-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discord account requiring password reset #18
Comments
I've seen this problem also mentioned by multiple people in last days in #bitlbee (IRC chan on OFTC) with other 3rd-party clients - bitlbee-discord and purple-discord, also in EionRobb/purple-discord#363 wrt latter. Probably indeed an anti-userbot-spam measure on their part, identifying 3rd-party clients in some way. Doubt that fixing this client to look like a browser to avoid tripping any such measures is an option, as it's probably too much work without knowing what exactly they check there (and if it's an ML filter then it's unknowable), while deviations from browser behavior are basically infinite and can't be fixed on a fundamental level w/o using the browser client. |
I'm using MFA and It's simultaneously reassuring and disheartening to hear that others are running into this issue as well. |
Oh well, should probably add this to the README and finally archive the repo. Also, maybe good advice to anyone getting this error would be to immediately get/backup any kind of important info from discords that you've joined (like maybe asking for an invite link for alt-acc in private discords) and/or notify anyone that you care to stay in touch with alternative contact details. |
I have not experienced this problem so far. Though I have a desktop environment on the same IP as rdircd which I used for the initial login. |
I suspect most people use this from some linux box at home, and same almost certainly goes for ripcord (issue for which linked in the top post), as that's a desktop client. |
Small heads-up about maybe a useful thing to try, suggested in the same #bitlbee channel: As using private chats had caused some heavy-handed reaction from discord in the past already, I've asked people who had this "suspicious activity" there whether they use private chats and all of them said they have, some using those exclusively. It's also quite possible that almost everyone uses private chats on discord (though I almost never have myself), so it's not any kind of useful signal, but idk, maybe something to try if this gets too annoying and you want to keep using the IRC, at least. I'd suggest testing whether this helps by completely stopping interacting with private chats after one of the resets and see if no new "suspicious activity" events happen in something like a week (with e.g. it usually happening every other day), which might indeed confirm that this helps... somehow. EDIT: nope, doesn't seem to help people who tried it, according to reports on that IRC. |
From third-party reports, it sounds like discord has made this "suspicious activity" heuristic less restrictive and it no longer affects third-party clients indiscriminately. One takeaway might be that it could actually be a good thing to send custom user-agent and avoid blending-in with the mobile/browser client, if above conjecture is mostly correct, as that'd make it easier tell different use-cases apart in such heuristics, presumably allowing for more differential treatment - maybe a better one than masquerading user-spambots, in this case. But that all is just a wild guess of course, no idea what's actually happening in the secret Discord Volcano Lair HQ. |
I found this thread after getting daily password reset demands from using Ripcord alongside the official Android app, and have been checking in from time to time just to see how the case develops. It seems they got enough flak for this change that they fixed it, because about a week ago it stopped happening daily - but now tonight I've got this: I'm not entirely sure it's related but figured I'd leave it here and others can chime in. Sorry if it's inconvenient. I've tried switching VPN servers and not using a VPN, using LTE on my phone, it doesn't matter. I've never done phone verification for the servers that require it, preferring to just avoid them entirely. So it seems this will be the end of my Discord usage, and though I was leaning that way already, I didn't really expect them to make the final push. Fuck Discord. Fuck Tencent. |
Ah well, sorry to hear that, though tbf I haven't found any good use for discord myself either, so maybe not a big loss, but that probably depends heavily on the person and their interests, social circles, etc. |
I am getting emails from discord requiring me to reset my password, similar to https://dev.cancel.fm/tktview?name=8f8ecd4b60
Has anybody else had this issue?
The text was updated successfully, but these errors were encountered: