API should provide a user's IP, as an unique and encrypted character string.
What's the point of it:
In fact, many bots may need to make sure that people aren't multi-accounting, to prevent the abuse of a virtual-economy system, or just to "auto" kick the alts. Guilds could handle easily the multi-accounting thanks to those bots. For exemple, a banned user from a guild may have several accounts on this guild already. Which means he could keep on acting in improper manners on this guild, from his other account. That's why it could really be useful if a bot could recognise if the banned user have other accounts thanks to the IP.
Why would the API provide it as encrypted:
Because having the real IP address of someone would be a privacy issue: you can for exemple locate someone thanks to his IP address.
-
I think you mean in hashed way, because encrypted would mean you can decrypt it in a way. But even in a hashed way it wouldn't be hard to create a rainbowtable with 2^32 ip addresses (takes a few seconds) and lookup the IP from every user. At least there is still a way that the multi accounts are not created/used from the same IP (VPN/mobile-network/school/work/etc..) 1 -
I'm heavily against this idea, not least because it has the potential to bypass some of the security and safety measures that Discord has implemented to help protect users and Discord itself. User safety is a key priority and I don't think something which would negatively impact that is likely to get a good reaction. -2 -
No, I meant encryption.
With a long program of substitution I'm pretty sure the encryption may not be decryptable.
There is so many ways to proper encrypt a string. Of course, there'd be a way to decrypt it, but this decryption program would be secret in their DB, and too hard to guess it / bot guess it.
-2 -
Unfortunately, this still wouldn't resolve the security and safety issues that would be faced by both Users and Discord. Beyond that, there's also possible legal issues with privacy laws (e.g. GDPR in the EU) which may consider IP Addresses to be personal/sensitive/restricted information that shouldn't be given out freely. Regardless of how this might be encrypted or hashed, it's still too much of a risk for Discord to freely hand over. I personally would rather that Discord handles this kind of thing natively as they already do. 0 -
alright guys, I understand your answers, true it might still become a security issue.
1 -
No we dont want to get some script kiddy to join random Servers and just DDOS Admins and random people.
That would be 1 reason less why im using Discord over Teamspeak...
2
Please sign in to leave a comment.
Comments
6 comments