cross-posted from: https://lemmy.world/post/10799766

(Edit: Cross-posted OP (link above) was mod removed by the Discord forum ‘admin’ on 2024-01-19 as being “False claim, false interpreted”, so the above link will no longer work.)

Recently read this on a Steam game’s reviews section …

User Comment…

The game’s Discord REQUIRES your personal phone number to get access at all. This is a very intrusive, and 100% unnecessary requirement, in order to just be able to interact with others about the game, it’s content, player experiences, and many other things. It’s also intrusive in regards to being able to contribute any input to help other players in any way at all.

Dev Response…

It’s Discord that’s asking you for verification of the account. We’re not getting your phone number. This is standard practice on bigger servers that allows for a better user experience, filtering bots/ spam accounts, trolls, etc.

Could companies please STOP lying about it being Discord’s choice, its not, is the Discord server’s choice to ask for it.

Its a “Verification Levels” setting that the server op sets, and they have multiple options that they can choose from, its not an on/off switch. They can dial it back one notch and still have spam/bot protections.

The only difference between “High” and “Highest” verification levels is the addition of asking for a phone number, all other features of “High” is in “Highest”, and “Highest” has no other extra features besides asking for the phone number.

Makes it really hard to have an pseudonym account on the Internet, for gaming purposes, and then be asked for your real phone number. I don’t need to be tracked 24/7.

  • WorseDoughnut 🍩@lemdro.id
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    3
    ·
    10 months ago

    As someone who had run & managed a Discord server with 10,000+ users, there’s only so many options available to us to try and limit bot spam and throwaway account raids.

    Yes it’s needlessly intrusive to an extent, but you really should try and look at it from their perspective. We didn’t run that setting 24/7, but we were also a pretty niche (albeit relatively popular) server. For a server that exists for a fully advertised steam game, I can kinda understand the urge to lock down the security settings to the maximum.Even some of the best server-ran bots which try and stop / catch suspicious accounts just can’t do the trick sometimes, and the best solution after that is unfortunately the nuclear option.

    • Cosmic Cleric@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      3
      ·
      10 months ago

      Yes it’s needlessly intrusive to an extent, but you really should try and look at it from their perspective.

      As someone who worked in the computer software field his whole career, I sincerely emphasize, I truly do.

      But we’re talking about recreational access to forums to discuss things like a video games with someone else.

      To give up that level of personal information, information that’s stored without clear legal specifications of what’s done with it, that can be hacked and stolen and used for nefarious reasons, is a bridge too far.

      It’s putting the security onus on the user, where server security should be the onus of the server admins.

      • WorseDoughnut 🍩@lemdro.id
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        4
        ·
        10 months ago

        information that’s stored without clear legal specifications of what’s done with it

        First of all, this is just patently false, Discord lays out precisely what they will and won’t do with information you provide to them in their Privacy Policy. That said, I’m not exactly championing giving every website or service you log into your phone number.

        Regardless, you’re still putting the blame in the wrong place. The onus for securing the server is still on the server admins, and they’re doing exactly that by leveraging the security options made available by Discord. Don’t blame the admins for taking necessary steps, blame one-click spam bot SAAS providers for making it a necessary step in the first place. I would even argue blaming Discord is even a step too far, because phone number verification does actually work to limit account creation spam.

        As crippling as it might be to your sense of privacy, phone numbers are still a decent enough way to limit account spam since most spam creators are taking the path of least resistance and not going through the effort to set up a voip / prepaid throwaway phone line for every new account they create.

        They can dial it back one notch and still have spam/bot protections.

        This is a ridiculous claim to make, because of how useless the tier before phone verification is:

        High is the next step security setting you can lockdown your server with. Including requiring a verified email AND being registered on Discord for more than 5 minutes. You must also be present in the server for longer than 10 minutes.

        Those are not legitimate restrictions, please do not pretend like they are.

        You have to balance privacy / security with convenience in the modern age. If you put more weight on your phone number than on your desire to interact with that video game community, then just don’t join the server and claim the moral highground.

        • Cosmic Cleric@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          edit-2
          10 months ago

          First of all, this is just patently false, Discord lays out precisely what they will and won’t do with information you provide to them in their Privacy Policy.

          I’m aware of their privacy policy, but I’m speaking specifically towards what is done with the phone numbers when they’re obtained.

          Are they used just for verification and then discarded, or are they kept?

          Those privacy policies usually contain a clause for using the data for marketing purposes. I want it explicitly stated if I’m being tracked for marketing purposes via that number or not.

        • Cosmic Cleric@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          10 months ago

          Don’t blame the admins for taking necessary steps, blame one-click spam bot SAAS providers for making it a necessary step in the first place.

          The fight is between those two, and not me. I’m just the third party trying to use the service / website.

        • Cosmic Cleric@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          10 months ago

          They can dial it back one notch and still have spam/bot protections.

          This is a ridiculous claim to make, because of how useless the tier before phone verification is:

          And yet all websites seem to still exist using only email verification.

        • Cosmic Cleric@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          5
          ·
          10 months ago

          If you put more weight on your phone number than on your desire to interact with that video game community, then just don’t join the server and claim the moral highground.

          So, blame the victim then?

          You know there’s another moral equivalence, that a server admin and a company shouldn’t be asking for excessive security for recreational uses.

          If email verification is not sufficient then they need to look into other methods of securing their servers, the onus is not on the user base to secure the server.

          • WorseDoughnut 🍩@lemdro.id
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            2
            ·
            10 months ago

            And yet all websites seem to still exist using only email verification.

            Yes, and unless you haven’t noticed spam comments and fake account are rampant across most popular online services.

            that a server admin and a company shouldn’t be asking for excessive security for recreational uses.

            And yet most people don’t care, and just add their phone number to their Discord account without a second thought; because it’s not excessive, it’s the norm. You can’t even make an account on Instagram without providing your phone number, and in some cases and selfie while holding up a security code on a piece of paper to verify you are human. I’m not saying this slow creep into collecting user date should just be hand-waived away by virtue of it’s widespread adoption, but the matter of fact is that if it was really viewed as such an egregious breach of privacy by the average person, then it wouldn’t have survived since no one would be using the affected services.

            they need to look into other methods of securing their servers

            You seem to be willfully ignoring the fact that phone number verification is the answer to this question. Real people tend to have one phone number, fake phone numbers are easy to create but cost money, emails do not cost money.

            Do you really not see the intrinsic benefit of requiring a phone number as the strictest form of online security for a tragically spam-laden service like Discord?

            • Cosmic Cleric@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              4
              ·
              10 months ago

              they need to look into other methods of securing their servers

              You seem to be willfully ignoring the fact that phone number verification is the answer to this question.

              No, it’s definitely an answer for Discord corporate. For the user base, not so much.

              The onus is on Discord corporate and the server admins to deal with the problem, not for the user base to surrender their privacy to solve the problem.

            • Cosmic Cleric@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              3
              ·
              10 months ago

              And yet all websites seem to still exist using only email verification.

              Yes, and unless you haven’t noticed spam comments and fake account are rampant across most popular online services.

              Not agreeing with this, but also, …

              And yet all websites seem to still exist, using only email verification.