![]() I know this reply won't satisfy everyone, but hopefully, being truthful and upfront about this will help! , and allow you to request an export of all the data we have stored on your account. We're pretty up front about how we make money (freemium model:, in-app commerce: ). ![]() When you verify your phone number, we ONLY use it for the purpose of anti-spam, and it is never shared with anyone (aside from twilio, which sends you the SMS), especially for the purpose of financial gain. Īs for privacy, we've stated that we don't sell your data. And finally, we try to open source software we make which may be useful to the eco-system in general. Additionally, we host many open source communities on our platform. Using TOR is not a crime, you are right - but - it's also our responsibility to our users to make it reasonably hard for their accounts to get compromised on our platform (even if they don't employ the best security practices - and reuse their passwords across the internet.)įinally, I'd like to address: "Discord has shown to be hostile toward FOSS and privacy for a while now" and understand why that is.Īs a company, we have tried to give back to open source software (either by financial sponsorship, or by contributing our bugfixes/changes upstream.) We also attribute all open source projects we use in our software here. So, the "captchas" you notice are not really specific to your account, but rather, the origin of the login. In order to avoid information disclosure, we always captcha logins from these kinds of IPs, regardless of whether or not an account exists with the e-mail in question, whether the login credentials are correct, or there is 2fa enabled on the account. A lot of these brute-force attempts come from TOR, and other public proxies. Malicious actors constantly attempt to brute-force logins on our system - generally from public password dumps or other leaks. Using Tor is not a crime don't treat it as such. I don't have to solve a Google reCAPTCHA for an account I have taken every step to protect against bruteforcing. It'd be trivial to hook that up to the registration flow to enable 2fa - and if that was a way to 'bypass' our anti-spam measures, it'd surely be exploited. can be used to both generate and validate 2fa codes. It is very trivial to automate setting up 2fa on an account. Having 2fa is not a strong signal as to whether or not an account is legitimate. my account (and other accounts in good standing and with proper 2FA) is exempt from such checks ![]() You are using TOR, a source of a great amount of spam/attempted spam on our network. I'm not entirely sure what this means, nor what actionable steps I can take. The system is definitely not perfect - and unfortunately in OP's case, it flagged the account for phone verification. As such, if you are using TOR, it is definitely more likely that you may get challenged either via captcha, or phone verification. One such source is TOR exit nodes - and as such, our system considers content created (DMs opened, etc.) from people using TOR exit nodes with more stringency than other sources. Additionally, we look at where spam is originating from as an input to our heuristic. As such, we use a blend of signals, heuristics and machine learning algorithms to determine whether someone is spamming on our platform. Some are very obvious in terms of a detection perspective, and some are not. The spam attacks against our platform vary in terms of how elaborate and skilled they are. Our anti-spam systems continue to evolve - just as the spammers who target our platform continue to evolve. We've disabled, and/or challenged millions of accounts for trying to use our platform for unsolicited spam (trying to advertise their service, sex bots, crypto spam, etc.). If we're doing a bad job, you might get some spam, or your account may be blocked for false positives.ĭiscord gets a lot of spam. ![]() If my team is doing a good job, you won't notice us. I work at Discord - and actually, this system is a thing I work on - and code my team wrote caused your account to be locked. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |