Removing Discrimnators is TERRIBLE - A cybersecurity/long-term user perspective
To the intern/moderator reading this: I know I'm just one voice of several, but please escalate this matter to higher management and especially to the person recommending this change from discriminators to the pomelo system. I know how hard it is to get your voice through in corporate, so even escalating this to your manager who then escalates it further would be wonderful. This change is absoluely terrible and I genuinely would like to sit down over zoom and have a chat - where no corporate language is used - to understand whoever approved this terrible decision to impact the end-user experience.
Please do not implement this change or push this change into production enviroment.
--------
This is yet another post about the terrible change Discord just announced regarding removing discriminators to a pomelo system, and I want to give my take on this. It seems like huge tech companies don't care about the average end-user experience unless the sterile corporate bigwigs come in and want to change things up to make the green line go up, in which case the end-user experience gets messed.
So, I'm here to add my perspective to it: I'm a long term user, I've been on Discord since July 2015. I've paid for Nitro since it came out, and most importantly: I've been bringing in my irl friends to Discord. I will go point by point commenting on each claim on the blogpost and adding why this is a bad idea - my passion is cybersecurity so I will involve this aspect to the best of my ability into this.
- The whole point of these changes is that we want to make it a lot easier for you and all the new users coming to Discord to connect and hang out with friends.
No, sorry. I don't buy this. I've added plenty of my irl friends to Discord and most of them have understood how the discriminator system works right away. If that's an issue, why not add a tutorial for people like - clippy - on how to add people or join servers? Not only that, I've made plenty of friends on Discord and no-one has ever said "The Discriminators are hard" .
- We also recognize that our current username format has been one of the things that makes Discord unique, and that this change makes our usernames look a lot like those on other platforms. To be blunt, that’s kind of the point.
- When we were first building Discord, one of our top priorities was to let you give yourself just about any name you wanted [...] We didn’t want people to ever hit a screen that said “Your Desired Username is Taken.” [...] we didn’t even have a friend system, so no one had to type usernames manually.
Then... why change it if it makes Discord unique and if it makes Discord stand out? If the point was that no username you want should ever be taken? I mean, I've literally paid to have my name on Discord with a discriminator that I like for years at this point. I very well remember back in the day on Discord when I joined and there was only Light mode and I was so happy to see a lot of features being implemented we wanted. I was so happy when I could actually pick a name I wanted when I joined and wasn't met with 1000 messages on how variations of my name are taken.
Edit here: I actually have given this a bit of though I've talked with people who are adamant this change will bring "more individuality", but I simply am not convinced.
I just want to stress this even further, even if I am not able to explain this more throughoutly I know will reduce individuality and bring a 1000-times WORSE sign-up expereince. I can from experience say, my name is a very general name and the amount of times I've attempted to sign up to a website, only to be told my name and all it's subsequent variations are taken, is too many to count and at some point I've just given up. I actually did exactly that yesterday - I absolutely loathe signing up for any website, as often times even my realname.lastname is taken.
So, think of it this way: My name on Discord is a very common word, "Rain". I signed up in July 2015, and I was already informed by people in the Discord Town Hall that my name is already taken. Great, so signing up early made no difference in getting the username and identity I like. Now comes the fun part: because, let's assume, there is 9998 other Rain accounts, how can we decide who is the "only" Rain? Sure, we can make our names as "Rain.." "_rain_" "rrraaaain" and so on, but at that point it's just so much more convoluted than anything else. It's why I loathe Instagram; My name (literal first-middle-last) name taken there, and I know plenty of people with he same issue so they end up with "looooong-words" to go around it. And that's still so not fun.
But even so - especially without username culling or deleting inactive usernames: do you realize half instagram handles are just people "squatting" on them, where they took the username and deactivated their account so they can say they have a rare name?
And now let's think of the other aspect. Maybe for some reason my usernames elsewhere are "RainTheDiscordUser" becasue just Rain was taken. I have no social media connected to my Discord, because I don't care. However, because I use this same username elsewhere due to the fact that the username I want has been taken everywhere else (which is, again, such a common thing), now the barely-above-TOS age person who find me can just google me and get the rest of my information because all the other usernames are taken. Yeah, sure, I can switch my name to "Rainthewqjasjas2190892311" but now it defeats the purpouse you wanted in the first place of people "finding you easier".
OR, better yet - let's say I have a rare name like only "Rain" under the pomelo sysem. Because of the username, people who break the TOS with self-bots (or other malicious bots) finds a way to keep a list of me, like a Twitter feed - in which servers I am in, in what servers I like to talk with. Maybe they realize I am friends with "Sunnydays" and hey are not so used to tech. So Sunnydays get's compromised - and suddenly my private server where hey are in gets compromised too with all the data raked and the person who managed to phish Sunnydays is threatening me to release all my information unless I give them my username. This has happened before for a friend of mine - not on Discord. A man died because his name was Tennessee on Twitter and someone Swatted him. Do we really need this issue? No.
Granted, digital fooprint is a thing, but it's absurd to think someone wouldn't talk about their peronal life with their friends on an instant messaging platform. And keep in mind, cybersecurity is a field that changes by month - maybe you and I are smart enough to roll our eyes at this, but why do you think scams work? Because that one person out of 1000 fell for it. Hence, always assume all threats are the worst kind of threat.
I can't stress it enough how this current username system is good, and this change is so ridiculous.
I can understand every code - if built flimsily or pushed to prod on a patch - comes with a detriment and potentially huge issues that may flare up later on, but considering several places, such as Microsoft or Activision Blizzard, has started implementing the discriminators or have them so I'm sure you could be able to cooperatet with them to figure out how to fix the discriminator system. Or better yet: add a new discriminator number, or two.
Edit: I somehow randomly realized that Discord already has ID's - your unique ID. When you do use support or right-click your name you are able to copy your ID, so again, using the argument that this makes the database easier - why on earth wasn't the database run on ID's instead of name#discrims then?
- As Discord has grown and friending has become more popular, more problems have emerged. The technical and product debt we incurred years ago caught up with us and small issues that seemed to impact a few people started affecting tens of millions of people.
Okay, so. That sounds like it can be fixed with a dedicated, motivated and understanding team of programmers. Re-writing the code from scratch will suck, but discriminators - like Discord said themsevles - is a part of Discord so why remove it?
- The biggest problem: our current usernames can often be too complicated or obscure for people to remember and share easily.
- Your friend says they changed their name to “vernacular” but actually it’s “𝖛𝖊𝖗𝖓𝖆𝖈𝖚𝖑𝖆𝖗” and you have trouble finding them.
That sounds like a non-issue. I have a very generic name - Rain, as you can see - which I identify with and I know plenty of other people with their name as "Rain". The point is literally so you don't find me unless you know me. Yes, I pay for the discriminator, but even then if someone adds me it's because it's intentional.
People with Zalgo in their name has it because they have it in their name. I'm sure it's not because they pressed the wrong buttons but it's intentional. However, I get that this comes with technical difficulties and could open up Discord to vulnerabilities; so why not just forbid special characters in the Discriminator username? Not optimal, but then most people would not need to change their name.
- You try to share your username outside of Discord. Unfortunately, you either can’t remember the discriminator, have to explain which letters are uppercase and lowercase, or have to try to specify which special characters your name uses.
- You meet someone IRL that you want to talk to on Discord, and they say “I’m Phibi Eight Nine Three Six!” You go home and add “phibi#8936” only to find out you added the wrong “Phibi” because your new friend’s username is actually “PhIBI#8936”.
This is a non-issue? I'm pretty sure that having my name as Rain#0000 is easier to remember than Rain12451245 or R41N12412 since I'm quite sure that my name will be taken the moment this change rolls out. The same way goes for everyone who has a generic name: I know plenty of people named Mike, Jack, Jake, Kim, Tom... I guess we're not allowed to have the name we want anymore, eh?
Not only that, but from a cybersecurity perspective this sucks as it increases phishing attempts: I knew someone who on Instagram got a 3-letter name, their real name, by some sheer luck. They keep getting random people adding them, DM:ing them, tagging them in pictures, the phishing attempts are constant. They are never having a calm moment. So now you're subjecting the select few people who are lucky enough to get the name to constant harassment and phishing attempts because you're opening a black market for "fancy usernames". So much for individuality!
