Its a good job I only talk rubbish on discord, I hope someone got some joy from it.
Potential Large-scale breach of privacy on Discord from a community bot
- Thread starter Sindri Arcturus
- Start date
I don't understand the ins and outs of how the bot actually worked (i'm not a dev). Essentially from what i understand, it interrogated a database for information, compared it with other results to see if others were doing the same (ie searching for the same in game materials or viewing the same bad guy at a time, plus a few other functions) and then returned a result in chat or PM'd you a result directly. It would also monitor all channels and was able to broadcast messages across them all - for Red Alerts and thats something that was only used a few times in the early days.
Last edited:
As a developer I'm entirely willing to believe that the logging itself may well have been put in quite innocently, e.g., if I were making a bot for my group to use, I might not give logging a second thought – after all, if I'm the only person who has read access to the logs and the bot is only in places where I am, the logs wouldn't contain anything that I wouldn't be able to read anyway, so why not just log everything in case it's needed for debugging or whatever. But things change when you give the bot to other "customers". (In fact, I've often had to remind other developers in meetings that too much logging may pose a much greater risk than "not enough" logging, e.g., in case there is a security breach and the logs are leaked.)
The moment this bot was given to other groups, logging of unnecessary information should either have been disabled or the other groups informed that it will log the channels that the bot is in. Having to give read access in Discord does not equate to the latter, since the bot software having read access is distinct from the author being able to read the logs. I might even believe that the bot's author might not realised this at the time, but once he apparently started using the logs to keyword search what others are talking about specific people it becomes inexcusable.
The moment this bot was given to other groups, logging of unnecessary information should either have been disabled or the other groups informed that it will log the channels that the bot is in. Having to give read access in Discord does not equate to the latter, since the bot software having read access is distinct from the author being able to read the logs. I might even believe that the bot's author might not realised this at the time, but once he apparently started using the logs to keyword search what others are talking about specific people it becomes inexcusable.
Last edited:
As for privacy in general, it is certainly true that you shouldn't use Discord in the first place if you're worried about the absolute privacy of your chats. However, companies like Discord (or, say, Google or Microsoft) aren't interested in looking at the specific conversations, but rather at general patterns and aggregate data (e.g., for targeted advertising). I find it quite unlikely that someone at Discord plays Elite: Dangerous and potentially risks their job and/or the company's reputation by reading what other player groups are talking on their service…
For a vague analogy, consider that some smart TVs have microphones actively listening and transmitting that information to the manufacturer's servers for analysis. Still, I think there is a difference between that, and you buying a used TV from your neighbour only to find out they had installed a microphone inside that sends the transcripts of conversations to your neighbour who searches them for signs of you talking about them behind their back.
For a vague analogy, consider that some smart TVs have microphones actively listening and transmitting that information to the manufacturer's servers for analysis. Still, I think there is a difference between that, and you buying a used TV from your neighbour only to find out they had installed a microphone inside that sends the transcripts of conversations to your neighbour who searches them for signs of you talking about them behind their back.
The bit I've highlighted - if the author of the bot didn't tell any of the bot's users this 'eavesdropping' behaviour had been added, and when I say 'eavesdropping' I mean 'logs all chat channels the bot has access to and send the data back to some server for later perusal - then they could be on very shaky legal ground in a few jurisdictions. I am not a lawyer, so may be wrong - but at the very least, this is pretty bad behaviour, in my honest opinion.
I understand! I can only post what i know and until the chap who wrote it comes back, i cant give anymore information as i don't have any unfortunately.
As someone who doesn't use Discord at all, can anyone provide TL;DR answer to "Does this affect Frontier forums?" If not, would OP reword the thread title so not to scare the pants off everyone?
You don't want to see me without pants....
Last edited:
To all saying "discord's baaaaad I'm glad I'm not using it", a certain group yelling "cows will lose milk from that monstrous railway" comes to mind. If you are unaware, discord is currently vastly superior voice and text chat to teamspeak, and you can set up your own server and do there what you wish. It's also very popular with the gaming community because ease of use and convenience. But you can continue to use skype for in-game chat still, if you wish.
PS: no, Elite's in game chat is terrible in comparison to discord or teamspeak.
PS: no, Elite's in game chat is terrible in comparison to discord or teamspeak.
