This. I'm hoping that it was an inadvertent thing. I see no reason to save the logs. At least they can be cleaned up after a short period. Like a hour or so. That functionality might not have been thought of, but I'm no expert on bots.
Potential Large-scale breach of privacy on Discord from a community bot
- Thread starter Sindri Arcturus
- Start date
This. I'm hoping that it was an inadvertent thing. I see no reason to save the logs. At least they can be cleaned up after a short period. Like a hour or so. That functionality might not have been thought of, but I'm no expert on bots.
I disagree. Design an algorithm that reads the logs and picks out popular terms or words. Use the data to incorporate better features, and or debug why some features dont work. Why do you think Google is the superior search engine? Because they save everything about you and your searches and constantly examine that data. Anything that responds to human actions will not be of quality without telemetry. Why do you even care? Do you really think a person is reading all the stuff you have typed? Do you really think it cant be intercepted other ways? Do you really think privacy exists?
Last edited:
As one of the leaders of PalCon i'll post this here. Its an edited version of what i posted to our members.
What is PalCon
Folks, it has come to the leaderships attention that several articles are about to be published regarding data privacy issues and PalCon. We thought it prudent to pre-empt this by providing the following statement.
PalCon was and is Big Pappas baby, it was originally conceived to replace Frogbear, which we were using on loan from the Diamond Frogs, during our initial war with RSM. Its purpose was to provide IFF information along with with a few witty roundhouse kick jokes. However as time went on, at members requests, BP started adding new functionality, such as distance to materials and all sorts. Now for whatever reason (malicious, bebugging, search algorithms or just lazy/bad coding) it seems PalCon kept a record of the channels it was in and this information was used to help someone.
Some clarification:
As far as i am aware it has to read the channels it had permissions to work in (ie run a whois or !joke etc), in order to reply to a request, so it does not have access to ALL channels on a server unless someone gives it to it.
On our own PalCon server it was the following channels:
- The Inn
- Members channel
I also recall when adding the bot, it states that it needs read/write access in order to function and you have to agree to this to proceed.
As for a conspiracy theory from the leadership, there is none. I can lay my hand on a bible and state I have NEVER seen any information from this, as can, pretty much everyone on the Council.
You genuinely think that anyone who cares about your information (which is almost certainly nobody) would be in any way hampered by those techniques?
Bear in mind that the people telling you how to "avoid" snooping are mostly the people who are doing the snooping in the first place.
This means war!
Because if you were to actually read Google's TOS that you agreed to, it's all spelled out.
This bot s-ware seems to have been missing those pesky details.
Informed decision making and all that.
I am sure about that.
What i wrote is common knowledge and just good practices what can lower a risk of critical data leak.
You could be surprised how many people are interested about your data, what even you are thinking they are irrelevant.
Last edited:
The majority of bots on discord save the logs anyway. The bot winder on reddit saves all edits and deletes; it's a non issue really.
It appears there may have been a major violation of the privacy of the Eliteangerous community, through the actions of a group known as the Paladin Consortium.
The PalCon bot, which has been (and continues to be) used on "[...] 30+ Discord servers and 240+ channels"[1] has been gathering information from every Discord channel to which it has been given 'read' privileges. It has been doing so without the knowledge or consent of other server owners, and of the members of those groups; the only people aware were the members of the PalCon Council (as the details of the bot were apparently mentioned several times in there), and from what I understand only higher PalCon members had access to the 'take'.
If you are on a server with the bot, you should ban it immediately or cage it in an IFF room for that function only. It will very likely disappear shortly.
While I was myself for a time a proud member of Paladin Consortium, I am extremely glad that I was never promoted to any higher position in which I might have been exposed to this - and subsequently been obliged to do as I am doing now. This information came through CMDR Dutch Foster, who was given a copy of a fragment from a csv file to which PalCon bot output its data. If possible, the file will be made available here and on the Frontier forums. I should make it clear at this point that there is NO REASON TO ASSUME that any person outside the PalCon Council was in any way complicit: the only people who could possibly have been aware of this occurring were those with Council access, and even that is not entirely certain (as messages may have been missed, and to my knowledge the vast majority of them were not granted access to the take from the bot).
What you will see in the csv file only a small portion of the take, over a short period of time, which shows a search for instances of the word 'dutch'. If you are/were a member of a Discord chat in which this bot was present, you may safely assume that anything and everything you have said in that chat was similarly recorded, and is accessible to the executive of Paladin Consortium.
The intention for the future of the bot was that it be expanded into an app, which would have access to your PC. Whether the data capture would be acknowledged at this point, none can say - but it suffices to say at this point that none of the server owners were aware of PalCon's capabilities until very recently.
So, what comes next? I can't say. We are leaving this in the hands of Frontier, Discord, and the community: I know that others have been in contact with members of the Frontier team; I contacted Discord's privacy and security team last night/today; and obviously, you are now all being made aware.
We have CMDR Dutch Foster to thank for exposing this when it came to light, and an anonymous source within Paladin Consortium to thank for providing supplementary intel.
Again, to be clear: very few people actually knew about this until now. This was done for several reasons: we wanted to protect those involved from potential attack before we had a chance to release the information, as well as to contain whatever damage might be caused as a result, and to control its release as much as possible. As I am posting this, some members of other groups are no doubt informing members of their discord servers. I hope the community will forgive we few who had access to this knowledge before them for waiting as we did (rest assured, it was not for long) before informing the community at large. The few days allowed us the chance to gather as much information as possible, coordinate our release, and let Dutch say his farewells (as he fully expected to be hunted to the ends of the earth for this). PalCon is by no means a small or insignificant group, and I fully realize that by stepping out as I have I will probably become the primary target for any future aggression. This is, however, something I willingly accept. My actions are not representative of any organization within the E
I encourage you not to withdraw from the community as a result of this: those who acted did so alone, and by no means represent most of the Discord-based community. Again, the majority of their members are entirely without blame, having no knowledge of this information and themselves being victims, similarly recorded without their knowledge or consent. Most people you will encounter are worthy of your trust, Paladins included.
To conclude, I wish to convey the personal hurt and deep disappointment of myself, of those others who have become involved, and of those on whose behalf I have decided to bring this information forward here.
[1] The images from the Paladin Inn detailing PalCon's current access and future plans for the bot, as well as a screenshot of the csv file, are available here: http://imgur.com/a/5wn3u
A censored version of Dutch's original message to Delmonte is here:https://cdn.discordapp.com/attachments/308731279711404034/308953305068077057/Untitled-1.jpg (The word 'Dutch' has been blanked out, as at the time there was concern for his safety and privacy)
As a final note to Paladins who may be orphaned by this: there will, I have no doubt, be a place for you to go. Please keep an eye out; you're all in the same boat, but you were betrayed just as much as the rest of us - if not moreso. Go forward knowing this was not your fault.
(The csv file has been converted to xml to upload here. It has been attached to this post.)
glad i have never and will never use lame DISCORD! LOL
Personally, I love scammers and all those thieving morons. I leave my cell phone on all the time - I broadcast false data.
I fill out all the questionaires - with false data.
I give out "my" address - it happens to be the local prison.
I give out "my" phone number - it rings the desk of a Secret Service agent I've known for decades.
I don't run a firewall on my public IP - I want you to steal all my fake information - it's all tied to accounts monitored by various agencies - both local and INTERPOL. It's great.
Human Honeypot - have all the data you desire.
Reading the Titel I tough somethings fishy going on in the Game or the FD shop, don't scare me like that Op. Put in the Titel it has nothing to do with the Game or FD ^^
Tiny_Rick
Banned
It appears there may have been a major violation of the privacy of the Elite
The PalCon bot, which has been (and continues to be) used on "[...] 30+ Discord servers and 240+ channels"[1] has been gathering information...
And here I thought Clickbait didn't exist on the forums. Good lord, what a chuckle!
Last edited:
Cool, false information is also good for making a noise - in some cases it is a good move if you want to hide something in the middle. However, I do not care about it, i am just turning data off, to not waste my battery and 'data' on it.
My cellphone (old galaxy s3 with hardened lineage) is working over a week on one battery charge.
Last edited:
I've not been caught with anything! The chap who wrote the bot is not online atm, so i cant give you the details on why it was doing that. The main point i wanted to clear, is that from the OP, is that there were not a group of us doing it. The person mentioned and several others ALL had access to the groups leadership room, in some cases over a year ago, so if we were getting our rocks off reading folks meme wars, why did they not mention it before?
Last edited:
This....I think lots of follks might be surprised just how much your "junk" information is worth in the right hands.
Why do you guys think M$ gave out windows 10 for free and are putting all kinds of pressure on folk to make us all switch to w10...