Hardware ban instead of IP ban

Comments

38 comments

  • kyoko

    Well, here is a little lesson in trickery, do you want to be a hacker number one? First lesson go to your wifi settings and switch this one, then discord and op have no clue who you are.

    12
  • Kaydax

    Teamspeak already did this for server bans, and It was very easy to bypass. There is no point in implementing this because there will always be a way around the ban. Even from your example (Blizzard) you can still easily make alt accounts and bypass any ban with ease

    6
  • cupid.rips.hearts

    This comment was on a suggestion regarding adding MAC address ban (NOT THE SAME AS HARDWARE ID BAN) and talks about that. However, the core still maintains: you can't get an hardware ID from a web page (Discord desktop and in the browser work almost the same way), and if you could it would be easily spoofed the same way.
    Not to mention the privacy concerns that this would show.

     

    MAC addresses can be easily spoofed with easily accessible tools on Windows.

    Using a virtual machine (Virtualbox, VMWare, QEMU), you can change the MAC address in no time.

    Besides, MAC addresses only matter for the router/switch to know where to send your packets.
    That's all it does.

    Quoting https://en.wikipedia.org/wiki/MAC_address:
    media access control address (MAC address) of a device is a unique identifier assigned to a network interface controller (NIC). For communications within a network segment, it is used as a network address for most IEEE 802 network technologies, including EthernetWi-Fi, and Bluetooth.

     

    Addicionally, using WebRTC, it is possible to obtain the local IP, but not the MAC address.

    4
  • Squarto

    Yes I agree, this idea is not feasible.

    4
  • Gif

    HWID Bans are easy to bypass too, but they are a pain in the ass.

    2
  • Snakemonger

    these bans are easily exploited by admins of extremist servers, they just IP ban you when you threaten to report the server!

    2
  • TheOneWhovian

    There is no point of IP or Hardware banning people as a VPN or a Virtual Machine can get passed this. Even an iPhone on its LTE connection can get passed this.

    2
  • Puddles

    How exactly do we figure a hardware ID would be more effective than an IP ban? To get around an IP ban you have to have a vpn which is generally a paid software in 99% of cases as most free proxy sites are malware these days. You can change your hardware ID for free, there is a ton of software you can get just by googling and most is user friendly enough that anyone who could setup a vpn could figure it out

    If we're assuming MOST people wont circumvent, sure, they won't, but the only reason we're talking about it is because of people who abuse the system. I don't think you can convince me that these people wouldn't be able to watch a 5 minute youtube video on how to bypass this ban just like they did for IP bans

    2
  • The CEO of Discord

    Tbh, i don't think it would be smart to ban people with hardware id.

    First, when you talk about hardware ban, there is 2 things. The first would be MAC Address which is very different from what people imagine, that can easily be spoofed because you can change it and the second is HWID (hardware id) which is harder to spoof but still possible with some types of VMs. Both of them are dumb because you cannot get both of them in a browser, from what i know. This means that people using the browser version of Discord like me will be immune from that kind of stuff. Even for those who use the desktop app, if Discord used something like the Mac Address, it would be really easy to bypass. Windows has a setting for that, called "Random hardware addresses". For HWID, there might be some unwanted bans because there is no real way to get a unique HWID. A friend of mine who made a software decided to ban someone from using it. He has his HWID but when he banned him, other people with the same components on their pcs got banned too. Even a UUID (Universally unique identifier) is not unique. And you cannot get that from a browser anyway. IP Ban is the most reliable way of banning someone, for a service like Discord. Discord also checks your IP when you create an account and if they detect you are using a VPN at the moment of the creation of the account, they might ask for additional verification steps (it happened to me before).

     

    TL;DR: Discord also has a browser version, IP Ban works well and a website cannot get mac address and hwid.

    2
  • The CEO of Discord

    SioxerNikita

    Ok, ill respond to what you said

    1. That's like saying you shouldn't do IP Bans because you can use VPNs and bypass it.
    R1. No it's not. My main point is that browsers do not offer the possibility to get HWID and MAC Address. The bypass thing is just for saying that in addition to those methods not being compatible with the browser, they are easily bypassable (that's suggestive tho) like the IP one.
    2. Anyone can bypass literally any ban method you can even lightly consider... the thing is VPNs are very well known, spoofing MAC address isn't.
    R2. You are right, but anyone who knows how to use google can find how to bypass MAC Address bans.
    3. It doesn't even necessarily need to be a "hardware ban", it could even just be a unique ID generated in some manner on individual computers, etc...
    R3. How would you do that? You would need to store it in some way and for it to be efficient it would have to be associated with something in your PC (aka Hardware ID method). This is very hard to do and basically a waste of time for an app that also has to be compatible with the browser. If you only think about how to do it in browsers, it would be called browser fingerprinting. This is very intrusive and many countries do not like that type of stuff.
    4. The point of having multiple ban methods isn't that they can't be bypassed, because of course they can... but that it takes more effort. If we go by your argument we shouldn't have firewalls either, because it can be bypassed. No computer security, because it can be bypassed, so not worth it, or something.
    R4. You are right on that one. The only thing is that it's not my main argument.
    5. You could even make a setting that doesn't allow browsers to join a server for example. There is many things that could be used.
    R5. That would be a horrible thing to do! Also, many people only use the browser version of Discord for multiple reasons, like me.

