Hardware ban instead of IP ban
-
facts
-1 -
HWID Bans are easy to bypass too, but they are a pain in the ass.
2 -
This would be amazing. Even if it's not perfect, it'd be a good way to get people that act like scum off the platform.
-5 -
Well, here is a little lesson in trickery, do you want to be a hacker number one? First lesson go to your wifi settings and switch this one, then discord and op have no clue who you are.
12 -
HELL YEAH -4 -
Teamspeak already did this for server bans, and It was very easy to bypass. There is no point in implementing this because there will always be a way around the ban. Even from your example (Blizzard) you can still easily make alt accounts and bypass any ban with ease
6 -
I mean by that logic IP bans and account bans are even easier to bypass. The whole point is to add another variable to the pot for bypassers to slip up. Besides, unlike IP bans, its tons more difficult to change your ID if you were logged before having the disguise on.
Most people don't even know how to do these things, or don't bother. If they do, most of the time its due to the ban, which is too late by then. Its a great idea, and I'm all for it.
And uh, I really don't appreciate you giving encouragement to bypass bans, whether intentionally or sarcastically.
0 -
Seriously, why are people downvoting this?
This is not the same as an IP address, and yes... it can be spoofed, but most people don't know how to.
It's not just activating a VPN, and it wont hit an entire university, or anything similar.
-2 -
Seriously, why do people keeps downvoting this? This is a "MUST" feature. We MUST have this to remove spammers forever, maybe.
-2 -
I agree with this. While Hardware ID bans can also be circumvented, not many people know how to change or spoof a HWID. Those who do know, are determined to be trolls. But at least they'll be fewer than people who just switch their VPN and can create new accounts on that new IP.
I help moderate a server, and we constantly have two persistent users coming back on brand new accounts every few days, circumventing the MULTIPLE bans issued to them. We can't report them to Discord T&S because it's a new account each and every time, created seconds before they join, so I doubt Discord T&S can do much. And even a ban from Discord T&S can be circumvented. People do it all the time.
Bans need to be by HWID now, not IP.
0 -
This comment was on a suggestion regarding adding MAC address ban (NOT THE SAME AS HARDWARE ID BAN) and talks about that. However, the core still maintains: you can't get an hardware ID from a web page (Discord desktop and in the browser work almost the same way), and if you could it would be easily spoofed the same way.
Not to mention the privacy concerns that this would show.MAC addresses can be easily spoofed with easily accessible tools on Windows.
Using a virtual machine (Virtualbox, VMWare, QEMU), you can change the MAC address in no time.
Besides, MAC addresses only matter for the router/switch to know where to send your packets.
That's all it does.
Quoting https://en.wikipedia.org/wiki/MAC_address:
A media access control address (MAC address) of a device is a unique identifier assigned to a network interface controller (NIC). For communications within a network segment, it is used as a network address for most IEEE 802 network technologies, including Ethernet, Wi-Fi, and Bluetooth.Addicionally, using WebRTC, it is possible to obtain the local IP, but not the MAC address.
4 -
Yes I agree, this idea is not feasible.
4 -
these bans are easily exploited by admins of extremist servers, they just IP ban you when you threaten to report the server!
2 -
@Snakemonger And... bans are also easily exploited in the first place? So?
@cupid.rips.hearts You actually can, by having the program itself verifying hardware itself, and send the information on.
@nyoko Then use different hardware checks.
-3 -
The fact this has been downvoted is insane. It would of course be optional, and is really the only sure fire way to stop returning troublemakers on alts and vpns. -1 -
@Darth Ok How do you propose discord Get a hardware ID from a web browser they don't own i.e. Chrome, Firefox, Brave, Opera, etc. Without Using exploits that could be considered illegal and/or easily blocked or circumvented (by user or browser update)
0 -
There is no point of IP or Hardware banning people as a VPN or a Virtual Machine can get passed this. Even an iPhone on its LTE connection can get passed this.
2 -
Zelkam, can is the key word there. Not everyone has a VPN active, in fact most people don't. Same goes for hardware id. By that logic what's the point of banning at all?
In reality the idea is to create multiple methods of banning so that there's a lot more to keep track of and a lot more places to mess up if you are trying to avoid a ban. It won't get all of them banned, but it will get a metric ton more banned than as is for now. Which is kind of the idea.
0 -
How exactly do we figure a hardware ID would be more effective than an IP ban? To get around an IP ban you have to have a vpn which is generally a paid software in 99% of cases as most free proxy sites are malware these days. You can change your hardware ID for free, there is a ton of software you can get just by googling and most is user friendly enough that anyone who could setup a vpn could figure it out
If we're assuming MOST people wont circumvent, sure, they won't, but the only reason we're talking about it is because of people who abuse the system. I don't think you can convince me that these people wouldn't be able to watch a 5 minute youtube video on how to bypass this ban just like they did for IP bans
2 -
As far as PCs go, there is generally a lot of hardware in them. You ban the user using one of the many different IDs of their hardware. Make it difficult to track down which one got banned.
Either way, adding another part to bans is better then doing absolutely nothing about the situation, even if in the end it only does a little bit to help.
I would rather Discord do something instead of nothing.
-1 -
Tbh, i don't think it would be smart to ban people with hardware id.
First, when you talk about hardware ban, there is 2 things. The first would be MAC Address which is very different from what people imagine, that can easily be spoofed because you can change it and the second is HWID (hardware id) which is harder to spoof but still possible with some types of VMs. Both of them are dumb because you cannot get both of them in a browser, from what i know. This means that people using the browser version of Discord like me will be immune from that kind of stuff. Even for those who use the desktop app, if Discord used something like the Mac Address, it would be really easy to bypass. Windows has a setting for that, called "Random hardware addresses". For HWID, there might be some unwanted bans because there is no real way to get a unique HWID. A friend of mine who made a software decided to ban someone from using it. He has his HWID but when he banned him, other people with the same components on their pcs got banned too. Even a UUID (Universally unique identifier) is not unique. And you cannot get that from a browser anyway. IP Ban is the most reliable way of banning someone, for a service like Discord. Discord also checks your IP when you create an account and if they detect you are using a VPN at the moment of the creation of the account, they might ask for additional verification steps (it happened to me before).
TL;DR: Discord also has a browser version, IP Ban works well and a website cannot get mac address and hwid.
2 -
WABZ
That's like saying you shouldn't do IP Bans because you can use VPNs and bypass it.
Anyone can bypass literally any ban method you can even lightly consider... the thing is VPNs are very well known, spoofing MAC address isn't.
It doesn't even necessarily need to be a "hardware ban", it could even just be a unique ID generated in some manner on individual computers, etc...
The point of having multiple ban methods isn't that they can't be bypassed, because of course they can... but that it takes more effort. If we go by your argument we shouldn't have firewalls either, because it can be bypassed. No computer security, because it can be bypassed, so not worth it, or something.
You could even make a setting that doesn't allow browsers to join a server for example. There is many things that could be used.
-2 -
Ok, ill respond to what you said
1. That's like saying you shouldn't do IP Bans because you can use VPNs and bypass it.
R1. No it's not. My main point is that browsers do not offer the possibility to get HWID and MAC Address. The bypass thing is just for saying that in addition to those methods not being compatible with the browser, they are easily bypassable (that's suggestive tho) like the IP one.
2. Anyone can bypass literally any ban method you can even lightly consider... the thing is VPNs are very well known, spoofing MAC address isn't.
R2. You are right, but anyone who knows how to use google can find how to bypass MAC Address bans.
3. It doesn't even necessarily need to be a "hardware ban", it could even just be a unique ID generated in some manner on individual computers, etc...
R3. How would you do that? You would need to store it in some way and for it to be efficient it would have to be associated with something in your PC (aka Hardware ID method). This is very hard to do and basically a waste of time for an app that also has to be compatible with the browser. If you only think about how to do it in browsers, it would be called browser fingerprinting. This is very intrusive and many countries do not like that type of stuff.
4. The point of having multiple ban methods isn't that they can't be bypassed, because of course they can... but that it takes more effort. If we go by your argument we shouldn't have firewalls either, because it can be bypassed. No computer security, because it can be bypassed, so not worth it, or something.
R4. You are right on that one. The only thing is that it's not my main argument.
5. You could even make a setting that doesn't allow browsers to join a server for example. There is many things that could be used.
R5. That would be a horrible thing to do! Also, many people only use the browser version of Discord for multiple reasons, like me.Hardware ID ban methods would be good if Discord was only a desktop app, but because it is also a web app, it is just not a good idea.
2 -
Wabz
Discord does detect when you create your account using a VPN, but the user can always create an account on their real IP and then switch to a VPN after account creation1 -
TheCuriousCatPerson
Except Discord can only detect VPNs it knows the IP of.
2 -
Yup, that's true.
I think discord should detect that stuff.
EDIT: Maybe they should have a history of IPs or something instead of only saving last IP address.
0 -
Yes, but most VPNs are on public lists, so it is very easy to do.
The more a VPN is popular, the more it will appear on VPN lists. Cloud providers appear on them as well, so if you host your own VPN on digitalocean or something like that, discord should detect it as well.
0 -
The CEO of Discord
I think they should make it where if someone gets banned from a server, they should also block the IP that was used to create new accounts that are currently less than a month old
If this happens, then most of the ban evading would stop, if the user already has an alt account then if an admin is smart they would just ban the alt account too if they know what it is1 -
That's an excellent idea!
0 -
TheCuriousCatPerson
Would not be a great idea. IP is essentially useless to use for banning these days, especially because ISPs wide spread use of NAT.
IPs cycle a lot.
0
Du måste logga in om du vill lämna en kommentar.
Kommentarer
38 kommentarer