In case any Discord employees are reading this: please don't remove the ability for bots to read message_content , or make me jump through verification hoops either. Reading raw messages is absolutely crucial for moderation bots and, well, just about every other fun and interesting bot.
I don't write discord bots so you can type a slash command to do a thing. That's boring. Good bots can read messages. Discord will be very "not dope" and "not cool" if bots are forced to become a sterilized pick-list of interaction options.
Also they need to stop rate limiting so much for normal users. We found out they rate limited banning. I moderate a large server where we dont add many barriers to entry so we get raiders and bots. We had to ban a thousand bots and couldnt go as swiftly due to rate limiting. I wish they would provide sensible controls for their bot problem and looser API restrictions. The bad bots dont care about rate limiting. I even saw a bot raid where accounts were just created that very moment. They have a broken registration flow somewhere.
Sorry for rant I moderate a sizable Discord and these are burdens a lot of political or reasonably large servers face. We get fresh raids every other week with thousands of accounts. Idk why Discord finds it normal that thousands of accounts would join any server within a minute and spam user DMs and leave. These are red flags.
You're talking to an empty room. Startups operate by pushing money at features that are inherently unsustainable, so that they look like they're "better" than the competition. Now that discord is highly valued and looking for buyers there's no stress to ensure those features continue, or to in any way seriously improve the product. Standard push-pull economics.
Microsoft offered $12 billion. They set the floor, and now Discord is trying to raise it. Nothing about this makes sense, unless Discord plans to offer premium bots they control or something along those lines.
A real-world example I base this on: Twitter started squeezing developers after the IPO in ways that only make sense for a company that wants to control the experience for monetization purposes. They were desperate to justify their stock to investors. Discord might be on the same track.
Reading that placates my concerns a little. The bot API community's reported morale deflation after the NDA-sealed meeting mentioned in the Gist kind of trounces it though. I've got a sinking feeling that the ultimate vision for this applies to all bots, and it's only "bots used in 100+ servers" for now.
Time will tell, I hope I'm proven wrong. I hope that preemptively voicing my concerns helps keep the conversation going to make sure small bot authors aren't left in the dark.
The thing is, you're probably right. Over time they've been restricting items for bots in over 100 servers. Right now its to see the users in the server and also to see the statuses of these users.
They should not remove it but it shouldn't be the way for most bots. Unless your bot is working with the messages instead of commands, it should get access to zero messages. While adding the bot, it should clearly say if it can read messages and if it can, why does it need it.
I wrote a bot and then realized my boy can easily log everything even tho it was only posting some updates from somewhere else.
Since then I've been restricting bot permissions as much as possible. Most bots these days directly want admin permissions in every channel. They don't need it. They can get their 99% things done with slash commands. I should be able to deny message permissions and get those 99% things working.
If your bot is not in your own channel and is reading messages, you should be fully verified by discord.
If it is your own channel and you _host_ the bot server, you should be able to anything without verification.
The issue is most bots setup instructions include adding them with tons of privileges including admin even if they don't need it. Then they get private channel access and can log those. This is not really apparent to most (non-engineering) people.
I think bots that can read messages, should always be self hosted instead of some random 3rd party.
Most bots just post updates and responds to commands. / Is the way to go.
> I don't write discord bots so you can type a slash command to do a thing. That's boring. Good bots can read messages. Discord will be very "not dope" and "not cool" if bots are forced to become a sterilized pick-list of interaction options.
Are there large bots that are particularly dynamic? Every bot i've seen with any real usage across servers has a !help command with a static set of commands. Plus, on almost all of them you can change the command prefix to a special character like `~`, which was very needed with multiple bots defaulting to the `!` character, thus causing multiple bots to respond at once to commands where the user only intended one bot to respond.
I've seen a few markov chain bots which were hilarious. As another comment mentioned, they can also be used for automated moderation. I've also seen a few servers with a bot that lets you "level up" depending on how active you are
Nadeko bot is a fairly big bot that has the ability to configure custom responses that the bot will reply with if a user types a certain message (any string of text, no prefix).
Core functionality is of course behind a prefix, but that's just convenient.
Another popular bot, Mudae, allows the user to use both prefixed commands and slash commands, and the latter can take a few seconds to go through. Not acceptable when you have to fire ten or more commands at once in under half a minute.
