Discord verification

[Jost Amman]

While I don't condone leaks, data breaches happen on basically every website there is, if not all of them. When they ask for your email or your phone number, assume they have the level of trust as a day 1 security personnel who is as forgetful and as clumsy as they come (and might have ulterior motives, for all you know). I am not arguing morals, rather just saying "it just is". Companies absolutely should take full priority in maintaining the security of their clients' information. However, many do not, and are more than likely selling it overseas. It's up to each person whether this is an acceptable risk or not. This is why many people swear by the rule, "never share your face online". Or at least that's how it used to be... Society at some point just forgot that.

Yeah, I agree. Rule enforcing has become a joke. If they couldn't do it for something as serious as the Nuremberg Code with the experimental vaccines being forced down our throats during the pandemic, you can guess how much they care about our own privacy and the exploiting of our personal data for profit.

That's why there's no real way to protect ourselves. There are services that you simply cannot choose not to subscribe to, but when you do, your personal data is all over the world for any party to use.

 

[Dead Smarty]

It isn't intended to be proof of ID. It's intended to make it more effort for bots to spam the server. And it works. Some still will make the effort, but it's less than if it was entirely open access.

That's not what they call it. If the text in that box was indicating anti spam I would understand (and still reject) but they ask me to verify my ID.
So it is intended as proof of ID since they have a serious issue with underage users, conflicting with local laws in several regions all around the world.

Sorry to say, but you are assuming too much.

 

[Dark Sun]

Yeah, I agree. Rule enforcing has become a joke. If they couldn't do it for something as serious as the Nuremberg Code with the experimental vaccines being forced down our throats during the pandemic, you can guess how much they care about our own privacy and the exploiting of our personal data for profit.

That's why there's no real way to protect ourselves. There are services that you simply cannot choose not to subscribe to, but when you do, your personal data is all over the world for any party to use.

Adding onto what I said before, don't you think it's strange that companies never talk about data leak prevention, or at least how they're going to combat it after it happens? Nope. Not a peep until a breach happens and they go, "Whoopsie! Our bad! We take our customers very seriously and we pinky promise it won't happen ever again!" (Until the next data breach 3 months later.)

Companies don't care. That's a lesson everyone needs to learn and listen to.

 

[theFlu]

don't you think it's strange that companies never talk about data leak prevention

Not strange at all. You don't describe your fortifications to the enemy. The only thing you could safely state about the details of your data protection scheme is "we don't gather any data". Everything else is inherently unsafe; once you have data trying to boast about your security measures just gives an attacker information.

 

[meganoth]

That's not what they call it. If the text in that box was indicating anti spam I would understand (and still reject) but they ask me to verify my ID.
So it is intended as proof of ID since they have a serious issue with underage users, conflicting with local laws in several regions all around the world.

If that is the reason, then they don't really care whether it is effective. They only care whether local laws accept a phone number as a sufficient method to check for underage users. And probably asking for a phone number is the least intrusive method of all they could choose.

 

[Sapient6]

Not strange at all. You don't describe your fortifications to the enemy. The only thing you could safely state about the details of your data protection scheme is "we don't gather any data". Everything else is inherently unsafe; once you have data trying to boast about your security measures just gives an attacker information.

You could definitely share that you're using a 1-way encryption algorithm to store the information.

 

[theFlu]

You could definitely share that you're using a 1-way encryption algorithm to store the information.

Heh, well... while I think that's pretty well covered by my "we don't gather any data"; where it isn't is that someone MIGHT end up figuring out how to turn that into a 2-way...

 

[Sapient6]

Heh, well... while I think that's pretty well covered by my "we don't gather any data"; where it isn't is that someone MIGHT end up figuring out how to turn that into a 2-way...

It's not just a "hard" problem to solve, it's not even a problem available for solving. Hashing is very lossy so the initial information is lost in the process.

Like most successful hacking, the only way to unhash a piece of information is social engineering of the person who originally typed it in.

 

[theFlu]

Hashing is very lossy so the initial information is lost in the process.

Certainly, but for sufficiently small values of "MIGHT", someone might find a logfile backup of the actual data once they know what you've been up to in the background... emphasis on p nearing epsilon, ofc. "The was here, the data was processed" is always worse than "we never had data". Not by much in all cases, but ..

 

[Sapient6]

Certainly, but for sufficiently small values of "MIGHT", someone might find a logfile backup of the actual data once they know what you've been up to in the background... emphasis on p nearing epsilon, ofc. "The was here, the data was processed" is always worse than "we never had data". Not by much in all cases, but ..

Fair enough.

At that point we've kind of crossed over into an entirely different security concern than disclosure, haven't we? I mean Discord by virtue of being Discord is, in a sense, already publicly disclosing that if you could get access to their server's file systems you'd find all sorts of ■■■■ that definitely should not be there. I know if I was working for them I would be crossing all my i's and dotting all my t's as a matter of SOP.

 

[theFlu]

At that point we've kind of crossed over into an entirely different security concern than disclosure, haven't we? I mean Discord by virtue of being Discord

Yeh; I treat Discord as a public data dump, with a mild chance they won't leak my junk email address to the entire world to see. Highly categorized pastebin, if you will. But I chimed in on a lament about companies not being chatty about their safety features; the default there should still be silence, imo

 

[Jost Amman]

Yeh; I treat Discord as a public data dump, with a mild chance they won't leak my junk email address to the entire world to see. Highly categorized pastebin, if you will. But I chimed in on a lament about companies not being chatty about their safety features; the default there should still be silence, imo

Yeah, I can imagine someone wanting to deposit diamonds into a bank safe asking "What are your security measures?" and the bank responding "Sorry, we can't tell... just trust us. ". That'll end well.

 

[theFlu]

Yeah, I can imagine someone wanting to deposit diamonds into a bank safe asking "What are your security measures?" and the bank responding "Sorry, we can't tell... just trust us. ". That'll end well.

Soo... how many diamonds do I need to deposit to get a few passwords (to check their strength) and the blueprints for the vault (to check if I can see any obvious weak points compared to my mattress at home)?

 

[Jost Amman]

Soo... how many diamonds do I need to deposit to get a few passwords (to check their strength) and the blueprints for the vault (to check if I can see any obvious weak points compared to my mattress at home)?

You gremlins don't need passwords... you just climb and crawl through the vents...