“We’re not rookies on technology,” he said.

After receiving the data dump on his daughter’s Discord account, a couple of things stuck out immediately as odd to Frey.

“There’s no age recorded at signup, but there’s something worth flagging: her data includes an age_group field set to ’13–17,’ confirming Discord’s system knows she’s a teen,” Frey told Ars.

According to the data, Discord updated this field on March 9, about nine days before the account was hacked on March 18.

“They changed the age on their side, even though we can’t change the age on ours,” Frey said.

Additionally, Frey noticed that a separate field, “is_underage,” was set to “false.” He told Ars that he thinks that “discrepancy matters because the underage flag likely controls whether stricter ad protections” for kids are “applied.”

Since his daughter set up the account with an 18+ setting, it’s possible that the field corresponded to her self-reported age. But Frey could see that Discord updated the setting twice: once two days after the hack, and again after her account was restored. Each time, she was marked as not underage, despite support forum messages that repeatedly informed Discord she was 13.

Seemingly, that meant that the platform could create “a detailed behavioral ad profile” on the teen, even though its internal system had categorized her in the 13–17 age group, Frey said.

Samantha Baldwin, a policy and research staff technologist for the Electronic Frontier Foundation (EFF), told Ars that Discord’s hesitancy to formally update the age setting is telling. Frey’s case shows why privacy advocates believe that age verification laws aren’t about “protecting children” but about “surveillance and censorship,” she said.

“That they would not recategorize a minor’s account demonstrates this clearly,” Baldwin said. “Discord is in the business of making money by selling their users’ personal data. They are implementing ‘age verification’ to meet regulatory compliance and to collect more data about their customers, not protect children.”