cross-posted from: https://lemmy.world/post/10799766

(Edit: Cross-posted OP (link above) was mod removed by the Discord forum ‘admin’ on 2024-01-19 as being “False claim, false interpreted”, so the above link will no longer work.)

Recently read this on a Steam game’s reviews section …

User Comment…

The game’s Discord REQUIRES your personal phone number to get access at all. This is a very intrusive, and 100% unnecessary requirement, in order to just be able to interact with others about the game, it’s content, player experiences, and many other things. It’s also intrusive in regards to being able to contribute any input to help other players in any way at all.

Dev Response…

It’s Discord that’s asking you for verification of the account. We’re not getting your phone number. This is standard practice on bigger servers that allows for a better user experience, filtering bots/ spam accounts, trolls, etc.

Could companies please STOP lying about it being Discord’s choice, its not, is the Discord server’s choice to ask for it.

Its a “Verification Levels” setting that the server op sets, and they have multiple options that they can choose from, its not an on/off switch. They can dial it back one notch and still have spam/bot protections.

The only difference between “High” and “Highest” verification levels is the addition of asking for a phone number, all other features of “High” is in “Highest”, and “Highest” has no other extra features besides asking for the phone number.

Makes it really hard to have an pseudonym account on the Internet, for gaming purposes, and then be asked for your real phone number. I don’t need to be tracked 24/7.

  • 𝕽𝖔𝖔𝖙𝖎𝖊𝖘𝖙@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    10 months ago

    I came across this issue on my own discord server, the system kinda encourages you towards those higher security levels without really being especially clear about what it will do to the user experience.

    One thing I would clear up though:

    I think both sides in the OP are correct here.

    Yes, the server admin sets the security level that triggers those requirements.

    But it’s also true that the server/admins do not get your phone number, that private information is only kept within discord’s verification system. It is not sent to the server admins.

  • Cora! :D@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    it sucks, and it is absolutely necessary for some communities. i work for a small game company and we have one or two people that have gone to extreme lengths to contribute hate and saltiness to everyone there. im talking dozens of alt accounts made over the course of years. discord provides the tools for these verification paths. its a choice on behalf of the discord managers to enforce the different levels of verification, but it is absolutely discord that stores and verifies that data. we’ve tried other methods before, like alt identifier bots, and ive been in communities that do personal ID verification, and neither of those are trustworthy. discord is doing their best, and the kinds of people that complain about these things either are ignorant of the challenges such communities face, or are themselves the problem.

    • philpo@feddit.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      As Discord is still unable to provide a GDPR compliant process for the phone number thing (and let’s not even start about personal ID), if I were a small game dev I would rather not make myself liable the way one does when using this - it’s simply fucking expensive.

      • thoughts3rased@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        But it’s not the game dev that handles the information, so the game studio wouldn’t be at fault. The game dev never gets that info so isn’t storing anything. Discord would be liable for any GDPR infractions.

        • philpo@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          Nope, doesn’t work that way. The game dev is offering a networked service (community,support,etc.)in his name/trademark/brand and therefore is therefore liable for the data protection, it doesn’t matter at all if the dev is the data holder or not - that’s up to the dev to manage contractually with discord.

          The concept of “not holding the data, not liable for the data” has been turned down by various high court rulings by now - Amazon and Microsoft amongst others have tried it and lost.

          • thoughts3rased@sopuli.xyz
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 months ago

            Except that’s not how it’s working here. The only “contract” is the EULA that the developer agrees to when creating their discord account.

            The developer doesn’t collect or store the data, nor have they entered an agreement with discord for them specifically to collect this data. The game developer does not sell access to the discord server (a violation of the EULA). All they have done is use a feature on Discord, available to every user and bound to the terms of both the EULA and Discord’s privacy policy.

            If what you said was true, then any individual that enables the highest level of protection on any server of any size would end up being liable. This simply is not true. It would also mean that the lowest setting would also leave them liable as an email is stored, which is also not true.

            It would also be incredibly hard to determine exactly what they’re liable for. Is it all the users who have Discord? All the members in their server? What if a user is in multiple servers with phone/email verification turned on?

            Discord collects this information as part of their service for their verification purposes, including 2FA. The implication for the developer is nothing more than a flag on an account.

            The difference between the developer and Microsoft/Amazon is that those two companies, while yes they don’t store it on their own servers, collect the data for use in their services for their profit for services they sell, run ads on, or collect more data to sell on. The game developer does not run discord, they do not sell discord, they have little agency over that server in discord, and is a service that discord provides. The game developer could pull out at any point and the service would still exist because it is not theirs.

            TL;DR - The developer is not liable in the same way that X users aren’t liable for people who verify their phone number following them. It’s not their service, and the Discord EULA and Privacy Policy apply.

            • planish@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              0
              ·
              10 months ago

              But if the developer makes a Discord “server” for their game community, they are telling Discord to set up a service. If the developer encourages people to join it and retains moderation rights, they’re taking that service they ordered from Discord and providing it to other people. If the developer failed to get some legally required in their jurisdiction contractual terms from Discord about what Discord can and can’t do with data on the people who use the service, the developer could get in trouble when they provide that service to people without the service following local laws.

              • sirfancy@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                edit-2
                10 months ago

                I’m sorry, but it’s probably in your best interest to do some research and actually read the discord Terms of Service and Privacy Policy before arguing about something you lack knowledge in. Creators of a Discord server are not responsible for members’ data that they send to Discord. That relationship is between Discord and the Member, not the creator of a server. Any “contractual agreement” you are talking about is covered when you click “I agree” when creating an account, the devs’ accounts included.

                This is a ridiculous argument that has a correct answer that Discord themselves will tell you.

                Source: CASP+ Certified

                • planish@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  10 months ago

                  Does the server operator avoid any responsibility for data protection by just having the actual physical copies of all the data they do have access to (user names, post contents, etc.) physically live over at Discord? If the company president’s PC is hacked and someone steals copies of all the personal information in support chats that were conducted over Discord, or the contents of private channels where people posted their home addresses for Secret Santa, or whatever, can the company get out of having any sort of data breach disclosure obligations because the data was really Discord’s data?

              • thoughts3rased@sopuli.xyz
                link
                fedilink
                English
                arrow-up
                0
                arrow-down
                1
                ·
                edit-2
                10 months ago

                In that case, is a YouTuber liable for the GDPR failings of Google? Of course they aren’t. It’s the same here.

                Is McDonald’s liable for the GDPR failings of X? They have an account with their name and brand on it. They even pay X for a golden checkmark.

                Is Taylor Swift or UGM liable for the GDPR failings of Spotify?

                Are individual eBay sellers liable for the GDPR failings of eBay.

                I could go on, but you don’t quite seem to realise what the implications of what you’re saying are if they are true. You’re basically making every user liable for any GDPR on any service that collects any data. This isn’t the case, or businesses wouldn’t use these services.

                • planish@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  10 months ago

                  As long as what is going on here is basically comparable to what is going on when a company uses a third-party service as a peer to individuals, then yes, the company probably isn’t somehow responsible for what the service is doing. Government Twitter pages have been found to legally constitute public forums, but that was in the context of restricting the government from blocking people. The person whose page it is still don’t really run the place and probably isn’t responsible for the actions of the platform.

                  But if a company hires another company to build and operate a communication platform for it (more of a Mailchimp or Invision Community situation), then you probably have a data controller-data processor style relationship.

                  So, is Discord more like Spotify or is it more like Mailchimp?

    • chalupapocalypse@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      Or you could just ban people when they get out of line like we’ve done since the dawn of time, dont act like modding a discord is a high level job

      • Icalasari@kbin.social
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        10 months ago

        You did read how these trolls have alts built up over years, right? These aren’t normal trolls OP is dealing with

  • MoogleMaestro@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    I mean, I sort of get why the developers say it’s Discord’s policy even if it’s a bit misleading.

    Game developers don’t really want to moderate their own discord server and simply want to use the strictest automated filtering system available and this just happens to include phone number linking. The operators of the servers themselves do not have access to these phone numbers and they are only stored by discord directly to prevent spam.

    I would personally prefer games to not have their communities tied to discord, akin to how forums were big deal for games back in the day, but even then they do need some kind of automated way to filter out all the crap. This is a problem with moderating any community, including a lemmy/kbin/mastodon, and I don’t blame them for simply picking the strictest option to ease the burden on the 1 or 2 people who are charged with managing these servers (especially if they are unpaid or volunteers, which is a whole other can of worms that shouldn’t happen…)

    • Cosmic Cleric@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      I mean, I sort of get why the developers say it’s Discord’s policy even if it’s a bit misleading.

      It’s Discord that’s asking you for verification

      The language on that is very plain, and a lie, as it is the server admins, and not the Discord corporation, who are asking for it, by having the ‘Highest’ verification level setting, vs. just the ‘High’ setting.

      Game developers don’t really want to moderate their own discord server and simply want to use the strictest automated filtering system available and this just happens to include phone number linking.

      The only difference between the ‘High’ and ‘Highest’ verification level setting is the asking of the phone number. All other verification features (email validation/verification, time on the server before approval, etc.) are the same.

      The operators of the servers themselves do not have access to these phone numbers and they are only stored by discord directly to prevent spam.

      How exactly does that prevent spam, vs just using other existing established verification methods like email validation? If the only goal is preventing spam, its overkill, and other web sites who also have to contend with spam don’t use it.

      Finally, I’d feel allot better about it if a trusted third party verified that its not used for marketing reasons, and that we all just didn’t take Discord’s word for it. I don’t know this as fact, but I can’t help thinking that we are being lied to, and that the number is used to link our Internet pseudomnames to real-life persons (via agregate gathering/purchasing of data via third-party brokers).

      Having said all that, my post wasn’t about what is done with the number (that’s a whole other topic), just the fallacy of stating who is requesting the number (Discord vs server admins).

      • boothin@kbin.social
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        How exactly does that prevent spam, vs just using other existing established verification methods like email validation? If the only goal is preventing spam, its overkill, and other web sites who also have to contend with spam don’t use it.

        It’s trivial to create new accounts and emails to verify those accounts. It is not trivial to get a new phone number since virtual numbers are blocked by the verification process.

        • Cosmic Cleric@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          It’s trivial to create new accounts and emails to verify those accounts.

          Is it really that trivial, especially while having to spend your own money to do so?

          And can’t that be detected in the same way that virtual phone numbers are detected by Discord currently?

          You get your ISPs email address, and you could have your Google address, what else?

          Granted, a phone number is better than email for verification, but plenty of websites work off email verification today successfully.

          • DarthYoshiBoy@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            10 months ago

            You get your ISPs email address, and you could have your Google address, what else?

            I host my own email. I have literally billions of email addresses available if I want them and getting billions more only costs however much I can get a new domain registration for, which isn’t often more than $10. I already own a dozen domains or more and I can have any username I want at any of those domains for any email at no additional cost.

            Now I’m not some dickhead harassing people online or spamming discord servers, but I will admit that Wendy’s once had a deal where you could get a free frosty for creating a new account and I had free frosty coupons for weeks before they realized that email only verification for unique users was a losing proposition and they switched to requiring that new accounts attach a phone number.

            Email verification only works if you’ve got nothing to lose. As soon as there’s anything on the line, you’d better look for something more concrete like a phone number, a credit card, or a government ID. Personally I’m more comfortable with Discord having one of those pieces of info before the other two, but that’s just me, you do you.

    • Cosmic Cleric@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      10 months ago

      Use a google voice number or give it bunk data.

      Google voice numbers do not work. Giving bunk data requires a text back, so can’t give a false number.

      • EngineerGaming@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Even putting whether it works aside, how do you register a Google Voice account without giving Google your number?

        • Cosmic Cleric@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          Worked for me?

          There’s plenty of posts/articles on the Internet that would say otherwise. My own personal experience says so as well, as I had already tried what you suggested previously. /shrug

  • 🇰 🌀 🇱 🇦 🇳 🇦 🇰 ℹ️@yiffit.net
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    10 months ago

    The times I have run into this verification stuff, it’s for servers that want to be for adults only. And so would much rather just give Discord my phone number than a copy of my ID to the server owner, like most of them want to verify I am over 18.

    It’s not hard to get a toss away phone number you can use for these things or for 2FA stuff. Like a throwaway email.

    • planish@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      How does one go about doing that? Because Google Voice doesn’t seem to cut it.

      I could stop trying to use Discord and drive to Best Buy and buy a cell phone and pay for a month of service. Then I could add the number to the account. Then if I stop paying for the monthly service, there’s a good chance that Discord or whoever won’t believe I’m me at some future login and will demand I give them a code they sent to the phone number on file.