Peter Thiel’s Founders Fund backs a controversial company called Persona Identities. Persona provides “age verification” to consumer platforms including Discord, OpenAI, Roblox, LinkedIn, and Lime.
Researchers have exposed Persona’s entire frontend architecture, with nearly 2,500 files at 53MB, sitting open on a FedRAMP government endpoint tagged with codenames from active intelligence programs. Fortune has the details, and the researchers published their findings on Twitter.
Yeah. FedRAMP. Exposed.
The files show Thiel’s Persona version of surveillance runs 269 distinct verification checks on users. These include the expected facial recognition against watchlists, but also screening against lists of politically exposed persons, and adverse media categorization across 14 categories including terrorism and espionage. The system assigns risk and similarity scores to every person.
EVERY person.
This is a biometric surveillance pipeline connected to Palantir money, deployed through consumer products, as a front to government intelligence infrastructure.
It is running right now on platforms used by hundreds of millions of people, including children, who believe they are just proving their age, unaware it’s literally Big Brother.
Discord Deployed, Not a Test
Earlier this month Discord defaulted all accounts to teen-safety settings.
ALL on by DEFAULT.
The announcement forced users into a binary: verify age using the Persona gate or lose platform access.
Discord hosts roughly 200 million monthly active users. Its population includes political organizers, activist communities, open source developers, security researchers, journalists and their sources, student groups, and gaming communities that overlap heavily with military-age males.
Thiel was targeting precisely the populations his private intelligence services would want to enumerate and categorize, as a Palantir-adjacent system.
Discord users specifically chose to join as a pseudonymous platform. They use handles, avatars, anonymous identities. Persona maps real biometric identity onto those pseudonymous accounts.
Before Thiel slammed in Persona, a Discord user was a handle. After the Thiel Persona gate was in place, that handle is linked to a face, a government ID, a watchlist status, a politically-exposed-person score, an adverse media categorization across terrorism and espionage categories.
The pseudonymity that made Discord attractive to its users is exactly what made it valuable to Thiel’s extremist ACTS 17 congregations as a collection target. The operation was to de-anonymize the precise population that specifically chose anonymity as protection from Thiel.
The Constitutional Bypass
The Fourth Amendment constrains what the government can compel from citizens. The political and legal cost of requiring 300 million people to submit biometrics to a federal database would be astronomical.
Thiel routed around American legal rights entirely. A private company provides “age verification” to platforms people already use. Users submit biometrics to Discord, not directly to the government. Persona processes the data as a private service provider.
The fact that data landed on FedRAMP government endpoints tagged with intelligence program codenames gives away the corruption. At no point does the state compel anything from anyone, because the surveillance becomes the product. The Third Party Doctrine that information voluntarily given to a third party loses Fourth Amendment protection does the rest.
This is obviously a laundering mechanism to undermine constitutional constraints on state power. The private sector collects what the state cannot legally demand. Commercial authorization frameworks move the data to government infrastructure. The child safety language is disinformation to make opposition politically suicidal.
The Franchise Model
The Thiel portfolio has to be seen as a vertically integrated surveillance supply chain to understand his documented upbringing as a Nazi.
| Compulsion |
Thiel backs politicians — Vance, Trump — who support age verification mandates. Bipartisan cover is guaranteed because child safety is politically inarguable. These mandates create legal pressure for civilians to submit biometrics through consumer products they already use. |
| Collection |
Persona embeds in platforms where billions of users live. Age verification framing makes biometric submission feel routine and protective. Users submit to Discord or Roblox, not to the government. Every parent who consents on behalf of a minor is enrolling a child in a system whose back end they cannot see. |
| Processing |
Persona’s 269 checks are a civilian threat assessment engine. Watchlist matching, politically exposed persons screening, adverse media categorization, risk scoring. This is intelligence-grade analysis running on people who think they are confirming a birthday. |
| Bridging |
FedRAMP authorization formalizes the government channel. Persona CEO Rick Song frames this as “workforce security.” The infrastructure is bidirectional. Once civilian biometrics sit on government-authorized endpoints tagged with intelligence program codenames, the distinction between “workforce verification” and “population surveillance” is a configuration setting. |
| Action |
Palantir correlates identity data with intelligence streams. Anduril operationalizes it for defense and border enforcement. The supply chain runs from a teenager’s selfie on Discord to an actionable targeting package. |
Each platform is an independent collection node. Each has its own justification. Each feeds the same backend. Each can be severed independently if exposed without disrupting the others.
Discord got burned and got cut off.
Persona continues operating through OpenAI, Roblox, LinkedIn, and Lime.
The Rollback Story
Last year, hackers accessed 70,000 government IDs collected through Discord’s previous verification vendor, 5CA. Discord’s response to that breach was to switch vendors — to Persona, which has deeper capability and a direct pipeline to government infrastructure. The breach provided cover for upgrading the collection system.
When researchers published that Persona’s architecture was sitting on government endpoints, the cleanup began immediately. Discord cuts ties. Both companies coordinate messaging to say the partnership lasted “less than a month.” Song tells Fortune the exposed files are just “uncompressed frontend” and that internally this was not considered a major vulnerability. He posted screenshots of an email exchange with the researcher, claiming the implication of connections between Persona, Palantir, and ICE has led to threats against company employees.
The data that flowed during that month already flowed. The biometrics already hit the government endpoint. The watchlist checks already ran. The 269 verification checks already executed against every user who submitted. Dissolving the partnership does not un-run those checks.
A since-deleted version of Discord’s FAQ on age verification contradicts the company’s claims about data retention, stating information would be “temporarily stored for up to 7 days.”
Discord amended its universal age-verification announcement to say verification would be “optional” — unless users want access to age-restricted servers and channels, which means most of the platform’s actual functionality. This is compulsion through architecture rather than law.
A CEO Knows
Song was attacked for lacking a profile photo on his own LinkedIn page — the same LinkedIn whose identity verification Persona handles. His response: “It’s dystopian that we want people to facedox themselves to everyone to be real online.”
The CEO of a facial recognition verification company argues against making faces publicly visible — while his product links faces to identity databases, intelligence watchlists, and government endpoints for hundreds of millions of people. He knows linking faces to identity databases is dangerous. He built a system that does it at population scale. His defense is that he personally should not have to participate.
That is hierarchy, stated plainly. The system makes identity transparent downward and opaque upward.
Recognition Time
In 2009, Peter Thiel wrote that freedom and democracy are incompatible. He was describing a design constraint. Democracy creates legal barriers to population-scale surveillance. Market mechanisms achieve what democratic governance prohibits.
Age verification mandates are spreading across state legislatures. Persona is embedded in platforms used by hundreds of millions of people. FedRAMP authorization formalizes the government pipeline. The administration dismantling institutional checks — inspectors general fired, DOGE gutting federal agencies, loyalty tests replacing competence — is the same administration receiving the output of this biometric collection network.
The 269 checks exist now. The watchlist screening exists now. The politically exposed persons matching exists now. The adverse media categorization across terrorism and espionage categories exists now. The intelligence program codenames exist for a reason that Discord isn’t disclosing. The question is whether anyone treats this Thiel story as the emergency it already is.
