Discord will require a face scan or ID for full access next month

Also, _Discord_ deleting them is really only half the battle; random vendors deleting them remains an issue.

Well since you have these IDs, for national security (AML, criminals and whatnot), we will need you to keep them if our endpoint says so, here's the endpoint

    https://.gov/print?text=true

>"Identity documents submitted to our vendor partners"..

Yeah, say goodbye to those the privacy and safety of those documents.

How can we even confirm that they are actually deleting them. Trust me bro vibe

Since when the city one lives in is mentioned in the birth certificate?

They also never say it goes through datacenters in room 641A or though Utah before it's "deleted", because it's a US company and they can't refuse that.

I have it on good authority that they really truly delete it this time, super duper pinky promise

Once it's out there the only assumption that holds is no trust, and therefore all bets are off.

Humm yeah, like a government digital ID of some sort. Except people go mental about that, so sending scanned copies of my personal ID documents to every bank/solicitor/estate agent/mortgage broker/random internet service it is then...

I bet the NSA does not even require their cooperation. They are probably already inside their systems.

"delete" doesn't mean delete anymore, like you say, there are always audit logs, and there is "soft" deleting.

Expect any claims that things are being deleted to be a bold faced lie.

They wouldn't _have to_, audit checks if you stick to law, your own policies and such, but I think they will.

This is corporate cover speak for “we keep all data”

Why should we suspect the age verification and age-related appeals would involve different teams or processes?

Uh... EVERYONE with a Discord account has to go through age-related appeals now. That's what the announcement is.

Ah sorry our contractor did all that highly illegal stuff. Too bad we can't pierce the corporate veil anymore... shucks.

Ah, so it was the "staffer" excuse.

How convenient.

from the article:

`For most adults, age verification won’t be required, as Discord’s age inference model uses account information such as account tenure, device and activity data, and aggregated, high-level patterns across Discord communities. Discord does not use private messages or any message content in this process`

they don't do this for age verification, they do this to build dataset to sell.

Yeah because they don’t haha. It boggles the mind because the headline is clickbait.

It's not incomprehensible. Discord makes it so much easier to organize communities than most other platforms.

Telegram, Slack, Facebook, Team Speak, Reddit, GroupMe, nothing really offers the same feature set and ease of setup that Discord does.

Honestly... People deserve this. They deserve the consequences. They were warned. They chose this.

Y’all forgot that the only reason we’re on Discord was because MS actively killed Skype. Skype was much better software circa 2012 before MS let vulnerabilities run rampant, degraded the UI, and moved off the remarkably robust P2P calling system.

I think there are actually discord client mods which let you stream in high quality anyway.

WebRTC is ridiculously easy.

Unless they're changing things with some sort of automated classification, then it's users who designate which servers and channels have adult content.

In my experience, you run the risk of getting your server shut down in small servers if someone reports it. Or risk losing your community server status in larger public servers until you come back into compliance.

Also in my experience what teenagers are going to do when they hit an age gate is use a fake picture/video. Sometimes they'll get banned for that and then they'll make a new account and do it again.

Yeah I agree. I actually see most of the stuff in the teens mode as a feature

We're all going to have to scan our faces and upload our IDs just to use the internet because of your weird obsession with birth rates? Wonderful.

Clearly the outrage is about the slippery slope and the current techno-fascism gripping the US. I'm not being sarcastic.

You do it for the children now, you poo-poo concerns because "who uses discord for non gaming anyway" and you're just letting the foxes in the henhouse.

Twelve months from now and they'll want it for every chat.

Yes, hear hear! As someone who've run a couple of FOSS communities, many of them having chats via IRC, Slack, Discord, forums and more, using Zulip has always been one of the most welcome options, yet also the one that takes the longest for people to understand if they've never seen it.

But it's easily worth it, as you can actually come back and read through old discussions and understand things and it isn't a mess. It's like if you could force Slack/Discord to only do threads, and the entire UI is optimizing for that specific UX. Overall pleasant experience once you get over the initial bump :)

Mobile push notifications are a special case because it's literally not technically possible to self-host them. Or rather, it's possible if you build the iOS and Android apps from source and distribute them through TestFlight or an analogous Android channel, but it's not possible for the developer of an App Store or Play Store app to allow its users to point it at a different push-notification server, because the public key has to be hardcoded in the app binary. So if you want your self-hosted Zulip server to work with the Zulip client apps in the App Store and Play Store, you have to use Zulip's push server, and there's nothing Zulip can do to fix that.

Matrix works analogously; if you use the Element app from the App Store or Play Store, then you're using Element's push notification server, even if your Matrix homeserver is self-hosted. It's possible that Element allows their server to be used gratis in situations where Zulip charges a fee, I don't know their policies or anything, but in principle Matrix still leaves you exactly as dependent on a third party's goodwill unless you make your friends install a privately distributed mobile app.

Zulip IIUC does not restrict self-hosting of any feature that's technically possible to self-host.

I don't think we've ever charged a friend group or other non-incorporated group of people a dime for self-hosted notifications.

For the community tier, you don't have to do anything up to 10 users.

