deleted
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
I came across this issue on my own discord server, the system kinda encourages you towards those higher security levels without really being especially clear about what it will do to the user experience.
One thing I would clear up though:
I think both sides in the OP are correct here.
Yes, the server admin sets the security level that triggers those requirements.
But it's also true that the server/admins do not get your phone number, that private information is only kept within discord's verification system. It is not sent to the server admins.
Discord has 5 levels of user verification.
None.(none)
Verified email. (Low)
Verified email + more than 5 minutes old account. (Medium)
Verified email + >5 mins old account + member of server for more than 10 mins. (High)
Verified email + >5 mins old account + server member >10 mins + verified phone number. (Highest)
Server admins can set the level. Some server sizes or types (community severs etc.) have a discord-mandated minimum level to qualify for the server type.
Normally (Medium) or (High) security is more than enough. Servers that experience raiding or high levels of trolling are recommended to choose (Very High) security as it makes it harder to make multiple accounts and evade bans or brigade a server.
Discord store the number. The server never sees those details.
Servers that ask for ID to ensure you are over age, are doing that in their own, and probably illegally handling that data, without adequate security.
The server sets the security level. Discord does the enforcing. It IS discord asking for the phone number. But only because the server asked Discord to. But the server definately doesn't see your phone number.
I run a game community server, and normally have security set at medium.
If raided, it goes to High.
If persistently trolled by a user or users that are ban evading (has happened only once), I turn it to highest for a bit.
But I turn it back down after a bit.
A bigger server might not get that luxury.
If a server has stupid high security settings, chances are they have active troublemakers.
What does the "5 minute" rule even do? Any bot can be programmed to wait that long, or have a few accounts lined up to use in sequence.
Discord has 5 levels of user verification.
Just wanted to add that my OP has a link to the Discord page that breaks down each of the verification levels, if you want to read more about it.
it sucks, and it is absolutely necessary for some communities. i work for a small game company and we have one or two people that have gone to extreme lengths to contribute hate and saltiness to everyone there. im talking dozens of alt accounts made over the course of years. discord provides the tools for these verification paths. its a choice on behalf of the discord managers to enforce the different levels of verification, but it is absolutely discord that stores and verifies that data. we've tried other methods before, like alt identifier bots, and ive been in communities that do personal ID verification, and neither of those are trustworthy. discord is doing their best, and the kinds of people that complain about these things either are ignorant of the challenges such communities face, or are themselves the problem.
As Discord is still unable to provide a GDPR compliant process for the phone number thing (and let's not even start about personal ID), if I were a small game dev I would rather not make myself liable the way one does when using this - it's simply fucking expensive.
But it's not the game dev that handles the information, so the game studio wouldn't be at fault. The game dev never gets that info so isn't storing anything. Discord would be liable for any GDPR infractions.
Nope, doesn't work that way. The game dev is offering a networked service (community,support,etc.)in his name/trademark/brand and therefore is therefore liable for the data protection, it doesn't matter at all if the dev is the data holder or not - that's up to the dev to manage contractually with discord.
The concept of "not holding the data, not liable for the data" has been turned down by various high court rulings by now - Amazon and Microsoft amongst others have tried it and lost.
discord is doing their best, and the kinds of people that complain about these things either are ignorant of the challenges such communities face, or are themselves the problem
Did you really have to end a decent comment on a personal attack?
Have you not considered that people just want to keep their anonymity for other reasons?
That asking for such a personal piece of information, that has ramifications if it gets out in the wild, for such a minor thing like a discussion of a video game website, wouldn't want to give their phone number? (Lots of server hacks these days on the news where people's personal information gets out on the dark web, etc.)
I can't prove a negative, that I'm not something, but for what it's worth, I'm not the kind of person you described. I'm a retired computer programmer who is a decent human being.
Hopefully, Matrix [Element & al ] and Revolt will catch up to discord
I'd like to see what they say if you tell them you don't have a phone number.
Probably "get one". Or "use a friend's".
The times I have run into this verification stuff, it's for servers that want to be for adults only. And so would much rather just give Discord my phone number than a copy of my ID to the server owner, like most of them want to verify I am over 18.
It's not hard to get a toss away phone number you can use for these things or for 2FA stuff. Like a throwaway email.
How does one go about doing that? Because Google Voice doesn't seem to cut it.
I could stop trying to use Discord and drive to Best Buy and buy a cell phone and pay for a month of service. Then I could add the number to the account. Then if I stop paying for the monthly service, there's a good chance that Discord or whoever won't believe I'm me at some future login and will demand I give them a code they sent to the phone number on file.
I just searched for it and got into some shady free service that didn't even need an account, the only caveat is that you are sharing that temporary phone number with several people, and it will probably stop existing in some days, just enough to create an account.
