Allow server owners to configure invite urls to not function if a user is behind a VPN/Proxy Server
Summary of request:
Allow server owners to configure any invite url for their server to block joins if a joining user is using a VPN, Proxy Server or TOR Exit Node.
Implementation:
I propose this to be configurable as a server wide and a per-invite setting.
For the server wide setting, users with the Administrator or Manage Server permissions can set it so all invite links to the server will by default block joins from users connecting from a VPN or Proxy IP.
For the per-invite setting, users with the Administrator or Manage Server permissions can enable an option on the create invite menu to block/allow VPN or Proxy server users from joining using that specific invite link.
Rationale:
Discord as a platform places considerable esteem behind privacy, in pursuit of this goal Discord does not reveal the IP Addresses of users who join a server to the admins of that server. By default all discord bans are account bans and IP bans.
This is a good start but unfortunately in today's world, IP anonymisation services such as Virtual Private Networks (VPNs) and Proxy Server Networks such as The Onion Router (TOR) have become extremely easy to configure and use.
Tools to hide IP addresses and evade IP bans coming in the form of browser extensions with a simple on/off button interface, web proxies and easy to use programs such as NordVPN. VPNs in particular are a very prevalent and commonly used application as they are very often promoted by content creators on YouTube and other social media platforms, some Anti-Virus providers such as Kaspersky Labs even bundle VPN software for free with their Antivirus programs.
While it is true that there are legitimate use cases for VPNs and similar services, such as remote access to internal organisation resources, content filtering and SSL encryption of sensitive internet traffic. Such services are almost exclusively used in Discord for the purpose of evading IP Bans handed out by server administrators so that users can continue bad behaviour. From personal experience as someone who has ran game servers and discord servers, in every 100 cases where a user connects to my services via a VPN, 99 cases are done for ban evasion purposes.
What I am suggesting does not compromise the integrity of Discord's commitment to privacy by hiding IP address from server admins, what i am suggesting is that server admins are given the ability to preemptively stop ban evasion via VPNs and Proxy Servers before it happens.
Technical feasibility
This suggestion is very much feasible to implement from a technical standpoint. IP addresses associated with Virtual Private Networks are easy to identify as most VPN providers have static IP addresses for exit gateways and even in cases where they do not, a simple reverse DNS lookup can identify a hostname that is assigned by a VPN provider and not an Internet Service Provider.
Perfect Forward Security (PFS) keys used by VPNs are predictable and easily identified, VPN IP addresses are often compiled on public listings (https://github.com/ejrv/VPNs) and services such as ipinfo.io allow whois lookups to identify VPN service providers and APIs to detect VPNs and Proxies (https://ipinfo.io/proxy-vpn-detection-api)
TOR Exit Node IP Addresses are also listed by the torproject itself at https://check.torproject.org/torbulkexitlist
It goes without saying that this is by no means impossible from a technical standpoint to implement
Conclusion
While VPNs do have legitimate use cases, I see no reason why server admins should not be able to prevent abuse of them for malicious purposes by preemptively blocking users who join from behind such services. I am confident that any server administrator who has had to deal with this before will share in my grievances as permitting VPNs allows malicious users to rejoin servers indefinetly with no restrictions.
Discord as a service is not one that requires a VPN, server admins do not see your IP address and Discord itself is legally bound not to disclose them unless criminal wrongdoing has occurred. If server owners wish to permit users to join via VPNs then they are welcome to do so but I believe that server admins should have the option to prevent this and in turn prevent abusive users who were banned from returning.
Concept Images:
-
So your basically blanket banning/biased against vpns. yea this aint it chief. we all know how bullshit the ban reasons can be from servers that dont like your opinon.
-1 -
So your basically blanket banning/biased against vpns. yeah this aint it chief. we all know how bullshit the ban reasons can be from servers that dont like your opinon.
Its not a blanket ban. What I am proposing is a configurable, optional, opt in feature for server admins to make it so that one or more of the invite urls to their discord server will not work if the user using said invite url is connecting from a VPN or Proxy server. It is not a wide sweeping blanket ban or all VPNs on all servers all across discord as a platform like you allege.
Also your perceived injustice by a server owner who has banned you for not "liking your opinion" does not give you the right to evade to a ban via these services. You may feel this isn't fair and maybe depending on the circumstances you may be right but service providers have the right to deny a service at any time for any reason, this applies to private companies and private communities alike. Discord is not a free speech platform and Discord also explicitly prohibits utilising VPNs to ban evade and the practise of using a VPN is even considered a computer crime in most western jurisdictions, including the United States, where Discord is based.1 -
Wait hold up, your REQUIRED to give every bit of information about yourself to big companies so they can snoop, spam you with ads/calls, and track everything you do without being transparent about it? ok then, quote which law says using a VPN by itself is automatically illegal then genius.
-1 -
Wait hold up, your REQUIRED to give every bit of information about yourself to big companies so they can snoop, spam you with ads/calls, and track everything you do without being transparent about it? ok then, quote which law says using a VPN by itself is automatically illegal then genius.
While I don't recall ever saying that you are required to give every bit of info about yourself to big companies in my response to you, companies are permitted to collect personal identifying data about you (subject to relevant legislation) if you grant them permission to which for a service like discord, you do that when you sign up for discord and click the little checkbox saying you agree to their terms of service, which includes you granting them permission to collect data about you and use it in certain ways. They are also required to be transparent about it, thats why they list what they might use your data for in their terms of service or EULAs.
As for which law says using a VPN by itself is automatically illegal, I never said that VPNs in themselves are illegal. What is illegal however is using a VPN to evade a technical measure put in place to prevent you from accessing an IoT location (such as a discord server) you are not permitted to access (being banned constitutes as your permission to access being revoked from a legal standpoint) is actually illegal under the Computer Fraud and Abuse Act, there is also case law to support the application of the CFAA regarding VPNs, namely the case of Craigslist v. 3Tapps, where judge Charles R. Breyer ruled that enacting an IP address block (IP ban) and giving notice of said IP block (DMing the user prior to a ban or having a bot send them a ban message such as with YAGPDB) is sufficient notice of online trespassing to permit a plaintiff to claim a violation of the Computer Fraud and Abuse Act. So yes, if you are using a VPN to evade an IP ban, you are breaking the law.1 -
I literally ran into a server that broke rule 6 of the community guidelines on discord by having a non age-gated server banner/splash page, and when i told them, they instantly banned me on the spot. according to you, im now NEVER ALLOWED TO REPORT THEM AGAIN. because "your supposed to stay ip banned and not return because its trespassing". so basically they would be free to break the tos as much as they want since those who are banned are basically not going to be able to do anything, reports need a server id, message ids, and the ids of the users. You cannot aquire this information if your banned. you would have to make an alt account or use a vpn to be able to touch them, get back in the server, and report it. tldr:using a vpn/alt account to ban evade for the OH SO HORRIBLE reason of reporting tos breaking content to discord, is illegal according to you. Tell me, how long would it take discord to find that on their own if nobody bothers reporting it, due to the fact if they call attention to it they get essentially IP banned instantly?
-1 -
I literally ran into a server that broke rule 6 of the community guidelines on discord by having a non age-gated server banner/splash page, and when i told them, they instantly banned me on the spot. according to you, im now NEVER ALLOWED TO REPORT THEM AGAIN. because "your supposed to stay ip banned and not return because its trespassing". so basically they would be free to break the tos as much as they want since those who are banned are basically not going to be able to do anything, reports need a server id, message ids, and the ids of the users. You cannot aquire this information if your banned. you would have to make an alt account or use a vpn to be able to touch them, get back in the server, and report it. tldr:using a vpn/alt account to ban evade for the OH SO HORRIBLE reason of reporting tos breaking content to discord, is illegal according to you. Tell me, how long would it take discord to find that on their own if nobody bothers reporting it, due to the fact if they call attention to it they get essentially IP banned instantly?
With how many times you have quoted me on things I have never said, including this time I would be inclined to believe that you didn't even read anything I said above. I never said reporting tos violations should not be permitted if you have been banned from a server. If you are going to be reporting ToS violations then you should be getting Server, Message and User IDs first, your failure to do that does not justify you breaking Discord's ToS and violating the CFAA.
But that aside, your use case of a VPN represents at best a tiny percentage of what most Discord users will use a VPN for, ban evasion. Are you saying that because you do not follow best practises for reporting ToS violations that we should not impose technological barriers against users committing ToS and CFAA violations on Discord?1 -
Give me actual proof that EVERY time someone uses a vpn to ban evade, its always going to be for a bad reason, cuz im pretty sure its not,unless your somehow a genus and im missing something, which im 99.99% sure thats not true. You cant just lump every vpn user with a label of bad users you know.
-1 -
Give me actual proof that EVERY time someone uses a vpn to ban evade, its always going to be for a bad reason, cuz im pretty sure its not,unless your somehow a genus and im missing something, which im 99.99% sure thats not true. You cant just lump every vpn user with a label of bad users you know.
