Potential Large-scale breach of privacy on Discord from a community bot

[EddyRockSteady]

Oh look the thread is back!

In any event, could someone explain in a one-liner why this is so important? Surely any rights to privacy on a discussion forum on the internet is barely tenable at best?

 

[Genar-Hofoen]

Oh look the thread is back!

In any event, could someone explain in a one-liner why this is so important? Surely any rights to privacy on a discussion forum on the internet is barely tenable at best?

There's no issue with a Discord bot being on a Discord channel.

There's a definite issue if said bot also sends all chat logs to some receiving server, without the knowledge of the people who invited that bot onto their Discord server. There is especially an issue if said bot is allowed access to a private/sensitive Discord channel.

 

[Arkku]

In any event, could someone explain in a one-liner why this is so important? Surely any rights to privacy on a discussion forum on the internet is barely tenable at best?

Players groups have "private" (as in, invite-only) chatrooms and many such groups invited the bot, made by a member of another player group, to their private rooms (to get some handy services provided by the bot) without knowing that they were also giving read access to the bot's author and his group.

 

[Agony_Aunt]

Oh look the thread is back!

In any event, could someone explain in a one-liner why this is so important? Surely any rights to privacy on a discussion forum on the internet is barely tenable at best?

Because many of those channels are invite only, not public.

There is certainly a possibility here that if what is accused is real, then data protection or other laws have been broken. It would require someone with the right legal background though to determine, and generally speaking, that doesn't include the ED community.

The legality of what was done is best left to Discord's legal and security teams. If there is any action to be taken then, they can best advise. Either Discord would then prosecute themselves, or if there is grounds for a class-action or similar by those affected, then they can provide whatever legal advice is required to the parties affected.

My best guess though is that Discord will do what they can to sweep this under the carpet, review their systems to stop similar things happening again, and possibly issue bans against those who were responsible.

Time will tell i suppose.

On the non-legal front, those responsible might find themselves shunned in the community, especially by those affected.

I'm not certain FD have anything to do here, as Discord has nothing to do with them.

 

[IronAnode]

hahahahhahahahahaha. hahahahahahahhahaha. hahahahahahahahahahahahhhhhaaaaaaahhhhaaaaah.

Oh discord trol-o-lol-o-lol. Surprise not.

 

[IndigoWyrd]

And this now moves up my list of reasons I'll continue to not use or care about Discord.

 

[Sentenza]

Because many of those channels are invite only, not public.

There is certainly a possibility here that if what is accused is real, then data protection or other laws have been broken. It would require someone with the right legal background though to determine, and generally speaking, that doesn't include the ED community.

The legality of what was done is best left to Discord's legal and security teams. If there is any action to be taken then, they can best advise. Either Discord would then prosecute themselves, or if there is grounds for a class-action or similar by those affected, then they can provide whatever legal advice is required to the parties affected.

My best guess though is that Discord will do what they can to sweep this under the carpet, review their systems to stop similar things happening again, and possibly issue bans against those who were responsible.

Time will tell i suppose.

On the non-legal front, those responsible might find themselves shunned in the community, especially by those affected.

I'm not certain FD have anything to do here, as Discord has nothing to do with them.

Sure Discord needs to be notified. If someone did that, someone else will do that again.

 

[Genar-Hofoen]

And this now moves up my list of reasons I'll continue to not use or care about Discord.

Why blame Discord for a program not written by Discord (the bot in question), though?

Discord is basically IRC on steroids - the bot in question was written by someone else, and according to the available information, programmed that bot to send the chat logs of any channel it was given access to, to some server outside of Discord's control, and without the knowledge of the people who thought the bot in question was good for their Discord server.

 

[Ian Skippy]

There's no issue with a Discord bot being on a Discord channel.

There's a definite issue if said bot also sends all chat logs to some receiving server, without the knowledge of the people who invited that bot onto their Discord server. There is especially an issue if said bot is allowed access to a private/sensitive Discord channel.

For those ill-informed, what does a bot actually do besides gather stuff? Why do people invite bots?

 

[bitstorm]

If this is indeed illegal in the UK, could the CMDRs involved be removed from the game please.

 

[Stealthie]

I was under the impression that discord was just another word for "disagreement".

If somebody would like to enlighten me, feel free to send me a message explaining it.

On a piece of paper, in an envelope with a stamp on it.

 

[Genar-Hofoen]

For those ill-informed, what does a bot actually do besides gather stuff? Why do people invite bots?

I see a few Discord bots that are programmed to 'chat back' into the channel, for 'fun'. I've seen some that monitor RSS feeds and feed those into some other channel on a Discord server - say for example, it monitors Frontier's forums RSS feed for posts by Frontier staff.

Lots of people find that latter facility very useful.

So say one programmed such a bot with these useful features - but sneakily added an undocumented feature to it, such as 'record all chat and phone it home to the mothership' - that's malicious and quite possibly rather illegal in some jurisdictions.

 

[Wylie28]

Wait wait wait, you are surprised that a discord bot that responds to what people type into discord, is reading/saving that stuff? Thats the primary function of any and all discord bots!

 

[Caduryn]

And this now moves up my list of reasons I'll continue to not use or care about Discord.

Because a Player-made-Bot has sooooo much to do with Discord itself ?!?
Makes no sense.

 

[Kyokushin]

What, and you think that Google et all are not spying on you as well ?

Best unplug from the internet .

And thats exactly what i did.
I removed any google from my cellphone, i hardened my workstations and i am turning on The Internet only when i need it.
on/off button on power strip. Cellphone have disabled wifi/bt/nfc/data alltime. Turning on only when i need to check something.

Every meeting with managament in my company is over closed double glass room, and every cellphone outside.
If i need to talk about financies or some crucial things with my wife we are doing it in the car with all celphones turned off, inside of a tunnel. I am not joking.
And yes, car without a bluetooth or wifi.

If someone is just not stupid then it not means he have a tin hat on head. Privacy is the issue in the modern times, especially IoT, phishing attacks and taking control on devices.

 

[Ian Skippy]

I see a few Discord bots that are programmed to 'chat back' into the channel, for 'fun'. I've seen some that monitor RSS feeds and feed those into some other channel on a Discord server - say for example, it monitors Frontier's forums RSS feed for posts by Frontier staff.

Lots of people find that latter facility very useful.

So say one programmed such a bot with these useful features - but sneakily added an undocumented feature to it, such as 'record all chat and phone it home to the mothership' - that's malicious and quite possibly rather illegal in some jurisdictions.

Ah, got it. Thanks for the info!

 

[Lightspeed]

Is the bot recording voice chat? In other words the voice of users?

If so, that is a potential security risk. A TV channel here in the USA warned us recently of companies that try to gather as much voice recording from you as possible in a robo-call in order to record your voice for later scams. Their advice was not to engage in any conversation, but to hang up quickly.

They may not be able to fake your signature or fingerprints, but they can fake your voiced answers as a result, and transactions over the phone are increasingly common.

Be cautious commanders

 

[Queex]

Wait wait wait, you are surprised that a discord bot that responds to what people type into discord, is reading/saving that stuff? Thats the primary function of any and all discord bots!

There is zero need to save any of it.

 

[[Diplomacy] Carnegie]

I see a few Discord bots that are programmed to 'chat back' into the channel, for 'fun'. I've seen some that monitor RSS feeds and feed those into some other channel on a Discord server - say for example, it monitors Frontier's forums RSS feed for posts by Frontier staff.

Lots of people find that latter facility very useful.

So say one programmed such a bot with these useful features - but sneakily added an undocumented feature to it, such as 'record all chat and phone it home to the mothership' - that's malicious and quite possibly rather illegal in some jurisdictions.

Thank you for this simple explanation.
Perhaps the OP could include it, so those of use who aren't au fait with all the terminology can determine whether we need to care about this.
Also, the thread tagline is frankly clickbait and should be modified to include at least the word 'Discord'.

 

[Commander Biscuit]

Things like this are the reason I've avoided Discord from the beginning.