Chat sites without ID verification: what's left in the face-scan era
Face scans and ID checks are now the price of entry on Roblox, Reddit and soon Discord — here is what actually happened, why the checks keep failing, and what chatting without handing over your identity still looks like.
Start chatting now →In the space of about a year, a face scan or a government ID became the price of entry to some of the biggest chat platforms on the internet. Searches for chat sites without ID verification are one measurable result — demand for anonymous conversation did not shrink, it just started looking for the exit. This post pulls together what the new laws actually do, why the checks keep failing at their own stated goal, and what the honest options are if you want to talk to strangers without uploading your passport.
One thing up front: this is not a story about anonymous chat dying. It is a story about moderated anonymous chat dying — the version with report buttons, mod teams and admins — while the unmoderated kind quietly grows. That distinction matters more than any single law.
How the checkpoints went up
The timeline is compressed and worth laying out plainly.
- 25 July 2025: the UK Online Safety Act's age checks went live, with fines of £18 million or 10% of global revenue for non-compliance. Reddit switched on Persona checks for UK users the same day.
- October 2025: a breach at 5CA, a support contractor working for Discord, exposed roughly 70,000 government IDs. Discord delayed its global age-assurance rollout to the second half of 2026 and dropped its face-scan vendor's server-side approach.
- 7 January 2026: Roblox made facial age estimation mandatory for all chat globally, sorting its users into six age bands.
- February 2026: the UK's ICO fined Reddit £14.47 million — the largest child-privacy fine on record — for weak age assurance, in the same month Discord killed its UK Persona trial.
- 29 June 2026: the KIDS Act (H.R. 7757) passed the US House 267–117, with a "should have known" negligence standard that makes age-gating every account the rational legal defence. New York's SAFE for Kids Act rules follow, blessing everything from face scans to "attestation from other users", with penalties of $5,000 per violation.
Whatever you think of the intent, the direction is unambiguous: proving something about your identity is becoming a default condition of chatting on mainstream platforms.
The checks miss the kids and catch the adults
Here is the part regulators rarely quote. NIST's evaluation of Yoti — the industry's best-in-class facial age estimator, widely used for UK compliance — found a true positive rate of 0.57 for identifying 13–16-year-olds. Roughly four in ten of the teens the technology exists to catch walk straight through. Roblox's own certified figures put its estimator's mean absolute error at 1.4 years for under-18s, which means a meaningful share of 15-year-olds get banded as 13 or 17.
The workarounds arrived within days. UK users beat Reddit's checks with video-game face filters. TikTok filled up with kids defeating Roblox's selfie scan using drawn-on wrinkles and celebrity photos. Wired found age-verified Roblox accounts — some registered to children as young as nine — for sale on eBay. Meanwhile Proton reported a sustained VPN sign-up surge of over 1,400% in the UK within days of the OSA going live, briefly making it the top free app on Apple's UK store, and more than 500,000 Britons signed a petition to repeal the law.
There is a live argument about how much damage this does to platforms. One reading points at Roblox's daily active users falling from a peak of 152 million in Q3 2025 to 132 million in Q1 2026, with only 51% of users age-checked by the end of that quarter. Sceptics reply, fairly, that a Q3-to-Q1 comparison conflates post-holiday seasonality with verification flight. Both sides agree on the underlying point, though: the scan does not verify age so much as willingness to comply. Everyone else routes around it.
The real risk isn't the scan — it's the paperwork
The polished on-device face scan is, in a sense, the safest part of the system. The Discord breach did not come from a verification vendor at all. It came from a support contractor's ticketing system handling age-appeal tickets — the attackers claimed access to 521,000 age-verification tickets, and roughly 70,000 government IDs were exposed. Every "we delete your scan immediately" promise covers the happy path; the exception path — appeals, bans, misbinned adults — quietly accumulates passports in a helpdesk queue that no marketing page mentions.
There is a second quiet shift: inference is replacing verification. Discord says over 90% of its users will never be asked to scan anything, because its system infers age from account tenure, device data and behaviour. You can avoid ever uploading an ID and still be profiled and classified. For anyone who valued the feeling of being a stranger, that matters as much as any scan.
What got locked away
When Reddit's UK checks went live, the walls went up around r/periods, r/sexualassault, r/stopsmoking and r/transgenderUK — support communities where anonymity is the entire point. Psychology research has long explained why that stings: Bargh, McKenna and Fitzsimons showed in 2002 that people disclose their true selves more readily to strangers when identity is decoupled from consequence, and earlier work by McKenna and Bargh found this matters most for people with stigmatised identities. Crucially, the research says perceived anonymity drives disclosure — so a checkpoint that kids can beat with a face filter still tells every cautious, help-seeking person that identity is now the price of entry. The check fails as a filter and succeeds as a suppressor.
There is also an unpriced loss nobody has costed: those gated communities ran on unpaid volunteer moderators, and no replacement venue inherits them. If loneliness is part of why you chat online, that loss is personal — and if things feel heavier than a chat room can hold, call or text 988 in the US, 116 123 (Samaritans) in the UK, or find local support at findahelpline.com.
Where anonymous chat is relocating — and why that isn't a win
The technically durable refuges are protocol-level tools with no company to fine: IRC networks like Libera.Chat, self-hosted Matrix and XMPP servers, SimpleX (which has no user identifiers at all) and Session (no phone number). But be honest about the trade. Safety tooling there is voluntary and unevenly funded, and most of these tools have no discovery layer — a lonely newcomer cannot easily find strangers there, only pre-existing contacts. And there is a class dimension: VPNs, purchased verified accounts and the skill to self-host are all things money and technical literacy buy. Anonymity is becoming means-tested.
One more chokepoint is coming. Texas's app-store age-verification law took effect on 1 January 2026, with Utah behind it, pushing verification onto Apple and Google themselves. Once the store attests your age, every app you install can inherit that attestation — however private the app claims to be. The last mile of no-ID chat is the browser, not any app.
What chat sites without ID verification look like now
Put those threads together and the picture is clear. If you want to chat without handing over an ID, the realistic options in 2026 are browser-based sites that never ask for identity in the first place — no account, no phone number, no scan, nothing to leak from an appeals queue. The honest trade-off is that anonymous does not mean unwatched: any responsible site in this space still moderates.
Shush is one example of that middle path: a free, text-only anonymous chat site with a live Lobby, user-created rooms and one-to-one DMs, no signup and no download, for adults 18+. It is deliberately not encrypted — messages may be reviewed by an admin for safety — because that is exactly the moderated-anonymous combination the face-scan era is squeezing out everywhere else: nobody knows who you are, but somebody is still minding the room.
The honest bottom line
Four things are true at once. The laws are real and spreading. The checks demonstrably leak — via breached ticket queues — and demonstrably miss the teens they target. The displaced users, adult and minor alike, are moving to spaces with fewer adults in the room, not more. And, as one sceptic on our research panel put it, nobody on any side has produced baseline evidence that child harm has moved in either direction. That absence is the story.
Until it is resolved, the practical advice is simple: never upload a government ID or face scan to a chat platform you would not trust with a breach, prefer browser-based sites that ask for nothing, and treat "we delete it immediately" as a claim, not a guarantee.