22 votes

Dis.cool is creating profiles of Discord users who have never signed up for their service and they are refusing to delete them.

9 comments

  1. Death
    Link
    A Discord Engineer has provided the following response to the situation:

    A Discord Engineer has provided the following response to the situation:

    I wanted to weigh in on the situation with Dis.cool, which we’ve been tracking for a while.

    To be super clear, Dis.cool is a bad actor and what they do is completely against our Terms of Service and Community Guidelines. They use a couple methods for scraping user data from our site: harvesting server information from server widgets (which is a server-configurable option in the server settings), and creating new user accounts through a bunch of proxy IP addresses and joining servers as ordinary users with invite links they find.

    In light of this behavior, we've actually made a bunch of changes to help limit this kind of abuse: - We've anonymized and limited data returned on server widgets - We've added stricter rate limits to widget data and to profile data - We've added stricter permission requirements and other limitations to downloading member list data as a ordinary user

    These changes have helped limit mass gathering of new information by Dis.cool, but we're still working on solving the "create new user accounts" problem (which is a pain point for spam as well). We have a team working on a new service (which will go live in the near future) to help us better detect bad actors on our platform and take action upon them.

    Unfortunately, these changes do not take back the data which Dis.cool has already collected. Our legal team is working several angles on that, but it’s slow going for the moment. We hope to do something about that too, though.

    12 votes
  2. Death
    Link
    Full topic title: Dis.cool is creating profiles of Discord users who have never signed up for their service and they are refusing to delete them. They know what communities you are in, what games...

    Full topic title: Dis.cool is creating profiles of Discord users who have never signed up for their service and they are refusing to delete them. They know what communities you are in, what games you have played, your username and ID, along with other things behind a paywall.

    I can confirm their data deletion page is indeed non-functional and redirects to a meme.

    10 votes
  3. [4]
    Death
    Link
    For those wondering: the unofficial Tildes Discord server does not appear to have been indexed as of writing.

    For those wondering: the unofficial Tildes Discord server does not appear to have been indexed as of writing.

    10 votes
    1. [3]
      Grendel
      Link Parent
      I didn't realize Tildes had a discord server. Is it invite only? I'd be interested in joining.

      I didn't realize Tildes had a discord server. Is it invite only? I'd be interested in joining.

      3 votes
      1. MetArtScroll
        Link Parent
        All Discord servers are invite only (though the invite link may be public, and even if that link is available, it might not work). Ordinary users have a very limited ability to search Discord (by...

        All Discord servers are invite only (though the invite link may be public, and even if that link is available, it might not work).

        Ordinary users have a very limited ability to search Discord (by design, and the “advanced” tools like the very dis.cool discussed here are against Discord's ToS), but advertisers have all the data.

        3 votes
  4. MetArtScroll
    Link
    A.S. While I cannot say that I fully support Discord's non-discoverability (i.e., one cannot easily find a server by name), I cannot support ToS violation. How long have they been around? I...

    A.S. While I cannot say that I fully support Discord's non-discoverability (i.e., one cannot easily find a server by name), I cannot support ToS violation.

    How long have they been around?

    I checked my profile on their site and they publicly revealed that I was active on a blob emoji Dicord server more than one year ago, and that there is one related account and two “smaller related servers” (available on log in—no, I am not creating an account there). While I indeed joined that blob server back then, it's been long since I left, and I am not sure I had made a comment or even a reaction while being there. However, my joining and possibly leaving the server could have been registered by Tatsumaki or a similar bot, and these join/leave logs are often public.

    This looks like dis.cool uses bots—as well as “ordinary users” who do nothing but run scrapping scripts—of its own to scrap everything, so if those bots are not let into a Discord server, then dis.cool cannot index it.

    7 votes
  5. weystrom
    Link
    Well, at the very least they seem to break Discord's ToS, but their bots are probably too difficult to track. Hopefully something comes out of this.

    Well, at the very least they seem to break Discord's ToS, but their bots are probably too difficult to track. Hopefully something comes out of this.

    6 votes