If you have to use strawmans and ad hominens to justify your personal position on the matter then that speaks volumes about your viewpoint and its validity as a whole. I encourage you to take a deep breath and slowly read what I said before, if you do, you will be surprised to find that at no point did I say that each and every person who uses a VPN in general uses them for ban evasion. In a wider context yes there are legitimate use cases for a VPN, I use a VPN whenever I work remotely to access my workplaces internal network. In case you have decided you do not want to actually take the time to re-read what I said above, I will repeat it for your sake, most people who use VPNs on Discord do so to evade IP bans.
1 -
"If you have to use strawmans and ad hominens to justify your personal position on the matter then that speaks volumes about your viewpoint and its validity as a whole." No im not using any of those. im going off of what your saying/doing which is lumping a large amount of the disccord userbase who uses vpns under the label of users who are automatically bad. "Most users who use vpns use it to ban evade" that is you saying the majority of discord users in the platform at all only use vpns to evade server bans. Again, please read the suggestion i linked, you will see why it is infinitely better then the way you decide to implement it. What you are doing is effecitvely blanking banning vpns from being Used on discord, So let me get this straight, your saying that if somebody were banned because "no females/males allowed" that counts as a valid reason and the user is supposed to stay banned permanently and not bother reporting them?
-1 -
No im not using any of those. im going off of what your saying/doing which is lumping a large amount of the disccord userbase who uses vpns under the label of users who are automatically bad. "Most users who use vpns use it to ban evade" that is you saying the majority of discord users in the platform at all only use vpns to evade server bans. Again, please read the suggestion i linked, you will see why it is infinitely better then the way you decide to implement it. What you are doing is effecitvely blanking banning vpns from being Used on discord, So let me get this straight, your saying that if somebody were banned because "no females/males allowed" that counts as a valid reason and the user is supposed to stay banned permanently and not bother reporting them?
The fact that you keep insisting that I am proposing a wide sweeping platform wide blanket ban of VPNs demonstrates you have not ready any of the content of my suggestion.
1 -
The fact that you keep insisting that I didint read your suggestion demonstrates you have not read any of the content of my posts/comments nor have you visited the linked suggestion i posted also.
-1 -
The fact that you keep insisting that I didint read your suggestion demonstrates you have not read any of the content of my posts/comments nor have you visited the linked suggestion i posted also.
I have read your replies, you continue to insist that I am proposing discord enact a sweeping, global, all encompassing ban or as you put it, a "blanket ban" on VPNs platform wide.
What I am actually proposing is an optional, limited scope, configurable and opt-in restriction that can be placed on invite urls. If you had actually read what I said instead instead of immediately lashing out from anger, you would know this.
Please actually read next time before responding to this, if you continue to not even read the very thing you are responding to then I am simply going to presume you are here in bad faith to troll and will ignore you.1 -
Bruh, "trolling in bad faith"? What are you, anti evil operations from reddit? 2nd, you said the option was a restriction, how are you supposed to appeal being banned automatially from entering if your still banned after you turn off the vpn?
-1 -
Bruh, "trolling in bad faith"? What are you, anti evil operations from reddit? 2nd, you said the option was a restriction, how are you supposed to appeal being banned automatially from entering if your still banned after you turn off the vpn?
Once again you demonstrate you have not read the main suggestion post. At no point did I ever state that an attempt to join would result in the account being automatically banned. it would simply block the join. If you were to turn off your VPN then the invite url would work just fine.1 -
There is nothing illegal about evading a ban on discord, period. It violates discord TOS, but discord TOS is not law. You as a discord server owner do not actually own the server which you manage and as such cannot pursue a criminal complaint on their behalf. Furthermore, the case between Craigslist and 3tapps was a lawsuit, not a criminal trial. I'm not going to dive any deeper into the legal jargon of situation that hasn't ever entered a courtroom since 2013 despite countless cases of IP ban bypasses.
Banning someone from your server does not ban them from discord itself, and your server is the property of discord. You're going to have a hard time accusing them of trespassing on a platform they haven't actually been banned from. Furthermore, Craigslist sent an official cease and desist to 3tapp, You may think this is a meaningless gesture, but it is legal proof that 3tapp themselves were told to stop and refuse. You cannot send a cease and desist on behalf of discord, because you are in no way affiliated with the company.
At the end of the day, you already have the tools needed to stop people from creating a new account and hiding behind a VPN. Turn on phone verification and require all members have a working phone number and email linked to their account. Server owners already try to force people to give their IDs to enter NSFW channels, even though from my discussions with discord staff via the support ticket system while this isn't against TOS, it's also not encouraged nor endorsed by discord. There's no reason people should be forced to expose their IP addresses to use a chat messaging app and I don't believe that valuable development time should be spent trying to identify and stop VPNs. As this process likely isn't as simple as you seem to think it is.
