from Ave's Blog
In case you haven't seen it yet, Discord is pushing age related systems pretty heavily lately.
There's two aspects of it, the age gate for NSFW channels, and ID verification for bot developers with bots in 100+ guilds. I'll be writing something on the latter on a future date.
I believe the age gate is being rolled out to everyone these days, as me and lun-4 got it today, and linuxgemini and one of my other partners got it last week. That said, I have seen friends get it as part of A/B testing in the last couple months. As far as I know, the A/B testing on this started on or around 2020-04-03.
It is important to prevent minor's access to spaces containing sexual content, not just for their healthy development, but also to reduce risk of them getting groomed.
Some discord guilds take this matter more seriously than others. Some just rely on Discord's NSFW channel warnings (and ban anyone they know is under 18):
Some rely on people specifically requesting access to these roles, and some reportedly even ask you to do an ID verification with them, which while is a rather safe way to lock out people who are lying about their ages, it also puts the user's data at risk as they're transmitting it over an unencrypted platform to someone who may in turn not treat this data properly. It also creates privacy concerns.
One issue I have with this is how it is presented. I was sending a command on our joins channel (which is marked as NSFW as we were flooded with bots with hateful usernames in the past) and closed my discord client there last night, and when I opened it this morning, it covered my entire screen, and asked me to input my birthday. Also, there was no way to close it, I couldn't just say “ask me later” and be locked out of channel until I entered my birthday. Clicking outside of the modal or pressing Esc also does not close it.
Discord does not do the discerning between “NSFW” and “sexual” content that well. As with the #joins channel I mentioned above, it is possible to have a channel that can benefit from a warning that it may not be safe to be viewed in a work environment (example, cw racism, transphobia, slurs), but one that isn't sexual.
In addition, what is “NSFW” depends greatly on your line of work and your culture. One could argue that looking at memes is NSFW by itself, or even spending company time on Discord. Over at elixire, we've decided to use “sexual” as a tag word to describe domains that allow sexual content (We currently don't allow sexual content on any domains, but plan to allow it on certain domains on v3 if the domain owner is okay with risking their domain ending up on parental block systems.) instead of “NSFW” to clarify this.
An age gate mostly benefits sexual channels, and IMO more channel types (announcements, chat, sexual, spoiler, disturbing, etc etc) with age gate only applied on channels that are sexual would be more appropriate than applying age gates to all sorts of NSFW content.
IMO, Discord did not implement this properly at all.
Here's all the issues that I've seen with it:
Fixed: Date format was unclear
Image source: This reddit post.
When this feature was first launched, it only allowed date entry in a textbox, in the format of mm/dd/yyyy. The problem with this approach is that many, many countries outside of US do not use this format, and use dd/mm/yyyy instead.
A friend of mine got locked out due to this as while she was 18+, her dd-mm swapped birthday was under 18. Yes, there was a notice on date format at the bottom, but it was a bad implementation. (The date shown is the current date, so date format is also not always fully apparent.)
This was replaced with a date picker in the end, with localized month names to prevent this from happening ever again. That was how it should've been in the first place.
This is a problem that could be prevented if discord was more diverse in the first place. I feel like Discord disallowing remote workers and not sponsoring visas is a factor in this.
If you pick the wrong birthday, you're stuck with it ...-ish
Discord does not allow you to change your birthday once you give it to them once. If you accidentally give them the wrong one (like my friend did) or if someone pulls a prank on you by grabbing your phone or something, you're locked out.
According to the official help article, the only way to change your birthday is by sending discord a picture of you holding a photo ID that contains your date of birth and a piece of paper with your full discord tag. Ouch.
There's no information on the data retention on this other than a weak statement saying that it'll only be used for age verification. There's also other issues with this as I will mention in the article I'll make about the ID verification systems employed by Discord.
TL;DR, though: – Not everyone has a photo ID. – Not everyone is comfortable with taking a picture of their face. – Not everyone is comfortable with transmitting their photo ID and a picture of their face to a private company.
And all of that is valid.
Note: When I discussed my concerns with Discord requiring you to send an ID to change your birthday with a friend, they told me that it's good for preventing the issues I mentioned in the “The Importance” section. While I respect this opinion, I kindly disagree, and wanted to state my reasoning here too: Users that want to lie about their age already can in the first prompt, so IMO disallowing changing your birthday mostly hurts those that aren't trying to bypass this procedure, but those that got locked out improperly.
Age gate encourages users to lie about their age
The whole system in general encourages users to lie about their age, and there's two overt examples of this that I stumbled upon while testing this.
Year picker starts at the latest legal age
The year picker dropdown automatically starts at 2002 when you click on it (It shows 2001, so you may ask “Ave, why did you say 2002?”, here's my explanation: If you pick a year like 1999, when you click on it again the year that's shown at the top of the dropdown will be 1998):
The code for Android seems to do something similar too, defaulting to current date -18 years.
At first, both me and lun-4 assumed that this was the minimum age and this did bother us quite a bit as we felt like it forced you to lie about your age if you were under 18 (as you cannot close the age gate modal), but when I tested it further on an alt, I found out that this is definitely not the case (oddly enough it stops at 2017, I wonder why they picked 2017 specifically, that seems to be enforced on both desktop and android):
So, tl;dr: The year picker starts at the latest year in which an 18 year old person could be born.
Age gate tries to warn you if you say that you're underage
If you give a birthday that is less than 18 years old, discord will warn you:
This isn't displayed for people over 18.
While this is handy to prevent cases like the friend that accidentally got locked out, it does seem to also encourage you to lie about your age. Twitter also has a similar prompt before they lock you out of your account due to your birth year. Ideally, I think it'd be more appropriate if they showed this modal to everyone, not just people under 18.
Date calculation issues
Right, this is a big one. Discord does age calculations... weirdly. In some parts it does it properly and in some it does not, and this leads to some issues.
Flat out wrong calculations
On one account, I gave a birthday that's in 3 days (I picked close ones as I wanted to see if the lock would lift automatically on the birthday, it seems like that is the case, but I'm not 100% sure):
But in the end, I could still access NSFW channels:
Discord seems to calculate birthdays by doing (current date – your birthday), getting the day count, dividing it by 365 and seeing if it's over 18. This means that you get access to NSFW channels 4-5 days (depends on your birthday) early due to leap days.
Note: This is only valid for the desktop client, at least on Stable 62330 (912f791). Android seems to calculate it properly.
This is obviously a simple mistake to make, but it does show issues with QA testing on Discord, especially as this seems to be a deployed feature now.
Date calculation inconsistencies
(Test below was done on 2020-06-27, one day before the given birthday)
The underage warning does calculate your age properly according to local time, but the code that locks you out of channels is not doing the same. Ngl, this is kind of amusing.
Checks are client-side
The birthday check is done on client-side and can easily be bypassed. I can't really fight too much over this, in the end there's much easier ways for someone to “bypass” it.
That's all the issues I see with this specific system.
To me, it seems like it doesn't prevent the problems (as users can still easily lie), and goes too far by not allowing someone to update their birthday without sending a picture of them holding their photo ID and a piece of paper with their discord tag. Plus, it currently has bugs that allow minors who don't even lie to access NSFW channels.
I don't know what the proper way of dealing with this problem would be, but I can say with certainty that Discord's current approach isn't it.
This is a long and complicated topic. There's alternative methods, of course, but they're either weak (such as face verification), invasive and weak (such as credit card verification), or just invasive (such as ID verification). The UK had its own share of issues when it proposed such a system. While more invasive verification methods would increase the false positives and make bypassing the system harder, it'd also cause ethical concerns and potentially alienate adult users that do want to view and share sexual content. I know that I wouldn't send my ID to Discord over this.
And that concludes this blog post. Thank you for taking your time to read this.