Hacker News new | past | comments | ask | show | jobs | submit login
PSA: Don't base your business around Discord.7yr account banned for posting ASNs
502 points by bottiger1 on Sept 2, 2023 | hide | past | favorite | 170 comments
There's been a trend of startups basing their entire business on Discord like Midjourney AI, and Discord themselves pushing for people to do so with their subscriptions system.

Well just a few days ago I found out that my account of 7 years was just banned without a warning for a very obvious error on their part. Just hours before my account was banned I posted a list of ASNs (basically ISPs) connected to a non-discord server I had that looked like this:

22773 ASN-CXA-ALL-CCI-22773-RDC, US

5432 PROXIMUS-ISP-AS, BE

577 BACOM, CA

To someone who doesn't know what ASNs are, they would probably assume they are addresses. This is not personal information, and there's no way to tie this information to any individual.

I opened a ticket and the only reply I get is that the ban will not be reversed and that the account will be deleted in 14 days. I've tried posting on Twitter and they have selectively ignored me while replying to everyone else. Any submission I make on the subreddit gets instantly deleted.

Screenshots for proof.

https://pbs.twimg.com/media/F49XZ4zaEAA_7mR?format=png&name=small

https://pbs.twimg.com/media/F49XZ4zaEAErD3J?format=png&name=small

https://pbs.twimg.com/media/F49XtAiaEAMmDdK?format=png&name=900x900

This also isn't the first issue we've had with Discord. They threatened to delete my server a few years ago because 1 person said they were underage amongst thousands of lines of chat and we did not see it and ban them. They refused to tell us who it was so I had to spend hours looking through chat to find the offending user.

Think twice before you decide to base your business around Discord.




I've always been wary of adopting Discord, at all.

Every time I see a business inviting me to a Discord, I feel like I'm putting myself in a position to be mistreated either by the platform or by the company inviting me. I feel like they don't quite understand sound business principles like Platform Risk.

If keeping up the business afloat is your mission as a business owner, why'd you base your business off a platform you don't control? You might assume a Platform Risk, and be fully aware of it (and in the meantime, capture the capital to have your own platform or contract services from another platform less volatile), or you might not be aware of it at all, or if you're aware, you just play dumb and say "it won't be a problem, that happens to others, not to me".

I just get discouraged, I never end up joining these Discord communities and I don't buy the product/service the company is selling, I feel it distasteful.

In these SaaS days where providers can get away with not having a proper Support department or they are too big for you to go ahead and sue them face-to-face... why'd you put your neck on the line this way? It feels so needless.


>Every time I see a business inviting me to a Discord, I feel like I'm putting myself in a position to be mistreated either by the platform or by the company inviting me. I feel like they don't quite understand sound business principles like Platform Risk.

>If keeping up the business afloat is your mission as a business owner, why'd you base your business off a platform you don't control? [...]

Why is discord any different than other platforms like office365 or AWS? Do you feel the same about companies using those platforms as well?


AWS and Microsoft are very, very different from Discord. Discord originated in gaming and caters to a largely non-paid user base, that background alone is enough to be skeptical.

As terrible as AWS and Microsoft are as companies, at least they have an established reputation in B2B software. It’s an apples to apple-flavored candy comparison.


> AWS and Microsoft are very, very different from Discord. Discord originated in gaming and caters to a largely non-paid user base, that background alone is enough to be skeptical.

AWS originated in providing servers for a book business that grew from there, Microsoft originated from writing a interpreter, but both of them excel in other areas today as well. It's not impossible to start with something (chat for gaming), gain expertise (chat for large groups) and then apply it elsewhere (chat in the workplace).


AWS and Microsoft were both much larger companies with many years of successful operations by the time they launched cloud services. Discord is both younger as a company and still recently raising new funding founds. That doesn’t mean that you shouldn’t rely on them but they’re definitely less proven.


Of course, which is why Discord charges much less then the several hundred dollars per year per seat that Microsoft does?

What is the complaint here, that they're offering a much cheaper service with less credibility?


The complaint here is that Discord is too popular among a generation of young business owners that put their livelihoods on the line in such an unreliable service, business-wise.

Discord's marketing is too powerful for these business owners to consider safer, more reliable alternatives. Same story with Stripe, and similar services that cut lifelines with no recourse other than outcry in public forums like HN and Reddit.

If they have to learn the hard way, so be it.


If your planning to use services that are ban happy like Discord, Stripe and ilk, make sure to document and communicate a fallback plan.

For example, ensure you have a backup email address for those you communicate with on Discord, and convey an alternate communication method (Meet us on Matrix at XYZ!), or on the payments side plan on how to handle a PAN Data Export with a pre-selected vendor that is experienced in ensuring Stripe exports this data to them. From what I have heard, nearly half of all data exports from Stripe fail to occur, so you need to be your own advocate to ensure the stable hosting of your payment card data.


That's what I'm talking about, yes. Being fully aware of the platform risk, and managing that risk actively.

One could always understand the tradeoff (this ban happy service brings me more public, exposes me to leads, as opposed to: they ban on the slightest mistake and are misunderstanding), but as every risk: It should be managed with any of the four basic risk management actions:

- Elimination: which in this case, would be to not use that service at all

- Mitigation: reduce the risk the most (your example of backup exports, etc)

- Acceptance: being aware and recognize maybe alternatives are more costly than accepting the risk

- Transfer the risk: let someone else handle the risk for you (insurance, for example)


It’s not a complaint as much as a caution that they’re not coming from a business services world and have less experience with things like paid support or SLAs. That doesn’t mean you should never consider them but it does mean you should have serious conversations about what you’d do if they suddenly nuked your account & won’t even give you a way to contact them – plan for Google-level support, not AWS.


> It's not impossible to start with something (chat for gaming), gain expertise (chat for large groups) and then apply it elsewhere (chat in the workplace).

I understand what you meant, but it's not quite applicable in this case. Chat for gaming (and approach) is not an adjacent market of workplace/enterprise chat.

Just imagine Slack or Microsoft Teams going for gaming chat; you can quite imagine that repurposing of product not happening.


> Just imagine Slack or Microsoft Teams going for gaming chat; you can quite imagine that repurposing of product not happening.

If that ended up being more popular, they definitely would. But I don't think that'd happen either.


A business contract with AWS or O365 account carries a lot more legal weight, and they also have the support infrastructure to assist when an automated tool does something that needs to be assessed for reversal.

If something like this happened at AWS they'd nuke the services that were running and probably reach out to the account owner (if the automated service didn't do so as part of the nuke). The account owner's databases or Terraform scripts wouldn't be deleted by a set of EC2 instances being taken down.

AWS has its own problems but they do try and stay out of content moderation where possible through their "Shared Responsibility Model" (which also means they don't do things like backups for you).


> Why is discord any different than other platforms like office365 or AWS? Do you feel the same about companies using those platforms as well?

The difference is that Microsoft and AWS don't take on an active role in moderating what happens between the company and its users.

But yes, in a way they are similar and I do feel uneasy each time we take on a dependency on some AWS-specific feature where we could easily have build the component to be independent.

No one else seems to care though. Even worse, the CEO wants us to dig deep into AWS, because that somehow will make the customers trust us more.


Didn’t AWS pull the rug out from under a fledgling, but increasingly popular, social media site that never recovered from their actions “after the platform was deemed to be both "unwilling and unable" to address extremist speech”?

https://www.newsweek.com/amazon-web-services-parler-lawsuit-...


>a fledgling, but increasingly popular, social media site

Aww, so innocent sounding. AWS was such a big bully in terminating their relationship with that client. It's not like anybody died as a result of that extremist speech they were popularising, right?


You are saying it’s okay for companies to intervene and censor if they deem it necessary.


You sound like one of those people who think governments should ban encryption because pedophiles use it.


I'd say the difference is I can make a full backup of my data on office365 or AWS. From office365, I can export my documents, my emails, my drive storage. AWS: I get full access to my databases, my files.

Even comparing Discord to Slack: Slack has export capabilities.


Given what you just said in your comment, I guess what makes them different is that Microsoft 365 and AWS are enterprise-ready, so you can take away your data easily. With Google, with a regular account, you could as well using Google Takeout.

With Discord... you might have to strong-arm them into a GDPR claim or similar, so, vendor lock-in in a B2C SaaS is a thing.


> Why is discord any different than other platforms like office365 or AWS?

It is different. Really

Discord seems run by people with a vague understanding of security, attack vectors, let alone security best practices.

(or maybe they are heavily biased towards the gaming audience - but regardless)


What do you mean?

Because they seem to be very competent when it comes to software creation


They are very competent at bells and whistles and creating something for gamers

But in terms of identity management, they're awful


Not OP but yes absolutely. Run your own physical infra or fail


There is no difference and people saying otherwise are just in denial.

Because their businesses/jobs are so tightly tied to AWS etc, they just tell themselves everything is fine. (What else can they do? Quit and be a full time open source developer?)


Hm, when you are solo coder doing a product, discord is super valuable. You get to interface with your customers in casual way + you get a bit of free knowledge/quirks base. Also if something is wrong with cloud provider, I can broadcast easily etc. All those functions can be ramped up separately, but the goal for me is to code and deliver on a product. As everything it has tradeoffs, but I wouldn't make snap judgements that discord is just a lazy excuse. Its a great tool for comms with low friction.


I hate how hackers and FOSS devs always try to make their “own” project. If there were a FOSS discord clone identical to discord, thousands would self-host it overnight.



Oh thanks! I recently need something like this but couldn’t find anything.


Do. Not. Launch. On Discord.

They are getting worse and worse towards their users. The “platform” was never designed for this, it’s painfully obvious. There’s no knowledge base, no support system, no sense of organization, no professionalism, just bots doing “stuff” as a product. Is FastAPI that hard? Is building a customer portal that difficult?

I guess I’m showing my age but I use discord for gaming and chatting with friends, not to balance my checkbook or pay my bills or assist my coding or design architectural diagrams. Occasionally it will help me make a pretty image that would otherwise take me weeks… Or help be brainstorm a sketch of a creature. However, the UX of discord is problematic towards anything other than a gaming community.


> However, the UX of discord is problematic towards anything other than a gaming community.

Discord was built with a core target market and really they've nailed it. But I really have to wonder what a business is doing when they have their support chat or whatever on discord. I have no idea why someone thinks a chat platform that talks about school clubs, gaming groups, and art communities is the place to conduct business. To me, it's a bit of a red flag when a company chooses a tool that is clearly not designed for business and doesn't even try to pretend like it is when there are tons that are.


I think it says a lot about the 'designed for business' apps that discord is doing well in competing with them despite not being designed for business. If Slack and Teams had any sense they would be taking notes from discord (Matrix is, which is good, but they are still lacking in implementation quality and the network effects are pretty killer)


For me, it's more of a sign that the company isn't mature enough to use the correct tools and they've just used the chat system they use to chat with their buddies because it's easier.


I'm on a lot of discords for businesses that are run by individuals or small groups, mainly in the custom keyboard space, and they all have websites and emails for support questions, payment systems, but the discord is where the users of their products are, and the business owner is frequently there in a more casual setting so we can get quicker support/leverage the community, show off mods, and just discuss. I think it's a great idea for businesses reliant on community engagement like these, or indie games, to have a discord (separate from official channels)


So discord is something I use for voice-chatting and shitposting with friends, typically while also playing video games.

Can anyone tell me why they would ever use it for anything remotely serious? Can you tell me why you'd want to stake your livelihood on a walled garden designed for video game voice chat and sharing rickroll videos?

Not only that, I can't take seriously a business that uses discord. Like, what are you doing? Are you selling curated rickroll videos? God-tier cat memes? Do you do shitpost editing and enhancing? Like that what the fuck are you doing that your business needs to use discord, an app for vidya gaymen? It just gives me this puerile vibe, like this "hello fellow kids" kind of thing.

I'm genuinely curious what this app does for your business that seemingly couldn't be fulfilled by anything else.


Discord is a very featureful chat and voice app that is similar to slack in terms of managed-ness but they have completely different roots.

Slack is basically just business email but IMing instead of email, if you know what I mean. It's very business. Business happens there. Synergy and collaboration and so on.

Discord, meanwhile, grew out of some combination of gaming/tech IRC servers and gaming ventrilo and teamspeak servers. It's a completely different vibe and clientele that just happens to have a very similar feature set to slack.

So having a discord for anything that's gaming or programming/techy-adjacent makes a lot of sense and there's a big preexisting community there. I launched an OSRS plugin and we set up a discord channel for it. It was a niche thing, very niche, and we never really took it very far (it was sort of partly just an excuse to try out using managed k8s for the backend server that the plugin was a client for). We did 0 marketing aside from listing in the OSRS plugin marketplace and putting the discord link in the description.

Suddenly me and my pal had like 100+ people in our discord and as many users of our site. With 0 marketing and a very simple MVP.

And we didn't do any BI or anything but afaict the attach rate of discord joining to using our plugin at least once was very high, well over 50%. People even asked a few questions and said the project was cool.

So yeah. While I wouldn't literally run my business on it, as a "fan site" it's very useful and valuable.


> Discord, meanwhile, grew out of some combination of gaming/tech IRC servers

For the record this is exactly where Slack came from as well.

From Wikipedia:

> Slack originated as an internal communication tool used within Stewart Butterfield's company, Tiny Speck, during their work on the development of Glitch, an online game. These communication tools were initially built around the Internet Relay Chat (IRC) protocol and included scripts designed to automate and organize file exchanges among their development team.

> In August 2013, Slack was launched to the public and continued to maintain compatibility with IRC, reflecting its origin. Additionally, it was also compatible with XMPP messaging protocols.

https://en.wikipedia.org/wiki/Slack_(software)


> However, in May 2018, the company chose to close down these corresponding gateways due to limitations inherent in those protocols.

It was a way to onboard tech people and once they were big enough they closed the door for those audience.

Which really hurt me because i live in a country with a small tech community and was happily interacting with them using irc, until slack changed into a walled garden.


In fairness, can you imagine implementing all of Slack's features over IRC? Nightmare.


or... and stay with me here... you could not implement them for the IRC, but keep the gateway available for people who want to willing trade the "degraded" feature set for the ease and familiarity of a simple, low noise, low distraction environment.

Aka, not behaving in a user hostile way.

Dropping irc was more about control than it was about adding features.


The real problem was when Slack added message reactions. Those weren't visible at all in IRC. They absolutely could have been surfaced, like how Apple sends reactions in SMS chats. In a business context that means missing critical acknowledgements of messages and generally forced our IRC bridge users to switch.

It was a pretty user-hostile way to reduce the number IRC bridge users (to then justify killing it), especially given it took them many years after to get the Electron client to the point where it wasn't a laptop-killer.


That's a trivial example to push to irc (but you already gave the same example I'm about to)

[username] reacted to message [username]: [message]

> In a business context that means missing critical acknowledgements of messages and generally forced our IRC bridge users to switch.

I'm not sure I'd willing call an emoji reaction to a "business critical message" acceptable. Either it's critical, and an emoji reaction (which currently doesn't generate a notification) isn't sufficient, or it's not critical, and someone (I don't mean you, speaking rhetorically) is wound *way* to tight! :D


Surely you can see the issue with having some features just not work for some people? Reactions is the most obvious one. They aren't just for fun - people use them for polls for example.


[username] reacted to message [username]: [message]

> Surely you can see the issue with having some features just not work for some people?

No, I honestly don't. If I'm using IRC, even after slack warns me about missing and unsupported features. That's likely what I want! What if I don't want to see reactions when I'm trying get work done, but I am willing to be interrupted to answer questions, etc? Also, that example is easy to solve for IRC (see above)

People using it for polls is nice, and I think reactions are a useful feature. But there's no reason you can't make a "best effort" to support something people want to use. If I need to react, I'll grab my phone, (or open a browser). Meanwhile I can have access to the information that's *actually* important... text messages.


> [username] reacted to message [username]: [message]

Apple does this for iMessage and as far as I can tell (I don't live in the US) it's widely hated and believed to be deliberately annoying to Android users.

Do you really want 20 or those notifications for popular messages? Are you going to count them up for polls?


Embrace, Extend, Extinguish.


Discord is slack that works, that's all


Midjourney is a great example: Discord offers a customer base of potentially hundreds of millions of individual people using it to generate and send images to one another.

You seem very dismissive of it, but what about businesses running on other chat platforms like Whatsapp, WeChat, QQ, etc?

Sure, it CAN be fulfilled by anything else, but is that where your customers are?


Yeah, I wish some platforms would just die, and that includes Discord and WhatsApp. It's where the customers are for a reason. There's this naive mindset that says, "If you don't like it, don't use it," but this does not apply to communication channels. I'd rather everyone just go back to IRC, but we won't have that because of Discord.


Not a "buisness," but the project I volunteer on used to bridge to Revolt, a FOSS clone of Discord. The Revolt server got raided, as my friend, who also worked with the project accidentally leaked the invite, which would lead to the server's deletion. Me and my friend asked the project leader and co-leader to re-bridge to Revolt, I don't even remember what their responses were. My other friend made a hobby project that bridges directly to the project's main product, and that became the de facto Revolt server. My friend then asked me to make a replacement for the bridge with the library I made (for Node.js/TypeScript), as it was faster and stays online longer (sending a websocket message to the server every 15 seconds - the same as the main client) than my other friend's (for Python - the project leader dropped a backwards-incompatible release in the websocket library, so my other friend was pretty screwed).

RIP, volunteer project's Revolt server, 2022 - 2022.


Having a discord link probably sets some expectations about what to expect over there: chat, community, maybe voice chat, chilled vibe, temporary. All that from seeing the smiley joystick logo. It also signals cool modern startup. It may be be super convenient if your audience typically has an account already. Yes a tonne of downsides of course.


May I ask what the context of your message was? Presumably one of the people on that server reported you, and in the messages you posted, people seem taken aback (eg "did you just..."). I'm curious what the context was and why they took the impression it was unusual? What were these ASNs in relation to?


This piece seems to be missing for some unknown reason. What is the purpose of posting ASN and ISP physical addresses?


ISP physical addresses were not posted, only the ASN was. Look at the original post.

22773 ASN-CXA-ALL-CCI-22773-RDC, US

5432 PROXIMUS-ISP-AS, BE

577 BACOM, CA

This is the layout of what was posted. These are not even addresses.


It was to show that we had a lot of users in Asia, yet none of them were using our servers in Asia.

I find it kind of crazy that people here are doing all these mental gymnastics to justify Discord's behavior.

ISPs are not considered personal information. There is no reasonable way to de-anonymize it when there are thousands to millions of customers per ISP.


I find the trend of businesses using Discord as their primary support/community platform troubling.

It not only makes Discord an unaccountable gatekeeper of business communications and data, as demonstrated here, but also unfairly forces customers to either accept Discord's terms and conditions (which are not what they signed up for) or be left behind as second-class citizens.

Good luck, bottiger1. I hope you get it resolved.


>They threatened to delete my server

I really hate how Discord intentionally co-opted the word "server" in order to imply that one can somehow own or control a Discord account.

Discord Inc owns and controls all the servers. There's no such thing as "your Discord server", there are only accounts on Discord's SaaS platform, which they can restrict/censor/ban/nuke at any time for any reason.

It is not possible for individuals to self-host Discord.


Yes, I hate it too. It's a similar situation with Instagram, where people talk about "visit my Instagram page" and it gets indirectly conflated with the word "website"; it's even worse if it's an e-commerce business, e.g. "visit my Instagram store".

Then the Instagram account gets killed because it's not intended to be used as an eBay, and these naïve business owners didn't know any better.

We are in these times where kids don't grasp the concept of "C:\" drive. They just save all files and don't know what a directory hierarchy is. They conceive Instagram as a web builder, much like Wix.


For reference, the terminology they use for their API is "guilds." But since most other services in the space used the term "servers" (e.g. TeamSpeak and Mumble, where they were actual distinct servers), I can see why the UI doesn't say guilds.


Yes, I too can see why a dishonest corporation would knowingly use incorrect labels to mislead you about how their product compares to the competition. That doesn't excuse that behavior though, quite the opposite.


I'm not sure if Verified & Partnered servers are treated different, but unless you have explicit contract with Discord their moderation can be rather flaky.

That should be understood reality if you use any third-party platform.

Also it is open to question was it this activity. Or something else. Or just being present or member of some server where something against ToS happened.


Partnered servers are definitely not. There was a kneejerk moderation action taking in the past to ban the primary FFXIV server after a user posted some illegal content there, reported their own illegal content, and deleted the message afterwards so mods couldn't locate it. Considering where Discord came from, it was a surprising move to not even ask the operators of the server or share any information until they were facing user pitchforks.


I am quite confident that it was this activity. It is the only thing that fit this description:

"Your account maliciously shared or participated in the sharing of the personal or private information of another user."

It was also the only message of mine that was deleted in the past week.


Is it a common practice for Discord to enter in contractual obligations with businesses that use Discord as a central support or distribution channel? I've never heard of this before and given what happened to OP it seems like this should be (a) common knowledge that you can do this and (b) a default option for businesses to consider, if Discord is indeed a big channel for your business.

We use Discord as a primary support and community channel and it never crossed our minds to make a contract with them, but now I'm thinking about it..



My discord server was flagged as "offensive" and removed from public listings without giving a clear reason why. It took me weeks to accidentally discover the cause, which was the name of a channel: #bugs-minor. Renaming it to #bugs removed the flagged status.


That is so ridiculous - even if that would not be a false positive from a overly simplistic word match, removing it from public listing and doing nothing else is so far from the wrong action.


Sweet mercy.


I'm super risk averse so I would never build a business around a single point of failure like that - but I know that there is money to be made taking this risk (at least VC money, presumably real money). Look at everybody building off OpenAI, look at AWS, Shopify, etc. I'll never base my business around a platform, but I'll miss out on many opportunities, even if it's a big risk.

All that to say the warning won't stop people.


The Apple App Store is a similar single point of failure and both Uber and Instagram would not have become what they are today if they had not built their businesses on the back of the concept that Apple will not arbitrarily ban them. When they launched, their web apps didn't exist (and you couldn't access gps or photos from web apps anyway, so their services were impossible except for via the App Store).

Then again, so did Tumblr.


Cynically, if you run the gamut become hugely successful, the rules stop applying so strictly to you (eg banning Uber unilaterally would be a great way for Apple to create Android users, especially if you think about Uber drivers on iPhone) but become a moat to new challengers.


AWS staples like EC2, S3, RDS are safe as long as you control the domain outside of it and have backups outside.


I worked for a company that used Discord as the main internal coms tool. Aside the privacy and infosec concerns, staff would get suspended and quarantined often. And not for messages, but for things like using multiple accounts for business needs out of one machine/IP (like over VPN).

I think that even to this day, verifying multiple accounts with one phone number raises red flags for Discord. It's just built as an end-user product, not fit for business needs.

We would always be anxious around meeting externals or release dates for our sw because Discord could knock staff offline at any moment.

Don't use it for anything serious. Not as it is in 2023. Things could change in the future.


I agree it’s not a TOS violation, but I do think it could potentially be a shitty move to post the ASN from which a specific user is connecting to your service, if they’ve not said it’s okay for you to do so.

If you’re from a small town with a local ISP, associating that town with your first name could be enough to specifically identify you, with the help of yellow-pages directory sites. Even just knowing someone’s state or country is a data point that can be used to narrow down their identity. For the privacy minded, this could be very unfortunate.

I’m not sure why you would be publicly posting the ASN from which a user is connecting anyway? Could you explain the context a bit more here?


Where did they state this was users' ASNs? I only read that they posted a list of them, not associated with any users.


Good point, I think I misinterpreted the conversation in the second screenshot.

I think the point is still relevant though: if these are the ASNs connected to a server which you know has 10 active users, for example, then there is still a potential privacy concern.


We have 40+ servers, the ASNs did not have any other information tied to it like usernames as I had already mentioned.

This is a clear case of gross negligence by Discord.

Even if there was a potential privacy concern, that does not warrant an instant ban with no warning especially from a 7 year old account that is in charge of a Discord server for thousands of users and paying Discord $95/month in the form of boosts.


> This is a clear case of gross negligence by Discord.