- You want to use a common name like “Mike” or “Jane” but there are already 9,999 Mikes or Janes so you’re blocked from that name altogether.
This... is the point. Sometimes I don't want to add people and just tell them my first name on Discord. This is for my own safety as a woman on the internet.
And if I stream, I don't want people to find my account and add me. What is going to happen to streamer mode now, when streamers will have people adding them the moment their url leaks? Or if they take the username on Discord so people don't impersonate them and then get targeted? Or better yet - they don't get the username because someone else got it and now they are being impersonated? This by design is already a terrible choice.
- You like to change your username a lot and get rate limited.
A non-issue. I've not changed my name because I like my name but I used to change my name occasionally because I want to feel comfortable in my name. Make it so that you can change your username once a month then, like on Twitch.
- More than 40% of you either don’t remember your discriminator or don’t even know what a discriminator is. That’s a big problem when discriminators are required to add a new friend.
Funny you mention that - I only lurk Discordapp whenever there's a happening (like this). How was the data collected? What statistics are you used? How did you vet the data that it's 40%? Because I sure as day never got a questionaire on my Discord client, nor did any of my friends or anyone in several huge servers I am in (totaling almost 300k people). How do we know your one linked anecdotal post where the person asking what the code is called isn't asking what it's just named? For example, there are several thigns I don't know the name of but I understand what it does and understand how it works.
Not only that, but with a quick look at the user's profile, this user seems to be - this user is allegedly just around the age of 13.. so it's expected they don't know what a discrim is but understand what it does.
So if we're going to use reddit's Discordapp as a reference, why does it turn out everyone posting on the subreddit says they don't like this change, even your own staff? Or, I don't know, when a staff mentions Discrims as a better option?
- Across Discord, almost half of all friend requests fail to connect the user with the person they wanted to match with, mostly because users enter an incorrect or invalid username due to a combination of missing discriminator and incorrect casing.
That's happened to me too, but I don't exactly find this to be an issue - it doesn't bother me in the slightest because it's the point. If someone truly wants to reach out to me, like a friend, they will find me. Otherwise I do not find their friend request to be important.
But if this is such a crucial point: why not implement friend codes or friend invite codes like Steam or Hoyoverse then? Let people copy a link from the settings where, when pressed, they will send a friend invite to the person they want. And this would work like a server invite; but for yourself. Granted, there may be issues that friends lists needs to be limited and only X invites a day should be sent to avoid bots, but that's not a bad thing.
- We decided at one point that the most important issue to solve was case-sensitivity and special characters, so there could be only one phibi#8936, instead of allowing permutations like PhIBI#8936, and PHibi#8936.
- [...] Unfortunately, we found that nearly one-third of our active users would be forced to change their name just to accommodate this. Meanwhile, people from regions where non-alphanumeric characters are common in names, such as Asia, would have difficulty fully representing themselves.
- [...] We came to the conclusion that if we were going to ask a lot of our users to make a change, we needed a more comprehensive and robust long-term solution - one that gives people the power to have a Display Name they can change anytime with very relaxed rate limits. Think of them like a global nickname.
Okay. But having one third of people change their username because it's case-sensitive, in order to accomodate the systemt, is better than having 1000 people change their username to accomodate one. So you're basically going to alienate entire regions such as Asia with this new system because...?
Edit here: With a lil bit of research it turns out Discord has started flourishing in Japan due to the fact that they can use kanji, kana and hiragana in their names as most other apps do not allow this. This is a MASSIVELY Americacentric change limiting characters to only latin letters a-z . _ 0-9 and I can forsee huge negative market impact due to this change.
Yes, I understand lack of language skills and knowledge of potential vulnerabilities that can exist within other alphabets exist, however, this seems to alienate a huge part of your userbase. No keyboard is coming to come with 15k+ symbols installed but limiting it to the American English alphabet only is just... bad.
