factually

How does Discord ensure the security of user data collected through face scans?

Checked on September 26, 2025
Disclaimer: Factually can make mistakes. Please verify important information or breaking news. Learn more.
The Verge
BBC
discord.com
thehackernews.com
Searched for:
"Discord face scan security measures user data protection"
"Discord biometric data storage encryption"
"Discord facial recognition technology privacy concerns"
Found 8 sources

This fact-check may be outdated. Consider refreshing it to get the most current information.

Was this fact-check helpful?

1. Summary of the results

Discord's approach to securing user data during face scan age verification operates through on-device processing, meaning the facial scanning technology functions entirely on the user's device without transmitting biometric data to Discord's servers [1] [2]. According to Discord's official statements, face scans remain on the device and are not collected by the company or its verification vendors [2]. The process requires users to complete a video selfie with specific instructions to prevent spoofing attempts, but this video selfie used for facial age estimation never leaves the user's device [3].

For broader context, Discord has been implementing enhanced security measures across its platform. The company recently introduced DAVE (Discord Audio & Video Encryption), an end-to-end encryption protocol for audio and video calls that ensures only call participants can access conversation contents, with Discord itself unable to access media encryption keys [4] [5]. This protocol utilizes WebRTC encoded transforms and Message Layer Security (MLS) for encryption and group key exchange, encrypting media frames after encoding and decrypting them before decoding on the receiver side [6].

However, it's important to note that while Discord has strengthened call security, the Electronic Frontier Foundation points out that Discord still does not offer end-to-end encryption for private messages or group chats [5], indicating selective implementation of privacy protections across different platform features.

2. Missing context/alternative viewpoints

The original question focuses narrowly on Discord's security measures without addressing the broader implications and criticisms of age verification systems. Privacy experts and users have raised significant concerns about the effectiveness and privacy implications of facial age verification technologies [7]. Critics argue that age verification laws will require platforms to collect sensitive data, including face scans and official documents, which poses significant privacy risks [8].

A crucial missing perspective is the monetization concern: experts warn that the concentration of such valuable biometric and identification data will likely be monetized and resold, creating additional privacy vulnerabilities beyond the initial collection [8]. Furthermore, there's the inevitable risk that data breaches for this sensitive information are only a matter of time [8], regardless of current security promises.

Alternative approaches exist that could better protect user privacy. Users and experts suggest alternative methods such as tokenized systems or government-provided services that prioritize user privacy over direct platform collection [7]. These alternatives could potentially achieve age verification goals without requiring users to trust private companies with sensitive biometric data.

Interestingly, the implementation has created unexpected workarounds, with some users finding creative solutions through gaming content - Hideo Kojima's Death Stranding 2 has inadvertently provided privacy-conscious players a workaround to Discord's face scanning requirements [3], highlighting potential gaps in the system's effectiveness.

3. Potential misinformation/bias in the original statement

The original question contains an implicit assumption that Discord actually collects user data through face scans, when the available evidence suggests the opposite. The question's framing - "How does Discord ensure the security of user data collected through face scans?" - presupposes data collection occurs, which contradicts Discord's stated policy that face scans operate on-device with no collection of biometric information [1].

This framing could mislead readers into believing that Discord stores facial scan data when, according to multiple sources, the company explicitly states it does not collect this information [2]. The question's structure suggests a false premise that may stem from misunderstanding how the age verification system actually functions.

Additionally, the question focuses solely on Discord's security measures without acknowledging the fundamental privacy concerns raised by implementing facial scanning for age verification in the first place [8]. This narrow focus could inadvertently legitimize a controversial practice by discussing implementation details rather than questioning whether such systems should exist at all.

The question also fails to mention that this is part of a broader regulatory shift affecting multiple platforms, not just a Discord-specific initiative, which could mislead users about the scope and origin of these requirements [2].

Want to dive deeper?
What type of encryption does Discord use to protect user biometric data?
How does Discord comply with GDPR regulations for face scan data collection?
Can users opt-out of Discord's face scan feature for security purposes?
What are the potential risks of using facial recognition technology on Discord?
How does Discord's face scan security compare to other social media platforms?