After a long back and forth with Discord's support and minimal assistance, I've come to realize that security in the app is seriously lacking.
Namely, apparently users/bots have access to the whole server's userlist through the API, regardless of if the new users are locked in a channel by themselves, without having the list visible to them.
The consequence is that big enough servers have virtually no way of countering bots that PM members with invites/scam links, especially during a bot raid of hundreds of bots instantly PMing everyone at random.
I suggested in the email exchange to make it so that people can only get the user-list of the channels that are visible to them sent to their clients. This kind of adds a layer of protection, since the admins can for example use a discord bot that assigns people a role granting them access to the main channels, by clicking on an emoji or saying "hello" in a landing channel. It also makes the use of special quarantine channels actually effective.
Imo, this solution is far better than the commonly suggested server-wide setting of disabling PMs between all users, and a lot frendlier to privacy.
Discord has evolved from being a means to communicate with your gamer buddies, to hosting gigantic gaming and non gaming communities with tens of thousands of members. However I think the moderation/privacy aspects of it haven't followed close with its rise, hence the point of this post. There are servers out there with tens of thousands of members that have to deal with this daily.
Please sign in to leave a comment.