If your server has more than 10 users, you fill out a brief form (https://github.com/zulip/zulip/blob/main/templates/corporate...). We work hard to consistently process these requests within a couple business days, and the vast majority of communities are approved for full sponsorship without further interaction.

(Large communities managed by a business are quoted nonzero but extremely discounted pricing for self-hosted notifications).

I use Zulip every day for the julia programming language (https://julialang.zulipchat.com).

I really like Zulip, and I'd like to migrate my friend-group onto it, but it probably won't happen. I think Zulip is just a bit too heavy-duty for a friend group chatting, and also lacks the visual polish that a lot of people want.

For now, my friends and I mostly just use Signal for group chats, which leaves a lot to be desired, but IMO is still just a better experience for our purposes than Zulip or Matrix.

That said, if you have friends who are keen to try things out, I would definitely recommend at least trying Zulip and see what you like and what you don't. It has a lot of really nice features and things to love.

Having interacted a fair amount with the Zulip devs over the years, and being an open-source product, I believe that they have no plans or intention of trying to fleece or milk self-hosted users or small communities.

Regarding risk: I certainly won't blame you for feeling risk-averse given the history of the tech industry. I can tell you about some unusual choices we've intentionally made to minimize risk for our users:

- We eschewed VC funding. A big part of my motivation was that I felt that VC funding usually requires eventual enshittification. https://zulip.com/values/ talks more about this.

- Zulip has been 100% FOSS software for more than a decade.

- At the very beginning, we built a complete data import/export system that allows migrating between our Cloud hosting and self-hosting; we put a lot of care into maintaining it well.

I can't promise that we'll never have something to sell for self-hosting communities. For example, I could imagine offering a paid add-on for encrypted backups.

That said, I'd like to push back on the idea that charging businesses for a tool that's an important part of their daily work "breaks the seal". Organizations with a software budget should be happier to pay a fair price for ethical, user-first software from a friendly vendor than for a closed-source product from a megacorp. And Zulip's full-time development team should be able to make a living building ethical FOSS software.

The federation of Matrix seems risky to me to the person self-hosting. I don’t want to host random people’s content. I’ve read some interesting articles about the design flaws of Matrix that led me to believe that it’s not a good option.

What is confusing to you about the community tier? It is basically describing any type of community of people who are not a for-profit business. Groups of friends, non-profits, volunteer groups, etc.

Zulip isn’t charging you anything unless you’re a business with more than 10 users and need push notifications, and that is still only $3.50/month/user if you don’t need more enterprisey things like SSO and compliance stuff.

> topics are so much better than "50 unread messages in #general"

my experience is exact opposite

Thanks so much for sharing the story!

> hangringing

I’m sorry to be that guy but it’s “handwringing” - twisting your hand like you wring your clothes until you agree

> it's extremely unlikely that a Discord employee will have an incentive to spy on your messages specifically

No, but history shows some unscrupulous staff members will always snoop, whether its just pure interest or something more nafarious like intent to sell on the black market. This makes the risk of your private data being leaked > 0, which should always be treated as a valid risk.

>- People want bots (for things like high-fidelity Youtube music streaming on voice channels), and those are mostly Discord-only.

So basically Discord is a warez service?

> If the admin dies and nobody else has the keys to the kingdom, the server can go down at any point

This is how infrastructure works, and supposed to work, besides the point that servers "die by themselves" which of course isn't true in reality. You decrease the bus factor if this is a problem for you.

> Discord servers don't just go away unless somebody actively makes them to

If all the sysadmins at Discord died and nobody else has the keys, exactly the same problem happens. Discord though surely have multiple backups of the keys and so on, something you too can do when you have your own infrastructure, so overall that argument feels almost dishonest, since you don't compare the two accurately.

> Anything open source will be worse at phishing and fraud / abuse prevention by definition

What? Completely orthogonal concerns, and if your main "fraud-prevention approaches" depend on security by obscurity, I'm not sure you should even attempt to be involved in those efforts, because that's not what the rest of the industry is going by a long mile.

> People want bots (for things like high-fidelity Youtube music streaming on voice channels), and those are mostly Discord-only.

Actually, the further I get in your comment, the more it seems like you don't actually understand what Zulip offers nor what the parent comment is about. Music streaming on voice channels? Completely outside the scope of Zulip...

----------

I think you have to understand the comment you're replying to a bit better, before attempting to lift Discord above Zulip. They're specifically talking about Zulip as an alternative "for managing the firehose of busy communities", not as a general replacement for every single Discord "server" out there. Yet you've responded to the comment as that's what they've been doing.

(There has always been an option to just not include message content in mobile notifications).

Cryptography is not something you can do sloppily, and requires coordination between the mobile and server teams. Zulip 11.x included the protocol, but while doing the mobile implementation, we decided to make several more changes which have delayed it to the upcoming Zulip 12.0.

Some important context is that we retired the old React Native mobile app this summer in favor of the new Flutter apps (https://blog.zulip.com/2025/06/17/flutter-mobile-app-launche...), which has been an enormous improvement in the quality of the app and developer experience.

