Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] Discord bans me for using their official client (annaclemens.io)
54 points by lojewalo on Nov 25, 2020 | hide | past | favorite | 53 comments



Hi,

I lead the anti abuse team at Discord. I've looked into this case a bit more in-depth to see what was going on. Although I can't get into specifics, given the poster was kind enough to provide us with ticket IDs, I was able to look into this a bit further to see what actually triggered the account ban.

> Discord bans me for using their official client

This statement is false, unfortunately - and our abuse detection flagged the account for using our API in ways that our official clients do not. In this case, there was indeed a 3rd party client involved. Although our rules and heuristics do not specifically target 3rd party clients, it does target things that "don't look like what our official client does" which is very effective at targeting spambots that are constantly waging war against our platform - but has the unfortunate side-effect that using a 3rd party client in certain ways may lead to account termination.

In general, appealing the ban would lead to an unban (we're humans after all, and we're trying to stop spammers/bad actors, and that's what this system is meant to stop.) I am going to following up with our T&S team to understand why this case saw such a rocky conclusion.


Thank you for looking into this! My first thought reading their story was "They must've used their discord token in some unusual way."

... which is exactly what I've been doing too: https://github.com/Tyrrrz/DiscordChatExporter

Do you happen to know: Is there a risk of Discord banning me for using that tool to automatically export chat logs for processing via a bash script?

Basically, it's a tool to convert discord servers into json.

Their official wiki gives instructions for using your personal user token rather than any bot / API token: https://github.com/Tyrrrz/DiscordChatExporter/wiki/Obtaining...

I admit, I used my personal token without giving it a second thought, even though I should've known better. I haven't been banned, but this story reminded me that I should be careful. Am I being overly paranoid? Is it fine to use your personal token in situations like this, where it's basically a CLI tool?

Also, I run a discord server for ML with ~1k users. If I get banned by Discord, will server ownership transfer to someone else? Or will the whole server get knocked offline too?

Feel free to ignore this if you want -- I'm merely asking in case you happened to know. Happy thanksgiving!


Thanks for looking into it. To be honest, it didn't cross my mind that Ripcord would be the reason why, considering I've used it for years successfully. I only use it because the bloated Discord electron client makes my laptop want to kill itself, but I guess I just won't use Discord on my laptop anymore.

I was using the official client when it happened, but Ripcord was open on my laptop (which I wasn't using) at the time, so it makes sense that it might've sent requests the normal client doesn't when a DM is closed or something. Or maybe you flagged it earlier than that.

Either way, I'm glad to be unbanned now, but this customer service was unacceptably bad. I didn't get a real answer on why I was banned (until HN got the attention of a non-CS rep), and when I was told I would be unbanned, I wasn't and was ghosted afterward.

(Also I'll update the page I wrote)


Huge apologies on this one. Most of your tickets were still in the queue - and no one has gotten to them yet. Some other tickets were closed in error because it looked like the issue was resolved - as your original ticket had mentioned there was an unban.

As for the initial unban, a bug had caused the "successful appeal" macro to apply - but it did not actually unban your account. Hence the confusion.

We are definitely working on improving this and the experience - and I'd like to apologize for the quite honestly shitty experience you had. 2020 has been a wild year for us, and we are still playing catch up operationally on some things - with the rapid surge of usage on the platform.

Unfortunately the people handling these appeals don't have all the information necessary to explain exactly why you were banned - and as a general policy we try to keep those exact details under wraps to thwart attempts from people to try and reverse engineer / circumvent our anti spam. (Of which there are many, so... so many people trying to do this.)

We are working hard on improving our process around this - but it's a rather gargantuan effort. From both the improvement of automation and tooling, and also staffing in general. But we are actively working on it - and a lot of my day job is to make sure we are handling these kinds of cases in a timely manner and also making sure nothing slips through the cracks due to a bug like your tickets have.


Why ban people for using Ripcord? It’s a lightweight discord client. That seems like a tactical mistake. It’s in your interest to let users use popular third party clients that clearly aren’t malicious. Discord doesn’t make money on ads (at least, not in the server) so this also doesn’t warrant a ban.

If I were you, I would be seriously concerned by the fact that they were banned at all. They handled this thing all wrong — they should have been making noise like “Discord bans me for using popular third party client”.

Notice that this story was flagged. But if they had done it that way, it would be news. And discord would look seriously bad.

Please, consider spending an hour investigating whether (a) they were banned solely for using ripcord, and (b) are we communicating to our users that they will be banned for using ripcord?

I don’t understand why nobody seems to have noticed or cared about this angle. This is really not a great look for discord, and it’s the only piece of news that has ever made me reconsider whether it was a good idea to base our 1,000 user ML discord on your platform.

Because I could imagine myself getting banned for this. And if I get banned, as the server owner, I feel queasy not knowing whether that might destroy my server and undo a year of work.

All that said, I wouldn’t be surprised to know that OP was in fact doing something more, not merely “using ripcord”, and that you can’t discuss it publicly. But, if it’s true, I urge you, regardless of your position at the company, to nip this PR disaster before it has a chance to happen. Because literally no one will be sympathetic to any of your justifications for a ripcord ban. They have users’ interests at heart, and they let people on bad laptops use discord. Banning them for normal usage is a huge mistake — it makes no sense that you’d have to “protect” discord via a ban.


We are not banning people for using Ripcord. We are banning people for using our API in ways that our official client doesn't. This is paramount to our spam detection strategy, which is detecting quirks in requests that try and emulate our official client, in order to send spam. There is a very thin line between "scripts meant to try and emulate our client to send spam in an automated fashion" and "third party client" both try and emulate our client, but perhaps for different intent. However, our systems currently treat these as equals. It is for this reason that we have maintained that 3rd party clients are against our ToS - and most warn you before you use them. Given the vanishingly small user-base of 3rd party clients relative to the tremendous amount of spam-bots that constantly are attacking our platform, it's an unfortunate reality that this is bound to happen.

If you are a real human, and not a spam bot, our general policy is to unban and tell you "hey don't do that again." Which is the outcome that should have (and eventually did) happened here.


It seems like it did cross your mind, since your title is "Discord bans me for using their official client," which multiple people noted is rather ... unusual. :)

This was a missed opportunity to bring attention to the fact that Discord is banning people for using Ripcord, which seems kind of crazy:

https://cancel.fm/ripcord/

https://news.ycombinator.com/item?id=19617699


It may seem like it did, but ultimately I know what did and did not cross my mind. It is shitty of Discord to do that, though.


Something that could be missing from this story is that they may have been in the official web client, but they may have executed custom code (for example, console JavaScript, an add-on, user-extension, etc), that resulted in this, since obviously the web browser will make whichever API requests it is instructed to make.

So i could imagine a user wants to do something that Discord makes it difficult to do (perhaps they want to search channel logs locally, or delete all of their messages in a channel, or amny other things), and if I wanted to do that myself I might just throw some JavaScript into the console in a for-loop, which would obviously result in irregular API requests.


No, this was not the case. A 3rd party client was very much involved here.

> So i could imagine a user wants to do something that Discord makes it difficult to do (perhaps they want to search channel logs locally, or delete all of their messages in a channel, or amny other things), and if I wanted to do that myself I might just throw some JavaScript into the console in a for-loop, which would obviously result in irregular API requests.

We don't really weigh sus requests too highly (to the point of acct termination) unless they are likely to impact other users, or be used to move laterally on the platform (join servers, send friend requests, open new DMs... etc.)


Thanks for the quick update, that's reassuring. I would still be a bit worried myself of a potential ban if I did try to perform such examples (in my parent comment), as the proprietary nature of the platform can make such actions necessary in order to have sufficient control of one's data and environment. I do acknowledge how difficult dealing with abuse at-scale can be too, so sometimes unfortunate situations are partially-necessary as compromises here. I do appreciate reassurances that things aren't as bad as some may claim though, since Discord is particularly worrying for me wrt the centralization and level of control they will have over the next years/decades of the entire online social space.


I wonder why the user didn't get a better reason for their ban? These unclear explanations make it really difficult for users to follow-up on bans.


What's up with the odd focus on "using the official client"? Why would anyone doubt she was using the official client? What else would someone be using? To me it sounds like maybe she had been accessing Discord with something other than the official client, but not at the exact moment she was banned.


That's the feeling I got as well. 9 times out of 10 when I see "I was banned for doing NOTHING wrong" it's just a lie.


The same day, I responded to their email, stating that their explanation wasn't good enough and that I hadn't done anything wrong. I demanded they give me an actual reason and reinstate my account.

A tip for nerds like me: In situations like this, try to act like a real person. Support people especially have to deal with endless streams of annoyed, angry, or abusive people who will treat them like dirt. Anyone who's worked in a grocery store, etc will know what I mean.

Something like "Hey, thanks for looking into this, but I am very confused -- It seems like I was banned due to a software glitch. Would you mind double checking why I was banned?"

Boom, you've turned it from an unhappy angry interaction into a mystery they might be inclined to pursue. I've seen this technique work wonders.

And sure, you could argue that it's their job, so this shouldn't matter. But it seems to matter a lot, at least in my experience.


The other technique to try is to ask a question about how the support worker would go about it: "I don't know your systems and I don't know how to navigate your procedures, so if you were me in this situation what would you be saying, and where would you be sending those messages?"


It's probably not related to what you were doing when it happened (closing DMs). It's just that their ML batch job happened to run then, and aggregating your previous behaviours and network access patterns across the whole app and maybe other things it 'observed' about your use of your computer after you gave its client unmitigated access to everything on your PC (I digress), it decided based on some opaque trained model that you were a spambot.


I agree this (automated abuse detection lagged realtime, flagged some past behavior) is likely. I also suspect whatever else may be the case, the lack of detailed explanation is probably because whoever is fielding support simply doesn’t know (and may not be able to know) what was flagged.


Whenever it comes to gaming I just assume anyone saying they've been banned unfairly deserved it. League, Dota, FPSs, and discord too apparently all have this weird group of people who get banned for doing shady shit then go on forums and complain. People being banned from services unfairly (and without explanation) is a real problem, that doesn't mean that everytime someone complains they deserve the benefit of the doubt.


I got banned from Pokemon Go because my phone was rooted, never did geo hacking or anything. Just woke up one day and said I couldn't get in. It didn't really give me any information and it took some searching online to see that they just blanket banned rooted devices. I was upset, but whatever.

A year later I got a new phone so I decided to try it again. I tried my login and it said the account didn't exist. So I tried to make a new account with my username and said the username existed. So I tried to make a brand new account and it said my email was in use and I couldn't use it. So I tried the forgot password/recovery thing. Said account didn't exist. So I gave up. Sometimes companies just do weird stuff that is hostile to users.

Edit: I want to add that as a big linux user I've found that I can't get into many games because of blanket anti-cheat bans. I know my cases are niche, but there are weird blanket bans.


While we won't get to know the full story and the entire history of this person's Discord account (to side with him one way or the other), this piece still serves to show the downsides of a centralized service which has to do its own abuse management - and at discord's scale[0], there's bound to be a lot of mistakes.

On a side-note, running a modded client (like Better Discord) at any time is a risk to your account. Some people have reported getting banned for year-old messages that used a plugin which allowed creating embeds inside the discord client (you otherwise can't create custom embeds on a non-bot account)[1].

0: https://discord.com/company#app-mount:~:text=Our%20metrics

1: https://github.com/Fraserbc/BetterDiscord-Embeds#user-conten...


> show the downsides of a centralized service which has to do its own abuse management

And platforms that have no censorship also have downsides. There’s no perfect solution.


And when others shame, criticize, or shun you for your speech, people also consider that within the framing of censorship. The only speech which is safe from blowback is to yourself.


Yeah.

I got banned in PUBG due to their broken anticheat and it tagged my Steam account with all the games as having bans on record. Fortunately I wasn't the only one and they fixed their software and reversed accidental bans.

I wonder what I could realistically do if something like that happens again and the developer doesn't notice?


Depends on how many Twitter followers you have


Unfortunately, this same cynicism can creep into the mindsets of the moderation and support teams.

I had to deal with abusive users at a past job. Some of them simply disappeared after we locked their accounts (temporarily, with explanations), but many of them would launch aggressive harassment campaigns at the company. They'd start with support, then attempt to escalate support tickets, then move on to trying to contact management via LinkedIn or guessing e-mail addresses. A surprising number of people would find creative ways to contact our CEO with carefully honed stories claiming innocence. We started removing employee's last names from customer communications after someone started doxxing support employees and arguing with their family members on Facebook.

Those who had social media clout were virtually guaranteed to use it against us. The stories they published were always distortions of the truth with convenient omissions.

The worst part was that after watching this play out 50 times, everyone starts to grow unsympathetic to any complaints. It's a challenge to maintain some empathy and perform diligence on complaints, otherwise you get legitimate errors slipping through the cracks.


This generally applies to anyone complaining on the internet about anything. It's convenient when those judging can only ever hear one side of the story.


The new hell, same as the old hell.

At least when github ('s inscrutible AI) banned me in error they answered the email and reinstated the account in about a day.

I had only just barely cloned everything to gitlab and edited a bunch of links to s/github/gitlab before github was working again.

Maybe that is factor, that an effortless drop-in replacement existed, and the original of all the content I cared about was still on my own machines and github only hosts a copy, so they have meaningful competition.

They never did say what I supposedly did wrong though, other than a vague suggestion about possible spamming.

Merely when a human looked at the case they corrected it. I asked a couple times what triggered it and they simply didn't asnswer that part.

So it was some ML black box. They themselves don't even know why they did it.

Same thing is probably the case here, only with even fewer or shittier humans in the loop, and holding something hostage that you can't take elsewhere.

Actually hostage isn't even the right word because even kidnappers/hackers respond to the email and return your stuff for a price. These guys aren't even doing that.


Time to check out Mastodon, Pleroma, and other distributed social networks.

Walled gardens with chilling suppression begone!


Mastodon and Pleroma are Twitter alternatives, not Discord alternatives. The chat functionality for them is awfully implemented last time I checked. But then again it's a different target audience.


You are right. XMPP and IRC then.


Mastodon can de-platform you just as easily as Discord if they don't like what you say.


>Mastodon is run by "them"

That's not how federation works.


No more so than any random website. Mastodon is a federated platform, so find an instance that allows you to say what you want to.


> Discord did not deign to reply to my last ticket at all, but I'm filing another one today

This doesn't do much anyways. Whether it be Discord or any other support helpdesk, their tier 1 support will just merge the new request into your already-existing request and you're back to square one in getting a reply. After doing this enough times they might just completely block your email since it really is spam at that point.


This is weird. This person may not know the reason they were banned or there may not have been any reason. But clearly "using their official client" isn't the reason for the ban and I don't see any indication that was stated or implied by Discord.


OP claims that Discord banned him for using their Official Client. OP states they never gave them a "real" reason. But they're certain it was for using their official client. The skeptic in me thinks that the specific use of the terminology "their official client" is suspicious. How do they know?


OP omitted “at the time” most likely. It’s a bad idea for anti-abuse engines to ban in realtime because it’s too strong of a signal to those trying to circumvent it. OP most likely used a 3rd party client in the past and got banned later.


The author seems to have used the auth from the official client for some application. Discord indiscriminately bans due to API abuse.


What? The author used the QR scan feature from the official Discord mobile app to try to log in on the desktop client.


> After closing maybe around seven of them, Discord booted me back to the login screen.

This seems to have occurred after the account was banned.


The Discord client will do a full reload if it starts getting bad status codes from the API, eg. 403 or 401 (due to a password reset or account termination), so that's probably what happened here.


How did you come to that conclusion from the OP? I've read and re-read it. That's a good guess, but nothing indicates the scenario you mentioned.


why do you think this? I didn't get this from the article.


You mention GDPR. You do have a right to your data as per EU rules. Feel free to talk with your state data protection authority.


You also have a right to have access to the data they used to make the decision to ban you, and an explanation of it in a way a reasonable person could understand.

Articles 13–15 provide rights to 'meaningful information about the logic involved' in automated decisions.


Discord is american; and Anna's github says she's in Michigan. She's not covered by EU laws.


I did a GDPR complaint because GitHub locked me out of my account because the 2fa failed. It took the dutch authority 18 months for them to decide they couldn't be bothered to make GitHub provide my data. GitHub also lied and claimed my repositories weren't personal data even tho my name and email are all over them. Also if you talk to your agency you can't actually appeal the decision because your agency didn't decide anything, they have to follow it on to the agency that is responsible for that country based on which country the company is based in.


Well, there go my hopes.


This might have been downvoted because it seems the user in the US, and the company is also in the US. GDPR doesn't seem to apply here. Or maybe you were being sarcastic by saying "state data protection authority", but it's not obvious enough.


10166788

what does this mean? some sort of timestamp? date?

Timestamp 1016678800

Time (UTC) Thu Mar 21 02:46:40 2002 UTC

Time (-0800) Wed Mar 20 18:46:40 2002 -0800


It's a support ticket number


::tips hat::




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: