top | item 32475188

(no title)

zorkian | 3 years ago

(I work at Discord and manage our Infrastructure, Security, and Safety engineering organizations.)

We currently don't intentionally block or disable third party clients or action the accounts of people who use them.

We do monitor the traffic of spammers and we build heuristics around how to identify them -- and sometimes third party clients get caught up in that. Cold comfort, I know, but it's not us trying to block/come after well-behaved third party clients.

Anyway, to OP, good luck with discordo! For one of our internal hack weeks a few years ago I tried to build an RFC1459 compliant Discord gateway... it was a fun POC, but definitely lots of rough edges because the paradigms don't exactly match up. :)

discuss

game-of-throws|3 years ago

Is it possible those heuristics could accidentally trigger for browsers other than Chrome? I had an old account where I normally used the android app, then one day I logged in with Firefox on desktop (with adblocker) and my account was banned about a minute later.

At a business level, can you share why the ToS forbids third party clients at all? We all know that "trusting the client" is not a viable security plan, so why does it matter what client people use?

koolba|3 years ago

> At a business level, can you share why the ToS forbids third party clients at all? We all know that "trusting the client" is not a viable security plan, so why does it matter what client people use?

Because if something breaks for a user and they complain, the company cannot diagnose it or fix it. Simply dealing with the complaints would be an extra cost on the company.

And when they decide to change part of the API, you have an unknown number of users that would be broken.

Operyl|3 years ago

Eh, this reads weird to me. So third party clients are "ignored," but things like Better Discord which modify the first party client are explicitly not kosher? I'd love for better clarification around this at some point honestly.

BoorishBears|3 years ago

Clearly Discord as a corporation is not ok with third party clients or modifications to the client.

But the engineers who would be in charge of enforcing those rules do not spend time explicitly seeking out third party clients or modifications. They instead look for "non-standard behavior", which may incidentally catch either.

PS: This is why you don't speak about your employer's business unless asked to by your employer.

unknown|3 years ago

[deleted]

ducktective|3 years ago

disclaimer : I'm not involved in the project in any way. I just posted for publicity.