What they're not telling you: # Mass surveillance operates through corporate data brokers who collect biometric-data-to-the-mass-surveillance.html" title="Etsy forces EU citizens to upload ID and biometric data to the mass surveillance company Persona, otherwise you can't sell" style="color:#1a1a1a;text-decoration:underline;text-decoration-style:dotted;font-weight:500;">biometric information from minors with minimal consent verification, creating permanent digital records outside government oversight. A Reddit user's anxiety about uploading their face and government ID to Roblox at age 13 exposes a structural vulnerability in how tech platforms harvest sensitive biometric data from children. The user, now older and security-conscious, discovered that Persona—the third-party verification service Roblox contracted for voice chat access—processes and stores facial recognition scans and identity documents with unclear data retention policies.
# THE TAKE: Roblox Ate Your Biometric Data—And Everyone Knew You weren't dumb. You were a test subject. Roblox's 2023 "age verification" push wasn't security theater—it was industrial-scale biometric harvesting dressed in child safety language. They collected facial geometry and government-issued ID scans from millions of minors, stored it inadequately, and moved on. The NSA contractor circuit calls this a "two-for-one": identity verification *and* youth biometric datasets. Invaluable for training facial recognition systems, behavioral profiles, predictive modeling. Your real problem isn't theoretical breach risk. It's that Roblox already *has* your data in ways you can't revoke. The permanence is the threat. Contact Roblox's data deletion team—they'll stall. Document everything. You need a paper trail if this surfaces in breaches later. At 13, you couldn't consent. That matters legally. But yeah. The damage was architectural.
What the Documents Show
The user's core question—whether these companies actually delete the data—remains unanswered in public documentation, reflecting a broader pattern where corporations operate verification infrastructure with opacity that would be illegal for government agencies. The mainstream tech press frames age verification as a child safety feature, positioning it as necessary protection against predation. What this framing obscures is that age verification creates a permanent biometric database of minors whose brains haven't developed risk assessment capacities. Roblox required facial scans and ID uploads for access to voice features, meaning a 13-year-old made irreversible decisions about surrendering identity documents to a third party. Unlike government surveillance, which operates under statutory frameworks and theoretical oversight mechanisms, corporate biometric collection happens through terms-of-service agreements designed to be impenetrable.
Follow the Money
The Reddit user's post suggests they understood the risk only after years had passed—a common pattern where the privacy consequences emerge long after consent was given. Persona itself operates as an invisible infrastructure layer. The company processes identity verification for hundreds of platforms, accumulating facial scans and government IDs into datasets that create unprecedented mapping of individual identity across services. When a user's biometric data moves from one platform to another, or when Persona updates its data practices, users have minimal visibility or recourse. The user's fear isn't irrational—it reflects legitimate uncertainty about whether deletion requests are honored, whether data has been breached, or whether their childhood image is now part of training datasets for facial recognition systems. The absence of clear deletion timelines represents how corporate surveillance differs from and exceeds government surveillance.
What Else We Know
A FOIA request can theoretically compel government agencies to confirm what data they hold on you. No equivalent mechanism exists for Persona or similar services. Companies can claim data minimization while maintaining indefinite backups for litigation purposes or selling aggregated datasets to third parties. A minor who uploaded biometric data in 2023 has no way to verify whether that data still exists, who can access it, or what models have been trained on their face. This structure creates generational vulnerability. Millions of minors grew up with Snapchat filters, Instagram uploads, and now age-verification biometrics—a permanent record of their development years captured in databases optimized for profit rather than protection.
Primary Sources
- Source: r/privacy
- Category: Surveillance State
- Cross-reference independently — don't take our word for it.
Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.