I agree. This is clear because you’ve explained the context wherein you were posting those ASNs, and it is obviously not something anybody would have an issue with because


"It's like Slack... but with Reddit mods!" I miss the Ventrilo days


If what you say is true, take them to arbitration. They usually have to pay the arbitrator’s fees and you can typically do it over email/video call.


Is that a Discord specific arbitration that's available, or something else?


Arbitration court. A court where businesses can resolve minor disputes before going to higher instances.


It's not just Discord. Don't ever base your business on the whims of another business under which you have no recourse whatsoever.


What would an instance or instances of businesses you do have recourse over?

I'd argue that for many businesses, your advice is effectively impossible to follow, no matter how well-intentioned it is.


You ensure that there are multiple businesses who provide you with the same product. So one of them ending business relations with you, doesn't mean the end of your business.

For instance, The Pirate Bay, while being highly illegal, hasn't been shutdown in two decades because cutting them from one webhost or domain seller just means they switch to a different one. I am pretty sure there are hundreds of torrent sharing "services" that started as discord/slack servers and were quickly banned with no recourse.


Diversification is one option I'd considered. It's still difficult to achieve for numerous services, particularly location-based utilities (electrical, water, gas, sewerage, data/comms). For hosting services it's somewhat more tractable, though you're looking at multi-tenancy hosting with distinct providers. For a small organisation, that's going to be a challenge. (It's a challenge for many sizeable organisations.)

Self-hosting is of course another option, and for critical infrastructure probably a worthwhile consideration, though that leaves other risks (e.g., self-owned datacentre outage, personnel risks), and again is challenging for the overwhelming majority of businesses.

Even large business sectors often have very few independent systems / solutions / software providers. Banking, healthcare, and numerous other sectors often have only a small handful, and often a single core supplier of critical systems. Often affecting large organisations as well as small ones.

It's almost as if attacking the recourse rather than the diversification angle might be necessary.


> It's still difficult to achieve for numerous services, particularly location-based utilities (electrical, water, gas, sewerage, data/comms).

That's why in the civilized world utilies cannot just cut off paying customers whenever they feel like it. Perhaps we should extend that to almost-mandatory online services but until prehistoric politicians get replaced by internet natives that is unlikely to happen (and even then people might be too used to the status quo), avoid depending on such services wherever you can.

> For hosting services it's somewhat more tractable, though you're looking at multi-tenancy hosting with distinct providers.

This feels like you are letting perfect be the enemy of good - first make sure that you can switch hosts if needed - reasonable downtime for rare unforseeable events is not the end of the world but if you have to rebuild from scratch because your Discord "server" was deleted and you don't have any other contact info of your users that's a different matter entirely.

For smaller businesses a single hosting provider is absolutely fine as long as all you depend on is basic hosting and not provider-specific APIs and services that are there to trap you. Do have offsite backups though, but you should have that even without fearing that the provider will fuck you over because accidents and less-forseeable disasters do happen.


Unfortunately, not all services describable as utilities are in fact regulated as utilities. There are many who still consider water, gas, electricity, and sewerage as luxuries, let alone comms and data. Some in political office.

Otherwise, you're generally arguing in agreement with my fundamental point, or ignoring the fact that many individuals and/or businesses (and many businesses, as sole proprietorships, are individuals) lack the time, knowledge, and/or capabilities to sufficiently diversify their service provision relationships. Or, as I've mentioned several times already, many mid-sized and larger firms. Particularly as the underlying technological landscape is constantly shifting and* is operated by those who'd much prefer to create lock-in.

See Shapiro & Varian's 1999 classic Information Rules. Little has changed. <https://store.hbr.org/product/information-rules-a-strategic-...>

(Though Varian now works for one of the lock-in merchants: Google.)


The idea is to have a backup scheme.

My experience as an aerospace engineer always having a backup has seeped into my everyday life.


Whilst agreed on the principle, that's not what your initial comment was suggesting.

And as I've noted, this is untractable, or at best highly challenging, for many large enterprises, let alone small / nascent ones.


Discord won't let you use a VOIP number so I can't even get on it


It's bizarre how inconsistent they are with this. I signed up with a shady anonymous email, only use it through a VPN and have given them no phone number, but they're still happy to let me use this account. I'm half convinced these companies inconsistently apply these sort of policies to sow doubt and get the users gaslighting each other about what the actual policies and rules are.


"Servers" can set only phone verified users to be able to join. Depending on your usage of Discord you may have never joined a server that has thet turned on.


Even outside such "servers", discord may or may not demand a phone number based on some kind of trust score. Get reported a lot -> better have a phone. Happen to get an IP previously used by someone who got reported a lot -> better have a phone. Use an uncommon browser version -> likely going to need a phone number. Have a slow connection during signup -> gib phone number "to show you are not a bot". Like any such scheme, it barely slows down determined actors since many (especially mobile) ISPs hand out new IP addresses like candy. But I bet it looks good on reports about how many evil users they stopped and lets not think too much about legit users like gp getting caught up in this - those are a small enough fraction that Discord can ignore them without consequence.


I think there's definitely some level of "account reputation" based risk management going on there. My account is similar, but it also dates back to near the origin of the service.


never ascribe maliciousness to what can be adequately explained by incompetence.


Hanlon's razor is for idiots. Every mischievous child figures out the "it was merely an accident" excuse and it's not as though adults who are up to no good somehow forget it.

Whatever the reason discord has for not asking me for PII, it's not incompetence. This isn't a bug or oversight, I am certain of that.


> Every mischievous child figures out the "it was merely an accident" excuse and it's not as though adults who are up to no good somehow forget it.

Hanlon's razor doesn't argue you should accept "it was an accident" as a given excuse. Hanlon's razor states, that without evidence, it's safer/more likely to be correct, for you to assume incompetence than it is to assume maliciousness. I have also used an unknown domain for emails, as well as never given them a phone number. Just because you can't figure out the entirety of the logic doesn't mean they're intentionally trying to gaslight users (which is an absolutely insane take). Especially when there's plenty more signal they could possibly be using to determine if the account is likely malicious. Off the top of my head, I'd hope that list includes, number of IP addresses per session, number of sessions per IP, amount of maliciousness from current ASN, number of user reports, number of servers connected to, maliciousness of the servers for each user, knowledge source IP is a VPN, amount of abuse from the VPN provider.

You suspect discord is being malicious, or attempting to gaslight users, but not because you have any evidence they are, but instead because of a lack of ability to imagine how it could function the way it does with the limited slice of information you're already aware of. Some system, or some code not doing what you expect is more likely than some Trust and Safety team all got together and decided to gaslight people...


> Hanlon's razor states, that without evidence, it's safer/more likely to be correct, for you to assume incompetence than it is to assume maliciousness.

Yes, amd that is wrong as soon as you are dealing with someone expecting you follow Hanlon's razor. Hence making it useless outside personal relationships with people you know not to be inherently malicious.

So sure, if your friend ends up doing something that hurts you give them the benefit of the doubt. If a corporation does - well, there's a sucker born every minute but you don't have to be one.

> You suspect discord is being malicious, or attempting to gaslight users, but not because you have any evidence they are, but instead because of a lack of ability to imagine how it could function the way it does with the limited slice of information you're already aware of. Some system, or some code not doing what you expect is more likely than some Trust and Safety team all got together and decided to gaslight people...

No you are trying to pass off apathy as incompetence when it is very much malicious. So is penny pinching at the expense of how users are treated - if your automated systems are crap then hire humans to review their decisions and don't take action on users until you can actually be confident about the accusations. Or you know, at the very least let users know that they are subject to some kind of restriction, tell them why and provide them with real means to appeal false positives.


You can use services like mobilesms but they are paid per verification.


I would never conduct business on Discord. It's for gaming not business.


I recently saw an interesting service online and wanted to try it. After I saw that the only support option they offered was discord I gave up immediately and searched for something else.


Does Discord charge or have some type of contractual agreement with you? It does seem odd -- they must have some checking on addresses and personal information and what you posted just happens to match that regex.


Given the reaction by the other users to that comment, it's possible one or more of them reported it as misunderstanding them to be addresses, and the discord content moderation team also adopted a shoot first attitude.


Your average CS agent slogging through helpdesk tickets (particularly for a company whose core users are gamers and normies) might not even know what an ASN is. So if you're faced with something that looks to you like a bunch of addresses, and your employer has a strict no-doxxing policy... I can see why they're not budging on this one.


Sure, you can see the incentives for the CS agent to act that way, but I don't think that negates the point of this post - if you're relying on it for business, you should probably consider a provider that has not set up their CS staff's incentives this way.


Which is totally fair, especially in this context. In general (not you specifically) people don't always have a ton of sympathy for CS agents, so I just like to offer reminders that what they do is tough. Particularly if you're fielding requests or moderating content in contexts you're not familiar with, or in a language that you didn't grow up speaking.

And really, to your point—Discord is a general-purpose platform, not a technical platform or business platform, and its CS agents probably aren't equipped to deal with complex technical or business problems. It's kind of on OP for trying to use it that way.


> Which is totally fair, especially in this context. In general (not you specifically) people don't always have a ton of sympathy for CS agents, so I just like to offer reminders that what they do is tough. Particularly if you're fielding requests or moderating content in contexts you're not familiar with, or in a language that you didn't grow up speaking.

CS agents are literally there so the rest of the company can avoid dealing with customers. If that means worse results for the customer then ire at the support agent makes sense. Don't take a job making the world worse if you don't like beeing blamed for that. Is the company forcing to make peoples life worse rather than better? Quit. Not always that easy, I know, but that's hardly the customer's fault either.


Does there exist a Discord business plan / any way to even get such a contractual agreement in place? We use Discord as a support channel for our developer tool and I've never heard of an option to get enterprise support...but if such a thing does exist and Discord offers it, I'd probably take it given OPs story


For dev support, why choose Discord over Gitter, or even IRC? Slack and Teams also allow free guest access for this scenario too.

That said, group-chat-based support seems like the wrong solution in the first place - simply because Discord is a silo and they don’t make it easy to get your own data back out of it (this page is an infuriating read: https://support.discord.com/hc/en-us/articles/360004027692-R... ). Also, the fact that Discord themselves are using ZenDesk for their own support (instead of, y’know… using Discord) is another reason to not use Discord like this.

Orgs using Discord today are giving me the same vibes as those SaaS that thought they could do everything with only Redis and NodeJS (with no RDBMS in sight) - yes, it works and might even work very well in some cases, right up until it doesn’t and there’s no plan B.


I think it's a bunch of bullshit that Discord employees also control the Discord subreddit. This wasn't always the case until the previous moderators thought it was a good idea for some reason to have employees moderate the subreddit [0]. Your case is yet another example of why that was a bad decision. Employees get to filter out anything at their discretion.

[0] https://old.reddit.com/r/discordapp/comments/9pbpc4/people_w...


It is probably a bad idea do rely entirely on any one of the "big tech" companies, including the big names like Amazon and Google. There are many stories of companies being kicked out for random reasons, and with no one who can resolve your problem on the other end.

I would treat them as a risk. You can work with them, but you have to consider that they can fail you randomly, and have some kind of backup plan or insurance. It is ironic since one of the big selling point of, say, cloud providers is that unlike using your own computers that can catch fire, they can guarantee data integrity and availability. But it is kind of a moot point if they can ban your account randomly because you triggered their bots.


Had 24h production outage (could temporarily rebuild in a test account luckily) due to this so it is a real thing.


RIP AWS


As a young adult who grew up with Discord throughout teens, discord has been so detrimental to my health. If it wasn't my group of comp peers in uni and hometown friends' choice of app, let alone the many fan projects with a home base on discord, I'd fuck off.

I've considered setting up my own matrix server for friends, but well I've noticed ppl are unwilling to adopt new tech like matrix, and pc would drain dorm energy limit.

All social media is bad in some way, but I feel that while I had bad experiences on all major platforms, Discord is by far the worst.

There's so many servers run by people who are unfit to run them, whether due to power or greed complex, mental illness, or immature/irresponsible. May just be my experience (I was a real mess and a cunt during my teens), but even when things weren't my fault, it felt so toxic and horrible.

And not to mention Discord's practices and stuff as a company. For instance, getting rid of the reporting system for bad actors, at one point an employee giving a bad actor backdoor to accounts, allowing them to access freely. More than that, but that's all I care to mention.


While not foolproof, a good metric is being wary of any platform that wants your phone number(google, facebook, discord, twitter, etc), these tend to be the ones that seem like places you can build a foundation on, but really they are ephemeral and you can unilaterally lose access to years to decades at any time. Get the data exports if available regularly if you are using them.

Try to roll out your own internal commutation services in house if possible, it might be a hassle, but now you are likely seeing just how valuable it is to have true control over your own accounts.


I see a lot of folks blindly yelling about how discord is bad and you should use 'something else.' And why 'something else' is different/trusted/whatever.

But this experience isn't unique to discord. It happens with a lot of common tools. We've run into issues with google suspending/filtering things because we were talking about something that got flagged somewhere (guessing malware). I work a lot with domains and operated registrars, so having lists of domains was common. But sometimes domains were flagged (think expiring domains) and google messes with them. We had spreadsheets deleted/restricted (on paid accounts). Realized emails were being filtered, without any warning/notification that mentioned specific domains. Yeah, that was a fun one to realize when they ask why you haven't responded for days and you watched the email send, again, and again. And you debugged it down to the domain triggering blackholing without issues.

Either you end up having to have some degree of trust or roll your own everything. But these issues pop up with service providers not infrequently if you're working with data.


If you are relying on a third party social media platform for your business:

- make sure you have at least 3 aged accounts that have full administrative privileges. When one gets banned make/buy a new one immediately.

- never use a business account for personal reasons

- use a third party service for the sms verification, and a unique email for each account.

These three rules have kept me out of trouble in spite of repeated bans.


The only reason this works is they haven't taken you seriously yet. Sooner or later they will just ban all of them at once. Correlating them really isn't hard.


Yeah I don’t even change ip addresses.


Where do you keep getting banned and why?


With enough moderators or administrators over a long enough timeframe, banning is semi-random and ultimately inevitable unless the user is Big-Name or the platform dies first. Misunderstandings, technical errors, and administrative misbehavior conspire to make it so.


Platforms never tell me why I’ve been banned, so I don’t know. But I’ve been banned at some point by every social media platform I’ve used except hacker news and Google.


I really don't think discord is special here. This happens with Google. This happens with Valve. This happens with Microsoft. I could go on...

Since the US doesn't seem to care about the life breaking powers these companies sometimes wield your only option is to never, and I repeat, never rely on this companies without an easy to use escape hatch.


Ok, haven't we all known that basing your business on someone else's perform can lead to precarious situations?

I understand you have whatever situation with Discord and are upset. It's just the same with Facebook, Reddit, etc.


Lmao, Discord is for gaming. It's essentially the "now" version of Mumble and Teamspeak. Why anyone would use it instead of something business orientated like Slack or Microsoft Teams is a bit odd. I could understand for a start-up/small project, but people should migrate to something professional once they start making some cash.

I suppose it's almost like app developers basing their entire businesses on the whims and unfair practices of App stores...


Someone probably reported you, try appealing and explain, if you're actually able to reach a human, I've been on Discord for 8+ years without any issues.


"It works on my machine"


Discord is a private company, you can't host the software yourself, and the company behind it is questionable at best. I would suggest if you're doing anything internal, Slack is the closest, but whenever possible, IRC or something self-hosted is better. There's a lot of risk involved in using a Discord - at best it should be a public-facing PR tool which is strictly and constantly moderated.


To entrepreneurs: Please build good alternatives to Discord. Like many other commenters, I'd rather not use it. But, to fully switch, I need alternatives that are as easy to use as discord for non-technical users and accomplish the same benefits. Yes there are many alternatives but none that I'd prefer to switch to when considering the things I'd miss.


Platform risk is very real


Did you not see people warning against this previously?

These warnings are like "make backups", "use a password manager". Afaict, people are either going to, and have, or they're going to be lazy and assume it won't hurt them until it does.


Very true, I've a text-to-code product and I see so many users trying to generate code using random channels, having already assumed that we'd have a discord bot!


Bans are like digital jail. It makes no sense to put everyone in jail for life for crossing a red light. There should be a reasonable maximum on it


> Think twice before you decide to base your business around ...

s/Discord/most any platform that if they get snitty, you die./


What do you recommend if say you do want real-time chat with your users?


Thought this would be common sense


[flagged]


> Edit: what does this even have to do with “don’t base your business around x”? Private companies can cease doing business with you for a variety of reasons. You triggered one of them.

I think you've conflated legal and ethical obligations here; you seem to be using that to draw to an unfair conclusion.

From my perspective, the post warns against using Discord due to them (reportedly) banning the OP for innocent activity. I believe the warning is fair, as it dissuades other people from using the platform to host important content, which would be at risk of the same treatment.

While Discord clearly do not have any legal obligations to serve the user in question, this is already known. Stating it here doesn't contribute to a meaningful discussion -- no chat applications I know of are legally required to serve their users (unless, of course, they have entered into a binding contract with said users, perhaps through B2B services, etc.)

Nevertheless, the post does give off Stripe support vibes. I don't believe Discord staff monitor Hacker News, so I don't think this would result in any meaningful result for OP.


You’re right, and eloquent to boot.

I think what I meant to say was more something along the lines of “does anyone really build a business around Discord?”

We’ve been seeing time and time again, especially in recent times (Twitter, Reddit, Apollo) that building something on top of another platform can often end in tears.

This being said, I do believe that if you’re building an integration, you might end up in a different spot than random end-users. Although the way Discord handled API changes and the whole bot scope debacle doesn’t inspire confidence.

And I say this as someone who maintains a Discord bot.

Reflecting on this all, I don’t believe this user got banned out of a random regex match. I think this user’s messages got reported for doxxing, and the moderator who reviewed it concurred.


It was deleted by the discord support. I presume it was deleted when I got banned. I don't have a screenshot of what it was before because there is no way to log all activity on discord, nor did I expect to get banned.

You can confirm the contents of the message from the people talking about it here https://pbs.twimg.com/media/F49XZ4zaEAErD3J?format=png&name=...

And yes this is also a campaign to get my account unbanned and also a PSA that you should be thinking about alternatives to Discord like Slack. The moderation and support system displayed here is atrocious.


Is there any chance someone reported you (the message, more specifically) for doxxing?

