this post was submitted on 16 Jan 2024
165 points (87.3% liked)
Technology
59534 readers
3195 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As someone who had run & managed a Discord server with 10,000+ users, there's only so many options available to us to try and limit bot spam and throwaway account raids.
Yes it's needlessly intrusive to an extent, but you really should try and look at it from their perspective. We didn't run that setting 24/7, but we were also a pretty niche (albeit relatively popular) server. For a server that exists for a fully advertised steam game, I can kinda understand the urge to lock down the security settings to the maximum.Even some of the best server-ran bots which try and stop / catch suspicious accounts just can't do the trick sometimes, and the best solution after that is unfortunately the nuclear option.
As someone who worked in the computer software field his whole career, I sincerely emphasize, I truly do.
But we're talking about recreational access to forums to discuss things like a video games with someone else.
To give up that level of personal information, information that's stored without clear legal specifications of what's done with it, that can be hacked and stolen and used for nefarious reasons, is a bridge too far.
It's putting the security onus on the user, where server security should be the onus of the server admins.
First of all, this is just patently false, Discord lays out precisely what they will and won't do with information you provide to them in their Privacy Policy. That said, I'm not exactly championing giving every website or service you log into your phone number.
Regardless, you're still putting the blame in the wrong place. The onus for securing the server is still on the server admins, and they're doing exactly that by leveraging the security options made available by Discord. Don't blame the admins for taking necessary steps, blame one-click spam bot SAAS providers for making it a necessary step in the first place. I would even argue blaming Discord is even a step too far, because phone number verification does actually work to limit account creation spam.
As crippling as it might be to your sense of privacy, phone numbers are still a decent enough way to limit account spam since most spam creators are taking the path of least resistance and not going through the effort to set up a voip / prepaid throwaway phone line for every new account they create.
This is a ridiculous claim to make, because of how useless the tier before phone verification is:
Those are not legitimate restrictions, please do not pretend like they are.
You have to balance privacy / security with convenience in the modern age. If you put more weight on your phone number than on your desire to interact with that video game community, then just don't join the server and claim the moral highground.
I'm aware of their privacy policy, but I'm speaking specifically towards what is done with the phone numbers when they're obtained.
Are they used just for verification and then discarded, or are they kept?
Those privacy policies usually contain a clause for using the data for marketing purposes. I want it explicitly stated if I'm being tracked for marketing purposes via that number or not.
The fight is between those two, and not me. I'm just the third party trying to use the service / website.
And yet all websites seem to still exist using only email verification.
So, blame the victim then?
You know there's another moral equivalence, that a server admin and a company shouldn't be asking for excessive security for recreational uses.
If email verification is not sufficient then they need to look into other methods of securing their servers, the onus is not on the user base to secure the server.
Yes, and unless you haven't noticed spam comments and fake account are rampant across most popular online services.
And yet most people don't care, and just add their phone number to their Discord account without a second thought; because it's not excessive, it's the norm. You can't even make an account on Instagram without providing your phone number, and in some cases and selfie while holding up a security code on a piece of paper to verify you are human. I'm not saying this slow creep into collecting user date should just be hand-waived away by virtue of it's widespread adoption, but the matter of fact is that if it was really viewed as such an egregious breach of privacy by the average person, then it wouldn't have survived since no one would be using the affected services.
You seem to be willfully ignoring the fact that phone number verification is the answer to this question. Real people tend to have one phone number, fake phone numbers are easy to create but cost money, emails do not cost money.
Do you really not see the intrinsic benefit of requiring a phone number as the strictest form of online security for a tragically spam-laden service like Discord?
No, it's definitely an answer for Discord corporate. For the user base, not so much.
The onus is on Discord corporate and the server admins to deal with the problem, not for the user base to surrender their privacy to solve the problem.
Not agreeing with this, but also, ...
And yet all websites seem to still exist, using only email verification.