ADVERTISEMENT

Security experts warn Discord age checks create "identity honey pot" as teens find bypasses

Red teamers warn that Discord’s push toward stricter safety controls is colliding with a familiar truth: when platforms build barriers, users look for ways around them, and attackers look for ways in.

Discord-age-verification

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Feb 12, 2026 Updated: 16 February 2026 8 min read
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

How age verification works, and what Discord is choosing

  • ID and selfie: highest security, lowest privacy (data stored), moderate convenience.
  • AI estimation: high security, high privacy (no ID stored), highest convenience.
  • Database/card checks: moderate-to-high security, moderate privacy, high convenience.
children-facial-rec
Discord has said the “vast majority” of users will not be asked to complete facial scans or upload ID. Image by Cybernews.

Workarounds: from trivial spoofing to organized bypasses

Teenagers social media
Determined teens are fairly adept at finding their way around systems designed for compliance rather than security | Shutterstock
“Facial age estimation is trivially defeatable. Kids have been spoofing these systems since they first rolled out. A ‘still’ photo held to a camera, an older sibling’s face, or a $5 app that modifies perceived facial structure all clear the check.”
Nic Adams, CEO, 0rcus

Garry's Mod, Sib’s ID, VPNs…and other bypass techniques

“They simply show the Discord age verification video to their PC screen of the game… change the expression of their game characters… and because they have really high pixels, Garry's Mod is a really well-known famous bypass that still works."
Kwangyun Keum, offensive security engineer specializing in privacy and adversary simulation
Sinister young man removing realistic but fake facemask
Masks might not make it past today's 'liveness' tests but other low-tech options include buying IDs from “verification-as-a-service” brokers.
ADVERTISEMENT

Age verification as an attack surface

Discord message scrape
If Discord's third party verification vendors are comprised, then so too does the data its storing. Image by Cybernews.
“A breached password can be reset. A breached faceprint is compromised forever – you can’t rotate your face.”
Nik Kale, a principle engineer at Cisco

Making age verification stronger

A face of a person on a mobile phone; facial recognition; biometrics
The theft of biometric data is immutable, experts warn. Image by Cybernews.

A privacy hornets' nest

“They’re telling users to feel relieved about skipping the ID check, while subtly confirming they've been profiling every action for years.”
Nic Adams, CEO, 0rcus

ADVERTISEMENT