I use Discord with a variety of clients, and there’s _a lot_ of technical logs, including lists of locations, and in some cases even addresses. I’ve never had an issue. I also run a small community of a few thousand users, and haven’t seen anything like this… unless someone was reported.

In any case, commiserations, and I hope you weren’t the only owner/admin of some servers.


Yes it is very possible. I have also posted asns in private channels before and nothing ever happened. It was only after I posted it in a public channel that I got banned.

There are a few competitors that are really jealous of our success.


From googling your username, it sounds like you are connected to Skial, the TF2 server?

So I'm guessing you posted ASNs of (in your words, basically ISPs) of some players on your server, indicating generally where they live. Was it connected to specific people? I can see why Discord would consider that private info.


It was just a list of ASNs. There was no other information that would allow you to connect them to a user.

And it was also not "malicious" as described by their email to me.


There are nearly 100,000 ASNs. Some are very small. An ASN is enough to identify a user's ISP - enough for someone significantly more malicious than you to, say, social engineer an ISP, report players to their ISP for "hacking" a site, or start correlating with their visitors.

What we're also missing is the context. Did you share the ASNs for the purposes of, say, debugging a network connection? For statistical purposes? Or was the message more "look at the people connecting to my server, j/k these are just ASNs"? The tone you use matters too: by sharing ASNs, you could easily be hinting that you have people's real IPs, and that could be taken the wrong way.

I don't doubt that Discord overreacted here, but I certainly think there's a high chance that your message could have been misinterpreted as a threat to privacy.


Showing an ISP is NOT personal information, full stop.

If I say *Comcast* are you going to be able to track me down? No. There are millions of Comcast subscribers. Even if it was an ISP of 1 customer, that still isn't personal information. If the ISP happens to leak the customer information from social engineering, that's on the ISP, not me.

All ASNs are considered to be public information. You are required by internet registry rules to be listed in a public database for everyone to see. As far as I can tell, most people would agree that listing stats like this is not considered personal information.

I did not joke about it in any way. I showed people a list to demonstrate that we had a lot of users from Asia yet they did not use our servers in Asia. Even if I did joke about it, it still doesn't make this personal information.


The list of ASNs is public info. The ASN currently used by a group of people is not. It's location info for those people.

> You are required by internet registry rules to be listed in a public database for everyone to see.

No. The list of all ASNs are.

I think you need to take "information connected to people" more seriously and if this is the way it has to happen, that's not the worst outcome for you.


I'm sorry but you seem to be on the extreme end of the privacy spectrum that few people agree with.

If everyone agreed with you, this post would have been deleted off hacker news as well.

If you follow the logic of "information connected to people" however indirect, nobody would be allowed to post any visitor statistics and that is clearly absurd.


You’re being a little evasive about the context of the information posted. If I joined your TF2 server and a bot automatically posted my ASN somewhere, I’d be reasonably uncomfortable with that.

You seem to have made your mind up that your situation isn’t a problem, but haven’t given us enough context to evaluate that ourselves.


I think most folks would disagree that the other commenter is on the "extreme" end of the privacy spectrum. It's very context specific. Some ISPs are state specific or even town specific.

I agree with my sibling comments, your evasiveness isn't helping us make up our own opinions on this matter.


I think most people would agree that an ISP is PII, and that whether it's okay to share is dependent on the context.

Could you tell us a bit more about that context? What "players" were these ASNs in reference to? Why did people in your server seem taken aback when you posted them? What was the discussion about when you made this comment? Why post ASNs at all? You said it was to prove people in Asia weren't using your Asian servers, what does that mean exactly?

To be clear, I've heard of lots of bad moderation calls from Discord, and I'd be nervous about building on them too. My mind remains open. But I agree with the sibling comment's characterization that you seem evasive - and that raise a red flag for me.


> This seems like a campaign to get unbanned more like a real warning to the HN community.

If he's lying, then such a campaign would be doomed to fail since Discord can see what we cannot. So what would be the point?


“don’t base your business around x” this is a logical conclusion when you get no support from the company. The rest of your edit isn't logical either. When a business stop doing business for you, you deem it unreliable. If x has been banned without recourse without doing anything that would be, obviously wrong, I would deem it unreliable.


My point was that this did not look like a business. It looked like a gaming server.


It is related to gaming, but we handle large amounts of money to keep our servers running, as well as providing revenue to Discord in the form of "boosts". It should be relevant to people running startups here.


Define: “large amounts of money” - there’s a difference between funding a $500/mo clan/guild VPS set-up vs a $20,000/mo SaaS start-up AWS invoice.


It's obviously not a venture capital funded startup, but it's far more than $500/month. We have dedicated servers all over the world and buy transit. And I'd still consider this to be relevant to Hacker News even if our expenses were only $100/month. Some startups don't even spend that much.


So much people here sound like boomers and are failing to see the niech that discord is filling...

The closest thing we have to an actual "metaverse" is discord.....


i mean, Midjourney would beg to differ, I think they've done plenty well basing their business on discord.


Midjourney's business would be at least 10x what it is today if it wasn't for the utter dogshit Discord integration. I'll continue to give my money to inferior but technically capable companies instead. I don't want to navigate to a fucking chat channel to get my renders.


Last time I checked, they had a website where you can access your generated content. You should just log in with your Discord account.


N of 1 of course, but the moment there's an alternative of sufficient quality I will ditch Midjourney and never look back, for the sole reason that I need to use their service via a Discord bot.


MidJourney is successful despite being on Discord, not because of it.


Ok and what if randomly one day they get banned? They lose 90% of their customers that don't want to move off Discord?


I doubt that Discord is the driver behind their success. They could have used IRC and people would go out of their way to engage with them because what they're doing was so interesting at the time. If they get banned from Discord, the vast majority of the community will move to wherever they go.

This is a different situation than something like app stores where if Apple bans you, that's the end of your company. Users simply cannot get your app from somewhere else, at least not without giving an Android vendor $1000. Nobody will do that.


That might have been true before, but there are viable competitors popping up.


I wish they used irc instead of discord, the UX options available are much better. As it is I can barely use mid journey.


Does https://www.midjourney.com/app/ work better than interacting with Discord chat?


Midjourney has been successful and then what?


it's a huge business risk




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: