• 0 Posts
  • 60 Comments
Joined 1 year ago
cake
Cake day: September 29th, 2023

help-circle










  • How else is the platform owner to prove that the account is linked to an actual person without defeating the check being trivial? They can’t without something being tied to you. An email address may have been a good one to use back when AOL gave out addresses as part of their subscription service, but the availability of free email has destroyed this possibility. Out of the many things that could be asked for you to provide, a phone number is the least nefarious.

    You reserve the right to not give your phone number to Discord. You do not need to give Discord your number in order for you to be able to use it. Likewise, the server owner reserves the right to ask Discord to only allow accounts that have been verified to not be burner accounts. Email verification does not do this, and the time limits on membership only go as far as slowing down accounts used in bad faith in a server, whether that be scams, trolling or otherwise.

    Like many things in life, it’s a trade-off. You value your right to privacy more than being granted access to this particular server. The server owner values the reduced ability of trolls and bad actors over the loss of membership from users like you. Unfortunately you cannot have your cake and eat it too.

    The only alternative I can think of is just buying a pre-paid number and a cheap second hand phone and using that only to verify with services. It’s good for 2FA too as it makes you immune to SIM swap attacks.


  • In that case, is a YouTuber liable for the GDPR failings of Google? Of course they aren’t. It’s the same here.

    Is McDonald’s liable for the GDPR failings of X? They have an account with their name and brand on it. They even pay X for a golden checkmark.

    Is Taylor Swift or UGM liable for the GDPR failings of Spotify?

    Are individual eBay sellers liable for the GDPR failings of eBay.

    I could go on, but you don’t quite seem to realise what the implications of what you’re saying are if they are true. You’re basically making every user liable for any GDPR on any service that collects any data. This isn’t the case, or businesses wouldn’t use these services.


  • Except that’s not how it’s working here. The only “contract” is the EULA that the developer agrees to when creating their discord account.

    The developer doesn’t collect or store the data, nor have they entered an agreement with discord for them specifically to collect this data. The game developer does not sell access to the discord server (a violation of the EULA). All they have done is use a feature on Discord, available to every user and bound to the terms of both the EULA and Discord’s privacy policy.

    If what you said was true, then any individual that enables the highest level of protection on any server of any size would end up being liable. This simply is not true. It would also mean that the lowest setting would also leave them liable as an email is stored, which is also not true.

    It would also be incredibly hard to determine exactly what they’re liable for. Is it all the users who have Discord? All the members in their server? What if a user is in multiple servers with phone/email verification turned on?

    Discord collects this information as part of their service for their verification purposes, including 2FA. The implication for the developer is nothing more than a flag on an account.

    The difference between the developer and Microsoft/Amazon is that those two companies, while yes they don’t store it on their own servers, collect the data for use in their services for their profit for services they sell, run ads on, or collect more data to sell on. The game developer does not run discord, they do not sell discord, they have little agency over that server in discord, and is a service that discord provides. The game developer could pull out at any point and the service would still exist because it is not theirs.

    TL;DR - The developer is not liable in the same way that X users aren’t liable for people who verify their phone number following them. It’s not their service, and the Discord EULA and Privacy Policy apply.


  • That’s the thing, it’s not. Lots, and I mean lots of sites are plagued by bot activity. The ones hardest hit are the ones that only have email validation.

    I could go to Google and create a new account right now, absolutely free.

    Hell, I could write a script that creates a million for me for barely any money, just paying a CAPTCHA farm a nominal sum to solve the robot tests for me. This is why sites like discord are plagued with advertisement bots, the bar to entry is literally nothing.

    Phone numbers cost money to create, and are in finite supply. Even PAYG (pre paid numbers for you Americans) numbers require you to go outside and purchase a SIM card from a store. They aren’t foolproof, but they stop the vast majority of fake accounts.



  • Sure, but at that point we’re getting into the weeds of fake webpages, which really isn’t anything apple could control anyway. Nothing’s to say that if sideloading didn’t exist, that page wouldn’t just direct them to a form to fill out your banking information. All it does is change the method. Apple could simply maintain a hash database of files that are known as dangerous and package it into a built-in AV for iOS (like most OSes do)

    Nothing’s also to say that the page wouldn’t just abuse one of the hundreds of vulnerabilities that currently exist in WebKit currently.

    For your average user, they’re probably only visiting legit sites on that browser anyway. My grandparents both have Android phones and to my knowledge have never been “tricked” into installing an APK. I can probably say the same for the vast majority of people.

    I believe the benefits outweigh the costs here. Apple loses their grip on the walled garden which is punishing for developers and makes Apple judge, jury and executionor on not only what apps can run on iOS, but also how much developers have to give up to Apple (they could up their cut to 90% at anytime and currently developers can’t do shit about it).


  • But here’s the thing - side loading, even on android, is an opt-in feature. The user has to actively go out of their way to sideload an app. Even if an app tries to do it behind your back, you must first enable its ability to do so.

    Yes, this doesn’t exist when ADB is involved, but in that case you have to go out of your way to enable USB debugging (and be stupid enough to plug your phone into someone else’s computer). The vast majority of iPhones will never have sideloading enabled by their users. The EU isn’t grabbing their balls and saying that all users must have it enabled by default, otherwise they’d be going after Android too.