How does Discord and Twitch's age verification tool 'k-id' avoid fraud?

The communication app Discord and the gaming streaming site Twitch have added age verification features to protect younger users. As a result, Discord and Twitch now use camera-based facial recognition. Eva and Dziurwa , developers of k - id, explain the tool that performs this facial recognition.

discord/twitch/kick/snapchat age verifier
https://age-verifier.kibty.town/

In February 2026, Discord announced that it would enable underage settings by default, requiring users to verify their age via camera before accessing adult content.

Discord announces that it will make accounts default settings for minors, requiring age verification by taking a photo of your face or scanning your ID to qualify as an adult - GIGAZINE

The tool for verifying age on Discord is 'k-id.' k-id is used not only by Discord but also by services like Twitch, Kick, and Quora, and it uses a camera to take a picture of your face and verify your age.

While other competing tools may send images or videos of a user's face to a server, k-id does not send or store the content captured by the camera. Instead, it sends metadata about the user's face and general process details. While it was previously easy to verify the authenticity of the metadata, the emergence of 'amplitudesxd,' a tool that bypasses k-id's facial recognition process, has temporarily made it difficult for providers to determine whether the metadata being sent to their servers is legitimate.

In an effort to eradicate malicious tools, developers compared legitimate request payloads with the generated fake payloads and noticed that the old implementation lacked elements such as 'encrypted_payload,' 'auth_tag,' and 'timestamp.' Looking at the code, they found that these appeared to be simple AES-GCM ciphers generated using ' HKDF (sha256),' a simple key derivation function based on the HMAC message authentication code. This is easily reproducible, and it appears possible to create the missing parameters in the generated output.

However, even after perfectly replicating the encryption, the verification was not successful. Therefore, a more detailed check of the actual payload contents was carried out and a patch was created. The metadata is now validated by cross-referencing the validity of elements such as 'recordedOpennessStreak,' 'recordedSpeeds,' 'failedOpennessReadings,' 'failedOpennessSpeeds,' and 'failedOpennessIntervals' on the server side and checking the consistency of the values.

k-id is developed as open source and is available on GitHub.

GitHub - xyzeva/k-id-age-verifier: automatically verify your age on discord, twitch, kick, quora and more (k-id)
https://github.com/xyzeva/k-id-age-verifier