However, again, this could simply be solved with a friend invite code like Steam or Hoyoverse has. Or better yet: make a lil tutorial like Clippy when someone new joins Discord on how to use Discord and where you can invite people and so on. Not only that, I've used Blizzard's services for years as I'm an avid video gamer and I've never, ever had issues with the Discrim tag there. Yes, it has 6 numbers instead of 6 but I remember those numbers even if I've not played any games there for years: I highly doubt someone "forgets" their 4 numbers on Discord as your SIM PIN, Bank code etc. usually has 4 numbers. But again, if you truly want to "Patch" a consequence: make discrims longer to 6 digits. Going from 4 to 6 discrim numbers, with a quick google, gives this:
"A four digit PIN has 10,000 possible combinations. I know that sounds pretty impressive, but it's actually quite easy to break using various electronic methods. However, a six digit pin has a whopping 1 million possible combinations". That sounds like a huge upgrade to me which would patch the issue of only 9999 people being able to have the number!
You've truly not thought about the end-user perspective here; the average Joe and average Rain is not going to get the username they want. You, as a [inset high title] will probably always get any name you want with the contacts but we here on the bottom are just going to be left to fend for ourselves where our individuality is being stripped away.
And last but not least,
- We recognize that this is a big change. There may be hiccups with this process, and it may be tough to part ways with that “#0001” that’s meant a lot to you over the years. We’ll be doing everything we can to manage things as smoothly as possible.
- Jason and I truly believe this is the right thing to do to help more people hang out with their friends on Discord, which is what we’re all about
You started out by saying that you wanted Discord to be a place where you can express your individuality, and now you're removing it. How on earth can you sit and write this blog post expecting it to go well, when it's clear you don't even want this change to happen? Who greelit this?
There needs to be a change in Discord management where the people who suggested this change - all the way down to whoever greenlit this - needs to go.
-----
And last but not least, think of this from a security perspective:
- A huge black market has now been opened for rare usernames: People with rare, small or otherwise fancy usernames will be relentlessly targeted. Scams will go up. Impersonations will go up.
- Swatting and other targeted harassment: There are plenty of stories on Reddit about people getting swatted because someone else wanted their username.
- Stalking: as a woman on the internet, I've been subjected to people stalking me. Going through all my posts to find one username and then intimidate me. I've had to delete or deactivate so many of my accounts because I don't want to be found under one name. I don't want Discord - my safe space to talk for people - to be targeted by people because of my name.
- Government surveillance: People in hostile countries - for example, where LGBTQ+ people are oppressed - may use Discord under a name that's common and change their name often becasue of said oppression. Now they are only stuck with one username and it makes it unsafe for them to talk to their friends. This is not only limited to LGBTQ people: you are now putting people in authoritarian dictatorships under danger too. People who speak out about their government, people who share information against their government, people organizing protests; all a pilar of democracy taken away.
- Scams and impersonations: related to the black market, but also going to see a huge amount of "youtubers" on this platform that's actually just not them. Or it is them and they can't be left in peace. Either way, scams will go up because of the rare usernames.
- Removes individuality and in general sense of security. Just yeah.
And last but not least, this will be a larger one:
Children will be targeted and their safey put in danger. This is something that I realized as I was reviewing and finalizing this post, but a huge reason other social media platforms have obscured and removed a lof of public data is becasue of children. Discords TOS is 13, which is understandable - the name change is great as if you get targeted by creeps at that age you can block them and change your name quickly. Or make a new account with a new name so you can keep your individuality, but be out of reach from the creeps.
It's very well known there are bots and other kinds of creeps making lists and keeping tabs of people. Bots can scrape the internet for known minors and make a list of them - which makes it easier for creeps and predators to contact them. And now with the new pomelo system, minors will be disproportionately targeted and disadvantaged because they can't escape the grip of predators as easily as before.
I'm sure I don't need to write more elaborately on this, but how was this overlooked by any of your teams?
---
I'm ending my post by linking this post on reddit, that nailed it.
Please do no implement or push this change into production.
----
Edit: Linking to this other main thread, as this is being monitored and linked in the Discord Town Hall. Please also check this one out.
-----
Edit/Update: As of today there was posted on r/Discordapp a rumor that Nitro users will be eligble for an username change sooner than other people. All I can say is, really? Despite over 99% of the userbase being agains this change, you're determined to push through with it? Why?
