Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discord TOS #91

Closed
zgast opened this issue Sep 4, 2021 · 4 comments
Closed

Discord TOS #91

zgast opened this issue Sep 4, 2021 · 4 comments
Labels
question Further information is requested

Comments

@zgast
Copy link

zgast commented Sep 4, 2021

Even if this is a really early state and nobody knows how Discord will handle this (I hope to not see u in front of the judge), but myb it would make sense to implement a way to login without the discord account to be safe that you can use fosscord without getting eventually banned from discord.
@SamuelScheit
Copy link
Member

SamuelScheit commented Sep 4, 2021
edited

yes we plan to have multiple ways of authentication:

  • OAuth2 (login with Fosscord/Discord/Google)
  • Federated (login with accounts from other instances (like matrix))
  • Decentralized (create a new account with username/password which are only stored on your instance)

Also discord doesn't ban users for using third party clients (although it's stated in the TOS) they do it because of their anti spam system, which tries to mitigate spam bots. Our client will make the exact same api request and be discord compliant, so we will make sure you will not get banned for using it.
Source: https://news.ycombinator.com/item?id=25224151

Also according to this US court rule copying the api interface is considered fair use

@SamuelScheit SamuelScheit added the question Further information is requested label Sep 4, 2021
@SamuelScheit SamuelScheit pinned this issue Sep 4, 2021
@Featyre
Copy link

Featyre commented Sep 9, 2021
edited

Add something to the issue (for Fosscord Server): check out the 2nd to last question from this
image

As for clients, Discord won't just ban people out of the blue, they should notice the user before they decided to ban them, think it logically, does it make sense for Discord to ban someone instantly? No! A ban wave would happen and Discord would lose a bunch of users just because they are using a modded/third-party client.

@Gebes
Copy link

Gebes commented Jan 24, 2022
edited

Well, @Featyre it depends. Discord only bans accounts out of nowhere if they act maliciously. Also, Discord doesn't care which client/client mods you use, as long as you use the API correctly, because they only see the API interactions and nothing more.

If a Discord account acts maliciously, they make an automated decision based on the Account's trustworthiness (afaik).

What does acting maliciously mean? Poor usage of the API. E. g., no cookies, fingerprint, overuse of specific routes etc.

Discord won't just ban people out of the blue.

They do if you use the API wholly wrong and your Account is untrusted (young Account age, no phone number, no verified mail, etc.).

does it make sense for Discord to ban someone instantly? No!

Yes, it makes sense! What if a token gets abused for spamming? Discord must stop such spam directly, and Discord will only give a second chance if the user opens a support ticket and gives a good explanation (e. g., hijacked token).

they should notice the user before they decided to ban them.

If an old account with a clean record acts maliciously, they will password lock your Account. So, they will send you mail telling you that someone maybe hijacked your Account, and it is locked until you change your password.

So as long as Fosscord uses the Discord API properly, Discord can't notice that a user is using a different client hence no user will be banned out of nowhere.

@Featyre
Copy link

Featyre commented Jan 24, 2022

Well, @Featyre it depends. Discord only bans accounts out of nowhere if they act maliciously. Also, Discord doesn't care which client/client mods you use, as long as you use the API correctly, because they only see the API interactions and nothing more.

If a Discord account acts maliciously, they make an automated decision based on the Account's trustworthiness (afaik).

What does acting maliciously mean? Poor usage of the API. E. g., no cookies, fingerprint, overuse of specific routes etc.

Discord won't just ban people out of the blue.

They do if you use the API wholly wrong and your Account is untrusted (young Account age, no phone number, no verified mail, etc.).

does it make sense for Discord to ban someone instantly? No!

Yes, it makes sense! What if a token gets abused for spamming? Discord must stop such spam directly, and Discord will only give a second chance if the user opens a support ticket and gives a good explanation (e. g., hijacked token).

they should notice the user before they decided to ban them.

If an old account with a clean record acts maliciously, they will password lock your Account. So, they will send you mail telling you that someone maybe hijacked your Account, and it is locked until you change your password.

So as long as Fosscord uses the Discord API properly, Discord can't notice that a user is using a different client hence no user will be banned out of nowhere.

Reading from this reply I should expand what i talked about: at that time i didn't consider malicious users into modded client users/custom client users, and I do agree that they ban users who use API maliciously, it just doesn't make sense to ban users who are not (and using modded clients).

Also I hope Fosscord (the client) uses Discord API as an official client does.

@MaddyUnderStars MaddyUnderStars unpinned this issue May 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@SamuelScheit @Gebes @zgast @Featyre