Discord Cuts Ties with Peter Thiel-Backed Verification Software After U.S. Surveillance Efforts Exposed
Discord, the popular communication platform used by gamers, students, influencers, tech professionals, and other communities, has faced intense scrutiny after its identity verification software, Persona Identities, was found to have front-end code accessible on the open internet and on government servers.
Researchers pointed out that nearly 2,500 accessible files were sitting on a U.S. government-authorized endpoint, revealing that Persona conducted facial recognition checks against watchlists and screened users against lists of politically exposed persons. The software also performed 269 distinct verification checks, including screening for "adverse media" across 14 different categories such as terrorism and espionage.
The files were found to be openly available, with researchers noting that "we didn't even have to write or perform a single exploit, the entire architecture was just on the doorstep." Discord has since announced its partnership with Persona has ended, citing concerns over user data privacy. The AI software continues to provide age verification services for OpenAI, Lime, and Roblox.
The controversy surrounding Persona's involvement with government agencies is not new. In 2025, hackers accessed the government IDs of more than 70,000 users who had complied with Discord's age-verification requirements. While the attack was attributed to a third-party service provider, 5CA, Discord acknowledged that protecting user privacy and security remains a top priority.
Discord has implemented measures to enhance user safety, including defaulting all accounts to teen-safety settings and requiring users to verify their age using Persona for access to additional features. However, the company's approach to age verification has raised concerns over data handling and storage.
The issue highlights the importance of ensuring that third-party vendors used by communication platforms handle user data responsibly. As the use of AI-powered age verification tools becomes more widespread, it is crucial to prioritize transparency and accountability in data collection and storage practices.
Consequences of the Exposed Code
The exposed code has significant implications for user trust and security. By having front-end code accessible on the open internet and on government servers, Persona has compromised its users' sensitive information. The fact that nearly 53 megabytes of data were found on a Federal Risk and Authorization Management Program (FedRAMP) government endpoint raises serious concerns about data storage and handling practices.
The discovery also highlights the need for better cybersecurity measures to protect against unauthorized access to sensitive information. In this case, researchers noted that "what was found was uncompressed files of a front end that's already on every single person's device." This underscores the importance of prioritizing security and transparency in data collection and storage practices.
Persona CEO's Response
Persona CEO and co-founder Rick Song has responded to concerns over the exposed code, stating that the files were not a vulnerability but rather publicly accessible front-end information. However, his response has been met with skepticism from some, who have questioned his claims about the partnership between Persona and Discord.
Song denied any ties to Palantir, ICE, or the government, but acknowledged that Persona is going through FedRAMP authorization. He also emphasized that the performance of the product did incredibly well, despite concerns over data handling practices.
Conclusion
The incident highlights the importance of ensuring that third-party vendors used by communication platforms handle user data responsibly. As the use of AI-powered age verification tools becomes more widespread, it is crucial to prioritize transparency and accountability in data collection and storage practices.
Discord's decision to cut ties with Persona is a positive step towards protecting user privacy and security. However, more needs to be done to address the underlying issues surrounding data handling and storage practices. By prioritizing transparency and accountability, we can build trust and ensure that users' sensitive information is protected.