Since the news broke, I've made an effort to try and understand this ridiculous change and I've talked to a bunch of people: some Discord staff even, and none of the staff has been in favour of the change. Okay, maybe one staff took the stance of "I don't like the discrims therefore I believe Discord is doing right", but the rest have been ambivalent at best or "I think it'll be a nightmare and I don't think there has been a plan". If your own staff says this, who came up with this idea? It's clear his change is sowing a lot of Discord (no pun intended) between your own staff, so why not listen to the userbase and cancel it?
If you truly want a feature where people could add each other easily - again, Nintendo Switch, Steam and Hoyoverse has a great system with friend invite codes. That's the best solution.
Or if that's not enough: Make a tab like the "Find new servers", but name it "Find new friends" - in this tab, only people who are whitelisted, example people with non-zalgo names, people who have 2FA turned on and people who are in good community standing can opt into this function. To reduce risk of people contacting a scammer, make it so that if you log in from a new device this function is turned off for 2 weeks - the same way Steam turns off your trading for 2 weeks if you log in from a new device. Or make a function like Telegram, where you can find nearby people (within maybe 1km) of you. This does overlook the big issue of minor safety and a lot of other stuff, but it's INDEFINITELY better than what you are proposing now.
Or if this whole bloody change comes because you want to make "public profiles" like Snapchat or Twitter where you can push "Premium content" to people - don't. Discord is still in it's core a instant messaging application: not a social media. I don't come here to create content, I come here to enjoy the communities I am in and engage with new people and make friends. I come here to talk to people and not care about what social media pushes on me.
Please listen to your userbase. Keep the Discord Discrims.
-
THIS!!! I think you condensed everything we're all trying to say perfectly. I especially appreciate the note about being a woman on the internet because as someone who is both afab and openly queer, this is a massive risk for me as well. weird men LOVE easy to find usernames and well... some do homophobes.
this puts a lot of us in a tough position and I will not be hesitating to switch to a different platform if this goes through.13 -
This is so important and explains everything that's wrong with the change, thank you ! I completely agree with this
12 -
100% agreed. I cancelled my nitro until I've heard that this change will not happen.
11 -
Add your comment here, it's perfect:
https://support.discord.com/hc/en-us/community/posts/14337329256983--Do-NOT-add-The-new-discord-usernames-system9 -
@ Stefano - I did already comment on your thread, yes! I will copy-and-paste this on my old post too.
8 -
Commenting here just to say this is so far the best one. Really articulated the point very well. Good job and thank you for the effort!
9 -
+1 FOR THE LOVE OF GOD.
8 -
This exactly. This is such a terrible idea, I don't know how they thought it was a good plan.
7 -
I'd upvote you twice if I could.
7 -
Well-written and well-reasoned. Thank you, and here's hoping.
8 -
+1
6 -
Oh, this is a fantastic comment. PERFECTLY encapsulates everything I've been trying to say. I'd upvote this over and over if it were possible.
edit: specifically thank you for pointing out how BONKERS their data collection is. They gave absolutely ZERO sources for their numbers! Their statistics work is bad and they should feel bad!
7 -
+1
4 -
This post is so well written, thank you!!
4 -
I read this while getting ready for work, so I don’t know if you touched on this, but if you don’t know your discriminator, and you want to add someone, just make a server and invite them via text, then add them when they’re IN the server. They’re just ruining their platform.
3 -
+1, covers pretty much everything I wanted to say and more.
Edit: If Discord is willing to continue down this path that affects peoples' safety, security, wellbeing and privacy, I will simply give people I know another platform to reach me on and move off Discord altogether. I don't imagine they care one way or another that I say this but I encourage people to take their own safety, security, wellbeing and privacy very seriously.
4 -
+1 to absolutely everything. my blood ran cold when I read of this change because all these thoughts flowed into my brain simultaneously and I couldn't verbalize the entire flood. I absolutely WILL move elsewhere once this happens. And cancelling my nitro the second it's live.
2 -
thank you for this very comprehensive analysis of Why Thing Bad and man i hadn't even-- even after years of dealing with Patreon, who loves to claim they "did a survey" having Definitely Not Done That, i didn't think to question the 40% number other than to dismiss it as irrelevant LOL. where ARE they pulling that number from? i'm gonna guess somewhere below the waist.
2 -
Removing discriminators for the worse pomelo system is just an objectively bad change
2
Please sign in to leave a comment.
Comments
19 comments