topics are so much better than "50 unread messages in #general"). And half because of your organisational values, which are more aligned with ours than are those of Salesforce.
The Bluesky team talks about "credible exit", and Zulip has that in spades - which makes me not want to exit.
Thank you for the work you do. Hanging out in CZO watching the Zulip team work in public is inspiring!
> topics are so much better than "50 unread messages in #general"
my experience is exact opposite
18 replies →
Hey, just wanted to say that I am a happy Zulip customer.
I used it at my previous employer and after a month of hangringing from people- many did not desire to go back to what we had before. (though some people did say they wanted Slack for the emojis and “prettiness”).
Now I started in a new position and I’ve positioned Zulip (on prem) as the only viable solution since we’re shirking SaaS as a strategic move.
The people who followed me to the new place are quite glad of this, or at least thats what I am told.
So, thank you, sincerely.
Thanks so much for sharing the story!
> hangringing
I’m sorry to be that guy but it’s “handwringing” - twisting your hand like you wring your clothes until you agree
3 replies →
Some of the big weaknesses of running a self-hosted Zulip server for your community are:
- Your server admin can see DMs (or at least metadata, not sure if Zulip does E2E for DMs). The same is true for centralized services in theory, but unless you're a terrorist or a person of interest to a major government, it's extremely unlikely that a Discord employee will have an incentive to spy on your messages specifically. Your admin is likely part of your community and may know you personally, so the temptation is much, much higher.
- If the admin dies and nobody else has the keys to the kingdom, the server can go down at any point, and there's no way for users to reconstitute the network semi-automatically. Discord servers don't just go away unless somebody actively makes them to.
- It's much less secure in practice, it relies on your admin to always be on guard and constantly update their server to prevent vulnerabilities, either in Zulip or in the myriad of other self-hosted services running on it. One guy in his basement that goes on vacation once a year and has family responsibilities is far more likely to make mistakes than a team of trained cybersecurity professionals.
- Many Discord users are in 20+ servers. Anything that doesn't provide a one-click server joining experience (for users who already have an account on a different server) is nowhere near a Discord replacement.
- People want bots (for things like high-fidelity Youtube music streaming on voice channels), and those are mostly Discord-only.
- Anything open source will be worse at phishing and fraud / abuse prevention by definition, as many fraud-prevention approaches rely on the fraudster blindly guessing at what the code and ML models (do you even have ML models for this) are doing.
> it's extremely unlikely that a Discord employee will have an incentive to spy on your messages specifically
No, but history shows some unscrupulous staff members will always snoop, whether its just pure interest or something more nafarious like intent to sell on the black market. This makes the risk of your private data being leaked > 0, which should always be treated as a valid risk.
>- People want bots (for things like high-fidelity Youtube music streaming on voice channels), and those are mostly Discord-only.
So basically Discord is a warez service?
> If the admin dies and nobody else has the keys to the kingdom, the server can go down at any point
This is how infrastructure works, and supposed to work, besides the point that servers "die by themselves" which of course isn't true in reality. You decrease the bus factor if this is a problem for you.
> Discord servers don't just go away unless somebody actively makes them to
If all the sysadmins at Discord died and nobody else has the keys, exactly the same problem happens. Discord though surely have multiple backups of the keys and so on, something you too can do when you have your own infrastructure, so overall that argument feels almost dishonest, since you don't compare the two accurately.
> Anything open source will be worse at phishing and fraud / abuse prevention by definition
What? Completely orthogonal concerns, and if your main "fraud-prevention approaches" depend on security by obscurity, I'm not sure you should even attempt to be involved in those efforts, because that's not what the rest of the industry is going by a long mile.
> People want bots (for things like high-fidelity Youtube music streaming on voice channels), and those are mostly Discord-only.
Actually, the further I get in your comment, the more it seems like you don't actually understand what Zulip offers nor what the parent comment is about. Music streaming on voice channels? Completely outside the scope of Zulip...
----------
I think you have to understand the comment you're replying to a bit better, before attempting to lift Discord above Zulip. They're specifically talking about Zulip as an alternative "for managing the firehose of busy communities", not as a general replacement for every single Discord "server" out there. Yet you've responded to the comment as that's what they've been doing.
2 replies →
Glad to hear E2EE is coming soon, but it’s been “soon” for probably a year now. It’s a bit odd that encrypted notifications still don’t work, and I’d argue it’s a very big caveat with regard to privacy and security.
Our main reason for using Zulip is that we work in a highly regulated space (healthcare) and would like to be able to safely talk about things. I suspect this sort of situation is a major motivator for Zulip adoption, so it’s weird that transit encryption was left as an afterthought.
(There has always been an option to just not include message content in mobile notifications).
Cryptography is not something you can do sloppily, and requires coordination between the mobile and server teams. Zulip 11.x included the protocol, but while doing the mobile implementation, we decided to make several more changes which have delayed it to the upcoming Zulip 12.0.
Some important context is that we retired the old React Native mobile app this summer in favor of the new Flutter apps (https://blog.zulip.com/2025/06/17/flutter-mobile-app-launche...), which has been an enormous improvement in the quality of the app and developer experience.
But as you can imagine, the cutover and relentlessly addressing feedback after it took a lot of time for the mobile team. We've also experienced an AI slop bombardment in the last few months that has consumed a lot of time. I'll save that story for another time.
1 reply →
What is Zulip's position on speech they/(you?) disagree with -- if someone is paying for non-selfhosted Zulip, are you going to delete/shutdown/dox users/operators that you politically disagree with?
If say the hyprland people were using a Zulip instance and someone astroturfed/brigaded/massreported a campaign to shut them down because they didn't agree to some external code of conduct and external enforcement of such, what would Zulip's response, as a company, be?
Moderation of self-hosted servers is entirely the responsibility of the server's owners (and perhaps hosting providers, if it's extreme enough). We have no way to know what's happening on self-hosted servers, and it's none of our business.
Regardless, there is no technical mechanism through which we could block access to a self-hosted Zulip server via the web application (which is hosted by the self-hosted server itself and designed to work on both desktop and mobile devices).
For Zulip Cloud, you can read https://zulip.com/policies/rules. One of the nice things about Zulip's model is that communities that we do not want to host can just migrate to self-hosting.
My biggest feature use of Discord is the drop in / out voice with PTT. I couldn't quite tell if this feature exist.
PTT = push to talk (at least that seems the most probable match on Wikipedia)
Doesn’t exist in Zulip, theres a “camera” button that generates a jitsi link, I tried (and failed) to make it a google meet link, but it works surprisingly well, though it is a context switch.
2 replies →
I'm really hoping for Zulip to succeed, which is why I'm even commenting. But it really needs people with UI/UX expertise. E.g. good user onboarding does not mean showing them a 2 minute video, as another comment on here mentioned.
Thanks for your work. Moved my company from Slack to self-hosted Zulip after Salesforce unilaterally decided to transfer our account to Alibaba Cloud and the transition has been very smooth. We especially appreciate proper markdown support !
Wow what the hell, Salesforce.
This is great to hear and ironically we (Pidgin) just decided that Zulip was going to be the next protocol we were going to add support for just barely 24 hours ago before all this Discord nonsense!
https://discourse.imfreedom.org/t/protocols-to-support/234/1...
Awesome, feel free to start a thread in #integrations in chat.zulip.org! We'd be happy to chat about some of the things that will make your life easier to do carefully when writing a new client.
The main thing regards our double-entry API changelog system. Basically, the API documentation for individual endpoints, say https://zulip.com/api/get-user, natively cover for each endpoint all the changes relevant for that endpoint from https://zulip.com/api/changelog... and how to write nice code using feature level checks to support all server versions.
1 reply →
Happy to hear Pidgin is still at it after all these decades. I still fondly remember using it when it was still called Gaim and only spoke OSCAR, back when Rob was involved before he started Asterisk. I lurked on IRC back then and even made a simple TUI when libpurple first came out.
How does Zulip compare to Campfire and Stoat (and other FOSS) efforts? How is onboarding for non-tech people?
Onboarding has a thread going here: https://zulip.com/development-community/, you'll get an idea of how we work.
So while there's some features we don't have that are present in other products, and we don't have dozens of designers on staff to do cool end-of-year animated reports like Discord does, you can expect few bugs and a lot of interaction design polish.
-----------------------------------------
The one mistake that I think a lot of folks make in evaluating options is focusing on buzzwords like E2EE without thinking through their threat model. E2EE doesn't add much practical security over self-hosting for many threat models, and it comes with significant usability trade-offs. And some current E2EE systems don't actually protect against a malicious server, say because they only protect message content, not metadata like who has access to what... just against raiding the server's disk.
(For example, WhatsApp has E2EE for message content, but I expect Meta's databases know everyone who's had a conversation with me on WhatsApp and the precise timestamps and approximate lengths of every message I've sent or received on the platform. And apparently some keyboard apps send what you're typing to remote servers!).
9 replies →
It's kind of weird that e2ee is kind of afterthought everywhere. If I was making a chat system I'd obviously didn't want to keep anything that the users talk about on my servers unencrypted or decryptable. Why would you? If something is supposed to be public then keep it. If not, don't.
The weird "we pinky promise to try to keep it non-public for some time" is a weird idea.
Most consumers don't know the difference between "encryption" and "end-to-end encryption".
Zulip uses standard TLS encryption, where the messages are encrypted in transit, but the server has access to the messages.
The server having access to the messages is extremely useful for many key features. Access control policies. Search. Markdown rendering that can make guarantees to clients about its behavior. Mobile notifications for mentions. And many more. There's options for all of these problems, but it's /hard/ and you end up having a lot of risk of nasty bugs where "all the message history become unreadable" and a lot of performance issues.
This is why why end-to-end encrypted messenger apps like Signal are extremely minimal with basically no chat features, and can take a while to load long conversations ... there's a lot of expensive cryptography happening in the background. AFAIK it's not realistic to use the Signal protocol with the volume of messages people do in high-traffic Discord or Zulip communities.
Some other E2EE chat systems have more features but fail to actually provide end-to-end security. (For example, the server provides the source code for the web app and can freely modify that code to steal all the messages the user can still read, or the server is still in charge of metadata like channel membership ... so a malicious server could just add a fake user to every channel).
You get almost all of the security benefits of these "E2EE" chat systems by having a trusted person self-host the server, and setting a message retention policy if you want messages in certain channels to be automatically be deleted after a period of time.
Our vision for Zulip is not billions of people on our Cloud service. People should own their own communities, not corporations. And in that world, usually the person who runs the community can be trusted to host it.
1 reply →
It turns out e2ee in a chatroom is really, really, really difficult.
1 reply →
Does your app pass the grandma and quarterback test? Can I get my grandma and the group's jock/quaterback to use it without handholding?
I'd say so, especially if you start on desktop and have them watch the 2-minute onboarding video. We are satisfied with what we see with our internal usability studies with nontechnical users.
Among customers, one reference that I can quickly cite is this one:
https://zulip.com/case-studies/gut-contact/
> Agents at GUT contact use Zulip every day to communicate with their team leads. “Most of our agents are in their 60s or 70s, so the software must be as simple as possible. That’s why we love Zulip,” says Erik Dittert, who’s been leading GUT contact’s IT team for the past 20 years.
I would recommend doing a little training/handholding call/video when moving over a community -- but this is true for any new app.
My mom needed training to do basic things in Squarespace, and I had a friend who worked at Slack whose manager started every chat message with "Hi <name>" and ended it with a signature, like you would an email. :)
23 replies →
Data point of one: in my small community group that has moved to Zulip we do have a grandma contributing. No jocks though so I can't speak to that.
I would also like to note that Slack did not pass the grandma test in our case. I highly doubt that Discord would given how hyperactive the UI is.
2 replies →
man, I want to support something like Zulip, I would even want to work on a product like this but one thing I'd say is you have to go back and study why Slack beat Hipchat and others. It's so simple in hindsight but it was the marketing and the UI/UX of Slack that made it so much easier to use. If you'd like, I have a ton of ideas and experience building UIs and would love to give you some of my input. Too much typing for a comment at the moment.
You should stop by #feedback in chat.zulip.org and share your ideas!
Regarding the history: Slack had very effective marketing, powered by a lot of venture capital. And HipChat was a weak product that had an embarrassing total hack, which did not leave customers with confidence that their data was safe there.
Zulip is not venture-funded, so we're reliant on people sharing it with others to get the word out.
As a side note, I don't think Slack could have succeeded if it launched today. Microsoft Teams has far far more users as Slack, and it's slopware. You can thank the end of anti-trust enforcement for that.
1 reply →
Based on some (admittedly very surface level) research, one spot where Zulip will still struggle to replace Discord is Voice/Video chats and Screensharing - the little I could find about voice chatting in zulip is that it has to be configured to use an external service (jitsi, zoom, etc)
If you do no configuration, it'll use the public Jitsi service for video calls. So no action required unless you want a different video call provider.
> Zulip is much better than Discord or Slack for managing the firehose of busy communities. Or at least, a lot of people tell us that they prefer the user experience to everything else they've tried, after a few weeks of getting used to it. :)
Could you expand on this?
Slack has basically one main hierarchy level (messages are grouped into channels) while Zulip has two, streams and topics. So you can create a stream for each project (say) and create a different topic for any given point that needs discussion about that project.
Kind of like if each slack thread discussion had a title and was discoverable from the left sidebar and didn’t get in the way of the other threads.
5 replies →
Check out https://zulip.com/for/communities/ and some of the linked case studies; they explain it better than I'll be able to in a quick comment.
But the main reason is that the topics-based organization and ability for moderators to move/split conversations means one can read and participate in a community much more fully given a fixed amount of time.
Hi Tim. For pricing, it would seem that large, public-facing, Discord-style organizations would have to go with the free plan to avoid the pricing being prohibitive. Think something like the new Limewire community on Discord which has 2 million members. Or am I missing something about what a 'user' is considered in terms of being billable or not?
On a related note, I'm gonna check out Zulip for PortableApps.com. Any interest in having the Windows desktop app be portable? (We'd love to do that if we wind up using it)
The advertised pricing is for workplace use where the users are on payroll; if you read the plans page carefully you'll see we have free or highly discounted pricing for other use cases, both in Cloud and self-hosted.
Zulip is not designed to support 2M user accounts in a single organization. But if you enable the public access option (https://zulip.com/help/public-access-option), such that no account is required just to read content, you can end up with 1-2 orders of magnitude fewer "total accounts" that just wanted to see something once and don't actually use the server.
1 reply →
Just dropping in on a completely unrelated note to thank you for developing PortableApps - as a kid with no UAC access almost two decades ago now it helped me immensely to develop my interest in IT :-)
Hi Tim! (We know each other :))
I'm curious whether you feel you're actually in control to actually make policy decisions about data protection or whether you feel you could be hit any day by the "$5 wrench" by the government any time they feel it necessary. I'm starting to feel that in this environment, nothing is safe, even if encrypted and on FOSS platforms.
Hey Dheera! It's been forever.
Personally, I advocate for self-hosting communications software, ideally on physical hardware that someone in your community has control over. Zulip runs great on old laptops, if you can solve the IP address problem for hosting it in your house.
And if you want to be extra careful, put your chat system behind a VPN/firewall, so it's difficult to identify what software is being used externally.
And if you're not going to do that, because it sounds like too much work, the next best thing is to at least pick a Cloud service where you can migrate your group to paranoid self-hosting overnight if you decide the work is now worth it.
Self-hosting this way doesn't protect against all threat models. I am human and have children who I love dearly, so it's hard to rule out the possibility of my being compelled to make a malicious release.
But at least the Zulip source code is entirely open and highly readable; so users would at least have a chance to notice and not upgrade. With a centralized architecture like Discord, you're entirely reliant on whisteblowers.
Do you know if migrating from Mattermost to Zulip is remotely possible?
I had been using Mattermost because it's also (mostly) FOSS. However, they've recently been changing their released OSS edition to restrict capabilities... Unfortunately the org I maintain it for is having some issues with it now and I have metaphorical egg on my face.
Yep, it's easy: https://zulip.com/help/import-from-mattermost.
Also your website (https://zulip.com) is so fast and snappy, I was surprised to see everything load instantly when clicking around. I have not tried the app yet, but seeing a static website like this is quite refreshing.
What is the video calling and screen share experience like?
Zulip "shells out" to other apps like Zoom or Jitsi for this with a light integration in the UI.
14 replies →
First time hearing about this project and it feels mature. However, the landing page example of the app on web is…messy and noisy to the point i am totally lost.
This is not the case for slack or discord. I think having an awesome clean first impression would do wonders to sell what younare doing.
Can you give more specific feedback -- what specifically are you looking at, and what specifically do you think contributes to it being noisy?
1 reply →
how does zulip as a technical solution solve the ultimate problems with discord and gmail and so on - EU chat control, US porn control, etc?
arent you as a zulip instance owner going to have to implement all the same stuff as discord?
It depends on what you’re doing with the instance, where you and your users are located, etc.
If you create an invite-only Zulip chat for your pub trivia league or school parent association that’s all adults, probably not.
Hi tabbott. Thanks kindly for offering to answer questions. :)
I signed up on your site just a bit ago, but I'm a bit concerned with the paid upgrade. Unlike Discord, I need to pay per user, which I find onerous and would get out of control fast for the group I run with around 100 members. Is there any plans for a flat fee model? I'm even happy to pay twice what I pay for Discord Nitro, but yeah, $8/mo per user is too expensive.
If it helps at all, it's for a retro computing community group, and not for profit.
Not affiliated with Zulip, but have you checked the "Free and discounted Zulip Cloud Standard" info on their help center? https://zulip.com/help/zulip-cloud-billing#free-and-discount...
Sounds like you could be eligible for free or for a significant discount. Also:
"If there are any circumstances that make regular pricing unaffordable for your organization, contact sales@zulip.com to discuss your situation."
1 reply →
I don’t have any questions as of yet, but reading your site; it speaks to me and those values align with mine. Just wanted to say that I think the world could use a bit more of this.
Value-focused organizations mean nothing to me. They throw out their values as soon as they are in the way of financial success.
Having a fully open-source self-hostable product improves this significantly.
Hi @tabbott I've been meaning to pass this feedback on for 5 months, and I hope it comes across in the spirit it's meant.
I tried Zulip (cloud offering) with some techie/designery friends, so we should have been right at home but... the desktop app on macOS and the web app was visually unappealing and clunky, and we ended up going back to a paid Slack plan.
I looked for docs on how to theme Zulip (so I could contribute), or for existing theme packs that would soften the transition but found neither.
tl;dr: The functionality was good (Love the threading!) but the UI feels like the 2000s came calling. Some UI polish would go a long way.
My feelings as well.
As a former user of Zulip at a previous company, thank you for this software, I enjoyed using it. Maybe I'll setup a private instance for friends and family so I can enjoy it once again.
You are referring to yourself as an “organization”, can you define that precisely?
> Given current events in the USA
Don't worry - they're repealing section 230 of the Communications Decency Act.
The one that says platforms aren't liable for what their users post.
This means there will be no platforms at all very soon.
What is the purpose of repealing this act? Make platforms liable and thus enact more restrictions, is that right?
3 replies →
>Don't worry
I'm not worried. We'll use Zulip which has values and thus takes responsibility for everything its users post, right?
> https://zulip.com/values/
Every word of this page appears as its own line on mobile.
How well does Zulip protect users' privacy against snooping admins? I.e., does it have E2EE DMs? Unfortunately, this is a legitimate threat to be concerned about
How do you see Zulip comparing to anytype, https://anytype.io/ ?
Self hosting could be an option, but it does not help when a country require you to identify if a user is adult or not.
Doesn't self hosting usually exempt you? Most such regulations only apply to commercial entities above some minimum user count.
While I personally strongly favor federated solutions those are of significantly more concern in this regard.
1 reply →
Thank you! Zulip is a great project.
Looking for your features but no voice chat, no screen sharing, no deal.
The built-in Jitsi integration lets you create a voice chat call via a single button click. You can also put those call links in a channel description if you like.
We do have plans to make the integration offer some additional ways to jump into a call, and have been talking about adding video chat. But our focus has been on building the best text chat possible, given there are multiple actively developed FOSS video call systems that we can integrate with.
3 replies →
Looks like it has integration with Jitsi Meet https://zulip.com/integrations/jitsi
4 replies →
very good take. IMO "current events" goes back to The Patriot Act if not further. Aggressive digital surveillance by 3-letter-agencies has been active for 20-60 years
What’s the state of accessibility on Zulip?
(Thanks for making Zulip, I love it)
You can do everything with the keyboard, and we do write everything with screenreader accessibility and colorblindness accessibility in mind.
But we don't have a dedicated accessibility tester on staff, so we're reliant on people reporting issues that bother them in actual use.
I should also mention there's a nice TUI app: https://github.com/zulip/zulip-terminal, which can be helpful for some people.
1 reply →
Thanks so much for this!!
Can you get Zulip supported by OpenClaw? Zulip was my first choice communication channel.
https://github.com/openclaw/openclaw/discussions/5163 suggests it already has a PR.
I'm told (https://chat.zulip.org/#narrow/channel/127-integrations/topi...) that upvoting that discussion might help it get prioritized.
so instead of discord, google, meta having access to private convos... we should all switch to Zulip and have Zulip being the one with access to those convos? Or join someones self hosted instance and let them have access to those convos?
I am confused.
You can host your own instance or choose someone you trust to host it. With discord, google, meta you have no options.
Are we the bad guys?
I spent 7 hours or so yesterday installing Zulip. It was a huge pain; for one, it wants to own an entire server and the only supported installation method is this mega-script that clobbers everything, so I had to try to use the Docker container. Documentation on installation is scarce; other than telling you to use the script, and the fact that a docker container exists (though the GitHub repo it linked me to was no longer accurate, and I had to find the updated image name elsewhere), there's practically no information on how it works or how to use it, or what it depends on or how to configure it.
- Had to use ChatGPT to help generate me a docker-compose.yml, except it forgot about memcached, set the wrong environment variables and just generally did a sloppy job.
- Once it was running it was a huge pain to set up reverse proxying properly, because Zulip apparently doesn't even pay attention to proxy headers if you're talking to it on port 80, even if X-Forwarded-Proto says https. It would get stuck in an endless redirect loop trying to redirect https to https. I could only properly debug this with tcpdump. The only solution I could find was to expose port 443 of the container and then have the reverse proxy talk to that, but Zulip still won't respect X-Forwarded-For, and login emails still show the Docker network address for whatever reason. No idea how to fix this as I couldn't find documentation on how to do it for Docker; the doc for reverse proxying without Docker says to edit zulip.conf, which is impossible (or I don't know how, as again, I couldn't find documentation on any way to do it for Docker.)
- Even once I could access Zulip it was a huge pain to get it to access the databases it needs, because again, I couldn't find documentation on how to do this for Docker. This was after it was a pain to figure out how to generate an org creation link because I don't think I could find documentation for that either, I had to find the script and read the source to figure it out.
- Even once it could access the databases it needs, and I could get it to use the right passwords (which was annoying as it generated SOME of own secrets, but not others, and started ignoring the corresponding settings, like the email host password), I tried to set up push notifications but that required a setting I didn't know how to set because I couldn't find documentation on how to do that for Docker; I eventually figured it out but it was annoying.
It was so awful and took up practically my entire day. Once I could finally get it to work, it works pretty well, but it's not an experience I would recommend until the docs start supporting this use case.
I'm sure it would've been easier if I read the entire documentation, the entire source code, the entire build script of the Docker container, etc. but I just wanted something to work...
I typed "Zulip docker compose" into DuckDuckGo, the first result was https://github.com/zulip/docker-zulip which has commits from today, so doesn't seem out-of-date.
> Had to use ChatGPT to help generate me a docker-compose.yml, except it forgot about memcached, set the wrong environment variables and just generally did a sloppy job.
It has a docker-compose file in it, has memcached in it.
> [...] X-Forwarded-Proto [...]
Does https://zulip.readthedocs.io/projects/docker/en/latest/how-t... help?
> access the databases it needs
The official docker compose has databases set up already, I guess you were missing those from your ChatGPT created compose file.
____
It kind of seems like you were linked to the wrong place for documentation about Zulip with docker in the beginning and then went from that.
A quick click-through seems to suggest you landed on https://zulip.readthedocs.io/en/stable/production/install.ht... and then clicked on the prominent "Docker image" link on top which leads to a random location on the page. (at least on Firefox)
That's very understandably annoying. If can you confirm that that is what happens, a bug report either with Zulip or ReadTheDocs (not sure which) might be in order.
5 replies →
LOVE Zulip!
hope you get some money man. instead of just "oh you do FOSS, thank you" - fuck those guys.
Zulip is amazing, thanks bro.
Why zulip instead of the good ol' IRC?
It has modern features. It stores message history. It has a fairly unique feature of letting you create ad-hoc "topics" (that go under a "Channel") that make it easier to manage the flood of conversation.
1 reply →
Last I checked, IRC wasn't really mobile-friendly.
1: IRC loses all messages to you while you are not connected
4 replies →
[flagged]
Why would you ask this?
2 replies →
[flagged]
Yes, but it's fashionable to blame the US for things
[dead]
[flagged]
> enforcing the law
This is like believing DOGE was about efficiency :)
Understandable, but sometimes there isn't a better alternative that doesn't do user support via Discord. That's why it's important to have alternatives that work, so unrelated companies don't pick centralized platform chat software that happens to be convenient for their immediate needs.
Yes, American Hitler is in fact Hitler perhaps you're cool with:
1. Extrajudicious execution of US citizens 2. Construction of concentration camps 3. Openly saying that you'll interfere with state elections 4. Openly saying you'll take away guns and dimish gun rights
Let's just be honest with ourselves. No one. And I mean no one, can support Donald Trump and be a principled decent human being, conservative or otherwise.
I've been building a decentralized, open source platform at https://github.com/Qbix/Platform before it was cool.
I don't think it's cool even now.
I mostly got hate on HN every time I posted about it LOL. I think something about "decentralized" gets some people really riled up (maybe it's the association with crypto / blockchain?) but frankly, it's the ONLY solution to extreme centralization.
Someone's got to build a platform with all the features of Discord, but make it decentralized and open source.
I've spent over $1M and 10 years on it. I have to package it so that it's easy to install. But I'm working on something to take care of that, in the next few months, that will also include actually safe AI agents inside.
It will look sort of like this: https://engageusers.ai/ecosystem.pdf
I'm happy to welcome anyone aboard who takes the time to learn the platform, but I won't lie, it's huge. As you would expect an open source decentralized clone of Facebook / Discord to be. I just hope it's architected well enough for developers to pick it up quickly. At the very least, I think it's a lot less spaghetti than Wordpress and Joomla :)
PS: In 2018 I launched something that HN hates even more... a Web3 company that released open source smart contracts at https://github.com/Intercoin . Why you ask? Because once a lot of value is at stake (whether it takes the form of money, votes, or even just community roles), it's better to have thousands of computers secure it than "just trust" the central site.
When founders of famous centralized messengers criticized decentralization, I had to write this:
https://community.intercoin.app/t/web3-moxie-signal-telegram...
And history has proven me right... their only move is "withdrawing" from a country like Sweden. Well I guess the DSA would make them withdraw from all of Europe: https://www.reddit.com/r/privacy/comments/1ixrv14/signals_ce...
Don't forget, it's not just Discord. As of Jan 1, Texas is now requiring digital ID to download any app at all or visit many internet sites, and forcing Apple/Google to build it in "to protect the children" of course. And Utah is following suit soon too. The Supreme Court last year said that digital ID can be required by states.
Crypto is the problem not the solution, that's why no one cares. We aren't going to pump your shit coin so you can rug pull, give up.
1 reply →
You need someone to rework that ecosystem.pdf file if you're serious. You spent a million dollars on this but your ecosystem pdf looks like it was created by a 12-year old trying out slides for the first time.
This is the worst PDF I've seen. Please stop shilling this in every thread.
[dead]
Sold
> Zulip servers are operationally simple, highly stable and easy to upgrade.
You lost me there. I need to have all my contacts on Zulip. Nothing else matters to me
Then you're fucked, and stuck on big tech and hostile governments. If you can't convince friends to move, that is.
> Given current events in the USA,
This part absolutely isn't necessary because it's a wrong idea no matter who is in charge.
>>Given current events in the USA, I can't emphasize enough how worried one should be
I've been putting my pants on every morning for the last several years, had breakfast, gone to work, and come home without worrying about any current events in the USA and my life seems no different than 50 years ago except I have modern gadgets.
Social media is not the world. In fact, it's 10% of what the real world is like and how the real world thinks. It's why I ignore social media except for HN and one other but I only scan the headlines and rarely pop into comments like this.
And I'm happy.
EDIT: And the comments below are proof why you, too, should ignore all social media and why you, too, will be happier.
Thousands of people have put their pants on, had breakfast, gone to work, and then been intercepted by militarized federal agents, thrown to the ground, locked up in prison camps, then deported overseas.
Glad things are comfy for you though.
61 replies →
Fixed this for you: "I haven’t been affected, so everyone else is overreacting."
5 replies →
> I only scan the headlines
Have you scanned any headlines about ICE lately? Maybe do a quick search for news about Minnesota?
(I'm pretty sure that if you'd been putting your pants on in Minnesota, you would not have written this comment.)
22 replies →
If your eyes are closed, then things look the same whether you're in the middle of a calm meadow or on a highway about to be run over by a truck.
If you prefer not to look, maybe because you're convinced there's no truck, or you don't think it would help avoid the truck if there is one, fair enough. But the fact that your personal experience is unchanged is meaningless.
2 replies →
That is not a good analysis because it insinuates that everything stays the same. This is clearly not the case. Besides - no matter whether in a democracy or in a dictatorship, almost everyone puts on pants.
It is also incorrect to confine this "merely" to social media. This is clearly government overreach. They want data from The People.
It's sad and pathetic to see such apathy.
while there is nothing wrong with it, you are clearly in a stable section of a stable country
[dead]
[flagged]
[flagged]
[flagged]
I hope Discord understands the risks they pose to their audience when they open source their IDs again.
Discord is used by a bunch of closeted users having pseudos, who wouldn't do the same activities on it if everyone had their names.
A part of the Discord users is from countries from which Discord isn't even officially accessible (eg China) or where involvement in LGBT discussions could result to death row (Afghanis are still on Discord)
For me, a company that open sourced 70,000 IDs and ask for moooooore just weeks later is just a joke about the sharing economy
The problem isn't even for new users. Some users have over a decade of private hobbies and will now need to associate their governement ID to their profile. Discord pinky swears they ask but don't keep this time, which isn't enough.
Companies shouldn't be allowed to change such fundamental ToS after an account is created.
> Discord is used by a bunch of closeted users having pseudos, who wouldn't do the same activities on it if everyone had their names.
Exactly. I am sure they won't share their face or ID and will move somewhere else. Big opportunity for other platforms to stand up and grow their user base.
Literally just finished spinning up a Matrix server for my friends and I to try out
1 reply →
+1.
It's a push out.
That's fine. We'll take our attention elsewhere.
Discord also calculates a whole lot of (inferred) demographic information. Estimated age, gender, and surely much more. They also feed all the messages into a ML model, which guesses what people are talking about, and pushes a notification to other users. This is probably the culmination of all that, this is why they refuse to be e2e like every other reasonable messaging app...
Discord is focused on large groups. E2EE doesn't work in this case. Group management overhead traffic is too high and too unreliable, and a bad actor could just join the group under a pseudonym to log messages. Discord isn't E2EE for the same reason Hacker News isn't.
1 reply →
I REALLY doubt anyone XYZ while XYZ is illegal/pursued/banned in their country hasn't already extensively thought about their own threat model, and that disclosing this kind of infomration on a public platform is not safe.
You’re out of your mind if you think I’m gonna upload ID to use a “shitposting about video games with friends” service.
To protect my privacy, I have a photoshopped drivers license with a photo of my dog that I've successfully used for verification (e.g. AirBnB) in the past.
Though, with AI being used I suspect it wouldn't pass any longer.
It used to be that on the internet, nobody knows you’re a dog. ;)
2 replies →
Huh. Can you do that? I wonder what is legal status of this. I used to make all sorts of fake IDs (pretty good ones!) when I was a teen (you know, for purposes such as going to clubs, buying alcohol), but of course this is literally a crime, and not even a "minor" one. Apparently, back then it didn't bother me much, but with age I became more cowardly, I must admit. So now I use my passport data more often than not, even though I am not really a fan of the idea of giving a scan of your documents to some random guy on AirBnB (although, with some obvious caption photoshopped on top, to make the scan less re-usable). I mean, it's just a matter of fact that everyone requires them, and it also has that weird status of "semi-secret thing" that you are somehow aren't supposed to give to anyone, and I still have close to zero understanding of how that works.
So, I suppose you shouldn't give your fake id (digital or physical) to a government officials. It also seems "obvious" that it's similarly unwise to give it to a bank. But you can do that to a random guy on AirBnB? A hotel? To a delivery service (Uber/Wolt/whatever)? Dicsord? Where is the line between a bank (a private commercial corporation) and Discord (a private commercial corporation)?
18 replies →
Youtube flagged one of my accounts as a teenager because I watched a few pop videos (lol) and I was not able to trick it with fake IDs, though I didn't try all that hard.
2 replies →
I tried to do this when LinkedIn forced me to upload an ID. It didn't work unfortunately. I see the good in this but I know it will be abused. I want to run away but I don't foresee any way that the powers-that-be will let the common person use the Internet without an approved ID in the future.
wdym, how did your dog driver license even pass before AI ?!
5 replies →
I found a picture of someone my age, gender, and background and used that in the past for some things.
But not even worth that effort for this. Not a subscriber, but probably won't ever use it again, either.
Just use Ai to make a non existent human face, might as well
2 replies →
This gives me some idea: just use AI to generate an ID.
You do realize this is wire fraud right?
1 reply →
I have discord for gaming communities, but also for political communities. Pod Save America has a discord with thousands of users talking political things. While I don't mask my identity there, I sure don't want Discord preemptively linking my state ID to my person. Screw that.
If you're worried about government retaliation they can already figure out who you are from what discord has, especially with a justice department that doesn't really even care about looking like they're following the law
3 replies →
Yeah, I've been warning everyone about the consequences but nobody wanted to hear it. So do people still want a general social media ban for teens?
Absolutely. Social media and its consequences has been a disaster for the human race. Ban it for everyone.
79 replies →
ID verification for sites that where people speak the truth.
Cesspit of AI-driven "validated" accounts for pushing propaganda.
It's the worst of both worlds.
Nope, I want the social media companies to be shut down, I want smart phones to go away permanently, and I don't want kids to be handed laptops or ipads in school.
Everybody hates teenagers, so yes.
It's not really about protecting them; people that claim this is the case are generally doing so to launder that hatred.
4 replies →
Absolutely, who gives a shit about some platforms on the internet.
I think Discord is trapped in an ugly place:
1 - Piles of parents too stupid or lazy to, well, parent the children they made;
2 - A very reasonable societal expectation that it shouldn't be easy for young kids to access, or even be exposed, to the worst dregs of the internet;
3 - Very different use cases (gaming, kids stuff, free/affordable slack for communities) all on the same platform;
4 - A pile of morons in legislatures who insist there's a magic highly private way to do all this, but (see Australia) refuse to lay out the actual method. It's a government-wide game of underwear gnomes.
> A pile of morons in legislatures who insist there's a magic highly private way to do all this, but (see Australia) refuse to lay out the actual method.
This is a case where there's plenty of evidence that it's actual malice, not just incompetence. Leaving aside that this shouldn't be done at all, there is no desire to do this in a privacy-preserving way, because destroying anonymity and controlling online discourse is the point for governments, not the "unintentional" side effect to be avoided. "Think of the children" is just the excuse to get people to unknowingly buy in, just as it has been for generations.
https://bsky.app/profile/tupped.bsky.social/post/3lwgcmswmy2...
That’s not a reasonable societal expectation. That should be an expectation of the parents to follow through on.
How reasonable is this expectation? All you do by intituting these draconian 'wont someone please think of the children' ID laws is make it marginally more difficult to access mainstream services where there's not much crazy bad stuff anyway. The rest of the internet is the wild west, and good luck controlling that.
The whole thing is security theater designed to conceal the fact that child security is not the objective, it's the justification.
1 reply →
Discord hasn't been video game only for a long time
Then use that server without age verification?
I’ll vibe code that sh*t in a sitting
Please do and write about it, whether it goes well or not.
Seriously, and probably do a better job of it. Electron. Yuck.
The problem isn't the platform, it's getting a critical mass of users. Until everyone is using it, nobody is.
You can say “shit” on the internet.
1 reply →
All social media websites should require id tbh. This is the new public town square - everyone should have a voice, but nobody should escape the consequences of using that voice to peddle bullshit.
I've never been to a town square where I had to let some random person photograph my face or tell me to leave.
Except that is clearly not how it works. Spend 5 minutes on facebook, and you will quickly realize that people have absolutely no problem spewing the most disgusting racist, xenophobic shit you have ever seen in your life, while their full names and pictures of them hugging their granchildren are there for everyone to see.
>> nobody should escape the consequences
There are no consequences whatsoever for this.
I'd never thought I'd see advocates against privacy on HN of all places but here we are.
The old town square had anonymous pamphleteers.
I don't need a public ID to sit in my local park nor shop for most things on Main Street.
>nobody should escape the consequences of using that voice to peddle bullshit.
We can already do that without needing ID stored on servers. Blame lazy enforcement with an incentive to retain even bad customers.
Feel free to go make a social media website that requires ID. What you are claiming is that websites that don't require ID should be destroyed. No.
You don't have to, you just can't access NSFW channels and servers.
I believe what you said is correct and this headline is incredibly misleading. Most people should not need to upload any ID. If you are so addicted to NSFW content on Discord, then it is a different story.
2 replies →
I’m giving it exactly 2 weeks after implementation for most people to just suck it up and upload their IDs. I can’t think of a single “this new thing will break the service, people will mass quit!” thing every working out. Sure, some users left. But super majority, who has already built communities and are depended on it just keep churning.
Privacy and all that jazz aren’t that important to an average person. Everyone’s IDs are already circulating in a mix of Tinder, AirBnB, Twitter, <any random other app that just requires it>.
> I’m giving it exactly 2 weeks after implementation for most people to just suck it up and upload their IDs.
I don't most people will even notice, as they are not in age restricted servers or channels.
Eh, I dunno, there’s a free chat app lifecycle that they all pretty predictably go through and Discord is getting a bit long in the tooth.
2 replies →
I deleted my Facebook account in 2011. After finding out how much critical neighborhood information I have been missing, I finally registered a new Facebook account fifteen years later to follow my neighborhood groups.
A month later, the account was suspended for supposedly breaking guidelines. I never posted a single message, never reacted to any posts.
They then required me to upload a video scan of my face to prove I was a person.
We aren’t quite at the end of the internet, but man I can really see the end of this journey coming sometime soon.
I helped an elderly woman create her first FB account. She'd just lost her husband and wanted to notify his friends about his upcoming memorial service. She knew their names but didn't have contact information.
We created the account from an Apple device, registering from her home cable modem IP, giving FB her cellphone number and ISP issued email address — all strong signals of consumer authenticity. But after she added five of her relatives within half an hour, her account was locked for suspicious activity.
There was an appeal button; she was asked to take a picture of her face from many angles and upload ID. She gave them everything they asked for, but when Facebook reviewed the appeal, they closed her account permanently.
> There was an appeal button; she was asked to take a picture of her face from many angles and upload ID. She gave them everything they asked for, but when Facebook reviewed the appeal, they closed her account permanently.
I can't speak for every company, but I know with Facebook and Paypal, these requests generally are from automated systems and the chances of successfully reopening the account is well under 1%. The info you submit is not viewed by a human and the systems are mostly treated as a way to lighten the load on human support staff. They don't care if your account is reopened, they just want you to feel like you had a chance, did all you could, and then just give up.
I discovered this about 20 years ago dealing with Paypal. I happened to know someone who worked in Paypal engineering at the time. I had a well established account, a Paypal debit card, linked accounts, etc., everything you could need to feel good about an account.
Out of the blue it was suspended and I was sent into this system to send in verification documents. I gave everything it wanted. First it was ID, then a "utility bill" so I sent over my phone bill. That wasn't acceptable because it didn't prove I lived at my address for some reason, so I sent a natural gas bill. Even though that did have to be tied to a physical address (you can't deliver gas wirelessly!) I was asked for an electric bill. Then the lease. Then a bank statement. Every time I gave it pretty quickly. Then I was asked for a passport. I didn't have one. Suddenly that was the only thing that could unlock my account and as soon as they had the passport my account would be reopened. Nothing further would be done without a passport, not even communication.
I asked my friend to look into it. She said, "that's on purpose, that's the NoBot. It gets people out of support's hair." Turns out if you let unhappy customers complain to humans on the phone they will, so some exec decided to improve call center metrics by forcing customers into a system designed to keep them occupied until they gave up. You funneled people into it, and it would continue to reject their submissions with new reasons infinitely. It just went through a list of things to ask for, and when it found one you couldn't provide, suddenly that was the key and without it you were screwed.
Companies still do this today.
22 replies →
Many consumer banking apps have begun integrating similar identity verification third-party providers. They are very inaccurate.
Sometimes it works with the front camera on one smartphone but doesn’t with another (iPhone 17’s distortion), sometimes it recognizes your face on one day, but desperately fails to recognize you on another. I had to repeatedly record videos for it only to fail over and over again. Anything their system flags as suspicious, anything, will trigger the same video identification flow again, which effectively blocks your money in the account.
I’m closing my accounts with a couple of banks with these video id flows. Simply because it’s way too easy to lose access to my money in the account with them. If their QA is not good enough for this vital requirement, I don’t want to know how they treat other requirements. They simply outsourced the id verification to some third parties that are way too unreliable.
6 replies →
It sure beats the Reddit system where you think you are interacting with people, only to find out a couple of days later that your fresh account is shadow-banned and nobody is seeing your comments and that none of your likes went through.
At least Facebook tells you that you are banned.
11 replies →
Not to defend, but to understand. Last year our old "High School class of 19NN" group received about a dozen join requests per week from bogus accounts for a couple of years. At first they were trivial to discriminate because they were folks located on the opposite side of the Earth. But over time they became filled with pictures and names of (randomly generated?) Americans.
I could still tell because their profiles were sterile and had few normal comments or likes etc. Also a high school class has a very narrow age range. We recently landed a fatal blow by disallowing joins by "pages" and adding a few questions. A trickle continued but stopped recently.
The hamfisted false positive response you described is probably a result of the above.
2 replies →
Last year I finally caved and tried to sign up for instagram. It's tragic but it's almost like a second internet. So many small business and bands only have instagram. So many lil communities post their events only on instagram. I always have to ask friends with instagram to tell me when a brewery is open, when a show starts, etc.
So I tried to sign up (and I already HAVE an active facebook account from high school, with hundreds of friends) and it wanted me to scan my face. I did it, which I regret, only to be told five days later that I am too suspicious. So here I am, still locked out of all this information lmao
4 replies →
My sister died a few years ago. A couple of months later, someone created an account with her name and profile pic and started inviting family members. Quite frankly, I would have been ready to brawl with this person if I were in a room with them.
I feel very badly for your friend. Unfortunately, those completely benign actions look identical to a common identity theft pattern.
2 replies →
It's as if all the other problems Facebook has done in the past never mattered. Nobody stops to think about how Facebook's _repeated and exhaustive history of abuse_ might actually impact them. If only there was some evidence of what might happen...
Exactly my experience. Hoovered up my data and refused to let me in after.
Mark Zuckerberg, folks. It matters when his default philosophy is "They trust me dumb fucks". Copying Snapchat 9 times is more of a priority than account security. He wasn't "making a good point". He's a malicious asshole who deserved jail years ago
1 reply →
Ironically, this may be one of the many straws that breaks the proverbial internet camel’s back. We all wax and wane about the old internet, the pre-homogenized, non-corporate, Wild West internet.
Perhaps these constant restrictions will finally spur us to create our own spaces again Our own little groups that exist independent of the corpo-sphere.
The only reason ‘the way things used to be’ went away was because the new thing was convenient. Well, now it isn’t anymore. So let’s just go back to the old thing.
I yearn for the days of yore when a few of us would co-lo some boxes at a small local ISP we were friendly with, where we'd get to take advantage of their always-on and (at the time) blazing-fast T1 connectivity. It was low-cost for everyone, and we'd host our own services for whatever was useful to us and our friend groups.
On the other hand: It was kind of awful when even my dialup access would get screwed up because someone's IRC server got DDoS'd -- again -- and clogged up the pipes.
---
These days, the local ISPs are mostly gone. But the pipes are bigger -- it's easy for many of us to get gigabit+ connections at home. Unfortunately, the botnets are also bigger.
How do we get back to what we had?
8 replies →
> Perhaps these constant restrictions will finally spur us to create our own spaces again Our own little groups that exist independent of the corpo-sphere.
The normies already did this. They just did it on centralized platforms like Discord. Until their backs get broken we're not getting anywhere. (Although I may be being a little too cynical.)
> Perhaps these constant restrictions will finally spur us to create our own spaces again
We had forums using forum software but moderating the spam got too hard. If you create your own space using any common software platform then you'll be pwned (a la PHP-Nuke et al). I presume even pure custom web pages would end in tears these days (DoS complaints seem to be a more recent reason; also Bot form submission is pretty good at being bad).
1 reply →
I have my small little groups. I've walked away from big sites constantly and this won't be an exception. Definitely going to cancel my Nitro today until/unless they revert this.
But leaving is never free. There's a lot of gaming communities (especially niche subcommunities like emulation, speedrunning, modding, etc) that are mostly on Discord and not anywhere else. Many probably won't move. A lot of tribal knowledge will be lost as it's locked in these communities.
Heck, even some FOSS communities communicate mostly on Discord. I have more faith they will move. But not all.
1 reply →
The fediverse already exists.
1 reply →
The interests of the people who own/control technology, and have the most influence over standards, will make sure you are forced to participate.
And they have always organized society to make sure this is the case. It's not a wacky conspiracy theory. These are just the interests of the people who create and have most influence over tech, and these interests are shared in common amongst most elements of that class. So, this class, the capitalist class, will just plan (conspire) to make it necessary for you to participate.
Viewing tech in this way makes one see that the historic development of tech is not happenstance occurrence, just tech skipping along, unconsciously, into authoritarianism, but as tech being influenced by the interests of the people who have the most influence on its development: those who own it, who are often the same people who determine standards.
The internet was never a free form idea upon which everybody could sway, its a technology owned, controlled and influenced by those who produce it.
They WILL absolutely try to place social/state/labor functions behind this wall of authoritarianism. As they already have, and are currently doing with the growing ban on VPN usage, anti phone rooting measures, anti-"side loading", etc.
It should not be absurd to suggest that the people in power have used, are using, and will use power in their favor.
I have a similar story. I quit in like 2016 or so and 9ish years later I wanted to shop for a used car for my oldest kid. I know already, of course, that Facebook now holds a monopoly on peer to peer sales of goods like that so I tried to make a new Facebook account. I was denied at the creation and told I had to try again with a video of my face (which I begrudgingly did) at which point I was denied AGAIN and told there was no appeals process.
> a monopoly on peer to peer sales of goods like that
I don't know ... around these parts (Santa Fe/ABQ) while Marketplace is very popular, Craigslist continues to be widely used for this, especially since an ever growing number of younger people are not on Facebook (either at all, or not regularly).
1 reply →
FB/Discord/etc were never the internet. They were walled gardens you could enter via the internet. This could be a revitalization of the internet - pushing people back to decentralized ways of communications.
Perhaps you may have not read about how Iran is moving to a whitelisted internet. Or perhaps you believe this will not happen in your country.
However, “think of the children” will always result in more restriction in western countries, not less. We are watching countries prove that it works to isolate from each other. Europe is not isolating from America in exactly the same way, but is isolating business processes from American services.
We are not on the cusp of the end of the internet, but the cliff sure seems in view to me.
2 replies →
My friend has a restaurant and showed me the ad he wanted to promote on Instagram about a pizza coupon was suspended for breaking the guidelines, they mentioned gambling or something. I was quite impressed. When you see that one of the "magnificent 7" is dysfunctional to that level, it's hard not to think we're living the last decades of American economic hegemony, by now propelled mostly by inertial monopolies than anything else.
The big ad networks want a cut from business users and will actively suppress posts from business accounts that haven't paid up.
But instead of paying Instagram for reach, consider taking the same budget and spending it delivering samples and coupons to other local businesses mid/late morning. Bonus points if you make the coupons unique for each delivery so you can track which local businesses are your biggest fans. Office managers are generally receptive to this kind of cold call and you can leave a catering menu. Catering gigs can keep your kitchen busy during the off hours.
1 reply →
> it's hard not to think we're living the last decades of American economic hegemony
Bit of a stretch to correlate this with Instagram suspending some guy
2 replies →
Had a similar experience after rejoining a few years ago. My account wasn't suspended for breaking guidelines AFAIK, but rather flagged as a suspicious account that required an upload of my face and driver's license. I think the account still exists in this limbo state because I'd rather not upload all of that to Facebook, and yet still not able to login to request for the account to be deleted.
That won't guarentee that you get your account back. Many times it's used to permaban you later.
1 reply →
Twitter (before Musk) and Facebook did the same thing to me... and that was a long time ago.
Discord tried to do it to me a few months ago but I refused, contacted support instead. Eventually they made it work but it took forever. Lucky for me I hate Discord so tried to avoid it anyway.
Instagram did a similar thing for me back in 2016-ish.
A family member had been sharing some photos they were taking, but only on Instagram.
So I signed up an account, verified via email and phone number. I wasn't initially able to find the family member's account. A week later after I got the spelling of their username right, Instagram popped up "Your account has been suspended". They then sent me an email saying I needed to take a photo of myself holding government ID, and a piece of paper with a hand-written code they supplied, plus a close-up photo of said government ID. No way was I supplying all that just to be able to browse some photos.
I had the same experience when I deleted my FB then years later reregistered one using the same email. I think thats kind of a good thing in some ways, specifically in the FB case because I wouldnt want someone to go online saying they are me when they are not.
Yeah, same here. I tried logging in years back and they wanted my driver's license. My last comment must have been in 2013 or so.
I don't see it as the journey's end. But it's gonna be a much quieter road if most people don't walk away from this stuff. Maybe that's for the best.
Until use of TCP/IP or DNS requires uploading a video scan, the internet will keep on.
Do you not buy/sell on marketplace? I guess this might be a wrong website to ask such questions.
I browsed for a while but didn’t see anything worthwhile.
I’ve had friends coordinate for me in the past for a couple things but honestly eBay is still my go to.
Try to remind your neighbors that you can go outside and talk to people to share news of the hood
I’m actually excited for it. We have a lot of infrastructure already in place so I’m looking forward to the internet being a deanonymized space where people watch what they say and there’s accountability.
Those pesky whistleblowers, journalists, and political dissidents have had it good for far too long. They’ve needed taking down a peg
2 replies →
It sounds like they would like the idea of Worldcoin[1] very much (I want to make sure I am being sarcastic. I hate the idea).
[1] https://en.wikipedia.org/wiki/World_(blockchain)
Oh yay, the company that told me to "just use your wife's phone" when I couldn't verify my own phone number, instead of even trying to fix the problem, now wants a copy of my face?
Pardon me if I don't have a lot of trust in their ability to keep it safe.
What realistic open source alternatives to Discord are there? I'm currently considering moving to one of these with my friend group:
- Matrix
- Stoat, previously revolt (https://stoat.chat/)
- IRC + Mumble
- Signal
For the latest in IRC tech, you can read my blog posts: https://www.ilmarilauhakangas.fi/irc_technology_news_from_th...
I wrote the summaries with my own two hands, no LLMs involved.
Thank you! I've bookmarked your website!
One thing most of those lack is an easy way to share screen.
Now if anyone wants to differentiate their Discord alternative, they want to have most of discord functionalities and add the possibility to be in multiple voice chats (maybe with rights and a channel hierarchy + different push-to-talk binds). It's a missed feature when doing huge operations in games and using the Canary client is not always enough.
Matrix screen sharing is a feature of Element Call / MatrixRTC (in development).
For now, I think they do it through their Jitsi integration. I don't know how easy it is, as I haven't tried it.
https://docs.element.io/latest/element-cloud-documentation/i...
2 replies →
Stoat has screen sharing / video calling in the pipeline at least: https://github.com/stoatchat/stoatchat/issues/313
1 reply →
I use MiroTalk for it. Within Element you can set up widgets (basically PWAs) and so you can call via Element’s built in Jitsi widget (or a more reliable dedicated Jitsi link) and then use MiroTalk to share screens. It is a LOT better, especially for streaming video.
In terms of ease of use, it’s like three clicks. Technically more than Discord, but it’s p2p streaming so it’s far nicer quality.
Jitsi does that well
Hard to say, I don't really use discord so I think of it as voice chat as a service, and for pure voice chat it is hard to do better than mumble. However from the way people talk about discord, it is also a text chat screen sharing file server. and it is hard to find one product that does all that well.
For video, both video chat and screen sharing I have had a lot of success with Galene, it offers text chat and file sharing, but they are sort of anemic and bare bones, which could be good or bad based on the needs of your users. https://galene.org/
What I usually do is start with a fossil server, this is trivial and gives you files, a wiki and a forum (none of them super good but like I said trivial to set up) then if I want voice, mumble is my normal route, but galene is growing on me more and more, the web interface makes buy in from the end users trivial and despite it being nice you almost never need the cool room stuff you can do with mumble.
But I am a sys-admin, I like running servers, hell, I find I enjoy running the servers more than I like playing the games. Plus, statistically, I have zero-friends, it is fine to say a server is great when only one other person has used it. That is to say, my results may not be typical.
I think Matrix is the closest equivalent that's reasonably popular, at least for text messaging. There are both web and mobile clients and they interoperate seamlessly. It's also at the point where it somewhat reasonably works for the average user, rather than being the usual UX nightmare that teaches people that anything open source or anything pushed by their nerdy friend should be avoided.
This seems like a nice breakdown of some options:
https://taggart-tech.com/discord-alternatives/
(Not affiliated)
Honestly, this is HN and founders should pay attention to this. People don't want to host their own shit, they want a one-click easy switch. All of these alternatives have baggage.
This is your chance to start Bluesky for discord. A competently built, VC backed competitor to exploit a misstep only caused by government overreach due to their colossal market share. 26 million daily active users is a nice guaranteed market to start whittling away at, with an effective marketing campaign to drive a wedge between "little gamers, and big corporate enshittification."
9 replies →
Revolt's rename to stoat is probably worse than any rebranding MSFT done ever.
It's because of the trademark: https://news.ycombinator.com/item?id=45626225, not sure how accurate it is, but it makes me want to revolt .
1 reply →
"[beaver emoji] Revolt is Stoat now"
Argh. If there's no stoat emoji, petition the Unicode Consortium for one, don't just use a beaver. It's not even the right family; the badger emoji would be closer.
It's open source, I'm tempted to fork it and do nothing other than change the branding.
Does matrix have decent 1:N client desktop broadcasting with low latency (and high fps) yet? I use discord for "watch parties", video and tabletop gaming...
MiroTalk can be made into a widget on Element, is open source, and is P2P after the initial connection.
Which of these has been around for over three decades?
That would be my answer.
Same, depends on what you expect in terms of features and so on, but for chat, IRC works perfectly.
1 reply →
Discord's voice rooms with screen sharing is a very cool feature i depend on daily. I haven't seen opensource messenger that implemented this yet.
Jitsi handles this very well.
I personally would advocate the combination of Zulip for text chat plus Jitsi for calls and screen sharing.
3 replies →
Diode Collab - not fully open source but network and client are all open source. It has dramatic privacy commitment (stores no data on servers, decentralized user-to-user routing, no PII/phone/emails). Diode team just added STUN/TURN to the network last month and streaming will come soon. https://collab.diode.io
Worth looking at Diode Collab too No PII, E2E encrypted, p2p. Not 1:1, but its Zones are Discord-like. https://collab.diode.io
You've pretty much covered all the open source alternatives, other than rocket.chat which is more similar to slack. This has a good list - https://medium.com/@jingjunm/the-best-alternatives-to-discor...
If you don't NEED the open-source, pumble and steam group chats work great too
I wonder how Stoat will fare, and how it is currently maintained, in terms of "making money"; my fear is that it would steer into the direction of Discord itself.
Currently financed on user donations. The future plan is to intoduce further features which are costly to provide behind a paywall to remain sustainable.
Check out Diode Collab. It’s private communities to join/create, no IDs/personal info needed, fully encrypted, and keeps your data under your control. Not a voice clone, but great if privacy and community joining/creating is the main thing.
For me, the closest alternative to Discord is Stoat. Matrix with Element (or other clients) would be great, but it feels so slow on both desktop and mobile.
IRC was here before Discord, and it will still be here after.
I've never heard of Stoat. Looks like IRC but it's Electron. Total waste of time.
IRC does not support group voice & video calls, which is one of the primary features of Discord (and previously Skype, from which everyone migrated to Discord in the first place)
8 replies →
For most Discord users IRC simply does not have the feature set that people need. Basics like simple drag and drop media sharing, threaded conversations, emoji reactions and voice comms, up to more complicated stuff like screen sharing and video calling.
1 reply →
The real sin is that if they went with electron, they probably could have gone with a web app, and while web apps have downsides, they make fellow user buy in trivial, instead of "download this client" it's "go to this web page"
I am especially bitter because electron advertises as being "cross platform" by which they mean that it also runs on linux and as a openbsd driver I get to go "cross platform my ass" and then weep because of how close I am, if it were a web app it would probably be trivial for me to to run. What I really want is a method to unelectronify electron apps.
Snikket (https://snikket.org ) with Monal as the iOS client
Requires hosting of the private server (security/privacy implications) or renting it from the third party.
1 reply →
Zulip?
I keep wondering why Zulip is so often left out of reviews and tooling comparisons. For me it ticks a lot of important boxes, yet it barely gets mentioned. Is there a downside I'm missing, or is it just under the radar?
The concept that every message belongs to a topic and the async communication focus makes so much sense to me. I read conversations, not timelines.
6 replies →
https://zulip.com/
I have found Element and Matrix to be totally unusable in iOS
Element’s awful, but I’ve found FluffyChat, another matrix client, to be a lot better, albeit with a very silly name.
https://nostrapps.com/flotilla
Matrix has been trivial enough for me to implement with some of my non-technical friends. YMMV
Last I checked Signal was not fully open source, which is iffy, believe their encryption protocol is still closed. That said its the best of a bad bunch for E2EE messaging. If you're on android I'd recommend doing what I do, which is installing from the APK on the site, manually verifying the sig locally (you can use termux for this), and then lagging ever so slightly behind on updates to avoid potential supply chain or hostile takeover attacks. This is probably over cautious for most threat profiles, but better safe than sorry imo. Also their server side stuff is close sourced, technically this isnt an issue though as long as the E2EE holds up to scrutiny though.
Edit: My information may be out of date, I cannot find any sources saying any part of the app is closed source these days, do your own research ofc but comfortable saying its the most accessible secure platform.
They'll have to "partner" with some company that's in the business of building a database of IDs and biometrics to do AI things with. Other companies in this space (Jumio) have a bad habit of ignoring privacy laws and will keep your information for years.
I wouldn't mind showing my ID to a person (in person), but there's no way I'm letting some company get a scan of my ID or passport to store in some giant database that's a rich target for hackers. Might as well give them access to all my bank accounts (Plaid) too.
(It sure would be nice if there were a national privacy law in the US.)
Also, it's illegal for companies to use facial recognition in my jurisdiction, so if I allowed them to "verify" me, they'd be breaking the law.
>They'll have to "partner" with some company that's in the business of building a database of IDs and biometrics to do AI things with.
Palantir? /s
To add context to the discussion, it is important to recall that Discord was reported to have recently filed paperwork with the SEC for an IPO [1]. Thus it seems likely that the real reason for the age verification (i.e., user identification) policy is to boost its perceived earnings potential among Wall Street investors. According to this theory, Discord is the new Facebook.
[1] https://techcrunch.com/2026/01/07/discords-ipo-could-happen-...
Thanks for the context
Ignoring the implications of this for the moment, let me broach a related (and arguably more important) question: what do you do when you have multiple communities you interact with only on one platform, and suddenly that platform becomes intolerable for a subset of your community?
It is the same as what everyone did after the reddit fiasco i.e. protest, boycott, grudgingly use it while complaining and then finally accept the change.
May be this discord episode will have better outcome for the masses.
Reddit dropped a lot in quality after that. I suspect a lot of people stopped posting, even if they did continue using it in some capacity.
3 replies →
Platforms lose momentum when these events strike, and momentum loss is the death knell for social platforms. Reddit's missteps have put it on a downward spiral. They may hang on, even for an impressively long time, but recovery from this point is very difficult and usually involves transforming or re-forming the vision.
It can be done. It takes the right leaders. Most are unfit for this particular challenge.
For me, I just stopped using Reddit. Turns out that I’m happier without it.
1 reply →
In the attention economy, you rarely become obsolete overnight. It's a more gradual shift of user focused being spent other places.
That's not what happened with the X nonsense, a lot of people went to mastadon/bluesky.
I moved to Lemmy and it reminds me of 2006 era Reddit
3 replies →
It seems like the answer is pretty obvious. That subset of the community stops using it and uses something else, and the others either follow them or don't.
You, if you're not in the first group, can continue to use both to communicate with everyone, but some of them lose the ability to communicate with each other.
The ideal outcome is for everyone to stop using the intolerable thing and switch to a tolerable thing. That's even what often happens over time, but not always immediately. Probably do anything you can to make it happen faster.
People tried warning that moving all your discussion forums into a proprietary, closed, unsearchable platform was a bad idea. And it was. But nobody cared.
I'm seeing Groups.io show up more for hobbies/interests I have. It seems email can be a way to slow down heated discussions. Perhaps at the expense of push-back on using more email?
Anyone have any experiences to share with moving their discussion groups from Discord to Groups.io?
discord being a closed, unsearchable platform is one of its main features.
So you want to go back to mailing list and run your own email server?
5 replies →
If this happened 15+ years ago, a huge chunk of the userbase likely would've migrated to alternatives, potentially resulting in Discord being replaced and falling into irrelevance.
Today, though, no chance that happens. The current generation literally grew up with it, same for most of the other established social media apps. The concept of alternatives largely does not exist for them. And besides, they were probably already sending pictures of themselves and other personal data to each other through the app, so it's not like Discord doesn't already have all of that.
There's also people who have been through enough of these moves and community splits that they're incredibly tired of it all.
2 replies →
I mean, I grew up with AOL AIM, Yahoo Messenger, and IRC... yet I switched every time a new tech came out with more of my friends on it. Why do we think discord will be any more sticky than Digg or Slashdot, or any of the above?
People will migrate, some will stay, and it will just be yet another noise machine they have to check in the list of snapchat, instagram, tiktok, reddit, twitter, twitch, discord, group texts, marco polo, tinder, hinge, roblox, minecraft servers, email, whatsapp and telegram, and slack/teams for work.
Absolutely exhausting to be honest.
5 replies →
We start a new app. Opensource Discord, Self-hosted, federated. Serving that subsection that cares about privacy and security.
Discord is a good design, and should be replicated rapidly with mutations from competitors galore.
Revolt/stoat has existed for quite a while: https://itsfoss.com/revolt/
1 reply →
> Opensource Discord, Self-hosted, federated
Sounds like you want https://matrix.org/
> Discord is a good design
Then the main, reference client https://element.io/ or https://fluffy.chat would work great for you.
... With the only caveat being that general experience of using Matrix is awful.
I second the other commenter's suggestion of using https://stoat.chat/ or as it used to be called: Revolt, which matches the "Opensource Discord" requirement perfectly.
5 replies →
Mumble already exists. IRC exists. Matrix exists. Discord is a surveillance tool by design. Jason Citron pulled the same hijinx with Aurora Feint, but I assume he has been betraying users to CIA-and-Friends from the start so he gets a pass for breaking the same laws.
Nobody scales free, high-bandwidth services without some dark money support from feds or worse.
Remember when Tumbler banned porn? People migrated to other platforms like Reddit, and it died.
Musk being a Nazi made twitter lose big enough chunks of their community to start Bluesky. Not big enough to do any real damage to the platform, but it still provided critical mass to a fledgling app.
WhatsApp having a sketchy relationship with the US government boosted Signal.
Sooooo, what is a good discord replacement?
Oh I think it definitely did damage, just not enough to kill such a massive platform overnight. Twitter has lost a significant amount of users while other social networks grew or held steady, and the cultural impact seems to have waned a lot.
I've never been a regular user of Twitter, pre or post elon era, but a lot of people I follow in other ways used to be very active on there and discussions would often spill over into other venues. That still happens a bit, but much less than before.
Its hard to say. Reddit is still a shit show, but I still peer into niche communities you won't find anywhere else on the internet.
Discord is even more niche than that. There's tons of IRC esque group chats of that's what you need. But a community: not so easy to replace.
Most everyone will go down the path of least resistance. A few outliers will try to resist, get old and/or tired. A few of the few will reach acceptance, comprehend the serenity prayer. A few of the few of the few will reach enlightenment.
What you do depends on where you're at - statistically, you'll go down the path of least resistance which is totally, totally fine.
Try to tell them it's a bad idea. And be ready to leave that community if nothing changes. That's pretty much the way of life for an internet vagrant. Maybe you hope the community migrates too. Maybe you try to remake the community. But those aren't in your control.
I left Facebook, left Reddit (never really had a Twitter). This won't be different.
One of the starkest social desirability biases in tech is between federated and centralized platforms. Most people, in public, say they support distributed, federated systems, but when push comes to shove, they all use centralized platforms anyway.
atproto is a really good attempt at solving this issue
Shake your head and move on.
It's not like we haven't seen closed source applications become hostile to their users before. And it's not like we didn't warn people about it.
I hope that this causes enough outrage that Discord starts to lose its effective-monopoly for gamers and other folks. The platform has been getting more and more shitty over time and it isn't healthy for one product to have this much power.
I would guess that there needs to be a clear, cheap, easy to use alternative to discord in order for a large numbers of communities to move over. It probably has to be a single clear alternative as well – multiple will exacerbate the decision cost
Gilded used to exist but it's seemingly gone now. The power Discord has is quite insane, to the point where people haven't even seriously tried to compete it seems.
The sad thing is that I think many people will en masse pony up their ID or snapshot without a second thought. I'm not sure if enough people will refuse to actually force Discord to back off this decision (unless their idea is to grab as much data as possible at once with the understanding that they are going to back off either way).
I don't imagine this was a 100% their decision, it's more like a response to the epidemic of all the world's governments suddenly coming up with adult verification schemes. Discord has already required it in some countries, and it's definitely easier to get everybody to verify themselves than require it on a per-jurisdiction basis. The personal data they get is a cherry on top.
Also, this is just the beginning, more social networks will require the same soon.
They don't have to comply in advance.
I wouldn't call it a response, but rather another thing that normalises ID verification online. Now all these governments can use Discord as a reference that (1) this is possible at scale and (2) companies are willing to do this.
Seems like an unforced error to implement this before being forced to.
Especially if it's presented as a pop-up upon launching the app that suggests the user won't be able to talk to their friends/servers without showing ID. Carefully worded language would could spur some % of users to panic at losing years of history and immediately show ID. Folks with less privacy discernment hear "jump" and reply "how high".
> panic at losing years of history
I used to be like that. It was unsustainable and ultimately mentally unhealthy.
1 reply →
Sounds like when Netflix reneged on family accounts.
I cancelled my account in protest, but their financials say they made money on the change (and thus all the execs are happy with it).
If it helps, it really seems like Netflix is only "making money" these days off of cutting programming and workers. It's not a sustainable way to grow and it will hit a wall soon.
2 replies →
I had the same thing with Reddit and let it see my face. It didn't bother me much - I don't really do anything more exciting there than this sort of hn comment. If I wanted to post controversial / illegal stuff I'd make a separate account.
I have done that for stripchat which was also requiring it. Not happy with it but I'd rather use a selfie than a whole ID document which includes an image anyway.
The thing is, what other option do I have?
I'll continue using Discord in teen mode, I guess. I'd rather not lose the current connections & servers I have on there, and I'm not optimistic about people migrating away, especially non-tech people.
I get the draconian side of things, but I am also tired of thousands of russian, indian, domestic-funded etc. bots flooding the zone with divisive propaganda.
In theory, this seems like it would at least be a step in the direction of combating disinformation.
I'm curious if there are any better ways to suppress these propaganda machines?
How do I know that this message isn't divisive propaganda posted by a bot?
1 reply →
I don't see how disallowing viewing "age-restricted" content through Discord without giving them your ID would have any impact on the spread of disinformation, outside of like, disinfo in the form or pornographic or gory images.
In practical terms, it just ensures that the only bots flooding the zone with propaganda will be the ones owned by governments in whose jurisdiction Discord is.
I was planning to do that. My work chat is on Discord. I am an adult. Google and Netflix have my legal name and credit card number. I don't see how Discord having my ID is any worse.
The issue is that it's yet another platform that could leak your data? Why would you ever want to increase that chance?
Also, I'm not sure you would need to give discord your ID unless you're sending porn in your work chat or something.
5 replies →
I have mentioned this before, but age verification can be solved by hash chains. They can prove age without compromising privacy.
It is crazy that the solutions Discord goes for are IDs and selfies. It definitely gives the impression that there are shady ulterior motives.
Hash chains are simple. If they were adopted, Discord would clearly be in bad faith taking the steps that they do now. If you search you will find quite a bit of information. My introduction to hash chains is for for age verification specifically: https://spredehagl.com/2025-07-14/
The EU is working on a actual privacy-preserving initiative [0] that allows owners of ID wallets to verify their age, without their actual age or personal data being transmitted. The standard and reference implementations are open source on GitHub. Yet everybody screams uploading IDs and total government surveillance.
[0]: https://ec.europa.eu/digital-building-blocks/sites/spaces/EU...
Dear littlecranky67, as overseer for your digital wallet, I am happy to inform you that the owner of the discord server kinkydwarfporn doesn't know who you are and your privacy is protected.
Signed your friendly EU official.
As long as someone in the chain is able to physically connect the dots it is game over for privacy.
4 replies →
The same EU that is trying to backdoor every messaging app to "protect the children" TM? I 'll use their ID system on my dead body.
8 replies →
If the input is "give ID", what the software claims to do is almost meaningless since you cannot prove that software was running. What do I care that someone can tell me they built a privacy-first way of validating IDs/age if I cannot be sure that is the software they are running?
They can just as easily save the ID to disk and return "all good" for all I know.
No, the solution does not require that.
It requires that Bob proves posession of a private key, that only he has ever had. That private key could be generated specifically for the commitment that he got from Alice.
Well your solution includes handwritten signatures and everyone being a handwriting expert so that they compare handwritten signatures. I wouldn't call this an elegant solution.
That is what the example uses. In the real world that would be a digital signature. Look under the heading "Fitting the parts together" to see what the real world solution could be like.
Even easier, just get tokens that carry no other information from ones government, and the government runs an API, that for a given token tells whether that token is valid. Can tokens be stolen? Maybe. Can your face be stolen? Today yes.
Hash-chains allows the solution to be token-less. You no longer need those per transaction information leaking API calls. You also avoid dependency on a single provider.
The communication in connection with a transaction would only go between the identity owner (Bob) and the provider (Cycle shop).
No API, they sign the tokens with the government's private key and you verify them with the government's public key
If discord needs to contact an API, then the government can associate the token with you, and you with discord, and know what you browse online. No thank you.
What's stopping kids from all using the token of that one older brother?
4 replies →
Something like half of Israel's economy is intelligence gathering wtf do you think is happening here it's pretty obvious. economic leverage, surveillance, foreign influence, tech exports being used politically, etc.
I'm not sure how hash chains would resolve the fundamental issue of needing to send your ID or similar to some random third-party company that does god-knows-what with it (probably stores it in a publicly accessible path with big "steal me" signs pointing at it). That they need to attest to your age means that they need to trust what your age is, which has really just moved the problem one layer deeper (as far as I can tell).
I assume by third party you mean the authority, and yes, the authority would need to know your personal information. At least enough of it to verify your age. So the ideal is that the authority is the entity that already knows your personal information. Like the entity that issued your passport to you, or the one that issued you drivers license.
But even if the authority was a private company, I think it would be an improvement compared to the current situation. In this situation your personal information would be held by this one company, and not whatever provider that needs to verify your age. Also, you would be able to use the commitments, that this private authority gave you, without any coordination afterwards. The authority would not know about your transactions.
How would that mechanism work in practice, though? If every parent needs to become a trusted authority, wouldn’t that just move the goalpost? Who would be the trusted authority, and who would implement that?
I agree that the mechanism is elegant, but figuring out which entity should be trusted in a way that scales globally is somewhat difficult.
Realistically this would be another service attached to the government ID. Something like this does function in some European countries, doesn’t it?
3 replies →
The use of the parent is an example. In reality it would be some official age checking provider (maybe the government).
1 reply →
How difficult would it be to add further anonymization? Let's say I want to prevent the bike shop from building a usage profile on the basis of the age check (e.g. because I'm buying booze). Would I just need to get more chains from Alice, or is there an easy way to integrate e.g. group signatures into the scheme?
I think the way to go would be for Alice to give you lots of commitments. They are computationally light-weight to generate anyway.
That would at least be a good and also simple solution. Maybe there is a perfect solution, but then I dont know it.
If you wanted to implement this in real life, who plays the role of Alice?
I think that whatever organization that issues your passport, would be a natural choice for setting this up. But it could be some other authority. In a way it is the identity owners and the providers that decide who they will trust as authorities.
this is just a think of the children attack
I talk to three people on Discord. If I have to choose between A) giving Discord my ID, B) giving Discord a fraudulent ID, or C) just chatting with them on some other program, I'll just go with C. If I cared about Discord more I guess I'd figure out B. May get started with C ahead of time anyway.
If all you use Discord for is chatting with 3 people, these changes will have zero impact on you and your daily usage. You wont ever see an ID prompt.
It will impact me since I've decided to go with plan C ahead of time. Hard to keep track of everything every company does, but I'd rather not use a service that is unnecessarily aggregating facial scans + IDs of its users.
You don't have to make excuses for corporate decisions that damage user privacy.
[dead]
What am I missing? According to this, the only difference is you get a warning popup when someone new DMs you, right? And they can't send you images flagged as porn?
How does this impact you in any way?
I'm generally opposed to services unnecessarily wanting IDs, content filtering for direct messages from my contacts, unwanted popups (it's already annoying when my friends send me a link to a site I haven't visited from discord before and it "warns" me and you cannot disable this entirely useless popups), and things generally becoming worse.
A lot of these things are normalized already, but requiring IDs is not and I don't want to see it become normalized.
Ultimately, they are free to do what they like (or perhaps being unnecessarily pressured by various govts) and I am free to leave the service.
4 replies →
this is hilarious, person who barely uses service says he will leave the service, what a concept
I think she is a polarizing figure to some, but journalist Taylor Lorenz has been complaining about this sort of thing for a long time. She has been increasingly warning about a future in which we need to scan IDs for all of our online services, in the name of protecting kids. (With the obvious implications about that data leaking, governments using it to track dissidents, etc.)
She's great but also damned to be a Cassandra, unfortunately.
Future? Just look at China. They do all this already.
[flagged]
Please do not fall of the deceptive language that is used here. They're calling this "teen experience".
This is not about "i see gentila we ban". They're very vague about what is obscene, sticking to that level of a consistent definition, and they're very heavy handed in punishing.
They're introducing a highly restricted experience unless you hand over your details to either a "technology" (which that's very unclear about how honest they're being) or a company that has been caught for leaking sensitive details.
Yeah the LGBTQ folks I know are highly suspicious of how this will roll out.
It's a relief to finally read that Discord is indirectly shutting down and getting rid of it's users. It was inevitable but dragged out far too long with all the VC money to burn. Hopefully everyone can figure out how to use XMPP and/or get back on IRC. It is a genuine shame how much culture and information will be lost inside their walled garden though.
XMPP and IRC are great and all but a massive part of what people use Discord for is group voice calls with screen-sharing. I'm not sure what the alternative is for that. TeamSpeak is the closest I can think of but it's not a 1:1 replacement for a number of reasons.
We use Jitsi for voice/video calls + screen sharing (but I realise you may be talking about all-in-one alternatives)
1 reply →
IRC is a much more impoverished chat experience than Discord/Slack in a bunch of ways. Suggesting that people "get back on IRC" is not a serious proposal for making it possible for groups of people to chat online without being subject to identity verification or censorship.
I'm afraid the thing that would be replacing Discord will be even worse
I think it is more likely that the next best platform will end up gaining three principled civil libertarians and about seven zillion witches.
I think Apple / Google need to implement verification on the device - we already accept the device knows who we are.
And then social media platforms should be able to have the device confirm the user is over 18 and that’s all they need to know.
This only applies if you take all those "protect the children" initiatives at face value. It seems to me that the actual reasons are different. Governments want to police speech online and be able to arrest people who say things they don't approve of, so they are pushing platforms to collect user's PID. Some also want to discourage people from doing things they don't want them to do but that are politically unfeasible to criminalize (watching videos of consenting adults engaging in all kinds of sexual acts) and adding more and more friction to the process (no pun intended!) is the best thing they can get. And the internet companies want more of your data to track you.
Yeah I 100% agree - but if you give them an alternative way to do the same thing without everyone having to get IDed - then I’d they still want that they’ll have to come out and be explicit.
Like the UK, where you can tweet that someone should burn down a hotel full of migrants, and you can be arrested for tweeting that.
Or like Russia, where you can tweet that you don't like the president, and you can be arrested for tweeting that?
17 replies →
That would either mean you can tell the device to lie (which makes it useless), or that you don't own the device you use (which makes it unacceptable).
The thing is though - only KIDS need to not own their device. With parents overseeing it.
Why do we even need to age check adults?
> or that you don't own the device you use (which makes it unacceptable)
It's already like this, unless you go out of your way to install a custom Android rom, which 99.9% of people will never do.
I agree it is unacceptable.
Apple already has this https://developer.apple.com/documentation/declaredagerange/ I saw Claude app request it the other day.
Apple actually has this already. For countries that support IDs in Apple Wallet there is a "Verify with Wallet API" [1] and for other countries the app developer can get the age range from the iCloud Account [2] - but that is not verified with any legal authority and only based on user input.
1) https://developer.apple.com/wallet/get-started-with-verify-w... 2) https://developer.apple.com/documentation/declaredagerange/
At this point might as well...
There is a news story every 12 minutes for a company that leaked IDs
I really think on device verification is the way to go - and I don’t even see why we need to use ID.
Parents are always in control of a kids device. Just mandate devices have a child mode that parents can activate and have it send a ‘this is a child’ flag to all websites and apps.
But this assumes this isn’t all about ID checking everyone online, which is what it’s really about.
I have my Gmail account since they were on invitations, circa 2004, and Google certainly knows this. That's the ultimate proof I'm an adult :-) That information could be exposed and used by 3rd parties.
Happily walking right down the path they are leading us down...
A world where nothing can be accessed except through a Google or Apple hardware-attested, photo ID verified device
How would that work on a PC? Not everyone uses Discord on their phone/tablet.
jumping from the frying pan straight into the fire.
why on earth would you give Google or Apple more attestation power and control.
IIRC EU was going for a zero-knowledge-proof of age system, but I guess discord isn't going to be using that then. (I don't think the ZKP system is available yet)
(here's part of it: https://digital-strategy.ec.europa.eu/en/news/commission-rel... )
This is the true solution that gets the best of all worlds. The tech is just too immature still but this will change soon I hope.
For those curious, check out zkPassport (https://zkpassport.id/)
> The first option uses AI to analyze a user’s video selfie, which Discord says never leaves the user’s device. If the age group estimate (teen or adult) from the selfie is incorrect, users can appeal it or verify with a photo of an identity document instead.
Are they shipping a video classifier model that can run on all the devices that can run Discord, including web? I've never heard of this being done at scale fully client-side. Which begs the question of whether the frames are truly processed only client-side...
Can't you just modify the client to send the resulting signal then? I'd anticipate a ton of tutorials like: Just paste this script into the console to get past the age gate!
[dead]
They could use AVF pKVM for this (which'd require a partnership with Google) but that of course requires locked bootloader + remote attestation..
So actually, I hope they're just lying..
It will be easy to check with devtools when the update is released
I understand the frustration towards Discord, especially because this is a global rollout of a policy they're only required to enforce in specific countries, but it's IMO misdirected. They're likely trying to get ahead of the legislation. The way the winds are blowing indicates the Western governments that haven't already passed legislation mandating ID verification soon will.
You can move to $ALT_PLATFORM but unless it's self hosted they'll eventually have to enforce the same policy.
Direct your anger at the geriatrics in government who don't understand the risks of these laws first. You only have to watch the TikTok CEO's hearing in Congress to see how American politicians don't understand technology.
Platforms want this, they're happily implementing it because they'll get a mountain of data to train on and sell, and they'll finally get to sell their userbase as real monetizable humans to their partners.
The more precise the profile the more money is fetched for you at market.
This. Still canning my nitro sub for now as I do think they should hold off until necessary, but people ignore that the root of this trend of ID verification is governments who are willfully ignorant to having staff who can accurately assess the technological landscape and enforce smart regulation.
> Direct your anger at the geriatrics in government who don't understand the risks of these laws first.
No offence but I think you are being extremely naive if you think that the people in power and the lobbyists who have spent the last 10 years relentlessly pushing for ID verification online and mass content scanning in the US and in the EU do not know what they are doing.
Here is the thing, most people are increasingly unhappy about the way things are going whether they are on the right or the left of the political spectrum. Governments can see that and don't want to see what happened in Nepal recently repeat itself. So they are getting ahead of the curve.
First require everyone to ID themselves online, then tie everything you say to your ID then use that against you one day if you decide that enough is enough.
The western countries are looking at what China is doing and simply iterating on it. They wrap it in a nit little bow to either "fight terrorism" TM or "protect the children" TM.
This is a pure power play meant to save their asses and the people who have been warning that this was always going to be going in that direction have been ridiculed and called conspiracy nuts but here we are.
Look at OFCOM in the UK. First it was to protect children form porn. Now they are looking to expand their powers to moderate speech online based on what THEY think is acceptable. If the EU gets it's way, you'll have client scanning in all messaging apps across the EU. And it won't stop.
This sort of thing is never about protecting kids, reducing harm or whatever they call it. It's about control about what you see, what you write, all done with the purpose to determine if you as an individual will become a problem for them in the future.
Platforms want this because it means they can get rid of the mountains of money they were paying for moderators to keep "child unfriendly" content off their platform
"If your kid is on Discord, and sees something they shouldn't, it's their or your fault, not ours"
> They're likely trying to get ahead of the legislation. The way the winds are blowing indicates the Western governments that haven't already passed legislation mandating ID verification soon will.
Isn’t that the first rule from On Tyranny? “Do not obey in advance"
Who implements these idiotic policies? We do! Politicians could not code their way out of a paper bag! Giving up is not the solution. Refuse to do it. Make ID pass for a full-white jpeg.
I'm not necessarily opposed to age restrictions, but letting each website figure out its own age verification system is a terrible idea. Uploading your ID to lots of websites opens you up to identity theft.
Any government that demands age verification from websites, should offer an eID system where each site can redirect you for the age verification. That way random sites don't have to worry about handling sensitive data.
Yes, a good digital ID system would enable age verification in a way that protects privacy.
It's kind of surprising that no-one has really come out with a proper privacy-preserving approach to this yet. It is clearly _possible_; there are reasonable-looking designs for this. But no-one's doing it; they're just collecting photos and IDs, and then leaking them all over the place.
Here's my solution: https://news.ycombinator.com/item?id=46447282
The problem is privacy activists and free speech activists (though there's some overlap between the two they aren't the same) oppose age verification by any means since it has the potential to infringe on both ever so slightly. Meanwhile age verification gates are being demanded and thrown up all over the Internet at a frightening pace. So we get only the maximal data collection solutions implemented by people who don't give a shit about privacy or free speech. And the mass surveillance cheerleaders egg them on.
If privacy and free speech activists understood that a proactive, privacy-preserving approach to age verification is the best outcome we'd be better off.
You need to process that other people disagree with that claim, and do not believe we'd be better off.
We should not accept the Overton window shifting here, and say "well, if we do it to ourselves, in a privacy-preserving way, that's less bad".
9 replies →
Much like DRM, there is no good option. Its a fundamentally bad thing. If parents want to abdicate their parental responsibilities, their children should bare the cost of that, not millions of strangers.
2 replies →
The issue with your solution still comes down to yet another centralizing middleman with no real incentive to be efficient. And all the incentive to lobby governments and extract more wealth from the people.
This can of course be done government by government, but that isn't scalable for a global company.
4 replies →
There is no 'half-pregnant' option. Compromise is synonymous with 'bring into danger' for a reason. They are right to be dogmatic about rights - believing that is like believing it will really be 'just the tip'.
> ever so slightly
It’s not “slightly”. They’ll start with claiming to protect people under 18 from obviously problematic content — porn, grooming, etc.
It won’t stop there. The scope creep will extend to expressing or reading “incorrect” or “dangerous” views.
They’ll probably call some of it “hate speech”, but hate speech is whatever the people in power say it is; on X, “cisgender” is designated as a slur and gets your post censored.
The slippery slope fallacy is only a fallacy if the slope isn’t slippery — “think of the children” is a wedge bad actors are once again trying to use to open the floodgates of censorship.
They don’t even need to target adults; if you control what children can see and express, you have enormous control over all future generations of voters.
6 replies →
It is only a matter of time before ID verification means the camera is always on watching the face of the person looking at the screen.
That's why I put black tape over my front-facing camera.
1 reply →
They do not want to solve the problem, they want to collect our IDs. If they would have wanted to actually solve it they would not have done this on legislations where it is not a requirement.
> It is clearly _possible_
Is it?
I don't think it is.
I truly don't believe that there's any possible way to verify someone's age without collecting ID from them.
It's possible to (cryptpgraphically verifiably) split up the age verification and the knowledge of what the verification is for.
It would seem like a naive solution would be some arrangement where Discord would ask for a proof-of-age from an official service ran by the State (which issues your ID)
Well you could have government-run cryptographically signed tokens. They're already in the business of holding ID data (i.e. they don't need to collect it and this wouldn't increase the attack surface).
But assuming it has to be a private solution, you could do the same thing but make it a non-profit. Then at least _new_ services you wish to use don't need to collect your ID.
many countries already have a working system mostly integrated, so yes, i would say it is possible.
the government should issue physical tokens that are sold wherever you can buy booze or smokes. when you login to a service that needs age verification, you type in the code from your age token.
its pretty cheap, its low-tech, we are already accepting of showing id to a store clerk privacy-wise, we generally trust the enforcement mechanisms around smoking/drinking already, it would be easy to expand existing laws to accommodate selling them/punishing misuse.
https://www.apple.com/newsroom/2025/06/apple-expands-tools-t...
What are your thoughts on Apple's approach? You still have to provide your birthdate to apple. But after that, it only only ever shares your age range with other companies that request it, not your birthdate.
This is great, but if and only if it remains an opt-in choice that enables parents.
There is a stark difference between enabling choice or compelling it.
Somehow in the last 15 years, we have completely lost sight of agency-based ethics as a founding and fundamental principle of western liberalism.
This has been replaced with harm-based ethics. Harm has no fixed definition. There is no stopping rule — when will we have eradicated enough harm? It’s declared by fiat by whoever has the means to compel and coerce — and harm inherent in that enforcement are ignored.
As others have said, it’s obvious that no real attempts have been made by anyone to create a privacy-focused solution because the end goal is to collect photo IDs.
Occasionally in my free time I have been tinkering with a certificate-based solution that could fulfill this sort of need for age verification. It’s not the most robust idea but it’s simple enough using most of what we already have. Creating a minimal protocol which doesn’t share actual identifying information nor metadata of the site you’re accessing is trivial. If I can make an 80% solution in less than 100 hours of my free time then some groups with more money and intelligence could propose a dead-simple and easy-to-adopt solution just as easily.
No privacy is simpler and the simpler solution is cheaper. If there's no real incentive to go with another option, companies will go with the cheaper option.
They dont want it to be private. They want to profile you and sell your data
mDLs support selective disclosure of age.
[dead]
There's a special phenomenon that happens as startups grow large. They begin to drift away from the ground truth of their product, their users and how it's used. It's a drift away from users. And a drift towards internal politics. A lot like Rasmussen's drift towards danger, https://risk-engineering.org/concept/Rasmussen-practical-dri...
As startups grow beyond a critical threshold, they start to attract a certain type of person who is more interested in mercenarily growing within the company / setting themselves up for future corporate rise than building a product. These people play to the company's internal court and create deeply bitter environments that leads to more mission-driven individuals leaving the company.
Which is why we end up with decisions like OnlyFans hitting $1B / yr in revenue (with extreme profitability) off of porn and then deciding to ban porn, https://www.ft.com/content/5468f11b-cb98-4f72-8fb2-63b9623b7...
Or, Digg deciding to kill its "bury" button and doing a radical "redesign" that made Reddit worth billions.
Unity's decision to update its pricing. Sonos' app "redesign" etc etc.
Corporate vampires will cheerfully slaughter your golden goose. Or, in the best case, severely cripple it.
I think this decision is more defensive than "losing touch with their customers." The winds are shifting in other countries that are cracking down on social media use for children. Discord does not want to get caught in the shit storm of legal issues if they fail to comply. This is a proactive measure.
> this decision is more defensive
That is prioritizing internal politics over the realities of their product. The Discord userbase is young. And it serves a variety of use cases / the same account can be used to access open source communities, coordinate video game time with friends, interact professionally, and have a supercharged group chat for close IRL friends.
In other words, Discord is the app where maladjusted early 20-something leaked classified data to impress his teenage friends. https://www.washingtonpost.com/discord-leaks/
Any decision that isn't along the Apple's hard privacy stance lines, "we'll protect user privacy" is prioritizing the discomfort of that decision over the user base / use case.
1 reply →
This is the real issue, and it's why just cancelling your discord subs and moving to stoat or etc isn't a solid long-term strategy. If KOSA passes in the us basically every platform will have to do something like this.
5 replies →
I think this is about "losing touch with their customers" and the need to IPO and make money from the customers.
The thing is, most of discords users are in countries which haven't yet passed laws that ban children from using apps like discord. If they were privacy focused they could do this only where the law requires it, like Australia.
Yeah, this really seems like it's our politicians screwing us. The older I get the more harmful politicians seem to be.
5 replies →
In pretty much all cases, the companies in question had peaked were experiencing declining growth and attempting to do a hail-Mary... and failed miserably.
Compare Digg and slash. One completely died, the other has stuck with its formula and hasn't disappeared, but has just faded into irrelevance.
that's true, guilds moved to discord because it was easier to use than teamspeak
I don’t think this is a phenomenon. At the best places I’ve worked, I’ve seen success correlated with actual user value. You do find climbers at certain places but I tend to think it’s a large reason they fail.
Also, I don’t think your OnlyFans analogy holds up. My understanding is that their threat to ban porn was a stunt. A pretty effective one.
Do you have reading on it being a stunt? That seems like a huge gamble. You’re basically inviting competitors and pissing off your supply (content creators.)
If they view you as unstable, unreliable, or adversely motivated, they will look for alternatives to at minimum diversify. It’s their livelihood.
1 reply →
I think this is actually a different growth problem, which is that they became so large that several countries are designing new regulations that specifically target them. I think discord is trying to spin this into a regulation-as-moat opportunity instead of dying by a thousand papercuts.
French lawmakers vote to ban social media use by under-15s ( https://www.theguardian.com/world/2026/jan/27/france-social-...)
Online age verification in the United Kingdom ( https://en.wikipedia.org/wiki/Online_age_verification_in_the...)
Blaming Discord and switching to another centralized service won't do shit as long as voters keep falling for 'protect the kids.'
Discord isn't under pressure to implement these measures globally.
I fully agree that they shouldn't be blamed for kick-starting age verification, because governments are pushing for this all around the world. But it's simply ignorant to pretend that Discord isn't helping these governments to normalise this process with their actions. They're also signalling that businesses are willing to comply and that they have all means necessary to do this.
> and will see content filters for any content Discord detects as graphic or sensitive.
I didn't even realise discord scans all the images that i send and recieve.
Really I've come to the conclusion that anything I send out of my LAN is probably kept on a server forever and ingested by LLMs, and indexed to be used against me in perpetuity at this point, regardless of what any terms or conditions of the site I'm using actually says.
Speaking of hosting, Discord used to be one of the biggest (inadvertent) image hosts, so they might have set up the system to reduce legal exposure than to monitor conversations per se.[1]
A lot of the internet broke the day they flipped that switch off.
Weren't external Tumblr hotlinks also a thing back in the day?
[1]: https://www.reddit.com/r/discordapp/comments/16uy0an/not_sur...
To be fair, the terms and conditions probably say that they can do whatever they want with that data :-).
Don’t forget all the government creeps snooping on the wires.
6 replies →
Pretty much every non-E2EE platform is scanning every uploaded image for CSAM at least, that's a baseline ass-covering measure.
And E2EE platforms like Mega are now being censored on some platforms specifically because they're E2EE, and so the name itself must be treated as CSAM.
As people who want to talk about words like "megabytes" or "megapixels" or "megaphones" or "Megaman" or "Megan" on Facebook are finding out.
1 reply →
Well it's not E2EE, so what did you expect? Nothing you do on Discord is private, everything is screened, categorized and readable by third parties.
They have to at least for CSAM.
Everything that is not end-to-end encrypted understandably has to do it.
My social group are moving to a private IRC server already. This is probably the best outcome really. I don't think any of us are under 50. But we have relatives who remember when this would have resulted in some of us being killed. I wish I was sensationalising but I'm not.
For the happy-clicky-emoji types one can put TheLounge [1] or Convos [2] or other web front-ends [3] in front of IRC. They don't scale as well but it would allow for those that don't care for the underlying IRC network. If it does not exist yet there is probably a way to write in a voice chat link handler for Mumble. It's a separate app but very low CPU/memory footprint and maybe that could weed out some low quality members.
[1] - https://thelounge.chat/
[2] - https://convos.chat/
[3] - https://ircv3.net/software/clients#web-clients
I set up this exact combo (thelounge + mumble) for my friends last night after this news. It's not a complete 1:1, but I think it'll meet our needs. I'm going on a road trip and as a fun experiment I'm going to try to get Claude to churn on integrating Mumble into thelounge, somehow, to mimic the Discord client. I'd really prefer something other than Jitsi for screen sharing, since I'm a weirdo and don't like the UX of making a 'call' and much rather prefer the 'hop in' style VC like Discord or Mumble.
1 reply →
Thanks - will look into these. IRC is a bit jarring after using something a little more convenient!
1 reply →
How convenient how "age restriction" leads to mass surveillance.
Also makes me wonder how people used to promote discord in the past. Big Brother is watching you.
That’s why you never promote anything, or if you do, you do it with full awareness that you are being irresponsible, because you don’t know what the future holds, and acting like things won’t change is incredibly shallow.
> After completing a chosen method, users will receive confirmation via a direct message from Discord’s official account.
Why isn’t this delivered via some sort of notification, menu, pop-up, etc? DMs seem prime for phishing
I'll hardly miss using Discord, but if this isn't going to be a wake-up call to ALL (mainly) open-source projects using it, then we're all doomed.
We should seriously go back to mailing lists and IRC as a standard for OSS. Everything else should be viewed as disposable.
I really don't understand the demise of usenet as a way to have a public message board. It worked perfectly well for decades and then died off all at once when the bigtechs did everything in their power to squelch it and instead replace with their walled gardens.
And websites that are not SPAs in disguise.
F** that, guess I'm leaving that platform too now...
I think this will be the kneejerk reaction of many, but then you'll have to face the consequences (de facto social isolation) and probably acquiesce. I had the same reaction when platforms started asking for my cellphone number... after some years I just started giving it to them. Now I don't even think about it.
>but then you'll have to face the consequences (de facto social isolation) and probably acquiesce.
Nah I'm used to being lonely. Leaving these platforms shows how few truly deep friendships you have.
You get used to it.
>I had the same reaction when platforms started asking for my cellphone number... after some years I just started giving it to them.
Even when I gave Facebook my number, that wasn't enough. I drew a line at some point. If everyone else wants to sacrifice privacy for the sake of pseudo-community, so be it.
Then you and I are not the same. If a platform asks for more than I'm willing to give it, it's time to leave. I've done this enough times that it's simply routine. If it means I suffer "defacto social isolation", whatever that is, so beit. I'm old and I've cultivated a group of close nit friends that live nearby most of the year, we'll manage just fine without discord.
1 reply →
Then you decided to cave in and forego your privacy. Don't assume others will falter in the same fashion.
2 replies →
Your solution is subservience.
6 replies →
I don’t sign up for those accounts, and I change my mobile number every 90 days.
6 replies →
"I used to resist the boot, too. Then I was successfully conditioned by the environment that's been engineered around me. Now I just lick it subconsciously."
5 replies →
Happily deleted it, just as I would for most % of the online rot I am a part of.
So how do we know (other than obvious, NSFW servers) if we are in a server that is not "teen appropriate"? I don't feel the need to prove I'm old af, so if I'm in a server for sports betting, is that not teen appropriate? What about a pokemon server with a lot of swearing? Or just a custom server made by a friend for web dev, but has lots of random politics thrown around?
I really just don't know what isn't "safe" for teens, so hopefully this will be pretty clear somewhere.
Discord does not care about you old coders, they want the faces of the young. Moses traveled the deserts until the idol worshiping generation died out. Big Tech sees you as the problem and knows the young will fall in line.
FYI they're sending the data to K-ID, a Malaysian AI company to "detect" the age.
I wonder if this is compliant with EU laws around data sovereignty and similar?
If that’s the right question? :-) Not my area!
Are they going to leak IDs of minors again like they did last time? Who does this protect exactly?
It protects the investors so they can IPO
> Facial age estimation
This clearly doesn't work and they're surely aware of it. Perhaps it's even intentional as a choice to give kids a way out, just trying to cover their own asses in regards to regulation.
When you try to use the law (or the threat of legal action) to force people to "do something" about anonymous, unsupervised kids on the public internet using their free platform, this is the type of solution you're going to get: the cheapest, most scalable one they can get away with.
Previously that was a checkbox or a line in their ToS saying "I'm over 18". Now that lawmakers are pushing to make that no longer sufficient, "AI face scanning" is the next step up.
Which goes to show that lawmakers probably should be working more hand-in-hand with technical experts before making such laws. A regulation that provides a good technical solution would be more useful, especially if lawmakers could have helped work on ways to prove a person's age cohort estimation without say checking an entire physical ID (and all of the identity theft that can enable), or yes relying on "AI detection" that is quite game-able (literally so as reports are Death Stranding's Photo Mode is a reliable workaround for Discord's primary AI scanning vendor k-ID).
https://use-their-id.com/
> Users who aren’t verified as adults will not be able to access age-restricted servers and channels
I genuinely wonder which proportion of the users want access to age-restricted servers and channels...
Feels like it should be just fine not to verify the age.
Here's how Discord works. A third or so of its features, such as forum channels (EDIT: I think this specific example was wrong; stage and announcement channels, but not forum channels) or role self-assignment, are locked behind Community Mode. After enabling Community Mode, server owners are NOT ALLOWED to turn off content filtering anymore, meaning that by default, content in every channel may be filtered out by systems you cannot configure.
The only way for the server owner to circumvent the filter is to mark a channel as "NSFW", which doesn't necessarily mean the channel actually contains any NSFW content.
This change will not actually require ID for content confirmed to be NSFW. It will require ID for each and every "NSFW mode" (unfiltered) channel. The end result is that you have three choices:
- Ditch Discord features implemented in recent years (or at least this is currently possible) - this prevents a server from being listed as public;
- Require ID checks from all your users (per channel);
- Have everything scanned from all your users (per channel).
Are you saying that you can "mark" the channel as "NSFW", and Discord will stop scanning your content, possibly allowing you to share very illegal content through their servers?
Sounds weird to me. Pretty sure that they legally have to make sure that they don't host illegal content. Or does "NSFW" enable some kind of end-to-end encryption?
4 replies →
> I genuinely wonder which proportion of the users want access to age-restricted servers and channels...
Way more than you think. There are tons of Discord servers that only exist to share pornography.
Sorry, the era of free communication is fading. Across middle powers, developed countries, and increasingly North America, governments are tightening the rules around online speech—and often jawboning platforms into going further than the law strictly requires. The list of examples is so long I can’t even begin to type them all.
Instead of "free communication" I would say "free large public social media", because without going all DPRK, there's no stopping people from using the internet, a means of free communication.
I predict out-of-the-box deepfake live-camera software will get a bump in popularity, there's already plenty solutions available that need minimal tinkering. It should be trivial to set up for the purpose of verification and I don't see those identity verification providers being able to do anything about it. Of course, that'll only mean stricter verification through ID only later on, much to the present-and-future surveillance state's benefit.
https://github.com/hacksider/Deep-Live-Cam
How many times do we need to praise the simple XMPP server? It does everything you need it to do, has done so since the 90s, and doesn't require any PII, ever. I remember 20 years ago MS trying to cram Lync down our throats. That pile of crap was inferior in every way, yet it still succeeded. Does anyone remember it? No. So don't jump to another platform. Stick with the original solution and hold onto it for the rest of your life. https://xmpp.org/
In case anyone else can’t read it: https://archive.is/PvpAx
On all my devices and all my connections (residential and mobile) here in the EU I end up in a captcha loop for this site nowadays. Is it just me?
EDIT: seems like I'm not the only one [1]
[1] https://www.reddit.com/r/DataHoarder/comments/1q0ewh1/do_you...
Bleh. I still get through for now. I'll be sorry when I need to go find an alternative, because I don't know of another that works as reliably as archive[.ph|.is|.today] for me currently
Can't wait to send my id to the cheapest identification provider they could find.
I'm really torn on this one.
I remember the internet from '99. Before facebook, before messangers.
People were communicating via usenet mailing groups - think online forum but via email - and it was quite common that they were not only signing their mails with full name, but often with a home address so others could send them postcards - think patreon for caveman.
IRC users had frequent local meetups and regulars could easily put a face behind an username.
I understand it was different time at different place, but oh boy, it was so much better.
You didn’t have the hoi polloi on the internet back then.
Well, yes, you could argue the internet was like "harvard", a proper secret society club, where only wealthy and approved were invited, but still, even in '99 the internet was freely available at unis and I remember we had a whole plethora of weirdos.
The other weird artifact of that era were "gaming caffes" - much like internet caffes, but before the internet was widely available and people were often bringing their own PCs to play starcraft or quake on LAN.
I play competitive games online to this day and I really miss these days. Today's online scene is extremely toxic. I still remember my den which was often frequented by local gopniks, outmost disgusting creatures, but when we played the game there was a strong sense of chivalry and sportsmanship that's nowhere to be find in today's online games.
I truly do hope this sinks Discord. It's a dreadful platform and an information black hole.
When will it be normalized to be able to say "Parents should just be doing their job" before we decide to ruin everything online for everyone else.
Although I know it's not really about protecting the kids. I wonder if the politicians are exempt from this too as they were chat control.
> The scanning would apply to all EU citizens, except EU politicians. They might exempt themselves from the law under “professional secrecy” rules.
https://nextcloud.com/blog/how-the-eu-chat-control-law-is-a-...
What about my "PERSONAL SECRECY" ?
The amount of time and energy that I have to put in to keep my 3 individual kids safe online while still allowing some access is mind-blowingly high. It shouldn’t be as hard as it is. It’s so hard, in fact, 99.9% of parents give up on it. I’m not one to do that but I’ve strongly considered it many times.
Parental controls are fractured across every platform, they can’t enforce everything in one place, domain filtering isn’t practical, some sites (like YouTube) are needed for schoolwork and they include adult content intermingled with no sane way to bifurcate those. It’s also impossible to disable the forced short-form video push onto toddlers and teens.
There is a simple and better way to do this, which is device-wide age status attestation. That is, the whole device or user account has a 'minor' flag set, and passes it on to software, and so on.
Governments are not pushing for this because this is not about protecting children, it is about removing privacy and increasing control.
3 replies →
This only addresses one axis of your concern, but if they are accessing YouTube via desktop browser (or Firefox on Android!), the "Youtube-shorts block" extension gets rid of the Shorts UI. You can still watch Shorts, it will just display them in the normal video UI without infinite scrolling. It's a huge quality of life boost.
Although obviously this does nothing for those using the mobile or TV apps.
Even though it's a bit easy to disable, you can use the "Unhook" extension to turn off Shorts.
1 reply →
I sympathize with this a lot. What you’re describing really is exhausting, and it shouldn’t be this hard.
My take is that parental controls fail because they’re trying to solve a social and psychological problem at the technical layer. No amount of filters or settings can keep up with the internet, and kids are better at routing around them than we like to admit.
What’s worked better for us is treating this like other hard topics. We talk to our kids directly about social media, disturbing content, and strangers online, the same way we talk to them about drugs or sex.
We’re explicit about why some things aren’t allowed, what kinds of content exist out there beyond just sex, and that if something upsetting happens, telling us is always the right move and won’t cost them our trust or love.
That doesn’t remove all risk, but it shifts the burden from constant surveillance to shared understanding. To me that feels more realistic than trying to centrally control an environment that isn’t controllable.
1 reply →
No corporation wants your kids to use their platforms less. Zero incentive for them to fix this. Parents are at war with corporations.
We must hold the line.
I have a friend who is a social worker. Hearing stories from them, I think people severely overestimate the level of involvement that many parents have with their kids. Social workers who are checking in on middle school kids at the hospital with burn marks on their arms or elementary school kids who showed up under the influence of cannabis aren’t also going to have time to enforce online safety.
If this is what it means for a parent to “do their job” then what do you propose happens to parents who are unwilling or unable to police their kids’ Discord account?
For this reason, I think we are seeing the beginning of the end of low-trust social media. They can’t tell if a user is a child or even a human. People will move to things like group chats because they don’t rely on sending your ID to a verification service in the Philippines.
Parents are just burnt out, I think. Online spaces have become so consolidated and enshittified that it’s seriously a choice between basically keeping them offline - which is a very socially isolating thing to be these days - and letting a small number of faux-accountable monopolies ranging from Discord to Google and Meta call the shots. It’s kind of a no-win situation.
I’d love to have my kids in relatively small, intimate online spaces where I can’t necessarily assume they will be perfect (nor do I want them to be - they deserve to have some room to learn to navigate problems for themselves) but I can at least assume they won’t be overwhelmed by the impossibility of successfully navigating life in a globalized fishbowl. But if there’s one thing late stage capitalism abhor, it’s a self-contained community of real humans from which the powers that be can’t extract “value”.
10 replies →
Any idea that is based on "If everyone just..." is wishful thinking. Describe the mechanism by which you convince everyone to just do something.
Sure, but the ID solution is an "if everyone just gives up their privacy / anonymity / sensitive data" and the mechanism is by denial of service
In fact its worse. Every site must also implement this security check. Or everyone must agree to just use sites and services that follow this policy. Otherwise anyone can just use another, often 'less safe' website.
1 reply →
Pass a law that requires devices and software to support a per-device or per user account 'child' or 'minor' flag. The flag must be lockable with a password or another account. Pass a law that mandates that websites and content handle the flag appropriately, whether that means denying service or limiting access.
This would protect children while only minimally infringing on privacy.
The mechanism by which we make everyone 'just' is laws. The laws that are being passed are telling of the actual goals.
6 replies →
Saying parents should be doing their jobs will lose you votes, that's why. Anything that implies personal responsibility is political suicide.
Are parents also supposed to be blamed if society as a whole would let thrive streets with permanent civil war, drug barrons, organized child prostitution networks and so on?
Of course parents must take care of their children. And of themselves. But they are only fragile humans and can bear only that much of a load in a day. Certainly there are people that drawn in negligent or even mistreating behaviors. That's not a valid reason to blame individual in general and abstract the societal constraints they all have to deal with. That's actually nothing special to parents.
Passing off responsibility to parents is already the status quo. Hardly political suicide.
Saying that companies should face some level of responsibility for their products is the dangerous move. That’s part of why the Internet has barely been regulated.
Parents need to have personal responsibility, but corporations get to use section 230 to absolve themselves of any. Game seems rigged.
1 reply →
As soon as politicians are also included in these acts, then you could see a shift in their opinions.
> When will it be normalized to be able to say "Parents should just be doing their job"
you can say this, but it is not enforced, so this part of discussion is not really productive.
The UK/US haven't even spent widely on internet addiction education or built widescale programs like they did for drugs or even speech therapy. Jumping immediately to banning and gatekeeping everything on the internet is silly and naive. The world won't be a better place because we fear other kids parenting skills, it will be highly locked down and these ID checks/bans will hit every part of the internet.
Parents can’t do this. Kids need to be kept off this as a monolith otherwise they just get left out and become outcasts.
What's ruined by this? Honestly asking
It's giving my identification to a no face company, that I don't know will handle the data correctly. And if they don't I have absolutely no recourse.
Also, why should I need to identify myself at all ? I used to use IRC for the better part of my life, I still do infact. So to have to Identify myself by sending my ID to a random company is insulting to me.
2 replies →
That article is making quite a stretch from "the laws have exceptions for intelligence agencies, police, and the military" to "EU politicians will use those exceptions for themselves". It does this with zero evidence.
What I don't understand is why not have designated actors/ombudsman like notaries in the society that can verify your age/id without anyone knowing what it's for.
One can easily implement a nationwide system like this. You can trust people in your own community. There are no central govt actors. In such a system no one has any knowledge of which service you are proving your identity/age for and the cryptographic approval can be done without any ids being exchanged. The input to the ombudsman is a hash you provide which he can sign with his key and send to a server, that can ask the ombudsman: "this thing you are signing is for age verification > 18, check persons ID and press confirm if that's the case". The ombudsman presses confirm after checking the id and you are done. Every city municipality can elect a local councilman/notaries to do this, for a small fees.
Eu actually plans to introduce something similar through its EUDIW initiative. It will be a digital wallet focusing on privacy preservance and user control over attributes that are shared.
It will take some time tho before it is successfully implemented.
Any age verification process that does not consider the age of the account as a verification option is a data trap, plain and simple.
They are planning on doing something similar:
Discord is also rolling out an age inference model that analyzes metadata like the types of games a user plays, their activity on Discord, and behavioral signals like signs of working hours or the amount of time they spend on Discord.
“If we have a high confidence that they are an adult, they will not have to go through the other age verification flows,”
I'm curious to know what this "model" actually means. A real-time AI monitoring for conversations?
1 reply →
How does anyone know whether a family is engaging in that time-honored tradition of passing down accounts from grandfather, to father, to son, to child, and their posterity, in perpetuity?
Seriously though, unless you have positively identified the person who created the account in the first place, you have 0% chance of knowing whether it is the same person using it today.
Gamers sell their high-level accounts all the time. It would be a simple matter of economics that the Discord users with the oldest accounts sell them to 12-year-olds. Likewise, accounts are shared willy-nilly, whether or not that violates the rules. And accounts can be stolen or compromised, if you're really hard up.
How often do you suppose they will be re-checking your ID? Once every... never?
2 replies →
No law or regulation is ever 100% effective in real life. Income tax is not collected 100% effectively. Should we not do it? Criminals are not caught 100% of the time, should we not do it?
Of course this won't be 100% effective, maybe 80-90% effective. That's all they need and expect from this system.
1 reply →
But under that argument, you would have to prove your age on a regular basis, the plan right now appears to be that each account would only need to do so once.
3 replies →
Just ban that in TOS. As we know TOS is inviolable. As such it is not possible to sell, gift or otherwise transfer an account. At least this should be considered how it works for age verification. If account transfer is found out account can be terminated thus closing the loop hole.
So then it's REASONABLY not the corporation's fault if that user sees explicit content.
Has discord even been around for 18 years?
It's been around for 11. However, you can reasonably assume that kids aren't registering accounts below the age at which kids are generally literate; if we spitball an age of five this means old accounts cannot be younger than 16.
Yeah, my youtube/google account is almost as old as youtube itself is, but will constantly ask me to verify my age when clicking on something as marked 'not for kids'. Can we just get the leisure-suit-larry age-verification system ;)
Apple deleted many legacy mac-dot-com accounts without qualms, not long ago. It was the phone accounts, in so many ways, driving it .. IMHO
Great news, there’s finally going to be sufficient motivation for people to both build out and use open source alternatives.
Really really surprised there isn't more discussion about the background inference service that's mentioned in passing here. If you thought Electron/wrapped web apps were a performance problem, I can't imagine the weight of _also_ running a local AI model that's constantly playing Guess My Age.
> On-device processing: Video selfies for facial age estimation never leave a user’s device.
If true, there's little problem with just this from a privacy perspective, but that also makes it useless. Someone is going to make a browser extension to bypass/feed it a fake webcam feed.
> Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.
However if they ask me to submit my ID to any third party, I'd sooner ditch discord. My default assumption is that this will get leaked, tying everyone's discord account to their real identity publicly. Discord seems to have halfway decent opsec, but I don't trust their "vendor partners" at all. I'll try submitting a fake ID, but if I get banned for it, then so be it.
This would, most likely, go hand in hand with “Discord is no longer allowed on rooted devices” and “Discord desktop is disallowed from client-side effort”, given the necessity of attestation to make it viable on mobile and the near-total absence of third parties taking advantage of the necessary protections on desktop.
sigh
I doubt it'd work here though. You know you can just print out a fake ID and show it to the camera. I doubt the app will be able to tell. Attestation doesn't really change this.
If it truly never leaves your device, you'd also be able to use the same fake ID for your entire friend group.
The cynical and best-case take is they don't actually care, and it's just a gesture to show to authorities to prevent further regulation. In which case they wouldn't try especially hard, which is a good thing.
3 replies →
Yes, this shitty world where we can't control our devices we need to have (as they need to work against us) seems to be inevitable.
But I'm actually happy that these "protections" don't yet exist on desktop (albeit DRM already does). If something really needs to work against my interest (for greater good), be it a smartcard, not my smartphone and definitely not my PC.
2 replies →
No, because they won't do it in a web browser.
It'll be a smartphone app that only works on bootloader-locked devices (iPhones or Google SafetyNet for Android)
Replying to myself because someone made pretty much exactly that: https://age-verifier.kibty.town/
Discord has always been IRC with extra censorship and spying. Nothing really new, here. Just use IRC.
If you have any hope of replacing Discord, you need to actually understand Discord. Among many other things, people use Discord because it has persistent history, integrated images and videos, video and audio calls, and screen sharing.
If you can't think of good reasons for why someone might use discord over IRC, you probably haven't thought about this enough.
IRC sucks tho. It doesnt have half the features that make discord enjoyable.
it’s not that simple. many (if not most) people would rather be where everyone already is, even if there’s less privacy
It is a great irony that the heavy handed push for "protect da kids" is all happening while we learn, day by day, that the richest and most powerful members of our society have no problem hanging out with a convicted child sex trafficker.
Rules for thee, free love for me.
People don't realize that all of our problems lately are stemming from lack of truly representative government. Until we find a way to ensure political candidates aren't corrupt and bought off, there will always be corruption, double standards, and lack of accountability from them.
Isn't it just so much easier to make sure that wealth isn't concentrated in so few hands? Tax wealth, not work.
And before everyone gets upset, tax serves two purposes; 1) control inflation (it in effect burns money that was issued when the govt previously paid for things), 2) disincentivises selected behaviours. and one side effect, when the govt runs a tax deficit it increases inflation, and of course the contrapositive is also true.
83 replies →
>People don't realize that all of our problems lately are stemming from lack of truly representative government.
Hard disagree.
I fully believe that we are collectively responsible for all of our problems because we are a shitfuck tragically tribal species who, in a world of ever expanding tribe sizes, desperately cling onto tribe sizes that our tiny brains can handle, hence becoming tribal about a myriad of trivial and pointless things like sports, racism, which bathroom someone uses or which policy on immigrants one supports. Dunbar's number.
And we're so tied up in these micro tribal problems that we completely ignore the macro tribal problems that affect every single one of us. We're shit out of luck we literally evolved to act like this and there's nothing we can do to stop the behaviour; it's innate.
Global temperatures are still rising and will continue to do so. We can try to stop it but we won't be able to.
7 replies →
My solution for this is to rate-limit political contributions --- they may only be made in an amount equal to what a minimum-wage worker might reasonably be expected to donate from a week's wages (say 10% of hourly min. wage * 40), as a physically written out check or money order physically signed by hand (at least an "X" mark) and mailed in a first-class envelope with at least a similarly signed cover letter explaining the reason for the donation.
If this causes the extinction of the political lobbyist, I'm fine with that.
14 replies →
You can't find that because any concentration of power means the corruption forces have only very limited surface to pressure, and all the more that surface is actually easy to swap with one molded for even more corruption convenience.
People ever rule through direct decisions or are enslaved into alien agendas on which they have no agency.
23 replies →
The issue isn't representation, it's division. The party that won is being well represented with respect to the values of their constituents, whereas the opposition views it as a daily nightmare. These two visions of the world cannot be reconciled.
25 replies →
Power will always attract the corrupt and corruptible. The problem is the power. Reducing the size and scope of the federal government and devolving power to the states, communities, and individuals is the only way to minimize the negative effects of humans with too much authority.
8 replies →
You can't have truly representative government if the people voting don't understand or care that they're not being represented particularly well.
It is apparently not much of a risk to your seat if you don't represent the interests of your people because the people have become tribal and it is only their tribe they vote for with very little effective criticism of the leaders in their tribe. (it's not that complaints are nonexistent, they just don't result in anything)
It's a representative government, it just represents Israel via AIPAC.
That's a lot of work to do. It ultimately works off the issue that most voters are disengaged, while the most interested parties are very engaged.
Corruption is happening out in the open and there's still so many people shrugging in response. One good push back from everyone all at once would fix a lot of things quickly. But that implies the people are united and not instead driven into manufactured conflict by said interested parties. It's basically enough that we're in a post truth era as of now. I don't know how we come back from that
Anyways, repealing Citizens United would be a good first step.
8 replies →
The US should have direct referendums at the national level, just like most of us have at the state level
Most - maybe all - hot button issues have much more moderate takes than any party national committee positions, in the bluest of blue states and reddest of red states the actual individuals have much more consensus on every issue
Whatever the founder’s initial reasoning or lack of inspiration for national referendums for federal law passage doesn’t seem to be relevant today
You either win big enough under the current system, with its system problems, or you never win to improve it.
Imagining better systems before doing that is just a form of xkcd’s nerd sniping.
And the biggest challenge to representative government might well be that most people are terrible at engaging it productively. Voting is the bare minimum and most people don’t vote (let alone organize and lobby effectively). Some significant portion of those that do vote can’t correctly draw a line between policies they’d like and candidates who intend to work on delivering, and that’s before we get to the portion of the population that may not correctly anticipate policy outcomes or even really understand policy as a concept.
The system has actually been functioning surprisingly well considering, and as catastrophic as recent elections could be seen as, the outcome arguably represents a reasonable degree of fidelity to the input from the electorate.
If we still hold free and fair elections, the task of those who want representative government is to change enough of the electorate first.
The only thing that changes behavior is consequences.
If there is no justice system enforcing the law and its requisite consequences, then there is no justice. I don't think those in power understand the anarchy that their intentional dismantling of the justice system has and will cause, and how the blowback from that anarchy will be visited upon them.
If that were true, people would be unhappy with their representatives. For the most part they seem pleased with them. They think everyone else's representatives are corrupt, but in fact they are also doing what their constituents have told them to do.
The corrupt ones are us, the voters. We hate each other and send our Congresspeople to do as much damage as they can to the others.
Post Citizens United, that’s going to require a Constitutional amendment.
And the corrupt, bought politicians are the ones who would need to ratify it.
3 replies →
What is interesting is that, as demonstrated by mass media and social media’s influences over our politics in the last century we can be motivated, but we have let power become too concentrated in the wrong hands.
China’s qualifications for influencers thing is interesting by fundamentally doesn't address the power of social media publishers.
I think this is entirely the wrong way to think about this. While better elected representatives and officials would always be a nice thing, what we need is to ensure that we design systems around them that mitigate their corruption and double standards. We were even (collectively, across humanity) doing better and better at that until not that long ago.
2 replies →
>Until we find a way to ensure political candidates aren't corrupt and bought off
The US elected a convicted fellon, the corruption is a feature.
Sometimes I wish we’d bring back tarring and feathering. “People should not be afraid of their governments …” and all that
>there will always be corruption, double standards, and lack of accountability from them
The hard part is this has been true going all the way back to the stone age ever since we elevated the first person arbitrarily to chief. There has been no model of government developed since that is immune to this. I really don't know how to get around this and it depresses me that we will always be held back by the slimiest who abuse systems.
> lack of truly representative government.
There is no such thing as (truly) representative government. To the limited extent that groups of people can at all be represented (which is a whole other questions) - governments are generally not about doing that. Yes, many world states have electoral systems where people can vote for one of several (lists of) candidates or parties, but the claim that in the normal and uncorrupted scenario, the elected properly represent the populace/citizenry - does not, I believe, stand scrutiny.
Which is to say, don't try to "find a way in which candidates aren't corrupt and bought off"; that is in the core of democracies in money/capital-based economies. At best, the elected will act according to some balance of influences by different social forces, some being more popular and some being powerful and moneyed elites or individuals. If you want that to change, the change needs to be structural and quite deep, undermining state sovereignty and exchange-based economy.
Implement campaign spending limits, regulate or ban PAC's, and commit to an ongoing effort to stomp whatever new methods big-money comes up with to influence politics.
We do most of this in Canada and our leaders seem to be less influenced by big money. (Nevermind that we recently elected a billionaire PM...) The vast expense of running a U.S. style election campaign virtually guarantees that U.S. politicians are all bought and paid for.
1 reply →
Bring back sortition, within elected parties.
Colossally awful take. Corruption is an intractable problem in human history. Power is a magnet for the worst people, and every system we invent can be exploited in innumerable ways. The only variable is how long the people of any individual society can remain free and prosperous before their decline. Temporary recoveries have only happened by lopping off massive chunks of empire, implementing extreme monetary reforms, and/or a switch to full autocracy. Every other outcome is terminal decline.
Term limits for congress.
4 replies →
No, our problems are much bigger in that we have a populace easily led by tribal sensibilities. Theses scumbags aren’t coming from nowhere, we’re electing them to these positions.
Sortation.
1 reply →
It’s not irony. It’s by design. Politics is for controlling people. Rules don’t apply to rulers. No one cares about children or anything. Even manipulating the public opinion is outdated. Technology helps them to control. Freedom is an illusion today. We are not free anymore.
Politics is simply how a society governs itself. Whether or not a society values the rules being enforce to rulers is itself politics. Dismissing politics like this is how we end up with exactly the problem of rules not applying to rulers.
Get involved with politics. Be part of politics. That is how freedom is earned & maintained.
Technology might be one half, but the other half is demographics.
40 years ago you'd have more ideals, riots, and young-minded ideas.
Nowadays, our societies are old on average (especially the politically powerful).
Older people on average are more inclined to pick whatever solution they feel promises a bit more security.
1 reply →
The gates have already been closed at the pasture's edge.
Moo.
What do you mean day by day.
We have known this to be the case, for quite some time, yet majority of the public still thought that a convicted felon was good enough to be president.
I think that's the exact irony that the parent is eluding to.
It's all about the kids, unless, idk, you're rich enough?
12 replies →
Only 22% of the public voted for Trump.
3 replies →
That is the uncharitable interpretation. I think it is at least as likely that voters consistently get to chose between a turd sandwich and a giant douche, so it will always be possible to accuse them of preferring a terrible candidate.
Also, nitpick: it was neither a majority of the public, or a majority of the eligible voting population, or even a majority of the people who voted.
I think a really good first step, at least in the US, towards making our candidate selection better would be to mandate open primaries.
18 replies →
It is kind of obvious that once someone reaches such a power they should be monitored all the time.
Criminality among the rich and the politically connected is off the charts. It’s way beyond any group of immigrants for example that these same people are trying to demonize.
Chat control? Every single politician should have that on their phone.
I think politicians should be the least privileged people in a society except those in prison. Any protections or exceptions for them alone are unconstitutional.
An idea I like to bounce around is that everyone at the highest offices of power (not going to define that here) should be forced to live in monastic conditions during the term in which they hold power.
You are fed, clothed, and housed by the state. You have no luxurious amenities, no exercise of personal wealth, no contact with anyone other than for official business.
If you honorably discharge your duties to the completion of your term of office, you will be compensated for life to such a degree that you will never have to work again.
There's a lot of nuance that I'm glossing over, but the gist is that holding powerful positions ought to require severe personal sacrifice, but you will be handsomely rewarded after-the-fact if you bear that burden with dignity.
1 reply →
They will have that exception on their phones.
These are literally _the same people_.
Musk was hanging out with child sex trafficker and is allowing kids to create porn with grok on X.
He is allowing a lot worse version. Allowing adults to create child porn with grok on X.
Did Musk really hang out with Epstein? I only saw email conversations between the two.
By contrast, Bill Gates and Reid Hofmann hung out with Epstein A LOT.
And Hofmann was Epstein's primary connection into the Silicon Valley scene.
Funny how all of you guys focus on Musk but no mention of Reid Hoffman anywhere who was far more involved with Epstein.
6 replies →
> Rules for thee, free love for me.
No, only one rule - kill internet pseudo anonymity because it’s dangerous in the same way as large gatherings are. The age circus is just convenient pretext / collateral damage depending on perspective
When the Gen Z protests happened and internet was cut…wasn’t to protect innocent from porn
Discord aren't the good guys here. There are no good guys here.
> It is a great irony that the heavy handed push for "protect da kids" is all happening while we learn, day by day, that the richest and most powerful members of our society have no problem hanging out with a convicted child sex trafficker.
They are hypocrites. In the UK there are hundreds of thousands of girls who have been raped between the 1990s and now (17 000 cases of sexual exploitation in the UK in the year 2024 alone). At least one UK politician refer to the girls who've been raped as "white trash" and recently people are shocked because many are implying that these girls, who are typically mass-raped, have been considered to be consenting.
It's known for a fact they tried to bury the story once it's been revealed. Turns out the same method is used by these grooming gangs in countless cities nearly all across the UK.
It's not just that the richest and most powerful do frequent child sex trafficker: it's that many politicians and judges all over the west are totally fine closing their eyes on the mass raping of girls (some boys are victims of rapes too but it's mostly girls).
https://en.wikipedia.org/wiki/Grooming_gangs_scandal
> Rules for thee, free love for me.
Rules for thee, free love for me and for my voters base.
And, further, that all the child rape was coordinated, for the most part, in the clear over fucking Gmail.
But we have to decrypt everything to protect the kids.
> that the richest and most powerful members of our society have no problem hanging out with a convicted child sex trafficker.
In most cases a lot more than simply "hanging out".
I'm fine with the free love and debauchery, but just really keep it to adults and be safe.
'I'm fine with extreme indulgence, but just really keep it restrained and be safe.'
By definition, debauchery with durable constraints can't be normalized, as its appeal is the overstepping of norms.
There's also an argument to be made that normalizing debauchery invites scope creep.
I'm just going to go ahead and say that "free love" is a terribly inappropriate way to refer to sex trafficking, regardless of the age of the victims, unless you're being facetious (e.g., The Onion's "Penis Goofin'" allegations against Epstein).
1 reply →
[dead]
I hope this time it really sinks in that law and rules are only for the little man. Time to think about the system from scratch.
What makes you think next time will be different?
Revolutions happen all the time. They all inevitably end up in the same place.
The problem is not them. The problem is us.
6 replies →
It's far easier to control and prosecute communication when an identity is attached.
If you look at almost all "protect the kids" initiatives, they are targeting mostly to deter free speech or cover other shenanigans. Same people who "want to protect kids" have no problem exploiting kids.
General public should be more intelligent and look a bit deeper than a cool title, but I really can't realistically expect that.
To be fair, the people in that group were literally writing articles about how meetoo went too far and sponsored lawsuits against feminists exposing the stuff.
So like, their ideal vision of the world was "every man can treat women and kids this way, they belong to kitchen anyway".
Peter Mandelson was pushing very hard for digital ID cards https://en.wikipedia.org/wiki/Identity_Cards_Act_2006
A good implementation of digital ID can do things like verify age while respecting privacy.
the "protect da kids" narrative is just a veil to make us give up more privacy and freedom for "security"
You're really pulling your punches there.
do as we say, not as we do
it has never been about children.
I think it's wild you would make that connection for this topic
i am trying to understand why discord is doing this. Is it because of the charlie kirk killer using discord?
The extremely cynical take: All of this is by design for well-connected billionaire pedophile rings to kill competition from millionaire pedophile rings.
The less cynical take: Billionaire pedophilia is just a really dramatic consequence of us building a society that cannot make billionaires accountable for their crimes. There's not much connection between that and the government overreach being done in an attempt to put regular pedophiles to justice.
Discord is overcompensating for their extremely lax child safety record. It's not terribly difficult to find servers full of child groomers on Discord that are rarely banned. Same thing with Roblox. The business model of social media presumes that the average user is going to require almost no attention from the moderation team. That's why, for example, removing CDA 230 safe harbor provisions in US law would be so catastrophic to online discourse. The only way any company can justify the risk of publishing Someone Else's Speech is if that risk is literally zero.
The same calculus means that when we start requiring social media companies care about children on their platform, they immediately reach for the solutions that are trivially automated: ID and face scans. These companies are shoestring operations for their size, so everything has to "scale" on day one.
> The only way any company can justify the risk of publishing Someone Else's Speech is if that risk is literally zero.
Or, you know, employing customer service agents. The non-employing of such also allowed them to become billionaires so it seems kind of fair.
It's useful to point out hypocrisy, but are you suggesting we shouldn't try to protect kids because of Jeffrey Epstein?
You might point out how this will protect children and what the trade offs are. You might also address the point that the same people who keep trying to do these "protect the children" attacks on privacy seem to be one or two steps away from people like Epstein. They didn't need to decrypt anyone's communications because they were the recipients - what did they do about it?
It seems many of them continued to "hang out" with him.
I am not a native English speaker, I may be missing a cultural nuance, but I wouldn't call any of what they did love. That word enters nowhere in a sickening child abuse island.
it's just sarcasm.
and they keep protecting the pedos from prosecution. lol.
[dead]
[flagged]
I don't recall the Bible saying much about who to vote for, given that democracy wasn't much of a thing in the ancient middle east.
3 replies →
So you're saying people talking about some particular god are highly moral and not involved in crimes, including crimes on children?
1 reply →
It's a question of scale. Neither crime is less serious but far more children are groomed and abused over Discord than flown in via some super rich sicko's private jet for a 'costume party'.
Making everyone "teens by default" fixes none of that, though. Roblox spaces aren't exactly 18+
This is no worse than Discord just banning NSFW content wholesale throughout the platform (which they would be entirely within their rights to do). It's a big fat nothingburger.
They have a right to ask for my passport and SSN. And I have a right to say "hell no" and delete my account in response.
I'm sure the owners of Tumblr thought the same.
4 replies →
It would be in their rights to do it.
Its users who value their privacy will be in their rights to leave and we will.
It's not a nothingburger; it's a massive collection of personally identifying information.
1 reply →
Except it is scarily easy to find servers which openly have minors selling NSFW content. Or BDSM servers targeted at "14-28 year olds".
Just like how you learn that all black men are criminals when you see a few of them committing crimes!
he was convicted of soliciting prostitution (not of minors), right?
why do we assume that the people he was hanging out with knew the details of what he did wrong?
This article was on the front page recently: https://scottaaronson.blog/?p=9534
So at least some lay people easily realized he wasn't worth getting involved with.
1 reply →
He was arrested for sex trafficking minors and convicted procuring a child for prostitution.
He ran a sex-trafficking ring that involved hundreds of girls and women. Possibly over a thousand. He wasn't keeping it all to himself.
> not of minors, right?
https://www.justice.gov/usao-sdny/press-release/file/1180481...
"The victims described herein were as young as 14 years old at the time they were abused by Jeffrey Epstein... Epstein intentionally sought out minors and knew that many of his victims were in fact under the age of 18, including because, in some instances, minor victims expressly told him their age."
> why do we assume that the people he was hanging out with knew the details of what he did wrong?
Some of them were emailing long, long after his conviction.
2 replies →
He pled to Procuring Person under 18 for Prostitution.
1 reply →
We're going to need decentralized open source alternatives with E2EE for any major communication services, unfortunately. It's just too temping of a target for Governments. They're never going to give up trying to destroy anonymity online.
They already exists except that most people don't know about it and also it is extremely hard to move over all the existing users from Whatsapp to something less popular and less user friendly.
Until that changes, then the governments around the world are going to keep pushing to get access to all our messages in order to "protect the children" TM and ask you to prove that "you are not a child" TM
Based on the (lack of) people I see refusing the optional facial recognition check at the TSA checkpoint for flying, I can't imagine this will be anything other than an overwhelming success for Discord and the surveillance state.
https://docs.k-id.com/concepts/verification-methods/
The company that Discord uses lists the methods they accept above. Notably, they do not accept any privacy-protecting digital identity standards from US or EU citizens; they only implement national ID verifications where they receive a full birthdate, with the sole exception of AU where they allow banks to attest to age-majority.
Leveraging this press to highlight their clear desire-for / dependency-on being provided an explicit birthdate, rather than simply a bool backed by the government, would be an effective lever to pull through e.g. New York and California governmental privacy efforts — especially if one somehow got them classified as a data broker in California and therefore bound to a much more expensive set of laws, due to their insistence on being provided PII when more privacy-protecting alternatives are available there.
Yes, this isn’t a scorched earth response. Every other thread of discussion here has that covered already and I have nothing new to add there. But for anyone looking to force privacy into the budding age checks verification market at an early stage rather than trying to shut it down, here’s your roadmap to effecting real change on the matter. Good luck.
My first reaction is, what a disaster. More of the web becomes gated behind sacrificing your privacy to companies who by and large don't give a damn about it.
Then I remembered when I was a teen, thought about how I'd have reacted to this, and realized over the long term youth will rediscover old-school tools like IRC or migrate to new alternatives outside the claws of big corps and government.
And I felt a little better about the future of human civilization.
The endgame I see is that it will be illegal to communicate on the internet without having a proven bank account. At least in the USA where all ID verification is settling on banks (ie, Plaid). And the banks will tolerate 10,000 false positive denials of service to avoid a single false negative and be happy about it. Plaid even more so. Human beings will have no recourse as they are private companies. This really should be a service that the states of the federal government provide. It's a dark future we're speeding towards.
I do not understand this at all. How is ID verification settling on banks????! And which of these banks are private?
Sorry if I was inexact in my wording. It's settling on the existence of your bank account proving who you are. The ID services require you to give them your bank login credentials (ie, Plaid). So there are two levels of denial, at Plaid (and related ID services) themselves and the banks deciding weather or not they want to allow it (work with Plaid, or Plaid with them, etc) and if they want to give you a bank account.
4 replies →
Good riddance Discord. Any alternative for the masses?
They’re not gonna use Slack or phpBB.
Why would Slack not be affected by the same stupid laws?
If you're a Slack user, I don't think they need your ID to tell that you're an adult
More seriously, it will become a problem on there is a significant user migration to there and a repeat of the mass hysteria. Due to being more niche, these smaller platforms are probably not in danger right now.
Calling it right now. There will be a data breach and we’ll find out they in fact did not delete the ID data.
So where we all jumping to?
Running phpBB on some crappy shared hosting. Well, these days on some crappy VPS.
I'm being completely serious, but what is the current fav open source forum software these days? I'd love to host a forum for a small community I'm involved in. Not a stranger to hosting other things across a variety of stacks, so I'm not particular about technology used.
10 replies →
At least this would make FAQs and other important bits of information available to non-users and search engines.
TeamSpeak and Ventrillo still work great. It was a monumental mistake to switch to these 3rd party services that are bugged by every intelligence apparatus on earth.
That would be great if your community only exists in a voip channel
I gave up running my TS3 servers (after nearly a decade) because they added a trialware system that required getting approval/serial code from the company every month to continue operating. They were squeezing everyone on TS3 trying to force them to TS4/5/etc. Have they stopped this or walked it back?
And to be clear, Teamspeak from version 5 on is not teamspeak. It's matrix with a skin. Not that that's terrible, but it's not great for running it on low power/cost VPS like actual teamspeak was.
1 reply →
I had a look at Teamspeak but you need to email somebody for permission to have more than 32 users on your server.
Those are voice chat, yeah? Discord has chat too, which is used more than voice in many of my communities.
Someone bring back AOL instant messenger! >:(
Jokes aside, I've played around with Campfire and it's very, very simple, but pretty nice to use and easy to set up: https://once.com/campfire
> Someone bring back AOL instant messenger! >:(
There's an actively developed open source server that allows the clients to connect!
https://github.com/mk6i/open-oscar-server
I wish Smarter Child was still around so we could see how LLMs interact with it.
2 replies →
Seconding campfire. Straightforward, easy to host, easy to backup, no monetization strategy. Most self-hosted alternatives have complicated deployments to enable scaling to >1,000s of users which I will never, ever need.
IRC never died.
The only viable option, of course: https://escargot.chat/
Is this open source? Would be cool to self host this..
People talking about moving to Revolt. It's the most similar
Yeah Stoat is the closest, but no video calling still. But that's in the pipeline at least
Time to spin up a mumble server again...
Discourse, Matrix, Zulip, Rocket.chat - all open source.
our groups are discussing [stoat](https://stoat.chat/).
I don't know it well yet.
.......yet.
[dead]
Hey our small company is making a privacy focused alternative to discord, it launches on Sunday and if you’re interested you can join the waitlist here
Even if you don't want to use the beta, your support to show it's a valuable use of our time would be great
https://docs.google.com/forms/d/e/1FAIpQLScL0ZVwWu8K-hJWrloq...
Well, that ends DISCORD. Add to hosts file with 0.0.0.0 DNS
Why would any sane person allow this tracking and cross tracking and selling of our private info? Ridiculous for a commenting service.
With the current US administration all the worlds citizens should be careful about their data in the hands of US corporations. Unlike China, US has and can kidnap you from your own country if they feel like it even if not citizens of US. This was the case with previous US administration but they tried to at least follow their own laws if not international laws. This administration does not care about US laws or International laws.
current US regime*
It's bad enough that Discord seems to be vulnerable to attack. But now they want to hold on face scans and ID's that directly tie to their accounts? It's already not smart, but especially dangerous for public figures like streamers and vtubers. Not only can it dox their appearance (if they are hiding it) but also give the insane stalkers direct ways to harass them or assault them at home.
However I think Discord is far too embedded for communities. Whether that be social or development. So I don't think we'll see a big exodus. Having teen mode be the default will just mean that NSFW flags on channels or content will be a death sentence for that board or community. Similar to how Reddits big push to shove NSFW into a corner has gone. There are obvious examples like adult content that are NSFW intentionally. But things like art or cosplay can easily be twisted as NSFW and it just shuts down the reach of these kinds of artists.
Unfortunately most people are dug in now and it takes absolute extreme actions to get people to move. The fact that X is still around should be clear evidence of that. It's draining over time but that kind of universal community has not be replicated. Just a couple different echo chambers.
I wonder if Discord is legally forced to do that, or if they would rather do it themselves (and collect the data $$$) rather than wait to be imposed a solution they don't own.
I feel like age verification will come, there is no way around it (unlike ChatControl and the likes, age verification seems reasonably feasible and has a lot of political traction right now).
But I would rather have a privacy-preserving solution for that, e.g. from the government (which already knows my age).
There are probably enough regions where it is required or will be required soon, that it makes sense to just get it over with.
The Internet is more or less becoming a locked down, controlled and fully observed thing for end users and citizens, so adapting to that world sooner and working within it is just sensible future-proofing.
This also lets them more safely target older users with ads, purchase requests, etc. and new integrations for gambling and other high ROI systems.
GeoIP this nonsense. Legal liability is solved as a "good-faith effort" and those living in jurisdictions where this doesn't apply (or use a VPN) don't need to be stripped of privacy.
Discord is just the next biggest canary in the coal mine of increasing regulatory pressure in the EU, UK (which has had this Discord verification for months now due to laws there), and various US states.
I do wish that the lawmakers had worked more hand-in-hand with technical exports on more privacy-preserving solutions ahead of enforcing these laws. But Discord is doing this because enforcement has already started.
Privacy preserving between you and the third party, but the implication is that the government now sees what you are using.
> but the implication is that the government now sees what you are using.
No. The whole point of privacy preserving technology is that they don't.
The idea is that the government checks your identity (they know who you are) and give you an anonymous cryptographic proof that you are above, say, 18. They don't know what you do with it.
You give this cryptographic proof to Discord, and they know that if you have access to that proof, then you have access to someone who is above 18. They don't know who you are.
Sure, you could ask an adult to give you a token. But you can also ask an adult to buy you alcohol or to do the age verification scan for you.
2 replies →
The writing has been on the wall for a while. I moved off of Discord about a year and a half ago, after they started gating long-time free features behind Nitro. Then later, I find out that nothing is encrypted in transit on their application. I haven't had much luck moving friends off of the platform and on to things like Matrix, or Signal yet... but I'm trying all the time.
There are many ways to do anonymous proof of age. E.g. go to a physical store and buy a proof of age token, the store will ID you as much as they would for buying alcohol or cigarettes.
But that doesn't meet the requirements which is proof of identity.
As a parent I pay for my child's phone and sim, and thus I have parental controls and I can limit access to discord, or youtube, or porn sites, both on the device level, on the sim card level, and on the home internet level.
I'm all for making parental controls easier to use, if you want to pass laws, enforce minimum standards on companies, encourage or mandate pan-company cooperation (why can't I control my child's microsoft account from my apple parental control page, or an EA account from a steam control page). I'd even be happy with sites being mandated to add say a DNS record saying "this is a site for over 18s only due to $reason", and then I, as the bill payer, can choose to allow that or not.
Key changes are
- ID verification to see porn on Discord.
- Also, some warnings to not befriend stangers.
Not very heavy handed, you can google porn anytime. I am not sure who this serves.
It serves UK, EU, and various US States' regulations to "protect the kids".
Discord is only the next biggest canary in the coal mine. These regulations are going to force a lot more websites and apps to do this, too.
I wish these sorts of regulations had been written hand-in-hand with a more directly technically-minded approach. The world needs a better technical way to try to verify a person's estimated age cohort without a full ID check and/or AI-analyzed video face scan before we start regulating "every" website that may post "adult content" (however you choose to define that) starts to require such checks.
I just wish parents would do what parents used to do: parenting. Then we wouldn't need any of this bullshit.
We need something vendor agnostic that still allows having a community. Something thats essentially a protocol like bitcoin, email, text, torrents. Probably some of this exists. Then there will be providers offering this a commodity, just like how email and hosting can be rented from any company with simmilar quality (kinda).
There are already: Matrix, Jabber, Mumble, Zulip - all open source.
It took all of 2 minutes to delete my account and block Discord from my network. Credit to Discord for making the process very easy using the mobile app. I'm not going to put up with this crap just to occasionally use this app to play games with friends. My kids sure as hell aren't going to comply with this policy either.
As an adult that interacts only with other adults in good faith, it's easy to look at this and feel outraged.
But there is a very real and dangerous situation where children and adolescents are using Discord with zero guardrails, constantly interacting with adults - many of whom are predators. This is happening every day. Millions of children around the world "meet people" playing games online, take the conversation to Discord, and then get brought into a very dark world online that their brains are simply not ready for.[^1]
I don't like the idea of blanket face scans/ID scans with that data stored in perpetuity - but age verification of some kind is a must IMO.
[1]: https://www.afterbabel.com/p/its-not-just-a-game-anymore
Discord has parental controls. There's a myriad of services out there that restrict and monitor phone usage for kids. Use them and lock their phone and discord accounts down to nothing.
Restricting adults because parents decide to give little Timmy unrestricted access to technology is stupid.
I set up a forum when I started my site for Linux content creation. Discord had become a black hole for technical know-how on a scale IRC could never dream of, and finding answers to common questions was nigh impossible since the technology has changed and the modern way to solve problem X was never asked in a forum and never indexed by a search engine. Granted, Reddit provided a bit of a stopgap over the last decade, but the solutions in the comments these days are more often than not a confidently incorrect copy-pasta from GPT.
I use Discord for chat and voice calls since that is what I expect from a chat app, but the amount of companies that have built their community / knowledge base / support system around Discord is worrying. You know they can just delete that, right?
I'll continue to use Discord for chat until prompted to put my face in the hole :)
This won't stop at Discord. Banning websites/apps and ID gating is going to be everywhere in a decade.
Protect the kids puritanism is on max level right now, throw in some future terrorist attack or political issues that scare people enough like they fear TikTok and the internet will be fully controlled.
https://archive.is/E0kQ8
I'm based in Australia and had to do this early shortly before the teen social media ban came into place here.
I chose the face scan option as I simply don't trust most providers when it comes to uploading my ID. Countless data breaches have happened over the years where driver's license and passport details have been stolen from databases.
For those unaware, a driver's license is often referred to as the "golden ticket" for identity thieves. A single license usually contains all the information needed to open credit in that person's name.
Yes, they will claim their process is super secure, and they take security seriously. But then again, they all say that.
Genreally this is the part of the slope when most everyone perks up and realizes what game is being played.
Combined with recent AUS,UK laws mandating the same across most online services - im sceptical that even opensource offering could evade te dragnet.
We already knew that any ID verification for kids would inevitable mean everyone gets carded then sorted. With this AI profiling essentailly piggybacking on the likes of Facebooks decades long shadow profile shenanigans , and the recent Ring revalation that theyare essentially doing the same via their cameras. Its a bleak panopticaon that has all the essential building blocks in place.
it's like there's an inherent user-hostility in every platform that is expressed in a less-than-ideal user experience in it's usage or in the ways that the host will harvest all of your personally identifying information for various purposes (which it will also inevitably fail to properly secure, resulting in a near guaranteed leak at some point in the future).
I personally don't find ease-of-use to be worth the price of my privacy but most people are more than happy to sell themselves out piecemeal in the form of data until there's nothing left but a bunch of numbers in a spreadsheet to attest to their ever having existed.
To be honest it kinda sounds like a benefit for my use-case. I don’t engage with adult content on there and use it for one server with friends.
And this will reduce spam from random accounts. Will see if it remains usable without uploading my Id.
I think having kids asking if they can scan the face of their parents/older sibling will probably give rise to some good conversations.
Well, deleted my discord. It was the only social media I had, if it can be considered as such.
Shouldn't have been using a free product anyway. Committed the crime of convenience and paid with my telemetry. At least I stopped.
HN, you my only fren.
> Teen-by-default settings to roll out globally for all Discord users
Does it mean that even people who reside outside jurisdictions touched by the age verification craze will have to deal with all this?
> use facial age estimation
Surely a kid won't be able to ask someone else to pass the check for them. But let's talk about false positives. If the estimator falsely declares someone an adult, is Discord legally liable?
> submit a form of identification
If you have a picture of an ID document, can you verify that it's real? You'd have to ask the government for that. And at least in one country there is no process for that.
> On-device processing
Oh, a client-side check. Must be secure.
On-device doesn't have to mean on "your" device - they might refer to smartphones with remote attestation (like AVF pKVM) which of course are not really controlled by you..
> Does it mean that even people who reside outside jurisdictions touched by the age verification craze will have to deal with all this?
Yes, it's global
> If the estimator falsely declares someone an adult, is Discord legally liable?
Not until a court case on the topic gives us precedent.
There's a bright side to this. With people getting used to every website casually requiring a face scan and ID pic, setting up phishing campaigns and opening rogue bank accounts is going to become easier than ever.
Sad to see we're going with a "child by default" internet. It'd be so easy for device and OS makers to align on an API that could tell the browser/app whether the user is under 18 or not.
I know Discord is popular, but I've tried about 3 dozen servers on a ton of hobby topics (linux , raspberry pi, golang, various games, politics) and I've found the caliber of conversation to be very poor. Nothing like forums, stack exchange or even reddit (especially pre-2012) in terms of topic focus, support quality, creativity, technicality. Convos tend to be banal, cliche, monoculture.
I would love to hear a testimony from someone who finds their Discord servers to be edifying or uplifting. What worked?
It excels for small communities, groups of friends and the like. My IRC channel migrated because it's user friendly, embeds images, and voice chat is a breeze.
I agree for private servers it’s good. We used it for backup ops when our internal chat server went down. The feature set is very good
This is categorically unacceptable.
People's livelihoods and safety are threatened when there's people's personally identifying information associated with their Discord chats - even if linked by "anonymous" identifiers.
Imagine your photo ID next to the horniest thing you've stated next to some random asshole on the Internet.
Discord has no moral right to make such a dramatically consequential decision about the personal privacy of its users in jurisdictions where such age verification tech is not mandatory.
If you're looking for an alternative to Discord, check out Stoat (formerly Revolt). [1] Especially if you're an iOS dev with some free time as the iOS client could really use some love... [2]
(not affiliated with the project, just really want to see it succeed)
[1] https://stoat.chat/ [2] https://github.com/stoatchat/for-ios
And how much does Discord commit to paying in damages if my face scan or ID scan leaks from their servers? Via security vulnerabilities or employees making some money on the side?
How many people are doing age restricted stuff on Discord (besides the specifically there for adult content and gooning crowd)
All of my use is primarily professional and gaming and has no age concerns
Does it matter? The problem is that everyone uses discord for everything. It's not an isolated platform, it's THE platform if you want to have friends.
If you don't access adult stuff, you don't need to verify age. I'm not giving them my ID, I'm not expecting anything to change about my Discord experience.
What's the issue?
Gaming certainly has age-concerns, many games are rated 13/15/16+ or 18+
But yeah, leaving discord... they are not getting my ID/Photo
At least Google is pushing on zero-knowledge solutions
Maybe they can force everyone's hand like they did for https
https://blog.google/innovation-and-ai/technology/safety-secu...
Ratings aren't legally binding though are they? I bought games older rated than I was, and it's totally up to people's parents what they're allowed to play. Are you suggesting a 15 year old should be allowed to play the 16 rated game but not discuss it?
1 reply →
> The first option uses AI to analyze a user’s video selfie, which Discord says never leaves the user’s device.
I'm wondering if this will work with a YouTube video...
I don't think there is anything anyone can do about this trend, other than come up with viable age-verification schemes that preserve privacy, and don't require things like scanning your face or sending random companies your ID.
There are plenty of approaches to this, and I won't spam this comment with all the thoughts I have on the subject. But my frustration is people want things like "cancel your nitro subscription" well I don't have one. What else? It's just small things that will not impact anything. Every service out there will require this sort of verification soon. Being angry doesn't stop it. Even voting doesn't seem effective to me. But better solutions might.
If they could verify your age as accurately as a store attendant a physical store could, what else could they want? And if that could be done without giving random websites any identifying information about yourself, wouldn't that be better than this mess? Two things can be done, you can resist this nonsense while supporting alternatives to it.
It took so long to have a decision like that from Discord. I use Discord everyday and I know that a lot of teenagers use it and I think a decision like that can help to keep safe these teenagers from the internet. When last year Discord introduced that AI face scanning I thought that it was a serious problem for the security of our data but if, as they say, they remove all of the data of the ID extimation.. why not?
People are pretty skeptical that discord will actually delete it (because they had a data breach showing a lot of undeleted face scans and id pictures already) or that their partner organization who does the validation won't just save it instead.
Also I don't really think this solves the grooming issue - it stops them from going in certain channels or getting pictures from non friends but an adult who wants to get past that to get to kids probably will. You'd really want like "teen only" servers with verification going the other way, if anything. I've never seen that proposed oddly
It’s hard to trust a company when when they’ve already demonstrated that they [can’t be trusted](https://arstechnica.com/tech-policy/2026/02/discord-faces-ba...). And i’m sure there will be an argument of “but this will make it more likely that they’ll be safe about it to not have a repeat”, which will likely be true for a while. Then cost-cutting offloading to a third party that promises to not keep the data, or a new feature will come in that needs the photos, or a misconfiguration will happen where things that should be deleted won’t be, and we’ll be in the same boat again.
The only safe data is that which does not exist.
FOSS, optionally self-hosted alternative built on nostr: https://flotilla.social/
Thank you to Discord for making it easy to cancel my Nitro subscription from the mobile app. I've had Discord Nitro since it started being offered, buh-bye.
Both social media and chats need a truly open decentralized protocol that is accessible and usable by the general public. It feels like with clawbot becoming popular that people are open to the idea of self hosting something if it has an easy enough interface.
The same thing could be done for social media and messaging. People should hold control over their own content and the application layer should just be content organizers and consumers.
to take control of your own content while preventing it from being harvested for ai training, there’s a straightforward method.
- use a browser extension to encrypt comments sent to any social media platform. - by sharing your public key with intended recipients via a third-party channel, the platform only sees gibberish.
this makes ai training impossible, keeps corporations in the dark about your conversations, and ensures that any government surveillance only yields encrypted strings.
however, the platform might ban you as a bot, since this effectively prevents both the company and the government from snooping on your data.
This makes it non social media, the reason I post on social media is to ALLOW the world to view what I speak about. I don't mind if my data is harvested or trained off of.
Posting with encrypted data makes no sense as you are disrupting the social network with worthless garbage for 99.999% instead it would just be better to have an RSS type feed that your consumers (friends) can subscribe to and it shows the comment you made and the link to what you commented on.
Or if you just want to say something about it to 1 friend just send it to them.
You could still have pub/priv keys and an autodecrypt system though or use traditional authentication for allowing content pulls.
So a good EU OpenSource alternative : https://stoat.chat/ formerly known as Revolt.
Alternative: run your own self-hosted messaging server for you, your family and friends. No company should ever get such sensitive data as private conversations.
Use Discord with a throw-away account. Create a character in GTA 5 on your laptop and show its face (in "selfie" mode) to the web-camera on another computer with Discord open. All face scan checks so far gladly accept it. Instagram has been requiring occasional face checks for ages already.
Okay, that's the end of #Discord (at least for me) because I will never upload 'selfies' or a copy of my id to a social media site, or something.
Discord is in a position to demand nothing.
No privacy loving person will comply with Discord on this matter.
Discord is doomed to only have weak compliant users on its platform.
This growing trend of accounts for everything enables the collection of all your data and attacks such as this gating your access behind sending in more personal info.
Your IDs and biometric data for most services is sent to multiple companies, governments, and who ever else comes asking, armed only with a piece of paper. It is never deleted. It is used to create a profile of you and your activities.
Never use an account if possible.
“We will find ways to bring people back” yeah because that usually works. I imagine this gets rolled back or siloed to only adult specific channels.
Finally I feel validated complaining for the last decade about the move away from IRC/teamspeak to centralized services. I've been called all kinds of names.
Now those same people are complaining they're gonna have to submit their faces to discord. Which will eventually be used to prosecute or commit fraud. I'm left wondering if "tech enthusiasts" are ever actually correct.
Heh, that happened with phony nostalgic gen-z kids trying to recreate 'old times' with Discord and turd themning for Windows AKA called 'Frutiger Aero' while bitching against XMPP calling it 'malware'.
They wil learn by brute force. As we had to do.
It's clear "age verification" is not something we'll get rid of, so I think instead we should push for a publicly verifiable double-blind (zero-knowledge proof) solution that can ensure it only gives the websites a boolean and doesn't allow correlation from either side.
The alternative is having to give your ID to Facebook, Google, Microsoft, and all the other bad actors...
I miss the era of Internet forums. They didn’t need to be federated, just simple deployments of MyBB, vBulletin, PHP, Xenforo and so on.
I made a lot of friends on those communities growing up, and it inspired me to go into software because I saw how it brought people together.
And I still sorely miss the WhatCD forums. While I didn’t make any friends there, it shaped my early experiences with music which still reverberates through me today.
Even with the reinvigoration of new ideas from LLMs, tech feels like it has been languishing for well over a decade at this point. The playbook is to disrupt traditional industry at a loss, then enshittify when competitors are gone. A lot of tech plays really feel like some form of: bring the yellow pages into the digital realm and overcharge for facilitating that access. Finding a firm that even uses AI outside of a chatbot UX is rare.
>And I still sorely miss the WhatCD forums. While I didn’t make any friends there, it shaped my early experiences with music which still reverberates through me today.
Could not relate to this more. Spent my formative years in those forums and they genuinely helped mold many of the tastes and interests that have stuck with me into adulthood. Not to over-romanticize, at the end of the day it was just a forum on a music tracker - but the sense of community and sheer diversity of thread topics made it such an interesting place to peruse.
Discord certainly has its applications. But since it became the defacato community tool, I find it essentially useless. Discussions are ephemeral (from a UX standpoint at least), and much more constrained. Its difficult to lurk and only chime in now and then unless you're regularly online.
I think discord has been terrible for the internet. A lot of open information has become gated. And now it's gated behind a platform that many of us are not willing to use anymore. Let's hope this pushes out people and communities back to forums and such, but in reality other platform will take over.
Wow.
On one hand, I'm not surprised.
But on the other hand-- I would be terrified to be in charge of a company who needed to make this ask. It's just such a big deal, such an important bit of information to protect from hacks.
I hope they lose most of their customer base. But I'm terrified they won't.
The gradual erosion of privacy is no longer gradual.
I've needed a nudge to cancel my 5 year Nitro streak. This was it. I guess if they reverse course before March when the billing cycle is over, I'll renew. Hope I'm not alone in this. The only way they'll decide to not move forward with this is if enough people do the same.
So you'll still use Discord, just not Nitro?
If cancelling your premium sub is all you're willing to do, it means you're not being militant enough.
I am attempting to revive my once fairly large Minecraft server, and not being present there means suicide. What I can do is signal to them that not only am I not giving them my ID, I am no longer giving them my monthly payments ever again. Which is the metric investors want to see increase, not decrease. I have given them hundreds of dollars in monthly payments. That will now cease as a result of this decision.
You don't have to go pedal to the metal to signal disapproval in a way that hurts.
Genuine question, what is stopping users from using AI to generate a fake face or ID to bypass this restriction?
There is a bit of an arms race between id verification systems and users bypassing them when AI gen. Which is really just ai generated images vs. AI generated image detection.
In practice, nothing will stop it, the tooling will gradually get better at detecting prior fakes and banning those users while the newer fakes will go undetected for longer.
Putting up the requirement satisfies their CYA requirements here. The race between AI fraud vs. detection is something they can just ignore and let happen on its own.
> prior fakes
But they assured me my biometrics are deleted after uploading!
This is such a huge mistake, Discord. Hopefully enough people put a lot of pressure on them to reverse this.
It was nice while it lasted. Account removed. I understand the rationale and I don't care anyway. It is a shame, because one of the niche forums I was occasionally visiting there does not offer other locations.. but I would like to think this may change people's mind.
Yay to further fragmentation:D
Medium term, moving to another platform is the best solution. In the short term, I think using some other platform for the locked features is best?
For example, if we are in a server for coding, maybe we will have to use zoom or google meet as a stopgap. Curious if others have better alternatives.
That's a solid no from me. Looks like I'll be moving my gaming friends back to Steam and the others to a secure messaging platform or one I can host myself. Before Discord I was running a Mumble server that everyone could connect to and everyone liked it a lot.
I can see the moderation and age-verification motivations here, but I am wary of how this changes expectations around identity on social platforms.
Mandatory age checks with biometric or ID data can create long-term privacy and reuse risks that the ecosystem has not fully reckoned with yet.
to everyone that tried to persuade me to move my projects from forums to discord :
phpBB never made me scan my face.
Well I've spent the better part of 7 years building a community on my own discord server with dozens of friends, many of whom I interact with daily in voice.
So... what now? I just have my life literally turned upside down because of a greedy surveillance state?
> "On my OWN discord server"
[Emphasis added]. You are confused about ownership, and now sadly are suffering the consequence. The answer to your question is simply yes.
Move the community over to a platform where you actually own the server. There are self hosted alternatives. (or pay a hosting provider to run it)
The child predators are not stalking the adult forums. They're in the "for kids" ones. This "protect the kids" nonsense needs to be called out for what it is - a sham.
Well maybe misdirected. I remember the first few times my dad caught me looking at hardcore BDSM pornography. I was probably 13 and definitely gay. The first time he cancelled our internet for a month and the second time he started shutting off the breaker to the computer at night. I was hooked though.
I can see how parents are wary, that was probably a big shock for him . Luckily he was able to process his feelings with the belt so didn’t have to go calling his senator.
Thanks to all the OSS projects that adopted this in preference to mailing lists to better appeal to zoomers. (And note that while these projects often do still have mailing lists, most of the actual discussion now takes place on Discord, behind an authwall.)
I've had a Discord account for 10 years. They seem to assume all discord users are at least teenagers, so surely they can't think I was 8 when I created the account. So can't I have the "full" experience automatically?
because they want your data, and to be fair there's no safe way to determine your age, account could get stolen or transferred to other person.
This part is interesting:
> [verify to] Speak in a stage channel.
My understanding is non-stage voice channels are E2E encrypted, and Discord retains no recordings, whereas stage channels are not. Is this a liability thing—Discord not wanting to have voice recordings of non-adults?
Been meaning to cancel nitro and move off to Matrix or something, thanks for the push Discord!
> On-device processing: Video selfies for facial age estimation never leave a user’s device.
What stops kids (or anyone) from using "AI" (which they are already using to a great extent)?
I bet you could bypass it without any video, too, while we are at it.
So now all the open source projects that use this walled off closed platform (even though scores of people complained and warned about it) can go back to hopefully using something open and searchable.
This is a really misleading title. It doesn't "require" either. The majority of adults will not see any verification as the system is already able to verify they are old enough through other data/means.
I foresee Discord receiving a lot of identification documents from the likes of Ben Dover
Dingle Dongle
Hot Ta Tas
Source: https://discord.com/press-releases/discord-launches-teen-by-...
Sounds reasonable particularly given age of account implementation. And even if new account, if I don't have my face scanned then they won't show all the garbage. I have no problem with that.
Just another instance of companies participating in the creation of the police state.
These companies do not do this under external pressure from the state, they do this because it benefits and consolidates their power as well.
It's bricks for their castle wall.
Corporations should not be considered a separate entity from the state. Corporations form state power. This doesn't mean they are always in-line with the state, but that they lead the state as a block, as a class, defending their common interests.
Policing is one of them.
Discord doesn't need my identity and I don't need discord. Bye bye.
Good. ya'll will be surprised by how many under age kids use it...
The CEO of Discord is Humam Sakhnini. He's from McKinsey. So that tracks.
How else would you fight growing antisemitism on Discord?
[dead]
I use Discord to talk to university students (top 10 in CS) and it only works with university email. I am wondering if I am going to be treated as <13 from now on as well or if they waive it in our case.
It is possible for 12-year-olds to attend university.
Even grad level?
1 reply →
I like this a lot. That being said my response to this whole biometric/ID push is going to be to leave every space that asks for it. I don’t think I’m going to miss these all that much.
The writing was on the wall here like a decade ago
And often is there for existing apps, that things like this can happen
So people might take stock of existing apps like Discord that they might want to migrate from
One thing that could happen is that someone might decide to vibe code a Discord clone, without all the extra crap. I'm sure there are people out there doing this already.
There's this interesting arc of growth for apps which are successful. At first users love it, company grows, founders get rich, they hire expensive people to develop the product and increase revenue until eventually the initial culture and mission is replaced by internal politics and processes.
Software starts getting features which users don't want or need, side effects of the company size and their Q4 roadmap to 'optimize' revenue|engagement|profits|growth|...
Users become tools in the hands of the app they initially used as a tool. This model worked well so far and built some of the biggest companies in history.
AI could make this business model less effective. Once a piece of software becomes successful and veers off into crap territory, people will start cloning it, keeping only the features that made that software successful initially. Companies who try to strong arm their users will see users jump ship, or rather, de-board on islands.
At least I hope this will be the case.
Thanks, I'll just keep using XMPP MUCs like a caveman I am.
I thought we didn't talk about political issues around here?
What are your favourite active irc channels for technical hobbies?
Credit card verification not an option.
Facial video estimates or submit an id card.
Option 3: if we analyze all of your data we have and see you are not going to bed at 8pm for middle school, you get adult status.
https://www.nature.com/articles/s41598-023-42054-9
Discord says immediate deletion. They already leaked 70k IDs. Your biometric enters the permanent record somewhere. Discord, their vendor, or Utah. Someone keeps it.
You can be running this in 10 minutes https://github.com/Merkoba/Hue
Discord's about to Tumblr over themselves with this one.
This is coming for all web-based services soon. Don't think for a second it's just Discord.
It's just a small step ahead of "phone number required" auth.
You can, of course, not do this (you meaning the company, Discord)
You can choose to be respectful of people who have valid reasons for not providing ID
But you want that sweet IPO money (as stated elsewhere in this thread). You don't actually care about the internet and how anonymity is a cool thing for certain vulnerable groups
All these tech CEOs should face prison time and I'm not joking. They've displayed a complete laissez faire attitude to all of these concerns
Such an important announcement for a platform reminds me the attempt of OnlyFans to ban sexual content. I wait the D soon retracts this decision.
When I first read the headline, I assumed it meant they were requiring face scans to protect against AI Agents/Bots, not to "protect" kids.
Somewhat related: I created an HN users Signal group, following the massive success and utility of creating a friends-and-associates Signal groupchat (that ends up discussing privacy/security/AI/etc).
HN User Chat: https://signal.group/#CjQKICCPlygJ6YXA0jqqOcE0K3AHovCOX4WKEN...
If you follow me and want to join my friends-and-associates one, I’m @sneak.07 on Signal.
We're going to see more social networks struggle and something like world.org or similar that protects privacy is needed.
Is this the final straw that kills their platform?
No thanks. Discord, it has been fun, but I decline.
People have dropped platforms en masse over lesser things. This is not going to go well. Are they even going to make it to their IPO?
lot of people complaining, but, seems like they rolled it out already in UK and Australia... no real complaints I know of, and I'm in NZ and are on NZ/Aussie discords. Also teen mode doesn't actually seem that restrictive. Seems an ok move to me. But for whatever reason people seem to froth at the mouth when it comes to discord on here.
Uk, Effective from July 25, 2025, regulated platforms must use "highly effective" methods, such as facial age estimation, credit card checks, or ID verification to prevent children from accessing harmful material, with potential fines or bans for non-compliance. (extents to any platform with user uploaded content)
Australia, as of 10 December 2025 Australia requires social media platforms to take reasonable steps to prevent users under 16 from accessing accounts.
No wonder there where "no real complaints" those countries are already under heavy age verification law.
> Also teen mode doesn't actually seem that restrictive.
Doesn't mean it can't get more restrictive in a few months. Ease people into it would actually be the smart move since there will be less complaints.
> But for whatever reason people seem to froth at the mouth when it comes to discord on here.
Because Discord has not handled their data well in recent memory (actually ever).
Also it is a global rollout not mandated by the countries law. This indicates that it is a business decisions and therefore probably they stand to gain from it financially.
or.... for simplicities sake, everywhere operates the same way. More countries are going to require this, this makes it pretty simple for them I'm guessing, just roll it out everywhere.
they had a breach last year...they didn't leak their core data, the 3rd party they used leaked data to do with age verification. Which was bad. What other data problems you see? Nearly everything else is unconfirmed/scraping public data.
They could make it more restrictive? sure.... but why? a core demographic for them is teens playing games and joining servers related to their games, why would they make it worse for one of their biggest target audiences? Any company who are targeting kids (Roblox did something similar) really do have to show they are doing at least something to protect that demographic. The consequence of not doing that is governments coming after you. That's their financial incentive, not to be shutdown, fined, sued etc.
I have a discord account that I use very rarely, and just tried it (from the UK) and it didn't ask me for any ID or face scan. If they do start doing that, I'll simply stop using the service.
Maybe this time finally a lot of communities will realize that discord sucks as a Archive, Forum, FAQ or news channel.
I'm only on a few programming related discords and not going to lie, even those are slightly toxic. So bye discord.
Why does every company work with persona? It's the shadiest company outside of Palantir, what is going on?
A lot of whining here about how this is an imperfect response to the issue of children being exploited on Discord / using the platform to engage with inappropriate content.
Until someone offers up something better, I take these types of initiatives from social media platforms as huge wins. Ignoring the problem will not make it better. We've been ignoring it for about 20 years now, and it's only gotten worse.
The thing stopping kids from getting "exploited on Discord" ought to be the same thing that stops them from stabbing each other with pencils. Raise your kids better, and stop expecting everyone else to tolerate your failure to do so.
A majority of Americans are in favor of age verification.
https://www.edweek.org/technology/not-meant-for-children-adu...
Have you ever considered that it's the other way around? Maybe the security needs of a minority shouldn't block policies with wide support that will protect children online?
Either way, the whole "parent better" argument doesn't work. It's victim-blaming. Thousands of kids download Discord every day to play video games with their friends only to eventually be invited to servers which host explicit content / bad actors that we know can permanently harm them. A bunch of software engineers on HN may understand the risks that online platforms pose to their children, but much of the population cannot/will not fully comprehend this. We should not allow their children to experience terrible things just because their parents aren't read up about which platforms will gladly allow creeps to interact with or message their kids.
The answer here is simple: if you don't like age verification, move on to a different service. Creating spaces where there are rules and order on the internet for those that are vulnerable is much more important than you not wanting to upload a picture of your ID to a platform that you're using completely voluntarily.
4 replies →
The solution is parents! Stop making your bad parenting my problem!
How has it become your "problem"? Do you believe everyone should be able to get into any location anywhere worldwide without screening?
If you believe that all parents are intelligent, informed, and put their children's well-being before everything, you are unfortunately wrong about society. Kids don't deserve to suffer just because they have neglectful parents.
Discord, on the other hand, should be at least somewhat responsible for the interactions of children (which they profit off of) on their platform.
And finally, you, a sentient adult with free will, can use another platform. Not your problem unless you want to make it yours, which is the response of choice on this thread.
I wish I could simply show Discord my adult genitals as evidence of my adult-hood.
The sharing of my ID with a known incompetent company & business seems like a risk they're foisting upon me.
You are not going to be liable if your information is leaked. They will be.
Be responsible for your spawn and don't be a weenie about asserting boundaries for them.
When the openclaw/moltbook fad dies, those Mac mini's could be repurposed for a p2p forum network.
Why does the idea of collecting millions of images of minors not sit right? Roblox, Character.ai, Discord…
Why would minors need to provide photos? The point of this is to verify adult users.
I was speaking of the “face scan” option listed as #1 option on Discord’s “How To Complete Age Assurance”. It’s well known minors are using and/or gaming the face scanning on other platforms. Some adults are even having their accounts downgraded to a minor-level restricted account based on their face scan. All around it’s a terrible implementation for age verification.
Hard no. Reality is that this push is everywhere. Authoritarian governments are cracking down hard on dissent, they're not going to leave huge platforms for communication untouched. We'll need open source decentralized alternatives.
Indeed, the article basically says as much in more pacifying terms:
> driven by an international legal push for age checks and stronger child safety measures
I’m always amazed that despite decades of evidence… there are people that not only don’t know that you can do anything if you say “it’s for the children” but they’ll actively support it.
HN: Social media is terrible and ruining kids' mental health.
Also HN: Any attempt to limit access to verified adults is an "authoritarian crackdown" and totally unacceptable.
Children generally have these things called "parents" who are supposedly responsible for their well being. Oh hey, suddenly there isn't a contradiction.
3 replies →
HN commenters are many. Not 1. And 1 person can believe 2 things are bad.
[dead]
Good. Maybe then we'll stop having Open Source projects using it as their only store of knowledge :)
Forget cancelling my Nitro - what's the best way to convince my friends to cancel theirs?
Not being there. Tell them you'll be at ____ when they need you.
What ____ is, that's the problem. There's no self-hostable option that has easy audio/video like Discord does.
mumble or teamspeak is pretty easy IMHO.
Honestly I think this is necessary. I'm not sure how heavy handed their exact implementation of stuff like content filtering would be, but I've seen way too much sketchy stuff on discord servers. Predators, blackmail, harassment campaigns, it's not great and a lot of the servers I'm in already require ID verification by mods to even chat in general. It'd be great if this was opt-in on a server by server basis but I could see that being a problem too.
I've seen way too many governments / companies use "protect the children" as a way to try and push overreaching garbage policy, however I think this one actually might help.
That said, depends on exact details of how they want to do this. We'll see how it goes.
Showing ID doesn’t stop crime or criminals, or stop fake accounts.
I’m simply going to scan someone else’s ID to keep my account.
Absolute idiots, who the hell is going to do a face scan? Or share their ID with ... Discord?
Also curious how people like Epstein and James Alefantis are just casually using Gmail and Instagram to post CSAM and suggestive torturing of kids. Seems like the onus should be on the companies, not the users..
What I don't get is out this is to protect teens, but what person that is 13 has an ID?
So my friend group has been looking for alternatives for a while now that feel like discord, works on mobile and desktop, and has voice chat.
I use Signal but the UI is very different from Discord.
I've had very mixed experiences with Element + Matrix, Element keeps crashing on mobile, and while voice chat kinda exists in Element it's not been great imho.
I looked into hosting Rocket.chat, Zullip, and Mattermost but from what I recall voice + mobile were either missing or paywalled at a per-user price.
Any recommendations?
have you looked at mumble or teamspeak, seems they where the default for a bit before discord. Atleast for gaming.
I seem to recall Jitsi working pretty well.
Jitsi is great but the element integration felt clunky. Maybe I'll have to revisit it.
How do they green-light this? No one wants this. It doesn't make any sense.
By Discord's own ToS you can't use Discord if you are under 13, so this change is just to make sure users that are 13, 14, 15, 16, and 17 years old are appropriately labelled.
Why doesn't Discord require ALL users to upload their faces to prove that they are at least 13 years old and eligible to use the service?
What’s with this recent push for ID verification from every site and service?
Cowering to autocrats all over the world.
Good bye. Discord is not trustworthy with this kind of data. As proven recently.
Okay, i'm not very good at coding, especially web.
It seems to me that the "logical" solution to this is some sort of local key like "sudo" that the user enters/has access to. This key is on a cookie or request or something that says "This request is being done by a verified adult" and then the website goes "cool here's your data". If the request does not have it, then the website says "Sorry you need one of these keys/permissions to access".
I see this as elegant because like modern IDs, YES THEY COULD GET AROUND IT, but at least it gives parents and users who want to abide and try the ability. Kids get fake id's, they get stuff they shouldn't. So long as audits show that the businesses are trying to catch this and punishing those who ignore procedures properly, things are "fine".
How infeasible is this from a coding perspective? I get that we're fucking with standards here, but I figured it would make most sane users and companies happy. Companies don't have to keep PII, just a log of "yes this access from this IP was approved, but we discovered is was used falsely and banned that key", and users have a tool that's setup once locally (or refreshed when you want a new key).
I guess you'd need some way to authenticate these as if it's too easy to spoof whats the point, but it strikes me as leagues better of "store everyone's colonic map"
How off base am I here? Is the theory somewhat sound or is this just dead from the ground up?
> Content Filters: Discord users will need to be age-assured as adults in order to unblur sensitive content or turn off the setting. [1]
That presumably includes selfies?
That means that to exchange racy photos on Discord, each person must first record a facial age estimation video or upload identification documents.
That seems dystopian.
1: https://discord.com/press-releases/discord-launches-teen-by-...
How do you know one party isn’t 15 when the other is 25?
You’re never going to convince a parent or a lawmaker or even me that this is dystopian. Seems like a perfectly reasonable safeguard.
> How do you know one party isn’t 15 when the other is 25?
You don't. That's why parents need to be involved in their children's lives.
CSAM is the easy excuse, anyway. That's the one lawmakers use, and most people are against CSAM, myself included, so the excuse goes down easy. But the impetus they don't talk about is monitoring and control.
The answer isn't to destroy privacy for everyone. The government and these corporations don't need to know what you're doing every second of the day.
5 replies →
They'll now have kompromat associated with a name, address, and id number (be it social security, BSN, or whatever your country calls it)
This is just the latest in a long trend of increasing spying on users. Why bother having to guess who your user is, or fingerprint a browser if you can just force them to show you their national ID?
This is transparently about spying on people, not "protecting children". The real world doesn't require you to show your ID to every business you frequent, or every advertiser you walk by. Someone can yell a swear word on the sidewalk, and not everyone within ear shot has to show ID.
Actively withdrawing from all US proprietary software and subscriptions ...
This might be an unpopular opinion, but imo this is a directionally correct decision from Discord. I feel that it's important that there exist privacy preserving, anonymous communication platforms; not that every platform must have or must not have these qualities.
Platforms need to adapt to how they're used (or how they want to be used). The amount of child exploitation that happens on Discord should make any civilized person working in that company uncomfortable, and its natural and good to want to do something about it, not out of external or governmental pressure, but because you yourself can see the dashboards and logs, and can see what's happening.
There's a needle of difference between a government mandating identity verification, and a private organization saying this is how we want to run our company. Threading that needle is living in a free and safe society. If we can't thread it, and we fall to one side or the other, then you have to choose whether you prefer safety or freedom. Personally, I'd rather have both.
Guess I’ll have to try convincing all my friends to move to Matrix.
the social network no one really needs is going to require IDs. Guess I’ll go ahead and delete the app once I stumble across it some day.
Jump here, you can see Lucca (as we say in Italy, more or less..)
Not required by law, what could then be the reason, I wonder?
welp glad I set up my own replacement for my own business/events https://hub.lanified.com
So Long Discord, It’s not like It’s the only forum in town
You have got to be kidding me. What is it with these lawmakers and websites demanding people do all of this stuff using services that nobody has ever heard of? I myself (as someone who is blind) have never been able to do the face scanning thing because the information they provide (for, you know, getting my face focused) is just massively insufficient. And a lot of the ones I've seen also require me to (as an alternative) do some weird ID scanning with my camera instead of, you know, just allowing me to upload my ID or something? (Then again, I really wouldn't want to give my ID to some service nobody has ever heard of either, so there.) I also am concerned when tfa says "a photo of an identity document" what does this mean? If I have to scan my ID with my camera, that's not exactly going to be simple for me to pull off. I get that we need to protect kids, but this is not the way. Not when it is discrimination by another name for individuals with disabilities (as just one example).
Good to reduce fraud, isn't this zero trust in practice.
Another company jumping on the bandwagon to data-farm in the pretext of safeguarding children. I really wonder if there's an actual method to actually safeguard children while also not holding on to data. Because, genuinely, you can't question this.. Companies would just say "we are trying to protect kids" and that'd be the end of the argument.
I really wonder if when this is fully implemented if they will have any safe guards against selling "adult verified" accounts. With AI being a possible work around for those who don't want to share an ID, selling accounts would be another big issue unless they check for IP addresses and block based on locations and logins. EDIT: I see in another comment that its against TOS to sell accounts, I doubt that has stopped anyone before though.
And I'll be uninstalling and looking for an alternative
So many comments but i dont see anyone mentioning llm to replicate Discord, or others Twitter, Facebook. If claude can create a C compiler this would be trivial. And demonstrate the actual real world benefits of AI.
Hope they use zero knowledge proofs like ZKPassport app
Glad I don’t use it.
Curious how this will affect midjourney's earnings
what is the relation?
Midjourney is primarily a Discord bot that generates images from text prompts within the Discord app. Now many paying Midjourney users could be forced to verify themselves.
IRC is still a thing
I think I’ll pass on a chat room face scan. Wow.
Is there an AI service that can generate fake IDs?
I'm so glad I always refused to accept this one.
I don't know what people need as lesson. We already have so many FLOW options, and yet they are so many running after the last shiny ready for enshitification ready to go platform.
Expect them to sell your whole life to whatever party with enough money to throw at their face.
So glad I never put my eggs in the discord basket
Nitro cancelled, all boosts for my servers cancelled, have recommended my communities all do the same. It'll be a lot less smooth but we can go back to IRC + Mumble.
Enshittification and profit-maxing strikes down yet another decent piece of software. Rest in piss.
There's discord in gas town tonight.
I really hope this triggers a mass exodus
Goodbye Discord. It was good to have you.
I guesa i dont need to use discord anymore
i can live without discord but I’m required by law to interact with irs and therefore idme and their mess…
Based. Kids should start gamefaqs again!
every website will ask or phone someone to verify your id in the future. what a horrible day thatd be.
We need to being back p2p
Is this legal in the EU?
Should be yes, however the data (if any) gained is considered "personal data" and should be handled conform GDPR legislation.
Reminder: “age verification” is just another way of spelling “every single user of the service must provide a government ID to use it”.
Luckily, they well enshittified it prior to this move, so my account is already deleted. I wish Discord a swift irrelevance.
Glad I left months ago
Glad I never signed up to begin with
no more discord GenZ
I am not one for conspiracy theories but I notice a pattern... Did you know Chrome now offers to save your passport and other ID data in their keychain? Why, after so many years, do they now offer to save this information that, if leaked or backdoored, will easily bind login information with their owners?
Is IRC illegal yet?
I will go against the grain and say that I am happy that Discord is doing something about the NSFW content that is being fed to children on its platform. I don't use Discord that much personally but I heard from friends that it is a goto for NSFW content, similar to reddit.
Every time the topic of ID for 18+ content comes up, the entire internet melts down over "big brother" and "privacy", yet no one flinches at presenting ID for alcohol at the store. And further more, nobody offers an alternative solution the problem. Status quo isn't acceptable. "Kids will always find a way to bypass measures/access their porn", is also not an acceptable answer.
We as a society need to do something about the unprecedented levels of porn addiction in today's youth. "Enter your date of birth" prompts are performative and do nothing.
I will say I am usually the first person to oppose any sort of government overreach, I am very pro privacy.
I believe the energy put into the criticism and boycott of Discord should be put into finding solutions for verifying ID in a secure and private manner online. Something like Apple Pay for IDs?
I think the issue here is that companies (and govs) are choosing the worst possible solitions to a real problem because it benefits them. Gov wants it for control, companies want it to sell ads and mine data. They team up, and screw everyone over while overlooking other viable solitions
> We as a society need to do something about the unprecedented levels of porn addiction in today's youth. "Enter your date of birth" prompts are performative and do nothing.
I agree, however show your ID is just a "Enter your date of birth" prompt with obfuscation.
Buying alcohol is physical and therefore has some advantages, for example you can be sure that your ID is not copied/sold as you are there and get it back.
In another comment the idea was presented to make a "I am adult" card you can buy (physical like the alcohol). I think that would work a lot better than upload your government id and face to random app/website.
Maybe I'm old school but I was always told "don't make a copy of your ID" by the government, a photo was included in that definition.
They’ve been rolling out a bunch of stuff like this in Australia and the UK. As an Australian I’m fairly certain I was made to do some sort of facial recognition some time ago.
I kind of hate it, but honestly it’s had minimal impact on me and my usage of these services if I’m being real.
Why is this such a big thing? Who cares about the face scan?
It'll basically create a unique hash of your face, to be tied to all your comms. I can think of a dozen ways this could be misused by a nation-state.
Oh wow that’s something else…
Take a picture of your debit/credit card back and front for me. I won't use it to buy stuff, but I wouldn't mind a picture of it for safe keeping.
Goodbye Discord.
The usual "to protect the kids" bs. Only people who does not understand the implications of this, will provide personal information.
Watch:
A) Discord relaxing its rule because of mass exodus B) People moving elsewhere where no personal information is required
Looks like it might be opt-in by server.
Wow
Delete!
ENOPE.
No thanks
can't wait to beat it with a face-swap or some random driving license found on the internet
Honestly they're probably big enough to get away with it.
If it was only friend groups it would kill them for sure, we've seen that many times, but given the absurd amount many large online communities on Discord, I'd wager they can force it down and be relatively unscathed.
They played the long game - they provided a good service for 10 years, and got REALLY big before they started the enshittification process.
Amazing how this coordinated attack on internet privacy has been so effective, the amount of people in my country who see this as an attack on "Big Tech" or even "The Tech Bros" is astonishing. I do not even know what one can do about people who are so unaware of what behooves them especially given the recent coverage of Epstein and just how prevalent all sorts of blackmail is and how useful this would be for gather kompromat not just by their government intelligence agencies but also foreign intelligence agencies and even just scammers come blackmailer.
not to mention the recent prevalence of so called sextortion on teenagers.
disturbing stuff, hope the kibosh gets put on all these policies and their is a public push-back, but that is really seeming like a fantasy.
They sold the kids' souls to the algorithm. They caused the Mental health crisis. They caused Dysphoria. The Depression. The "Ghost" we fight against—they fed it.
Now that the governments are scared to deal with it, the Governments are scrambling. They are slapping a "Band-Aid" on a gunshot wound and it's all bullshit.
Kids lie. They fake the age. They use VPNs.
The Corporate Reality is that Meta, X, TikTok want them to.
I don't trust any government clerk with my personal data, let alone Discord. What a joke.
Yeah good fucking luck with that. Time for the "discord alternatives" search on Google.
meh, discord hasn't done anything interesting in years. i'm mostly on Sup these days https://sup.net/i/rgc-fnqc43h
What interesting things does Sup offer?
bye Discord.
Haven't cared about Discord in a long time. In fact I'm glad they're continuing to shoot themselves in the foot.
During the pandemic, I was on a Discord server for folks to socialize and blow off steam about the whole situation. Yes, there were some anti-vaxx wackos, but overall the place was civil and balanced, and I met some interesting people through it. We cracked jokes and it was a little bit of fun in a tough time.
One day I came to discover that Discord had banned the server for allegedly violating... something. I wish I had written down everyone's emails because I permanently lost contact with a bunch of friends in an instant.
I never signed in to Discord again, in spite of times where some other social group wanted to use it. I vowed never to use Discord again. Fuck those guys and the Teslas they rode in on. I hope this ID verification thing is another big step towards their irrelevancy.
Discord has 150 million monthly active users.
They’ll be fine. To them, this is just another internet boycott, with all that entails. Reddit survived a worse one and grew afterward.
The difference with Reddit is it has way more persistent value. Everything on Discord is throwaway, but valuable posts on Reddit from years past are easily retrievable. The two aren't so comparable.
One of the unspoken reasons many people have for using Discord is they don't want what they say to easily be associated with them in perpetuity. Requiring ID really chips away at that, in spite of what Discord has to say about privacy around ID.
By no means am I saying that Discord will go extinct. I just haven't observed anything about it that's irreplaceable. Reddit, on the other hand, has a wealth of discussion dating back to the mid-to-late 00's.
3 replies →
[flagged]
It's wild that this nonsense is still floating around by people pushing "credentialed doctors", whatever the fuck they think that means. No one with any vague degree of credibility would now or ever has supported "very large number" and all of the "externalities" (are you sure you're using the right words) have been vastly outweighed by the things the vaccine provably did.
So tired of this shit.
7 replies →
This is not OK.
> Identity documents submitted to our vendor partners
Fuck you
after discord then what ???? fb,twiiter,instagram etc ???? hell nah
do we really need to do this EVERY FUCKING SERVICE that we would like to use ????
What are the chances this is being implemented solely as a tool of control by Trump, eg to target his paramilitary attacks?
Well. Goodbye Discord. I'm leaving.
Technofascism. Do not comply.
Yeah, no. Account gone in advance.
(( This is a repost of what I shared on Reddit here https://www.reddit.com/r/discordapp/comments/1r05vkj/comment... but I think the context will be helpful for this group, too. This article title is very misleading. ))
Tl;dr: The vast majority of adults will never have to interact with our age assurance systems and their experience won't change, because we know Discord and how people use it, so we're designing to respect privacy and deliver a safer experience while minimizing friction for adults.
Hey folks –
I’ve been on Discord since very early 2016 and actually joined the company in 2017. Safety is one of my areas, so today’s announcement on our blog is something I’ve been pretty involved with. I’ve always cared about Discord's approach to privacy (E2EE for A/V was another of my projects here), so I figured I’d add some more context to today's news.
I can say confidently that the vast majority of people will never see age verification. I say this because we launched age assurance in the UK and Australia in 2025, and we have some pretty good data on this now. The idea here is that we can pre-identify most adults based on what we already know (not including your messages!), and that looks to get us pretty far here. No face scans, no IDs, for the vast majority of adults.
And if you are one of the smaller subset of folks that we can't definitively pre-identify, then still, you only have to do it if you're accessing age-restricted servers or channels, or changing certain settings. That's really not most users. (Altho... might be more Redditors, tbh.)
Last, I know that there is concern about privacy and data leaks. That's a real concern. The selfie system is built purely client-side, it never leaves your device, and we did that intentionally. That'll work for a bunch of users who aren't pre-identified as adults. But if you do end up in the ID bucket, then yeah, you're right that has some risk. We're doing what we can to minimize this by working with our range of partners (who are different partners than the data leak you read about), and if it's any help, we learned a lot internally from the last issue. But I get if that doesn't necessarily inspire more confidence.
Anyway, we’ll be sharing more next month as we get closer to the global roll out about the system, including the technology behind it in March. I honestly wouldn't be happy if we didn't build something good and I am excited about what we’re launching, but please let us know what you think when we share more details.
And I really appreciate everybody's feedback here today. We’re definitely reading it!
> we're designing to respect privacy
Orly?
> we can pre-identify most adults based on what we already know
Ah so.
Kids can create accounts only at age 13+, adulthood is at age 18 (at least in my country) which means any account older than 5 years should automatically be marked as an adult's account. Please tell me that's the case.
If you still require an ID for those accounts, that means you don't really care about age verification, you just want to tie people to a government ID.
right now someone is vibecoding a locally hostable discord clone.
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
Finally the kids will be safe. We did it everyone! /s
another one bites the dust.
[flagged]
> When big tech tosses money at Republicans and the Trump inauguration, they get what they paid for.
This has nothing to do with republicans in particular. This is concerted effort by lobbying groups around the world who want to get more of your data.
Case and point: all the EU countries that are currently banning teens from using messaging services and social media apps which can only be enforced if you force everyone using these services to provide some form of ID to prove that you are allowed to use them.
Not too mention the EU itself trying force a backdoor into every messaging app "to protect the children".
Be mad at the US politicians if you want but just know that the situation is not better in the EU, on the contrary it's going downhill very fast and that has nothing to do with Trump.
Many EU countries provide digital frameworks for privacy preserving age verification. Yet, Discord made an active choice to avoid using them and is asking the users to upload their photos and ids.
1 reply →
[flagged]
on a messaging service primarily branded for teens
If that was the case, they wouldn't need the age-verification for "adult" features, because there would be no "adult" features. Right?
This will be expanded to cover everything on the service soon enough. The time to cancel Nitro and move to other platforms that respect user privacy is now.
I don't see why it would. If Discord sees its primary audience as teens (i.e. the people who by design can't verify) why would it extend the verify-only parts of the service?
Yeah yeah it's to protect the kids and everyone's a pedophile, do you have anything new to add?
Only that I don't understand why everyone here is talking as if they had just been forced at gun point to age verify. Just... don't verify until you need it?
Also pedophiles do exist (see Epstein and friends) and bad neighborhoods on the internet do exist. This is currently a problem on the internet that needs to be solved. No one here is giving any suggestions how to solve it, but we sure are quick to shot down any solutions that people are trying.
1 reply →
No thank you, get fucked
As an ethical conundrum, this one is clear. The safety of women and children online (human trafficking, r*pe and child abuse networks openly coordinate at industrial scale on Discord, Roblox and Telegram) trumps the concerns of a relatively small group of Richard Stallman-level purity obsessives. Good move on Discord's part; hopefully Roblox and Telegram shape up and follow suit. If you don't understand the severity of the current situation in 2026, Google the group "764."
Good, this will hit hard on nazi-incel-related "communities".
Taylor Lorenz has done excellent reporting on this. It's a right wing censorial moral panic that's forced some Democrats to go along with it by positioning it as "protecting kids". This legislation is moving at a fast clip and we have to fight back.
* SCREEN Act age verification with huge implications for all online privacy: https://www.youtube.com/watch?v=8bnp3nmpK9g&list=PLu4srHCWJr...
* Abolishing Section 230, the law that protects platforms like this from being sued for user content (just published today): https://www.youtube.com/watch?v=_eqt8vrtP-U&list=PLu4srHCWJr...
* UK online safety act (it's not just the U.S.) - interview with the lawyer defending 4chan: https://www.youtube.com/watch?v=DD3PGp9RhTw&list=PLu4srHCWJr...
Any business or community that keeps using Discord as their main channel after this is complicit in helping build another ICE database.
This age verification thing is being overblown if you understand how they're implementing it. You still shouldn't use Discord, but this isn't why.
Finally, but done wrong. This should be done by 3rd party app (probably owned by government) with access token without sharing one's identity.
https://keet.io is this industry's best kept secret. Encypted p2p chat with audio and video, no signups, it just works. My kids and their friends switched from Discord to Keet to avoid all the signup / authentication friction.
It looks interesting but no source availability is a red flag for me.
Is it open source?