WorseDoughnut 🍩

100% Certified Good Boy

Used to mod Smash Bros Brawl on the Wii (Smash Bros Legacy TE Co-Lead & Stage 3D Modeling)

Now I’m a NYC-based Penetration Tester

Original Account: @WorseDoughnut@kbin.social

  • 0 Posts
  • 70 Comments
Joined 1 year ago
cake
Cake day: July 28th, 2023

help-circle













  • I made a concerted effort one evening to go into my downloads folder on my PC, rename all the nameless garbage filenames, and then actually move and sort them into my pictures/documents/etc folders.

    Was a huge pain in the ass, but it saved me so much effort looking for stuff later on down the line. Also, changing Firefox’s default download setting to prompt me for a name and location every time certainly helped.


  • And yet all websites seem to still exist using only email verification.

    Yes, and unless you haven’t noticed spam comments and fake account are rampant across most popular online services.

    that a server admin and a company shouldn’t be asking for excessive security for recreational uses.

    And yet most people don’t care, and just add their phone number to their Discord account without a second thought; because it’s not excessive, it’s the norm. You can’t even make an account on Instagram without providing your phone number, and in some cases and selfie while holding up a security code on a piece of paper to verify you are human. I’m not saying this slow creep into collecting user date should just be hand-waived away by virtue of it’s widespread adoption, but the matter of fact is that if it was really viewed as such an egregious breach of privacy by the average person, then it wouldn’t have survived since no one would be using the affected services.

    they need to look into other methods of securing their servers

    You seem to be willfully ignoring the fact that phone number verification is the answer to this question. Real people tend to have one phone number, fake phone numbers are easy to create but cost money, emails do not cost money.

    Do you really not see the intrinsic benefit of requiring a phone number as the strictest form of online security for a tragically spam-laden service like Discord?


  • information that’s stored without clear legal specifications of what’s done with it

    First of all, this is just patently false, Discord lays out precisely what they will and won’t do with information you provide to them in their Privacy Policy. That said, I’m not exactly championing giving every website or service you log into your phone number.

    Regardless, you’re still putting the blame in the wrong place. The onus for securing the server is still on the server admins, and they’re doing exactly that by leveraging the security options made available by Discord. Don’t blame the admins for taking necessary steps, blame one-click spam bot SAAS providers for making it a necessary step in the first place. I would even argue blaming Discord is even a step too far, because phone number verification does actually work to limit account creation spam.

    As crippling as it might be to your sense of privacy, phone numbers are still a decent enough way to limit account spam since most spam creators are taking the path of least resistance and not going through the effort to set up a voip / prepaid throwaway phone line for every new account they create.

    They can dial it back one notch and still have spam/bot protections.

    This is a ridiculous claim to make, because of how useless the tier before phone verification is:

    High is the next step security setting you can lockdown your server with. Including requiring a verified email AND being registered on Discord for more than 5 minutes. You must also be present in the server for longer than 10 minutes.

    Those are not legitimate restrictions, please do not pretend like they are.

    You have to balance privacy / security with convenience in the modern age. If you put more weight on your phone number than on your desire to interact with that video game community, then just don’t join the server and claim the moral highground.


  • As someone who had run & managed a Discord server with 10,000+ users, there’s only so many options available to us to try and limit bot spam and throwaway account raids.

    Yes it’s needlessly intrusive to an extent, but you really should try and look at it from their perspective. We didn’t run that setting 24/7, but we were also a pretty niche (albeit relatively popular) server. For a server that exists for a fully advertised steam game, I can kinda understand the urge to lock down the security settings to the maximum.Even some of the best server-ran bots which try and stop / catch suspicious accounts just can’t do the trick sometimes, and the best solution after that is unfortunately the nuclear option.