    Hardware ID ban methods would be good if Discord was only a desktop app, but because it is also a web app, it is just not a good idea.

    2
  • SioxerNikita

    TheCuriousCatPerson

    Except Discord can only detect VPNs it knows the IP of.

    2
  • TheCuriousCatPerson

    Wabz

    Discord does detect when you create your account using a VPN, but the user can always create an account on their real IP and then switch to a VPN after account creation

    1
  • TheCuriousCatPerson

    The CEO of Discord

    I think they should make it where if someone gets banned from a server, they should also block the IP that was used to create new accounts that are currently less than a month old

    If this happens, then most of the ban evading would stop, if the user already has an alt account then if an admin is smart they would just ban the alt account too if they know what it is

    1
  • Pumpkin

    I mean by that logic IP bans and account bans are even easier to bypass. The whole point is to add another variable to the pot for bypassers to slip up. Besides, unlike IP bans, its tons more difficult to change your ID if you were logged before having the disguise on.

    Most people don't even know how to do these things, or don't bother. If they do, most of the time its due to the ban, which is too late by then. Its a great idea, and I'm all for it.

     

    And uh, I really don't appreciate you giving encouragement to bypass bans, whether intentionally or sarcastically.

    0
  • [VIVA 1044] Venator Luna

    I agree with this. While Hardware ID bans can also be circumvented, not many people know how to change or spoof a HWID. Those who do know, are determined to be trolls. But at least they'll be fewer than people who just switch their VPN and can create new accounts on that new IP.

    I help moderate a server, and we constantly have two persistent users coming back on brand new accounts every few days, circumventing the MULTIPLE bans issued to them. We can't report them to Discord T&S because it's a new account each and every time, created seconds before they join, so I doubt Discord T&S can do much. And even a ban from Discord T&S can be circumvented. People do it all the time.

    Bans need to be by HWID now, not IP.

    0
  • Draconic NEO

    @Darth Ok How do you propose discord Get a hardware ID from a web browser they don't own i.e. Chrome, Firefox, Brave, Opera, etc. Without Using exploits that could be considered illegal and/or easily blocked or circumvented (by user or browser update)

    0
  • Pumpkin

    Zelkam, can is the key word there. Not everyone has a VPN active, in fact most people don't. Same goes for hardware id. By that logic what's the point of banning at all?

    In reality the idea is to create multiple methods of banning so that there's a lot more to keep track of and a lot more places to mess up if you are trying to avoid a ban. It won't get all of them banned, but it will get a metric ton more banned than as is for now. Which is kind of the idea.

    0
  • The CEO of Discord

    TheCuriousCatPerson

    Yup, that's true.

    I think discord should detect that stuff.

     

    EDIT: Maybe they should have a history of IPs or something instead of only saving last IP address.

    0
  • The CEO of Discord

    SioxerNikita

    Yes, but most VPNs are on public lists, so it is very easy to do.

    The more a VPN is popular, the more it will appear on VPN lists. Cloud providers appear on them as well, so if you host your own VPN on digitalocean or something like that, discord should detect it as well.

    0
  • The CEO of Discord

    TheCuriousCatPerson

    That's an excellent idea!

    0
  • SioxerNikita

    TheCuriousCatPerson

    Would not be a great idea. IP is essentially useless to use for banning these days, especially because ISPs wide spread use of NAT.

    IPs cycle a lot.

    0
  • Vur3e

    What’s the point, do both, it just eliminates more and more

    0
  • elox026

    We NEED this

    0
  • Bot Rabbit

    I don't think it is necessary. Those who want to bypass it will. All you need is a VPN and an HWID Spoofer. Both are cheap if not free. For example, I have a few mates that had their accounts deleted for being an admin on a server that sold mod menus for GTA v. Both friends got new accounts and now refuse to admin or staff any server other than their own, and I don't blame them for that. As far as I am aware, they did not participate in selling anything. They were just there if shit hit the fan, and the other staff needed a hand. I'm like that on a few servers. I don't even deal with what they are mainly for [Minecraft server discords and streamer servers].

    0
  • TheCuriousCatPerson

    Bot Rabbit

    There are free VPNs

    0
  • Snapson

    Problem with hardware bans is that after someone is banned with certain hardware. Might it be gpu, cpu or any-other component. 

    If someone choses to sell their pc or component to the used market, the person buying it would unknowlingly get a pc that wont let him access discord or any other service that uses this ban method. 

    Thats why no company choses to incorporate it. Its a very juvenile idea and if there is a service that uses or will use such a method. Then they are madmen because usercounts would drop to bare minimum

    0
  • SioxerNikita

    Firstly, companies does actually use far more mercurial ban methods… IP and MAC address. IPs change daily for many people.

    Doesn’t matter changing the hardware fixes it, because it is simply to make it harder to spam new accounts.

    Also it was talking about being banned from a server… not Discord in general. So you misunderstood something. And even so, people getting a computer that was banned from Discord, is not really something that would happen often enough for it to matter.

    0
  • Karl Jackson

    We are also experiencing a few malicious signups that seem to bypass every type of ban. Why can't you simply extend the invite pause from 24 hours to 7 days? They may ultimately give up thinking we closed the server invites and took it private. That would be a simple modification server wide.

    0
  • Chris G.

    DIscord doesn't care smh. Support is useless. These forum posts don't do anything it seems. 

    0
  • Lace

    facts

    -1

Please sign in to leave a comment.