But as you can imagine, the cutover and relentlessly addressing feedback after it took a lot of time for the mobile team. We've also experienced an AI slop bombardment in the last few months that has consumed a lot of time. I'll save that story for another time.

Moderation of self-hosted servers is entirely the responsibility of the server's owners (and perhaps hosting providers, if it's extreme enough). We have no way to know what's happening on self-hosted servers, and it's none of our business.

Regardless, there is no technical mechanism through which we could block access to a self-hosted Zulip server via the web application (which is hosted by the self-hosted server itself and designed to work on both desktop and mobile devices).

For Zulip Cloud, you can read https://zulip.com/policies/rules. One of the nice things about Zulip's model is that communities that we do not want to host can just migrate to self-hosting.

Wow what the hell, Salesforce.

PTT = push to talk (at least that seems the most probable match on Wikipedia)

Doesn’t exist in Zulip, theres a “camera” button that generates a jitsi link, I tried (and failed) to make it a google meet link, but it works surprisingly well, though it is a context switch.

Awesome, feel free to start a thread in #integrations in chat.zulip.org! We'd be happy to chat about some of the things that will make your life easier to do carefully when writing a new client.

The main thing regards our double-entry API changelog system. Basically, the API documentation for individual endpoints, say https://zulip.com/api/get-user, natively cover for each endpoint all the changes relevant for that endpoint from https://zulip.com/api/changelog... and how to write nice code using feature level checks to support all server versions.

Happy to hear Pidgin is still at it after all these decades. I still fondly remember using it when it was still called Gaim and only spoke OSCAR, back when Rob was involved before he started Asterisk. I lurked on IRC back then and even made a simple TUI when libpurple first came out.

Onboarding has a thread going here: https://news.ycombinator.com/item?id=46951401.

My understanding is that Campfire hasn't been actively developed for ~10 years (https://once.com/campfire/changelog shows some minor fixes after the OSS launch; their GitHub has no 2026 commits). There are no mobile apps. It is not an actively maintained Discord alternative.

Stoat is early in development. For example, https://github.com/stoatchat/stoatchat has 1421 commits, compared with 68K for https://github.com/zulip/zulip/. I wish them luck! It's really important that we have multiple independent efforts.

https://www.rocket.chat/ and https://mattermost.com/ are open-core military contractors these days. You'll see what I mean if you visit their websites. But like Zulip, they are full-featured team chat systems, and if the parts of their system that are OSS work for your organization, they're certainly valid options.

Finally there is Matrix/Element. They have an inspiring vision and similar values to mine, and I'd recommend checking it out. Element/Matrix is built on an ambitious distributed consensus protocol with an E2EE option, which provides capabilities Zulip don't have but also adds complexity. Zulip is focused on just doing team chat really well, and does not support more than ~100K users in an instance. Hopefully will have a lot more resources now, thanks to Current Events. I wish the Element team the very best of luck!

----------------------------------------

Overall, Zulip's focus has always been on making a delightful chat experience, especially when you have multiple conversations happening at the same time. We aren't trying to build a clone, but instead the best possible experience for having lots of possibly complex conversations. So there will be some differences from what you're used to.

But critically, we spend a very large amount of our time relentlessly fixing micro-interactions that annoy us or are reported to us. If you read #design, #issues, and #feedback in https://zulip.com/development-community/, you'll get an idea of how we work.

So while there's some features we don't have that are present in other products, and we don't have dozens of designers on staff to do cool end-of-year animated reports like Discord does, you can expect few bugs and a lot of interaction design polish.

-----------------------------------------

The one mistake that I think a lot of folks make in evaluating options is focusing on buzzwords like E2EE without thinking through their threat model. E2EE doesn't add much practical security over self-hosting for many threat models, and it comes with significant usability trade-offs. And some current E2EE systems don't actually protect against a malicious server, say because they only protect message content, not metadata like who has access to what... just against raiding the server's disk.

(For example, WhatsApp has E2EE for message content, but I expect Meta's databases know everyone who's had a conversation with me on WhatsApp and the precise timestamps and approximate lengths of every message I've sent or received on the platform. And apparently some keyboard apps send what you're typing to remote servers!).

If you do no configuration, it'll use the public Jitsi service for video calls. So no action required unless you want a different video call provider.

Slack has basically one main hierarchy level (messages are grouped into channels) while Zulip has two, streams and topics. So you can create a stream for each project (say) and create a different topic for any given point that needs discussion about that project.

Kind of like if each slack thread discussion had a title and was discoverable from the left sidebar and didn’t get in the way of the other threads.

Check out https://zulip.com/for/communities/ and some of the linked case studies; they explain it better than I'll be able to in a quick comment.

But the main reason is that the topics-based organization and ability for moderators to move/split conversations means one can read and participate in a community much more fully given a fixed amount of time.

I'd say so, especially if you start on desktop and have them watch the 2-minute onboarding video. We are satisfied with what we see with our internal usability studies with nontechnical users.

Among customers, one reference that I can quickly cite is this one:

https://zulip.com/case-studies/gut-contact/

> Agents at GUT contact use Zulip every day to communicate with their team leads. “Most of our agents are in their 60s or 70s, so the software must be as simple as possible. That’s why we love Zulip,” says Erik Dittert, who’s been leading GUT contact’s IT team for the past 20 years.

I would recommend doing a little training/handholding call/video when moving over a community -- but this is true for any new app.

My mom needed training to do basic things in Squarespace, and I had a friend who worked at Slack whose manager started every chat message with "Hi <name>" and ended it with a signature, like you would an email. :)

Data point of one: in my small community group that has moved to Zulip we do have a grandma contributing. No jocks though so I can't speak to that.

I would also like to note that Slack did not pass the grandma test in our case. I highly doubt that Discord would given how hyperactive the UI is.

You should stop by #feedback in chat.zulip.org and share your ideas!

Regarding the history: Slack had very effective marketing, powered by a lot of venture capital. And HipChat was a weak product that had an embarrassing total hack, which did not leave customers with confidence that their data was safe there.

Zulip is not venture-funded, so we're reliant on people sharing it with others to get the word out.

As a side note, I don't think Slack could have succeeded if it launched today. Microsoft Teams has far far more users as Slack, and it's slopware. You can thank the end of anti-trust enforcement for that.

Yep, it's easy: https://zulip.com/help/import-from-mattermost.

My feelings as well.

Zulip "shells out" to other apps like Zoom or Jitsi for this with a light integration in the UI.

It depends on what you’re doing with the instance, where you and your users are located, etc.

If you create an invite-only Zulip chat for your pub trivia league or school parent association that’s all adults, probably not.

What is the purpose of repealing this act? Make platforms liable and thus enact more restrictions, is that right?

>Don't worry

I'm not worried. We'll use Zulip which has values and thus takes responsibility for everything its users post, right?

Doesn't self hosting usually exempt you? Most such regulations only apply to commercial entities above some minimum user count.

While I personally strongly favor federated solutions those are of significantly more concern in this regard.

Having a fully open-source self-hostable product improves this significantly.

You can do everything with the keyboard, and we do write everything with screenreader accessibility and colorblindness accessibility in mind.

But we don't have a dedicated accessibility tester on staff, so we're reliant on people reporting issues that bother them in actual use.

I should also mention there's a nice TUI app: https://github.com/zulip/zulip-terminal, which can be helpful for some people.

Hey Dheera! It's been forever.

Personally, I advocate for self-hosting communications software, ideally on physical hardware that someone in your community has control over. Zulip runs great on old laptops, if you can solve the IP address problem for hosting it in your house.

And if you want to be extra careful, put your chat system behind a VPN/firewall, so it's difficult to identify what software is being used externally.

And if you're not going to do that, because it sounds like too much work, the next best thing is to at least pick a Cloud service where you can migrate your group to paranoid self-hosting overnight if you decide the work is now worth it.

Self-hosting this way doesn't protect against all threat models. I am human and have children who I love dearly, so it's hard to rule out the possibility of my being compelled to make a malicious release.

But at least the Zulip source code is entirely open and highly readable; so users would at least have a chance to notice and not upgrade. With a centralized architecture like Discord, you're entirely reliant on whisteblowers.

The advertised pricing is for workplace use where the users are on payroll; if you read the plans page carefully you'll see we have free or highly discounted pricing for other use cases, both in Cloud and self-hosted.

Zulip is not designed to support 2M user accounts in a single organization. But if you enable the public access option (https://zulip.com/help/public-access-option), such that no account is required just to read content, you can end up with 1-2 orders of magnitude fewer "total accounts" that just wanted to see something once and don't actually use the server.

Just dropping in on a completely unrelated note to thank you for developing PortableApps - as a kid with no UAC access almost two decades ago now it helped me immensely to develop my interest in IT :-)

Most consumers don't know the difference between "encryption" and "end-to-end encryption".

Zulip uses standard TLS encryption, where the messages are encrypted in transit, but the server has access to the messages.

The server having access to the messages is extremely useful for many key features. Access control policies. Search. Markdown rendering that can make guarantees to clients about its behavior. Mobile notifications for mentions. And many more. There's options for all of these problems, but it's /hard/ and you end up having a lot of risk of nasty bugs where "all the message history become unreadable" and a lot of performance issues.

This is why why end-to-end encrypted messenger apps like Signal are extremely minimal with basically no chat features, and can take a while to load long conversations ... there's a lot of expensive cryptography happening in the background. AFAIK it's not realistic to use the Signal protocol with the volume of messages people do in high-traffic Discord or Zulip communities.

Some other E2EE chat systems have more features but fail to actually provide end-to-end security. (For example, the server provides the source code for the web app and can freely modify that code to steal all the messages the user can still read, or the server is still in charge of metadata like channel membership ... so a malicious server could just add a fake user to every channel).

You get almost all of the security benefits of these "E2EE" chat systems by having a trusted person self-host the server, and setting a message retention policy if you want messages in certain channels to be automatically be deleted after a period of time.

Our vision for Zulip is not billions of people on our Cloud service. People should own their own communities, not corporations. And in that world, usually the person who runs the community can be trusted to host it.

It turns out e2ee in a chatroom is really, really, really difficult.

Can you give more specific feedback -- what specifically are you looking at, and what specifically do you think contributes to it being noisy?

It has modern features. It stores message history. It has a fairly unique feature of letting you create ad-hoc "topics" (that go under a "Channel") that make it easier to manage the flood of conversation.

Last I checked, IRC wasn't really mobile-friendly.

1: IRC loses all messages to you while you are not connected

The built-in Jitsi integration lets you create a voice chat call via a single button click. You can also put those call links in a channel description if you like.

We do have plans to make the integration offer some additional ways to jump into a call, and have been talking about adding video chat. But our focus has been on building the best text chat possible, given there are multiple actively developed FOSS video call systems that we can integrate with.

Looks like it has integration with Jitsi Meet https://zulip.com/integrations/jitsi

https://github.com/openclaw/openclaw/discussions/5163 suggests it already has a PR.

I'm told (https://chat.zulip.org/#narrow/channel/127-integrations/topi...) that upvoting that discussion might help it get prioritized.

You can host your own instance or choose someone you trust to host it. With discord, google, meta you have no options.

Crypto is the problem not the solution, that's why no one cares. We aren't going to pump your shit coin so you can rug pull, give up.

You need someone to rework that ecosystem.pdf file if you're serious. You spent a million dollars on this but your ecosystem pdf looks like it was created by a 12-year old trying out slides for the first time.

Then you're fucked, and stuck on big tech and hostile governments. If you can't convince friends to move, that is.

Thousands of people have put their pants on, had breakfast, gone to work, and then been intercepted by militarized federal agents, thrown to the ground, locked up in prison camps, then deported overseas.

Glad things are comfy for you though.

Fixed this for you: "I haven’t been affected, so everyone else is overreacting."

> I only scan the headlines

Have you scanned any headlines about ICE lately? Maybe do a quick search for news about Minnesota?

(I'm pretty sure that if you'd been putting your pants on in Minnesota, you would not have written this comment.)

That is not a good analysis because it insinuates that everything stays the same. This is clearly not the case. Besides - no matter whether in a democracy or in a dictatorship, almost everyone puts on pants.

It is also incorrect to confine this "merely" to social media. This is clearly government overreach. They want data from The People.

If your eyes are closed, then things look the same whether you're in the middle of a calm meadow or on a highway about to be run over by a truck.

If you prefer not to look, maybe because you're convinced there's no truck, or you don't think it would help avoid the truck if there is one, fair enough. But the fact that your personal experience is unchanged is meaningless.

It's sad and pathetic to see such apathy.

Discord is focused on large groups. E2EE doesn't work in this case. Group management overhead traffic is too high and too unreliable, and a bad actor could just join the group under a pseudonym to log messages. Discord isn't E2EE for the same reason Hacker News isn't.

It used to be that on the internet, nobody knows you’re a dog. ;)

Huh. Can you do that? I wonder what is legal status of this. I used to make all sorts of fake IDs (pretty good ones!) when I was a teen (you know, for purposes such as going to clubs, buying alcohol), but of course this is literally a crime, and not even a "minor" one. Apparently, back then it didn't bother me much, but with age I became more cowardly, I must admit. So now I use my passport data more often than not, even though I am not really a fan of the idea of giving a scan of your documents to some random guy on AirBnB (although, with some obvious caption photoshopped on top, to make the scan less re-usable). I mean, it's just a matter of fact that everyone requires them, and it also has that weird status of "semi-secret thing" that you are somehow aren't supposed to give to anyone, and I still have close to zero understanding of how that works.

So, I suppose you shouldn't give your fake id (digital or physical) to a government officials. It also seems "obvious" that it's similarly unwise to give it to a bank. But you can do that to a random guy on AirBnB? A hotel? To a delivery service (Uber/Wolt/whatever)? Dicsord? Where is the line between a bank (a private commercial corporation) and Discord (a private commercial corporation)?

Youtube flagged one of my accounts as a teenager because I watched a few pop videos (lol) and I was not able to trick it with fake IDs, though I didn't try all that hard.

I tried to do this when LinkedIn forced me to upload an ID. It didn't work unfortunately. I see the good in this but I know it will be abused. I want to run away but I don't foresee any way that the powers-that-be will let the common person use the Internet without an approved ID in the future.

This gives me some idea: just use AI to generate an ID.

wdym, how did your dog driver license even pass before AI ?!

I found a picture of someone my age, gender, and background and used that in the past for some things.

But not even worth that effort for this. Not a subscriber, but probably won't ever use it again, either.

Just use Ai to make a non existent human face, might as well

You do realize this is wire fraud right?

Absolutely. Social media and its consequences has been a disaster for the human race. Ban it for everyone.

ID verification for sites that where people speak the truth.

Cesspit of AI-driven "validated" accounts for pushing propaganda.

It's the worst of both worlds.

Nope, I want the social media companies to be shut down, I want smart phones to go away permanently, and I don't want kids to be handed laptops or ipads in school.

Everybody hates teenagers, so yes.

It's not really about protecting them; people that claim this is the case are generally doing so to launder that hatred.

Absolutely, who gives a shit about some platforms on the internet.

If you're worried about government retaliation they can already figure out who you are from what discord has, especially with a justice department that doesn't really even care about looking like they're following the law

> A pile of morons in legislatures who insist there's a magic highly private way to do all this, but (see Australia) refuse to lay out the actual method.

This is a case where there's plenty of evidence that it's actual malice, not just incompetence. Leaving aside that this shouldn't be done at all, there is no desire to do this in a privacy-preserving way, because destroying anonymity and controlling online discourse is the point for governments, not the "unintentional" side effect to be avoided. "Think of the children" is just the excuse to get people to unknowingly buy in, just as it has been for generations.

https://bsky.app/profile/tupped.bsky.social/post/3lwgcmswmy2...

That’s not a reasonable societal expectation. That should be an expectation of the parents to follow through on.

How reasonable is this expectation? All you do by intituting these draconian 'wont someone please think of the children' ID laws is make it marginally more difficult to access mainstream services where there's not much crazy bad stuff anyway. The rest of the internet is the wild west, and good luck controlling that.

The whole thing is security theater designed to conceal the fact that child security is not the objective, it's the justification.

Please do and write about it, whether it goes well or not.

Seriously, and probably do a better job of it. Electron. Yuck.

The problem isn't the platform, it's getting a critical mass of users. Until everyone is using it, nobody is.

You can say “shit” on the internet.

I'd never thought I'd see advocates against privacy on HN of all places but here we are.

I've never been to a town square where I had to let some random person photograph my face or tell me to leave.

Except that is clearly not how it works. Spend 5 minutes on facebook, and you will quickly realize that people have absolutely no problem spewing the most disgusting racist, xenophobic shit you have ever seen in your life, while their full names and pictures of them hugging their granchildren are there for everyone to see.

>> nobody should escape the consequences

There are no consequences whatsoever for this.

Feel free to go make a social media website that requires ID. What you are claiming is that websites that don't require ID should be destroyed. No.

I don't need a public ID to sit in my local park nor shop for most things on Main Street.

>nobody should escape the consequences of using that voice to peddle bullshit.

We can already do that without needing ID stored on servers. Blame lazy enforcement with an incentive to retain even bad customers.

I believe what you said is correct and this headline is incredibly misleading. Most people should not need to upload any ID. If you are so addicted to NSFW content on Discord, then it is a different story.

> I’m giving it exactly 2 weeks after implementation for most people to just suck it up and upload their IDs.

I don't most people will even notice, as they are not in age restricted servers or channels.

Eh, I dunno, there’s a free chat app lifecycle that they all pretty predictably go through and Discord is getting a bit long in the tooth.

> There was an appeal button; she was asked to take a picture of her face from many angles and upload ID. She gave them everything they asked for, but when Facebook reviewed the appeal, they closed her account permanently.

I can't speak for every company, but I know with Facebook and Paypal, these requests generally are from automated systems and the chances of successfully reopening the account is well under 1%. The info you submit is not viewed by a human and the systems are mostly treated as a way to lighten the load on human support staff. They don't care if your account is reopened, they just want you to feel like you had a chance, did all you could, and then just give up.

I discovered this about 20 years ago dealing with Paypal. I happened to know someone who worked in Paypal engineering at the time. I had a well established account, a Paypal debit card, linked accounts, etc., everything you could need to feel good about an account.

Out of the blue it was suspended and I was sent into this system to send in verification documents. I gave everything it wanted. First it was ID, then a "utility bill" so I sent over my phone bill. That wasn't acceptable because it didn't prove I lived at my address for some reason, so I sent a natural gas bill. Even though that did have to be tied to a physical address (you can't deliver gas wirelessly!) I was asked for an electric bill. Then the lease. Then a bank statement. Every time I gave it pretty quickly. Then I was asked for a passport. I didn't have one. Suddenly that was the only thing that could unlock my account and as soon as they had the passport my account would be reopened. Nothing further would be done without a passport, not even communication.

I asked my friend to look into it. She said, "that's on purpose, that's the NoBot. It gets people out of support's hair." Turns out if you let unhappy customers complain to humans on the phone they will, so some exec decided to improve call center metrics by forcing customers into a system designed to keep them occupied until they gave up. You funneled people into it, and it would continue to reject their submissions with new reasons infinitely. It just went through a list of things to ask for, and when it found one you couldn't provide, suddenly that was the key and without it you were screwed.

Companies still do this today.

It sure beats the Reddit system where you think you are interacting with people, only to find out a couple of days later that your fresh account is shadow-banned and nobody is seeing your comments and that none of your likes went through.

At least Facebook tells you that you are banned.

Many consumer banking apps have begun integrating similar identity verification third-party providers. They are very inaccurate.

Sometimes it works with the front camera on one smartphone but doesn’t with another (iPhone 17’s distortion), sometimes it recognizes your face on one day, but desperately fails to recognize you on another. I had to repeatedly record videos for it only to fail over and over again. Anything their system flags as suspicious, anything, will trigger the same video identification flow again, which effectively blocks your money in the account.

I’m closing my accounts with a couple of banks with these video id flows. Simply because it’s way too easy to lose access to my money in the account with them. If their QA is not good enough for this vital requirement, I don’t want to know how they treat other requirements. They simply outsourced the id verification to some third parties that are way too unreliable.

Not to defend, but to understand. Last year our old "High School class of 19NN" group received about a dozen join requests per week from bogus accounts for a couple of years. At first they were trivial to discriminate because they were folks located on the opposite side of the Earth. But over time they became filled with pictures and names of (randomly generated?) Americans.

I could still tell because their profiles were sterile and had few normal comments or likes etc. Also a high school class has a very narrow age range. We recently landed a fatal blow by disallowing joins by "pages" and adding a few questions. A trickle continued but stopped recently.

The hamfisted false positive response you described is probably a result of the above.

Last year I finally caved and tried to sign up for instagram. It's tragic but it's almost like a second internet. So many small business and bands only have instagram. So many lil communities post their events only on instagram. I always have to ask friends with instagram to tell me when a brewery is open, when a show starts, etc.

So I tried to sign up (and I already HAVE an active facebook account from high school, with hundreds of friends) and it wanted me to scan my face. I did it, which I regret, only to be told five days later that I am too suspicious. So here I am, still locked out of all this information lmao

My sister died a few years ago. A couple of months later, someone created an account with her name and profile pic and started inviting family members. Quite frankly, I would have been ready to brawl with this person if I were in a room with them.

I feel very badly for your friend. Unfortunately, those completely benign actions look identical to a common identity theft pattern.

It's as if all the other problems Facebook has done in the past never mattered. Nobody stops to think about how Facebook's _repeated and exhaustive history of abuse_ might actually impact them. If only there was some evidence of what might happen...

Exactly my experience. Hoovered up my data and refused to let me in after.

Mark Zuckerberg, folks. It matters when his default philosophy is "They trust me dumb fucks". Copying Snapchat 9 times is more of a priority than account security. He wasn't "making a good point". He's a malicious asshole who deserved jail years ago

I yearn for the days of yore when a few of us would co-lo some boxes at a small local ISP we were friendly with, where we'd get to take advantage of their always-on and (at the time) blazing-fast T1 connectivity. It was low-cost for everyone, and we'd host our own services for whatever was useful to us and our friend groups.

On the other hand: It was kind of awful when even my dialup access would get screwed up because someone's IRC server got DDoS'd -- again -- and clogged up the pipes.

---

These days, the local ISPs are mostly gone. But the pipes are bigger -- it's easy for many of us to get gigabit+ connections at home. Unfortunately, the botnets are also bigger.

How do we get back to what we had?

> Perhaps these constant restrictions will finally spur us to create our own spaces again Our own little groups that exist independent of the corpo-sphere.

The normies already did this. They just did it on centralized platforms like Discord. Until their backs get broken we're not getting anywhere. (Although I may be being a little too cynical.)

> Perhaps these constant restrictions will finally spur us to create our own spaces again

We had forums using forum software but moderating the spam got too hard. If you create your own space using any common software platform then you'll be pwned (a la PHP-Nuke et al). I presume even pure custom web pages would end in tears these days (DoS complaints seem to be a more recent reason; also Bot form submission is pretty good at being bad).

The fediverse already exists.

I have my small little groups. I've walked away from big sites constantly and this won't be an exception. Definitely going to cancel my Nitro today until/unless they revert this.

But leaving is never free. There's a lot of gaming communities (especially niche subcommunities like emulation, speedrunning, modding, etc) that are mostly on Discord and not anywhere else. Many probably won't move. A lot of tribal knowledge will be lost as it's locked in these communities.

Heck, even some FOSS communities communicate mostly on Discord. I have more faith they will move. But not all.

The interests of the people who own/control technology, and have the most influence over standards, will make sure you are forced to participate.

And they have always organized society to make sure this is the case. It's not a wacky conspiracy theory. These are just the interests of the people who create and have most influence over tech, and these interests are shared in common amongst most elements of that class. So, this class, the capitalist class, will just plan (conspire) to make it necessary for you to participate.

Viewing tech in this way makes one see that the historic development of tech is not happenstance occurrence, just tech skipping along, unconsciously, into authoritarianism, but as tech being influenced by the interests of the people who have the most influence on its development: those who own it, who are often the same people who determine standards.

The internet was never a free form idea upon which everybody could sway, its a technology owned, controlled and influenced by those who produce it.

They WILL absolutely try to place social/state/labor functions behind this wall of authoritarianism. As they already have, and are currently doing with the growing ban on VPN usage, anti phone rooting measures, anti-"side loading", etc.

It should not be absurd to suggest that the people in power have used, are using, and will use power in their favor.

> a monopoly on peer to peer sales of goods like that

I don't know ... around these parts (Santa Fe/ABQ) while Marketplace is very popular, Craigslist continues to be widely used for this, especially since an ever growing number of younger people are not on Facebook (either at all, or not regularly).

Perhaps you may have not read about how Iran is moving to a whitelisted internet. Or perhaps you believe this will not happen in your country.

However, “think of the children” will always result in more restriction in western countries, not less. We are watching countries prove that it works to isolate from each other. Europe is not isolating from America in exactly the same way, but is isolating business processes from American services.

We are not on the cusp of the end of the internet, but the cliff sure seems in view to me.

The big ad networks want a cut from business users and will actively suppress posts from business accounts that haven't paid up.

But instead of paying Instagram for reach, consider taking the same budget and spending it delivering samples and coupons to other local businesses mid/late morning. Bonus points if you make the coupons unique for each delivery so you can track which local businesses are your biggest fans. Office managers are generally receptive to this kind of cold call and you can leave a catering menu. Catering gigs can keep your kitchen busy during the off hours.

> it's hard not to think we're living the last decades of American economic hegemony

Bit of a stretch to correlate this with Instagram suspending some guy

That won't guarentee that you get your account back. Many times it's used to permaban you later.

I browsed for a while but didn’t see anything worthwhile.

I’ve had friends coordinate for me in the past for a couple things but honestly eBay is still my go to.

Those pesky whistleblowers, journalists, and political dissidents have had it good for far too long. They’ve needed taking down a peg

Dear littlecranky67, as overseer for your digital wallet, I am happy to inform you that the owner of the discord server kinkydwarfporn doesn't know who you are and your privacy is protected.

Signed your friendly EU official.

As long as someone in the chain is able to physically connect the dots it is game over for privacy.

The same EU that is trying to backdoor every messaging app to "protect the children" TM? I 'll use their ID system on my dead body.

That is what the example uses. In the real world that would be a digital signature. Look under the heading "Fitting the parts together" to see what the real world solution could be like.

I think that whatever organization that issues your passport, would be a natural choice for setting this up. But it could be some other authority. In a way it is the identity owners and the providers that decide who they will trust as authorities.

Hash-chains allows the solution to be token-less. You no longer need those per transaction information leaking API calls. You also avoid dependency on a single provider.

The communication in connection with a transaction would only go between the identity owner (Bob) and the provider (Cycle shop).

No API, they sign the tokens with the government's private key and you verify them with the government's public key

If discord needs to contact an API, then the government can associate the token with you, and you with discord, and know what you browse online. No thank you.

What's stopping kids from all using the token of that one older brother?

I think the way to go would be for Alice to give you lots of commitments. They are computationally light-weight to generate anyway.

That would at least be a good and also simple solution. Maybe there is a perfect solution, but then I dont know it.

Realistically this would be another service attached to the government ID. Something like this does function in some European countries, doesn’t it?

The use of the parent is an example. In reality it would be some official age checking provider (maybe the government).

No, the solution does not require that.

It requires that Bob proves posession of a private key, that only he has ever had. That private key could be generated specifically for the commitment that he got from Alice.

Thank you! I've bookmarked your website!

Matrix screen sharing is a feature of Element Call / MatrixRTC (in development).

For now, I think they do it through their Jitsi integration. I don't know how easy it is, as I haven't tried it.

https://docs.element.io/latest/element-cloud-documentation/i...

Stoat has screen sharing / video calling in the pipeline at least: https://github.com/stoatchat/stoatchat/issues/313

Jitsi does that well

Honestly, this is HN and founders should pay attention to this. People don't want to host their own shit, they want a one-click easy switch. All of these alternatives have baggage.

This is your chance to start Bluesky for discord. A competently built, VC backed competitor to exploit a misstep only caused by government overreach due to their colossal market share. 26 million daily active users is a nice guaranteed market to start whittling away at, with an effective marketing campaign to drive a wedge between "little gamers, and big corporate enshittification."

Same, depends on what you expect in terms of features and so on, but for chat, IRC works perfectly.

Jitsi handles this very well.

I personally would advocate the combination of Zulip for text chat plus Jitsi for calls and screen sharing.

Currently financed on user donations. The future plan is to intoduce further features which are costly to provide behind a paywall to remain sustainable.

Requires hosting of the private server (security/privacy implications) or renting it from the third party.

It's because of the trademark: https://stoat.chat/updates/long-live-stoat

Nevertheless, I don't like the new name either, oh well...

I like this comment though:

Imagine you make a free software project and it runs into trademark issues because people have more money than you to register in more classes than your project.

And then even though your project existed first, they still come after you anyway.

And from that an even more expensive rebranding from this as well.

from: https://news.ycombinator.com/item?id=45626225, not sure how accurate it is, but it makes me want to revolt .

"[beaver emoji] Revolt is Stoat now"

Argh. If there's no stoat emoji, petition the Unicode Consortium for one, don't just use a beaver. It's not even the right family; the badger emoji would be closer.

It's open source, I'm tempted to fork it and do nothing other than change the branding.

I keep wondering why Zulip is so often left out of reviews and tooling comparisons. For me it ticks a lot of important boxes, yet it barely gets mentioned. Is there a downside I'm missing, or is it just under the radar?

The concept that every message belongs to a topic and the async communication focus makes so much sense to me. I read conversations, not timelines.

Element’s awful, but I’ve found FluffyChat, another matrix client, to be a lot better, albeit with a very silly name.

IRC does not support group voice & video calls, which is one of the primary features of Discord (and previously Skype, from which everyone migrated to Discord in the first place)