Discord Wants Your Face. Here's the European Open-Source Alternative That Doesn't.
Discord is rolling out facial scans and ID uploads globally. They already lost 70,000 users' ID photos in a previous breach. Here is what you need to know and where to go instead.
You open Discord to chat with your community. Within minutes, a prompt appears asking you to either scan your face or upload a government-issued ID to continue using the platform you have used for years. You are not a criminal. You have done nothing wrong. But Discord now needs to verify who you are before you can keep talking.
This is not a hypothetical. Starting June 2026, Discord begins a global rollout of mandatory age verification. And they are doing it voluntarily, without any law requiring them to. Three months after losing 70,000 users' government ID photos to a third-party data breach.
What Discord Is Actually Rolling Out
Every Discord account worldwide is being defaulted to a "teen experience": restricted features, filtered content, no access to age-gated servers or channels, and limited direct messaging capabilities. To restore full access, users must prove they are an adult.
Discord offers two verification paths:
- Facial age estimation: A face scan processed locally on your device by vendor k-ID, which estimates your age using biometric analysis
- Government ID upload: A photo of your passport, driving licence, or national ID card, processed by vendor Veratad before being "deleted"
On top of that, a background AI model silently analyses your account age, device data, and activity patterns to infer whether you are an adult. If it cannot reach sufficient confidence, you get the verification prompt regardless of your age or history on the platform.
Discord claims roughly 90% of users will never need to actively verify. The remaining 10% of a platform with hundreds of millions of users is still tens of millions of people handing their faces or government documents to third-party vendors they have never heard of, under terms they cannot meaningfully enforce.
They Already Lost Your Data Once
In October 2025, Discord disclosed that approximately 70,000 users had their government ID photos exposed through a breach at 5CA, a third-party vendor Discord used to process age-related appeals. Discord's response: cut ties with 5CA and move to new vendors k-ID and Veratad.
The lesson drawn from a breach involving third-party age verification vendors was to roll out mandatory biometric age verification to the entire global user base via different third-party vendors. The structural vulnerability is identical. The scale is now incomparably larger.
The Electronic Frontier Foundation flagged this directly in February 2026: Discord is pushing mandatory age verification voluntarily, ahead of any legal requirement forcing them to, despite having just demonstrated exactly what happens when biometric data sits at third-party vendors.
Why Biometric Data Is Different
A compromised password can be changed. A leaked email address is inconvenient. A breached government ID is a serious and lasting problem. A face scan, once extracted from a vendor's infrastructure, cannot be recalled, reset, or replaced.
Biometric data is permanently identifying in a way that no other credential is. Once it exists in a third-party system, the security guarantee rests entirely on that system's competence and integrity across an indefinite future time horizon. Discord has already demonstrated what that guarantee is worth.
The deeper issue is what this normalises. Every platform that successfully implements biometric age verification creates precedent and infrastructure for the next one. The child safety framing is of course a reality, but the technical outcome is a growing ecosystem of identity data held by private vendors, linked to platform accounts, governed by terms of service rather than enforceable rights.
Discord's Response to Its Own Backlash
When Discord first announced the March 2026 rollout, the community reaction was immediate and overwhelming. Discord delayed the rollout to June 2026 and issued a follow-up post acknowledging "what we got wrong." The concessions were largely cosmetic: more vendor transparency, a commitment to explain data handling policies, and confirmation that facial scans would not leave the device.
The core requirement remained unchanged. The architecture remained unchanged. The structural dependency on third-party biometric vendors remained unchanged. The voluntary nature of the entire rollout, with no regulator requiring it and no court ordering it, remained unchanged.
The Alternative: Fluxer
Fluxer is a free, open-source instant messaging and VoIP platform built for friends, groups, and communities. It is made in Sweden, based in the EU, and its interface is a direct Discord equivalent: servers, channels, voice, roles, the same structure Discord users already know.
What it does not have is any of the surveillance infrastructure Discord is now building in:
- No age verification requirement
- No biometric data collection
- No facial scans
- No ID uploads
- No background AI profiling your activity to infer your identity
- Full GDPR protection under EU law
- Self-hosting available for communities that want complete control over their own infrastructure
Fluxer is currently in beta. The desktop client performs comparably to Discord's. The platform runs as a Progressive Web App from any mobile browser. A premium tier called Plutonium is available at approximately 5€ per month, comparable to Discord Nitro.
The project is open source and built on a transparent funding model. For communities looking to move before Discord's June rollout goes live globally, the infrastructure is already there.
| Feature | Discord | Fluxer |
|---|---|---|
| Age verification | Facial scan or ID upload | None |
| Biometric data collection | Yes (via k-ID) | No |
| Data jurisdiction | US (Microsoft) | EU (Sweden) |
| Open source | No | Yes |
| Self-hostable | No | Yes |
| GDPR protection | Limited | Full |
| Premium tier | Nitro from 9.99€/mo | Plutonium 5€/mo |
| Current status | Live globally | Beta |
Discord is not a unique case. It is the most visible current example of a pattern running across the entire platform ecosystem right now. Australia has banned social media for under-16s. The UK is pushing age verification requirements. The EU Council has called for a union-wide minimum age of 16 for social media. South Carolina passed a law requiring platforms to re-estimate your age every 100 hours of use. California's AB 1043 wants operating systems to transmit age data to every app that requests it.
Every one of these initiatives frames child protection as the primary goal. Every one of them produces the same technical outcome: more identity infrastructure, more biometric data, more persistent tracking, more third-party vendors holding sensitive personal data at scale.
The age verification system that is supposed to shield children from harm is built on an architecture that has already demonstrated it can be breached, with their own parents' ID photos as the proof of concept.
Fluxer does not solve the regulatory trajectory. No single platform does. But it represents a clear and principled alternative: an open-source, EU-based community platform built without the surveillance layer, at a moment when the most popular platform in its category is voluntarily installing one.
The migration window is open. Discord's rollout is coming. The community is already looking for somewhere else to go.
Try Fluxer: fluxer.app