Discord Finds Age Identification May Have Privacy Concerns

6 snips

Feb 25, 2026

Discord halts an age-verification tie-up after researchers found Persona code hinting at hundreds of checks and risk scoring. Four critical SolarWinds Serv-U remote code execution flaws require urgent self-hosted upgrades. Splunk patches a Windows privilege escalation caused by install-folder permissions. Texas sues TV makers over alleged frequent screenshotting and transmission of screen content without meaningful consent.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Discord Abandons Persona After Privacy Alarm

Discord halted its Persona age-verification experiment after user backlash and research showed broader capabilities than disclosed.
Researchers found Persona's front-end code suggested up to 269 checks including watchlist screening and risk scoring, raising privacy alarms.

INSIGHT

Age Verification Creates Policy Tension

There's a policy trade-off between protecting minors and creating heavy identity intelligence systems.
Jim Love notes governments push age checks but expanded verification becomes invasive, prompting user pushback.

ADVICE

Urgently Patch SolarWinds Serv-U

Patch Serv-U urgently if you self-host it; SolarWinds released Serve-U 15.5 to fix four critical RCEs.
The CVE list (CVE-2025-40538 through CVE-2025-40541) scores 9.1 and requires upgrading self-hosted Windows/Linux instances immediately.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits

In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor Message Meter 00:20 Discord Age Verification Backlash 01:37 Persona Code Raises Alarms 03:08 SolarWinds Serv-U Critical RCEs 04:51 Splunk Windows Priv Esc 06:18 Smart TV Screenshot Surveillance 08:35 Wrap Up and Sponsor Thanks