Potential Large-scale breach of privacy on Discord from a community bot

John Rhys

J
Genar-Hofoen said:
Not all Discord channels are public though.

Example : a Discord channel for a player group, might have a private 'command' channel that only a few of the group leaders have access to and can discuss things in private, as well as having general and public channels.

So suppose they decide they like the announced features of the bot so much that they had the bot join their private channel. And suppose the bot's code was changed such that new unannounced functionality was added such that the chats in said private channel were being sent outside that private channel, without the knowledge of the bot user?

Do you begin to see where there might be a problem with that? Especially if this 'sending chats to other places unannounced' behaviour is unannounced/not specifically specified to the bot users?
Click to expand...

Question is, was this information already used and since the Bot has Admin rights - was it in ALL channels? ;) If so, some..."claims" made by certain groups about the Event are false. Which would probably be as bad, as the data leaking itself. Although, at least in Germany, that would be a serious criminal act...
 
Last edited:

greenlantern

G
bitstorm said:
It's pretty underhand and it's pretty disgusting to be quite honest about it.
Click to expand...
Well I'm glad you are now being more honest about.....Maybe the person who did it felt it was clever, uncanny and rather funny....

The law doesn't have anything on "underhanded" or "disgusting"....

there is a good saying for your experience here..."fool me once shame on you, fool me twice shame on me." so live, learn and move on with a better understanding of what's possible.
 

Julio Montega

Julio Montega
Miku Hatsune said:
What the OP claims is a breach of privacy, and at the very least here in the UK it is unlawful (https://www.gov.uk/data-protection/the-data-protection-act). Also as some other people have stated if the users of the bot were not made aware of how it was collecting data then this could become a serious issue for all those involved.
Click to expand...

In germany spying by these methods also is punishable,
as it is an offense to the secrecy of communication (Fernmeldegeheimnis),
an infraction on datasecurity rules (Datenschutz) and additionally
is a means of spying and datatheft.

What puzzles me however, is why any discord channel
would add an external bot in the first place.
You just need a small pint of good old "sense"
to prevent such stuff.

Stuff really might get out of hand, as the question
needs to be asked why the bot was installed in the first
place and if the hoster or tenant of the discord chat was aware
of the bot implications.
They might aswell become liable to claims, i guess.

The minimum decency required would be
the instant removal of such bots and at least
a public apology of those who created the bots to spy,
and those who installed them.

What comes to the vigilant CMDR who reported this,
should not be harassment of those spying,
but a general "hats off to you for doing a great thing"
display of respect.
 
Last edited:

racer1

racer1
I'm surprised that anyone is surprised. Distasteful or not.

Every discord server/channel I have signed up to let me in with no vetting and no T&C acceptance that I can recall.

I'd be surprised if it was illegal, but not my area so who knows.

I've always regarded anything I say in discord a public domain.

But thanks for bringing it to people's attention.
 
Last edited:

iFred

I
@Frontier: You should immediately close this thread and bury it wherever you can from any access to the public. It´s not your fault, and it shouldnt be discussed here. Please have a small look towards the new european data-protection-thingie that is active since last year and will become immediately active in all european countries in the future, especially regarding the matter of sending data to "other" states.

Here´s the link: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_5419_2016_INIT

Brexit or not - this is not your problem but you don´t want to be involved in a discussion like this from my point of view.

By the way, for the owners of the bot - you ran into a big legal problem here - have fun.
 

floc

floc
Major Klutz said:
How is it a breach of privacy?
If you are writing in a Discord Channel, you have to expect that anyone and everything with access to that channel can see what you're writing.
Why would you be concerned that a log of your your messages was being kept? Hell the entire discord channel is a log of your messages and you can scroll back as far as you want.

I don't see what the concern is. There is always a permanent record of everything that happens on the internet.
You should never have considered anything written in discord to be private.
Click to expand...

wrong, it is private between users. I'm a certified privacy officer and for sure the fact you can read and/or store a conversation on a channel is implicit in speaking to/with other members. BUT a record by 3rd party with an hidden transmission (the transmissioon make it illegal!) mechanism without the consent of the users is ILLEGAL in ALL modern jurisdiction, as Europe, UK and USA.

Anyway, everyone should be careful with personal and financial data, no matter which law your are protected by, and if you put your credit card number on discord you are still stupid :)
 
Last edited:

Lordxenu

Lordxenu
Do we not need to be a little careful here especially with our armchair lawyering?

Firstly i would suggest that palbot records information (as the paladin consortium have already said) completely innocently just to function it wasnt built as a spy tool but just as a tool.

If i made myself an app i wouldnt be worried about what i was capturing.

There is the issue that someone may have found and used this information to gain some in game advantage but im pretty sure (here i go armchair lawyering like a massive hypocrite!) The data protection act only relates to personal data that can be used to identify someone.

Since the bot is recording chats of cmdr whatever this hardly feels like a huge data breach.

The reason the backlash worries me is that this is the sort of thing that will put 3rd party devs / tinkerers off and we all know the world collapses when 3rd party sites shut down!

Perhaps someone does need to get a slap on the wrist here but we should keep it in context.

What has the bot actually found out? Peoples names and addresses? (If you put this on a public discord channel you shouldnt be arguing about dpa imho) or what system some faction wants to move into? If its the latter how can anyone claim damage has been done?

As i said im no expert so may well have missed the point but it seems a dramatic response to what was a useful tool, that may no longer be wanted but all the privacy breach stuff is excessive.
 

MottiKhan

MottiKhan
In my opinion, there isn't a privacy issue here unless the bot can find personally identifying information such as email or phone numbers. That sort of thing. The bigger issue is that people feel violated by having conversations that should be between virtual colleagues recorded by someone who doesn't have a valid right or need to know what's being said. This is a valid concern and diminishes trust among "allies" and "friends".

The bot should be erased. The problems it has caused far outweigh the limited value it gave. I've lost quite a lot of faith through this and won't be so open with my "friends" from here on. Is this bot worth it? Not in my opinion.

Nuke it from orbit.
 

Lordxenu

Lordxenu
MottiKhan said:
In my opinion, there isn't a privacy issue here unless the bot can find personally identifying information such as email or phone numbers. That sort of thing. The bigger issue is that people feel violated by having conversations that should be between virtual colleagues recorded by someone who doesn't have a valid right or need to know what's being said. This is a valid concern and diminishes trust among "allies" and "friends".

The bot should be erased. The problems it has caused far outweigh the limited value it gave. I've lost quite a lot of faith through this and won't be so open with my "friends" from here on. Is this bot worth it? Not in my opinion.

Nuke it from orbit.
Click to expand...

See this I get and 100% agree. There is reason to not want the bot (although I struggle to believe it was initially designed with malicious intent) but it's the "your going to jail forever" posts that are a bit OTT
 
You must log in or register to reply here.
Back
Top Bottom