Discord’s Global Age Verification Rollout: What It Means for Your Privacy

Discord just announced the global rollout of “teen-by-default” settings for all users, starting in March 2026. Practically every account, old and new, will be locked into restricted settings, unless you complete age verification through a face scan or government ID submission.

This is expected to impact the 200+ million Discord users worldwide. Unverified users will lose access to age-restricted servers, sensitive content, stage speaking privileges, and full control over DM and friend request settings. If you’re a Discord user, prepare to either hand over biometric or identity data, or accept restrictions. Regardless, now is the time to minimize the data Discord already holds about you.

Discord ID Verification Announcement

On February 9, Discord announced it will begin rolling out “teen-by-default” settings globally in early March 2026. Every Discord account (whether you created it last week or a decade ago) will have teen-level restrictions imposed, unless you complete age verification. The announcement was timed to coincide with Safer Internet Day, but many users aren’t feeling particularly safe about it.

As TechCrunch reported, the move mirrors similar decisions by platforms like Roblox and YouTube, reflecting growing international pressure to strengthen child safety online. But Discord’s rollout arrives with uniquely uncomfortable baggage: just four months ago, a breach of one of Discord’s third-party vendors exposed approximately 70,000 government IDs that users had submitted for age verification purposes.

We’ve been covering Discord’s age verification journey since the UK and Australian rollouts began last year. This global expansion is the move we anticipated; and the privacy risks we flagged haven’t gone away. They’ve gotten worse.

What’s Changing?

Under the new system, all Discord users will be placed into a “teen-appropriate experience” by default. According to Discord’s press release, the restrictions include content filters that blur sensitive media (with no option to disable them), blocked access to age-gated servers, channels, and app commands, DMs from unfamiliar users being routed to a separate message request inbox, warning prompts on friend requests from unknown users, and a restriction preventing unverified users from speaking on stage in servers.

As PC Gamer noted, these restrictions apply both in public servers and in private DMs, including small group chats among friends. To unlock full functionality, you’ll need to prove you’re an adult through one of two methods: a facial age estimation (video selfie) or submitting a government-issued ID to Discord’s vendor partners.

Discord is also introducing an “age inference model”, or a background system that analyzes behavioral signals to estimate whether an account belongs to an adult. In an interview reported by The Verge, Savannah Badalich, Discord’s Head of Product Policy, explained that users flagged with high confidence as adults by the inference model may not need to go through manual verification at all. However, the specifics of how this model works remain unclear.

The Elephant in the Room: October’s Breach

It’s impossible to discuss Discord’s global age verification push without addressing what happened in October 2025. As we covered in detail at the time, a breach of Discord’s third-party customer service platform exposed approximately 70,000 government-issued ID photos, along with usernames, emails, IP addresses, and partial payment information.

The breach occurred through a third-party vendor called 5CA, which used Zendesk software to handle Discord’s customer support – including manual age verification appeals. As SecurityWeek reported, threat actors claimed access to far more data than Discord initially acknowledged, including an estimated 8.4 million support tickets and over 520,000 age-verification tickets. The hackers attempted to extort Discord, who refused to pay.

TechCrunch noted at the time that the breach illustrated exactly the concerns digital rights advocates have expressed about platform-led age checks: requiring users to upload sensitive identity documents creates concentrated honeypots for attackers.

Now, Discord is asking its entire global user base to do the same thing.

Discord’s Privacy Assurances (And Limitations)

Discord has outlined several privacy protections in their announcement. Video selfies for facial age estimation are processed on-device and supposedly never leave the user’s phone. ID documents submitted to vendor partners are “deleted quickly” and your verification status is apparently private and invisible to other users.

These assurances do represent improvements over the manual ‘back-up’ process that was breached in October. As we noted in our coverage of the UK rollout, the automated system via k-ID is a considerably more secure approach than the legacy manual verification that stored ID images in a customer support ticketing system.

But there are important caveats. Discord’s own press release acknowledges that “some users may be asked to use multiple methods if more information is needed to assign an age group.” This means even users who opt for the on-device face scan could end up submitting ID anyway – which is similar to the conditions that created the data exposed in October’s breach.

Additionally, users who are incorrectly categorized as teens will need to appeal through the same kind of verification process that was compromised last year. As noted by Biometric Update, it was precisely these appeal flows that generated the data stolen in the breach. Age estimation fails, users are told to submit ID to staff manually, creating a lucrative target for threat actors.

Even with watertight deletion rules governing the manual back-up process, introducing a human element will always come with vulnerability.

The Bigger Picture: Age Verification Is Expanding Everywhere

Discord isn’t acting in a vacuum. The Electronic Frontier Foundation’s 2025 year-in-review documented how age verification went from a fringe policy experiment to a sweeping reality across the United States, with half of all US states now mandating some form of age checks for online platforms. The UK’s Online Safety Act, Australia’s social media minimum age legislation, and similar efforts across Europe have created a regulatory environment where platforms feel compelled to act.

The EFF’s position is clear: age verification measures censor the internet and burden access to online speech, while creating new risks to users’ privacy, anonymity, and security. As their review put it, these laws often do more harm than good.

Discord’s own product policy head acknowledged to The Verge that the company expects to lose users over this change, stating they anticipate “some sort of hit” and are planning ways to bring users back. User reaction has been overwhelmingly negative, with TechRadar reporting that many users are already looking for alternatives.

To be clear: protecting minors from harmful content online is a genuinely important goal. We’ve said this before and we mean it. But as we’ve argued in previous coverage, effectiveness is not determined by how positive the direction is. What matters is how it’s implemented and enforced. Collecting identity documents from hundreds of millions of users, passing them through third-party vendors, and hoping nothing goes wrong is not a privacy-forward approach.

What ID Verification Means for Discord Users

If you’re a Discord user, here’s what you should be thinking about ahead of the March rollout:

1. Understand the trade-off: You’re choosing between handing over bio-metric or identity data, or accepting a permanently restricted experience. Neither option is ideal, and there’s no opting out entirely if you want to keep using the platform.
2. If you verify, choose the face scan. On-device facial age estimation, while not perfect, it avoids sending your government ID to a third party. Given October’s breach, minimizing the documents you hand to Discord’s vendor chain is the safer bet.
3. Watch for phishing. Discord’s announcement specifically notes that they will only prompt users to verify within the Discord app, and will not send emails or text messages about the process. Any external communication asking you to verify your age is almost certainly a scam. Only trust DMs from Discord’s official system account.
4. Review your privacy settings now. Before the rollout, audit your server memberships, connected accounts, and privacy settings. Discord has also expanded ad targeting and personalization this year; make sure you’ve turned off any data-sharing toggles you’re not comfortable with.
5. Minimize your footprint. As we’ve covered extensively, Discord has been the target of multiple large-scale scraping attacks this year, with hundreds of millions of messages harvested from public servers. Combined with the Zendesk breach data (usernames, IPs, emails, and now potentially age verification status), your Discord footprint can be weaponized for identity theft, social engineering, and targeted fraud. The less data Discord holds about you, the less that can be exposed.

How Redact Can Help

You can’t control whether Discord’s vendors get breached again. But you can control the volume of data available to scrape, leak, or infer from.

Redact lets you bulk delete messages on Discord; including posts in public servers and DMs. You can filter by keywords, channels, or date range, preview everything before deleting, and set up automated recurring cleanups so old messages don’t accumulate. A smaller footprint means less material for scammers to work with if your data surfaces in a future breach.

Given what we know about how Discord data has been exploited; from mass scraping operations to the Zendesk breach, proactive cleanup isn’t paranoia. It’s common sense.

You can try Redact free for deletions on Discord, Twitter, Facebook, and Reddit.