No, it only affects those Discord channels that the bot was in.
Last edited:
No it doesn't affect frontier forums, only discord users who talked in a channel in which a particular bot was operating.
EDIT: Ninja'ed by Arkku
Last edited:
I wasn't blaming you personally, as someone that doesn't use either I have no authority to lay blame at anyone's feet. I was just making an observation that the agreement was missing an obvious tick.
I apologize if you felt I was attacking or blaming you, was not my intention.
Carry on CMDRs
o7
This is just stupid behavior that needs to be punished.
With punished I mean ban that group on all platforms no exceptions made.
With punished I mean ban that group on all platforms no exceptions made.
Don't run random code you don't understand developed by people you don't know and have no reason to trust...
Some legal stuff: I think all the punitive measures in violation of data privacy laws in Europe (the US here doesn't have any applicable law) are monetary. The GDPR rules that go into effect in 2018 talk about 4% of global revenue for the company as fine.
No company here. Some random dude wrote some free code. Who's there to sue? What revenue would they pay a percentage of?
Honestly? Those who run this bot have a rather large responsibility in first figuring out what the bot does, before just putting it on your channel.
Some legal stuff: I think all the punitive measures in violation of data privacy laws in Europe (the US here doesn't have any applicable law) are monetary. The GDPR rules that go into effect in 2018 talk about 4% of global revenue for the company as fine.
No company here. Some random dude wrote some free code. Who's there to sue? What revenue would they pay a percentage of?
Honestly? Those who run this bot have a rather large responsibility in first figuring out what the bot does, before just putting it on your channel.
How is it a breach of privacy?
If you are writing in a Discord Channel, you have to expect that anyone and everything with access to that channel can see what you're writing.
Why would you be concerned that a log of your your messages was being kept? Hell the entire discord channel is a log of your messages and you can scroll back as far as you want.
I don't see what the concern is. There is always a permanent record of everything that happens on the internet.
You should never have considered anything written in discord to be private.
If you are writing in a Discord Channel, you have to expect that anyone and everything with access to that channel can see what you're writing.
Why would you be concerned that a log of your your messages was being kept? Hell the entire discord channel is a log of your messages and you can scroll back as far as you want.
I don't see what the concern is. There is always a permanent record of everything that happens on the internet.
You should never have considered anything written in discord to be private.
Last edited:
exactly...even when on a Legit Government website logging into a service or something it effectively warns.."Don't expect privacy" Every reasonable person is aware of this common practice of companies warning users that. legally, you cannot expect privacy...but that they'll do their best.
I think allot of people misunderstand "privacy", particularly with respect to the what the law says.
not one person has mentioned that a normal human user can also record the info "secretly".....there is no law against doing things secretly in public
Not all Discord channels are public though.
Example : a Discord channel for a player group, might have a private 'command' channel that only a few of the group leaders have access to and can discuss things in private, as well as having general and public channels.
So suppose they decide they like the announced features of the bot so much that they had the bot join their private channel. And suppose the bot's code was changed such that new unannounced functionality was added such that the chats in said private channel were being sent outside that private channel, without the knowledge of the bot user?
Do you begin to see where there might be a problem with that? Especially if this 'sending chats to other places unannounced' behaviour is unannounced/not specifically specified to the bot users?
EXACTLY!!!! and no reasonable person would have.
Good stuff. And agreed, misinformation is much better than no information, which nowadays just gets you flagged and be more interesting. Also, strongly recommend to use different named accounts on the internet that themselves have no links to each other.
errrr....it was permitted access and also your claim that within discord there is an ability to create separate channels and allow certain peeps to join there by being "private". While I appreciate you consider that "private". Legally, it's about as private as being in a public park and going to the far corner of the park to have a private conversation. That doesn't provide you legal protection of privacy, and would be foolish to sincerely believe such a place is legally private.
This is vastly different than the reasonable assumption that a telephone conversation (as heard through the "line") is legally private...
If you're in your backyard having a nice family conversation about your finances, and Im in mine and over hear it and retain it word for word....how would you interpret that? What if I go on TV and talk about said experience of overhearing my neighbors "private" convo. Of course for proof against slander / libel I would have to record said conversation.
Last edited: