• Follow the money
• The quiet expansion
• The three-front collapse
• What is actually being built
• The trap

On February 24, Discord announced it was dropping Persona, the identity verification company it had hired to check users’ ages. The reason: a security researcher found nearly 2,500 of Persona’s files sitting on a public U.S. government endpoint. Not leaked. Not hacked. Just sitting there, accessible to anyone who knew where to look.

That would be bad enough on its own. But it got worse.

When researchers dug into what Persona actually does behind a simple “verify your age” button, they found 269 separate checks. Not age checks. Identity checks. Facial recognition against watchlists. Screening for “politically exposed persons.” Scanning against 14 categories of “adverse media,” including terrorism and espionage.

Discord users who clicked “verify your age” were not getting an age check. They were getting a counter-intelligence screening.

§Follow the money

Persona is backed by Founders Fund, Peter Thiel’s venture firm. Thiel co-founded Palantir, which just signed a new contract with ICE to streamline identifying and deporting people. Palantir’s entire business model is turning data into surveillance.

This is the same capital network. The money that built the government’s surveillance infrastructure is now funding the company that checks your ID before you can message your friends on Discord.

And Discord was not the only client. Persona still provides identity verification for OpenAI, Roblox, Lime, and Reddit. The same 269-check screening pipeline that Discord just dropped is still running behind “verify your age” buttons across the internet. Discord cut ties. The pipeline is still there.

§The quiet expansion

While everyone was watching the Discord scandal, Colorado introduced a bill to move age verification into the operating system itself. Not into individual apps. Into the OS.

Half of U.S. states already mandate some form of age gating for adult content or social media access. The EFF called 2025 “the year states chose surveillance over safety.” The trend is accelerating. And with Colorado’s bill, the infrastructure is being hardened a level deeper, moving from something apps opt into to something the operating system enforces.

The framing is always the same: protect the children. Nobody is against protecting children. That is the point. The child safety framing makes it politically impossible to oppose a surveillance infrastructure that does far more than verify ages.

§The three-front collapse

These three things are happening at the same time, and I have not seen anyone connect them.

State legislatures are mandating age verification across the internet. Half the country already has laws on the books. Colorado wants to put it in the operating system. That infrastructure is becoming inescapable.

The companies running it are not just checking ages. Persona was running facial recognition and screening users against government watchlists. The venture capital behind it traces back to Palantir. That is not a coincidence you have to squint to see.

And even if you dodge all of that, LLMs can now identify anonymous users from their writing. ETH Zurich and Anthropic published a paper showing 90% precision at identifying anonymous Hacker News users, at a cost of $1-4 per person. You do not need to verify your identity when an AI can infer it from what you write.

Any one of these would be manageable. State mandates, corporate verification pipelines with intelligence connections, LLMs that fingerprint your prose. Together, they close every exit.

§What is actually being built

A permanent identity layer for the internet. Not because anyone voted for it. Not because there was a public debate. Because “protect the children” is an argument nobody can oppose in public, and the infrastructure required to verify ages is identical to the infrastructure required for mass surveillance.

This is not conspiracy thinking. It is reading the Persona audit, the Colorado bill, and the LLM deanonymization paper, and noticing they all point in the same direction.

There is a version of age verification that respects privacy. Zero-knowledge proofs can confirm someone is over 18 without collecting their identity. New America’s Open Technology Institute published a technical brief on exactly this approach. It exists. It works.

Nobody is building it.

The systems being deployed collect your face, your government ID, your biometric data, and run you against intelligence watchlists. They do this to let you use Discord. The gap between what is technically possible and what is actually being built tells you what this infrastructure is for.

§The trap

The verification trap works because each piece looks reasonable in isolation. Protecting children is reasonable. Verifying identities is reasonable. Government watchlist screening is reasonable if you squint. LLM capabilities advancing is just technology progressing.

But the composite effect is a world where anonymous participation in online life becomes impossible. Not illegal, just impossible. You cannot avoid state-mandated age gates. You cannot avoid corporate verification pipelines with intelligence connections. You cannot avoid LLMs that identify you from your writing patterns.

Think about a teenager trying to figure out their sexuality without their parents knowing. A whistleblower sitting on evidence of corporate fraud. A journalist’s source in a country where the wrong opinion gets you arrested. None of these people can function in a world where every online interaction is tied to a verified identity.

The children the verification trap claims to protect are among those who need anonymity most.

Originally published at https://noahaust2.github.io/strategist-dashboard/blog/the-verification-trap.html