Comment

Comment on Discord Servers asking for Phone Numbers and 'Verification Levels'

worsedoughnut@lemdro.id ⁨11⁩ ⁨months⁩ ago

information that’s stored without clear legal specifications of what’s done with it

First of all, this is just patently false, Discord lays out precisely what they will and won’t do with information you provide to them in their Privacy Policy. That said, I’m not exactly championing giving every website or service you log into your phone number.

Regardless, you’re still putting the blame in the wrong place. The onus for securing the server is still on the server admins, and they’re doing exactly that by leveraging the security options made available by Discord. Don’t blame the admins for taking necessary steps, blame one-click spam bot SAAS providers for making it a necessary step in the first place. I would even argue blaming Discord is even a step too far, because phone number verification does actually work to limit account creation spam.

As crippling as it might be to your sense of privacy, phone numbers are still a decent enough way to limit account spam since most spam creators are taking the path of least resistance and not going through the effort to set up a voip / prepaid throwaway phone line for every new account they create.

They can dial it back one notch and still have spam/bot protections.

This is a ridiculous claim to make, because of how useless the tier before phone verification is:

High is the next step security setting you can lockdown your server with. Including requiring a verified email AND being registered on Discord for more than 5 minutes. You must also be present in the server for longer than 10 minutes.

Those are not legitimate restrictions, please do not pretend like they are.

You have to balance privacy / security with convenience in the modern age. If you put more weight on your phone number than on your desire to interact with that video game community, then just don’t join the server and claim the moral highground.

source

Sort:hotnew top

CosmicCleric@lemmy.world ⁨11⁩ ⁨months⁩ ago

First of all, this is just patently false, Discord lays out precisely what they will and won’t do with information you provide to them in their Privacy Policy.

I’m aware of their privacy policy, but I’m speaking specifically towards what is done with the phone numbers when they’re obtained.

Are they used just for verification and then discarded, or are they kept?

Those privacy policies usually contain a clause for using the data for marketing purposes. I want it explicitly stated if I’m being tracked for marketing purposes via that number or not.

source
CosmicCleric@lemmy.world ⁨11⁩ ⁨months⁩ ago

If you put more weight on your phone number than on your desire to interact with that video game community, then just don’t join the server and claim the moral highground.

So, blame the victim then?

You know there’s another moral equivalence, that a server admin and a company shouldn’t be asking for excessive security for recreational uses.

If email verification is not sufficient then they need to look into other methods of securing their servers, the onus is not on the user base to secure the server.

source
- worsedoughnut@lemdro.id ⁨11⁩ ⁨months⁩ ago
  
  And yet all websites seem to still exist using only email verification.
  
  Yes, and unless you haven’t noticed spam comments and fake account are rampant across most popular online services.
  
  that a server admin and a company shouldn’t be asking for excessive security for recreational uses.
  
  And yet most people don’t care, and just add their phone number to their Discord account without a second thought; because it’s not excessive, it’s the norm. You can’t even make an account on Instagram without providing your phone number, and in some cases and selfie while holding up a security code on a piece of paper to verify you are human. I’m not saying this slow creep into collecting user date should just be hand-waived away by virtue of it’s widespread adoption, but the matter of fact is that if it was really viewed as such an egregious breach of privacy by the average person, then it wouldn’t have survived since no one would be using the affected services.
  
  they need to look into other methods of securing their servers
  
  You seem to be willfully ignoring the fact that phone number verification is the answer to this question. Real people tend to have one phone number, fake phone numbers are easy to create but cost money, emails do not cost money.
  
  Do you really not see the intrinsic benefit of requiring a phone number as the strictest form of online security for a tragically spam-laden service like Discord?
  
  source
  - CosmicCleric@lemmy.world ⁨11⁩ ⁨months⁩ ago
    
    they need to look into other methods of securing their servers
    
    You seem to be willfully ignoring the fact that phone number verification is the answer to this question.
    
    No, it’s definitely an answer for Discord corporate. For the user base, not so much.
    
    The onus is on Discord corporate and the server admins to deal with the problem, not for the user base to surrender their privacy to solve the problem.
    
    source
  - CosmicCleric@lemmy.world ⁨11⁩ ⁨months⁩ ago
    
    And yet all websites seem to still exist using only email verification.
    
    Yes, and unless you haven’t noticed spam comments and fake account are rampant across most popular online services.
    
    Not agreeing with this, but also, …
    
    And yet all websites seem to still exist, using only email verification.
    
    source
CosmicCleric@lemmy.world ⁨11⁩ ⁨months⁩ ago

They can dial it back one notch and still have spam/bot protections.

This is a ridiculous claim to make, because of how useless the tier before phone verification is:

And yet all websites seem to still exist using only email verification.

source
CosmicCleric@lemmy.world ⁨11⁩ ⁨months⁩ ago

Don’t blame the admins for taking necessary steps, blame one-click spam bot SAAS providers for making it a necessary step in the first place.

The fight is between those two, and not me. I’m just the third party trying to use the service / website.

source