You're attempting to punish everyone using a VPN simply because "some" people abuse their existence. Would you also like discord to require a SSN for registration?
Oh, and if you were unaware, you can set up a VPN server right in your own house. Banning every VPN would be a massive undertaking, the end result of what your asking for is that there would be holes, people would find them and spread them around and they would continue to be abused.-1 -
"Turn on phone verification and require all members have a working phone number and email linked to their account. Server owners already try to force people to give their IDs to enter NSFW channels, even though from my discussions with discord staff via the support ticket system while this isn't against TOS, it's also not encouraged nor endorsed by discord" If your against the IDs being forced to be handed over why are you not against requiring a phone number to be LINKED TO YOUR ACCOUNT AT ALL TIMES? Have you not read what people go through when their account gets held hostage and flagged because of a "vpn/proxy shared with bad actors" excuse even when they dont have a vpn or proxy? Your proposal is exactly what discord is demanding of its userbase, to have a phone number that can link back to your account at all times so they can track you and potentially spam you with calls. If they say its only for one purpose, then it shouldint be forced, where users essentially have to link a piece of their personal information to their online accounts. Theres a reason googles one time call email creation works, its NOT PERMANENT AND YOU CAN REMOVE THE NUMBER WHEN YOUR DONE USING IT SO THEY DONT SPAM YOU. With discord that is not the case which has been told by many people, if you try to remove it they will just force you to use a number and keep that number on your account, which is basically exposing your information to people, or with the stupid "selfie with your discord username and server name on a piece of paper" bullshit, its not needed or required to verify ONE THING. As a wise user once told me, keep it simple stupid. Furthermore, people without a phone who either wont want one or cant afford one are screwed and cant even use their account, cuz discords response to people and me included amounts to "Screw you we're right and you're not because our perfectly flawness botnet moderation system said so."
-1 -
> There is nothing illegal about evading a ban on discord, period.
Incorrect. 3Tapps vs Craigslist says otherwise.
> You as a discord server owner do not actually own the server which you manage and as such cannot pursue a criminal complaint on their behalf.
And? Where did I suggest otherwise? I was simply pointing out the pro-VPN troll replying to my threads that there is in fact legal precedent to suggest that ban evasion is not permitted by the CFAA.
What point are you trying to make with this?> Furthermore, the case between Craigslist and 3tapps was a lawsuit, not a criminal trial.
Thats not how the US legal system works. Civil cases do not have to be exclusively based on tort law, they can be based on criminal law as well.
Turn on phone verification and require all members have a working phone number and email linked to their account.
Phone verification does not prevent VPN users from ban evading. People can easily create new email addresses or simply swap their number to another account.
Server owners already try to force people to give their IDs to enter NSFW channels, even though from my discussions with discord staff via the support ticket system while this isn't against TOS, it's also not encouraged nor endorsed by discord.
This has nothing to do with my suggestion. Im talking about preventing malicious users from ban evading, not underage kids accessing NSFW channels.
There's no reason people should be forced to expose their IP addresses to use a chat messaging app and I don't believe that valuable development time should be spent trying to identify and stop VPNs.
Discord does not show your IP address to server owners. Also you seem to be acting like this is a privacy issue or that some serious human rights violation is at stake, VPNs are not a human right and if you are concerned about privacy on the internet or your marketing data from being used, you probably shouldnt be using Discord in the first place and you should also stop with the fixation on IP addresses as a metric to identify you, unless you specifically request I wont go into specific details about how a VPN is not going to stop marketing agencies and such from identifying you since its not relevent to the matter at hand, but IP addresses are not as important as an identifying metric as you and VPN providers seem to think they are.
As this process likely isn't as simple as you seem to think it is.
You using the word "likely" suggests to me that you dont know whenever its simple or not. I speak from personal experience as someone in the IT sector when I say it is, I've described various ways in the original post.
You're attempting to punish everyone using a VPN simply because "some" people abuse their existence.
No im not, as stated in the original post it is an optional and opt in system, if some server owners value "freedom to use VPNs" over ban evader detection they can chose to not opt in. I have never suggested discord make this a global turned on by default feature.
Also to say only "some" people abuse VPNs is an understatement. From personal experience most people using a VPN service are ban evading.Oh, and if you were unaware, you can set up a VPN server right in your own house.
Im going to presume you are referring to private proxies when you say this. Yes, you can do this. But the amount of discord users who have the technical knowhow to setup a private proxy and are willing to pay for the necessary hardware (usually a VPS) is significantly smaller than the amount of users who are using a VPN service their favourite Minecraft youtuber advertised to them. I never claimed this was a total solution, but it will stop most cases.
Private proxies however can also be detected, take the IP and preform a whois lookup, if it returns to a hosting provider or someone other than a home/business ISP then its likely a proxy. Thats addition to things like looking at PFS keys and using detection APIs.0 -
"Incorrect. 3Tapps vs Craigslist says otherwise."
No, it doesn't. And if you believe that you didn't fully invest in reading and studying the case file. 3Tapps was sent a cease and desist primary due to the redistribution of advertisements that Craigslist argued they owned a copyright for. This was a dispute between two business entities, not a business verses a consumer. And again, this was a civil case, not a criminal one.
"Thats not how the US legal system works. Civil cases do not have to be exclusively based on tort law, they can be based on criminal law as well."
There is as of this moment no criminal precedent set for what you're talking about. Rulings between civil and criminal court are not at all similar, and the burden of proof required is not equivalent. That is exactly how the US legal system works. It is far easier to win a civil lawsuit against someone than it is to criminally convict them, and there are plenty of cases where a person is found not guilty in criminal court and still goes on to lose in civil court.
"Phone verification does not prevent VPN users from ban evading. People can easily create new email addresses or simply swap their number to another account."
So you're saying discord can flat out ban VPNs, but not account link a phone number, or permanent associate it with a discord server ban?
"Discord does not show your IP address to server owners. Also you seem to be acting like this is a privacy issue or that some serious human rights violation is at stake, VPNs are not a human right and if you are concerned about privacy on the internet or your marketing data from being used, you probably shouldnt be using Discord in the first place and you should also stop with the fixation on IP addresses as a metric to identify you, unless you specifically request I wont go into specific details about how a VPN is not going to stop marketing agencies and such from identifying you since its not relevent to the matter at hand, but IP addresses are not as important as an identifying metric as you and VPN providers seem to think they are."
Irrelevant, I don't want discord itself to have my IP. It has nothing to do with server owners.
"You using the word "likely" suggests to me that you dont know whenever its simple or not. I speak from personal experience as someone in the IT sector when I say it is, I've described various ways in the original post."
And your anecdotal, self proclaimed IT prowess means literally nothing. The amount of people on the internet who claim the title "l33t hacker" is far greater than the number of people who know how to slot RAM in correctly. Everyone who comes to a debate regarding IT claims IT experience. If it can't be validated, it's meaningless.
"No im not, as stated in the original post it is an optional and opt in system, if some server owners value "freedom to use VPNs" over ban evader detection they can chose to not opt in. I have never suggested discord make this a global turned on by default feature.
Also to say only "some" people abuse VPNs is an understatement. From personal experience most people using a VPN service are ban evading."
When you present people with a choice that takes away another persons choice, you're punishing the ladder. If someone must disable their VPN, or be outright denied access to your server then there's really no choice at all, it's a punishment. Calling it "Optional" is utterly ridiculous.
If I gave you a choice between giving me your physical address, or getting off the discord platform entirely, am I really providing you with a fair choice? After all, you can just not give me your address, and leave discord. So it's you're choice.
At the end of the day you're entire post can be summed up by "Some people abused VPNS, so I want the option to ban VPNS. Anyone who has a legitimate reason to use one can just eat dirt and stay out of my server."
Banning the use of a tool simply because some people abused the tool has always been unreasonable. It's nothing more than a knee jerk reaction based on a negative experience that came about due to that abuse.
"In my experience most people using a VPN are doing it for ban evasion"
Your anecdotal experience means nothing. If you don't have any real metrics of how many people abuse them verses how many don't, then it's not a talking point. The same applies to your assumption of the average discord users technical know how. If we're using arguments like that, then I'll argue that even if VPNs got banned, people would still find a way to evade bans and you would end up in a endless tech tug of war.
"ake the IP and preform a whois lookup, if it returns to a hosting provider or someone other than a home/business ISP then its likely a proxy."
So now we're blocking access to anyone that doesn't have a "real looking IP" Discord can't even recognize a valid phone number half the time and you want it to judge the validity of an IP address.
There are countless posts of discord users complaining that their phone numbers were rejected, despite it being a number from a major service provider like Spring and AT&T. What's to stop this same type of failure from occurring when an ISP is false flagged as a VPN?-2
Please sign in to leave a comment.
Comments
18 comments