Which means when they ask to verify your number again in 6 months, or after a computer upgrade, you are SOL without that specific phone number.
I mean, I sort of get why the developers say it's Discord's policy even if it's a bit misleading.
Game developers don't really want to moderate their own discord server and simply want to use the strictest automated filtering system available and this just happens to include phone number linking. The operators of the servers themselves do not have access to these phone numbers and they are only stored by discord directly to prevent spam.
I would personally prefer games to not have their communities tied to discord, akin to how forums were big deal for games back in the day, but even then they do need some kind of automated way to filter out all the crap. This is a problem with moderating any community, including a lemmy/kbin/mastodon, and I don't blame them for simply picking the strictest option to ease the burden on the 1 or 2 people who are charged with managing these servers (especially if they are unpaid or volunteers, which is a whole other can of worms that shouldn't happen...)
I mean, I sort of get why the developers say it’s Discord’s policy even if it’s a bit misleading.
“It’s Discord that’s asking you for verification”
The language on that is very plain, and a lie, as it is the server admins, and not the Discord corporation, who are asking for it, by having the ‘Highest’ verification level setting, vs. just the ‘High’ setting.
Game developers don’t really want to moderate their own discord server and simply want to use the strictest automated filtering system available and this just happens to include phone number linking.
The only difference between the 'High' and 'Highest' verification level setting is the asking of the phone number. All other verification features (email validation/verification, time on the server before approval, etc.) are the same.
The operators of the servers themselves do not have access to these phone numbers and they are only stored by discord directly to prevent spam.
How exactly does that prevent spam, vs just using other existing established verification methods like email validation? If the only goal is preventing spam, its overkill, and other web sites who also have to contend with spam don't use it.
Finally, I'd feel allot better about it if a trusted third party verified that its not used for marketing reasons, and that we all just didn't take Discord's word for it. I don't know this as fact, but I can't help thinking that we are being lied to, and that the number is used to link our Internet pseudomnames to real-life persons (via agregate gathering/purchasing of data via third-party brokers).
Having said all that, my post wasn't about what is done with the number (that's a whole other topic), just the fallacy of stating who is requesting the number (Discord vs server admins).
How exactly does that prevent spam, vs just using other existing established verification methods like email validation? If the only goal is preventing spam, its overkill, and other web sites who also have to contend with spam don’t use it.
It's trivial to create new accounts and emails to verify those accounts. It is not trivial to get a new phone number since virtual numbers are blocked by the verification process.
It’s trivial to create new accounts and emails to verify those accounts.
Is it really that trivial, especially while having to spend your own money to do so?
And can't that be detected in the same way that virtual phone numbers are detected by Discord currently?
You get your ISPs email address, and you could have your Google address, what else?
Granted, a phone number is better than email for verification, but plenty of websites work off email verification today successfully.
You get your ISPs email address, and you could have your Google address, what else?
I host my own email. I have literally billions of email addresses available if I want them and getting billions more only costs however much I can get a new domain registration for, which isn't often more than $10. I already own a dozen domains or more and I can have any username I want at any of those domains for any email at no additional cost.
Now I'm not some dickhead harassing people online or spamming discord servers, but I will admit that Wendy's once had a deal where you could get a free frosty for creating a new account and I had free frosty coupons for weeks before they realized that email only verification for unique users was a losing proposition and they switched to requiring that new accounts attach a phone number.
Email verification only works if you've got nothing to lose. As soon as there's anything on the line, you'd better look for something more concrete like a phone number, a credit card, or a government ID. Personally I'm more comfortable with Discord having one of those pieces of info before the other two, but that's just me, you do you.
FYI, the cross-posted OP (link above) was mod removed by the Discord forum ‘admin’ on 2024-01-19 as being “False claim, false interpreted”, so the above link in the OP will no longer work.
As someone who had run & managed a Discord server with 10,000+ users, there's only so many options available to us to try and limit bot spam and throwaway account raids.
Yes it's needlessly intrusive to an extent, but you really should try and look at it from their perspective. We didn't run that setting 24/7, but we were also a pretty niche (albeit relatively popular) server. For a server that exists for a fully advertised steam game, I can kinda understand the urge to lock down the security settings to the maximum.Even some of the best server-ran bots which try and stop / catch suspicious accounts just can't do the trick sometimes, and the best solution after that is unfortunately the nuclear option.
Yes it’s needlessly intrusive to an extent, but you really should try and look at it from their perspective.
As someone who worked in the computer software field his whole career, I sincerely emphasize, I truly do.
But we're talking about recreational access to forums to discuss things like a video games with someone else.
To give up that level of personal information, information that's stored without clear legal specifications of what's done with it, that can be hacked and stolen and used for nefarious reasons, is a bridge too far.
It's putting the security onus on the user, where server security should be the onus of the server admins.