A better argument would be that "slash commands lack the same accessibility", than to say they are boring. I have many friends that use a variety of accessibility tools and well aware of how changes can really frustrate and block them from communicating.
You're wasting your breath. Given the hamfistedness of their approach and swiftness with which this was pushed through, this was an order from the top. Which means that they're likely going to start monetizing user data directly and they're aiming to shut down third-party collectors.
I think Discord bots bots have a huge security and privacy issue where there are these mega (and less mega, but still large) bots that are just unnecessarily slurping up all private conversations in a lot of servers, without a lot of people's knowledge.
As a user in a server, you don't really have a way to consent to whatever third party bots reading your message. You've just got to hope you see that the bot was added, or see it in the user list. The server admins consent to the bot being added (and as an admin you still need to hope and trust that they're not doing anything dodgy with all the unnecessary information they're getting), but no one else in the server gets to consent or is made aware of the new audience they're broadcasting to.
I think for the broader Discord community - which is pretty broad with a lot of younger and non-technical folk - making reading messages a privilege intent is the right move.
When you join a server you can go through the entire history of that channel. A user or a bot pretending to be a user could come in at any point and slurp all of that up.
If you restrict this capability then ultimately you'll just end up with bots pretending to by users.
I think the difference though is that as a user, you cannot do that easily. Whereas a bot can automate this across many channels and servers (especially as this restriction only applies to bots in 100+ servers).
User bots I think is a different, equally valid problem (if not more problematic) that's probably harder to solve. "Rogue bots" look just like normal bots that a server admin would voluntarily install without knowing what it's dong behind the scenes. Bot users are actively malicious and breaking the ToS, and can't reach the same scale as bots (because all server admin cannot just add one to their server).
I think they're both problems, but represent different points on the threat matrix. It's kind of like saying "iPhone shouldn't restrict access to the camera roll for App Store apps when viruses can just bypass and get them anyway".
Bot users aren't necessarily malicious at all. That's how automated bots always start out as. And there's no way to tell whether a user is a bot or not if they don't interact with the server.
Besides, if you say something on a public discord chat it's like saying it on Twitter.
But you realise the danger of this, no? If you have a bot in your private server listening for all messages, those messages are being sent off to somebody else. You have no way of verifying what they do with those messages. They could be logging them, using them for targeted campaigns of any kind. It's a huge privacy issue.
I think Discord requiring ID for large bots is a right step towards being able to hold these bot authors to account. But it's not enough.
Nothing prevents you from denying read permissions to bots in "private" channels. Slash commands are still available even if you do. If you still need normal functionality, you can always restrict the bot to its own channel.
The only thing this prevents is new bot authors from, well, writing interesting bots.
Correct, this is what we do on a reasonably large server (tens of thousands). Public channels are free game, staff channels are restricted from bots. Honestly I dont see a bot owner having a budget to store all that message data I store only very specific meaningful data. For example I have a bot where users can message our bot to contact our staff team. You can see why reading message_content is extremely useful. This allows mods to communicate to users via the bot and appear fully impartial.
Soon I fear my efforts are going to be thrown away because I dont want to expose personal information with Discord.
How long before we read a headline here on HN that someone hacked all Discords verified bot developer information? No thanks.
As somebody else in this thread stated, Discord is a platform mostly for young people. I doubt most users are aware that bots are a privacy risk. How are they going to know that they need to create a separate bot-free channel for their private discussions. This isn't something users should even need to worry about.
I mean, every user of that channel can do that as well. It's just that there shouldn't be expectation of privacy on a Discord channel unless you know and trust every participant.
Message reading bots are very useful for many things. Limiting them because of privacy concerns sounds like a loss for no gain to me. There isn't any privacy on Discord to begin with.
+ AFAIK Discord said they aren't going to completely remove message access, just lock it behind a privilileged intent. What's stopping malicious developers from adding features such as bad link detection, chat activity leveling system, thus giving them a reason to say to Discord, hey, we need message access, and then using the message access for these malicious reasons.
I'm always very thankful that we even have people that work so hard towards FOSS libraries to begin with. It must feel pretty bad to receive those responses from employees telling him about the things he should do that are 'um', 'easy' and 'dope' when there's clearly been many longstanding feature and communication issues already (as if being the person working on a FOSS library for no compensation in your spare time that empowers a company whose employees' are getting 7-8 figure exits within a few years wasn't already bad enough).
My general pessimism with this situation is how proprietary everything has to be to begin with; the idea of a single company storing the full history of everyone's messages and interactions is already bad enough without them requiring the government ID of their users.
I should add about the government ID part, that I understand why they do it. I've worked with anti-abuse in online ecosystems before, and I undertsand how difficult their challenges are at their scale, but it's nonetheless a pattern that I'm just tired of at this point.
I'm tired of platforms asking me for my government-ID to allow me to use them. I'm tired of having every message I type 'privately' to someone being stored and owned by a company that has no obligation nor motive to treat it the way I'd want. I'm tired of being forced to 'log in' to services just to read important information (now being trialed by Twitter and Reddit as well!). Honestly I am just tired of having what feels like no rights or control whatsoever in the general online sense of my life, having to deal with and accept whichever new 'feature' or 'usage of my data to improve my experience' the products I 'choose' to use decide to rollout.
I apologize for this turning into a such a rant, but this has been upsetting me a lot lately. I have this wonderful illusion of choice of which products I use, but the punishments I receive for trying to opt-out have become untenable in the last few years. I can't even pay my rent without using a finance app that scrapes and sells my transaction data (which app does this? almost all of them), let alone get help with free software when the answers to my questions are now all contained within Discord chat history which asks for my phone-number to join so that I may even search it, rather than on an openly-searchable forum.
While I still am able to use the software I prefer like Signal, IRC, and Matrix with some of my unique technically-gifted friends, the network effects of having millions/billions of users and owning all of their data are a particularly strong force that I have not yet found a way to reckon with.
This all stems from natural monopolies. Our antitrust laws in the U.S. were modeled with the presumption that it'd be extremely hard to create such an efficient process to the point that the company could harm user choice without the business being a national or global actor - and this was proven when only truly logistics-centric companies like big oil could reach the threshold of being considered a monopoly. The internet flipped that on its head when anyone with enough money could hire the absolute best talent possible from across the globe to create a product that undoubtedly is the absolute best solution for the (majority of) users that choose to use such platform.
The only reason you can't find important information without logging in is because these consumers profit off of the product by using it as the only place they post their findings (profit, as in, not having to deal with the headache of posting something to multiple news feeds and go through the cruft of editing a personal website with insignificant <280 character content). If these products were terrible, people might be more open to designing a website in their own image with the information in the format they choose.
> I'm tired of being forced to 'log in' to services just to read important information (now being trialed by Twitter and Reddit as well!).
As a non-user of both Twitter and Reddit, I'm genuinely curious about what "important information" is there that isn't anywhere else? Presumably I'm missing something big?
There are many niche subreddits with deep knowledge about their respective subjects. This knowledge comes out in product recommendations, discussions about interesting nuances, and as a place to share original creations (which I don’t think should be undervalued, even if one is an advocate of personal websites—I think content aggregation and easy posting does have value). Subreddits that personally come to mind are /r/fountainpens (a wealth of knowledge on maintaining and restoring pens), /r/mechanicalkeyboards (fascinating when it comes to custom boards), /r/watches, and of course /r/buildapc (an unparalleled resource of computer building lore for part compatibility, build failure debugging, etc). I’m certain there are plenty of other subreddits that provide similarly excellent value for their communities. Why should anyone have to log in to Reddit just to read someone’s post on /r/buildapc about how they should fix their unique issue?
My experience with Twitter is more limited, but I know people use it as sort of a microblogging platform sometimes and it benefits from the same ease of posting+content aggregation setup I mentioned earlier.
This is all my take, of course! I just hope we can avoid balkanizing the internet, despite all of the incentives these social media companies have to do so.
Also, Twitter threads are frequently posted to HN and lately they've becoming almost impossible to read without an account or dancing with js/ad-blockers.
For Reddit, some programming languages and frameworks have a subreddit on which issues or solutions are discussed instead of Stackoverflow
Meanwhile, I see fleets of user-bots happily chugging along under the radar hoovering up data. Just like the post author said:
> the crux of malicious bots were, and still are, user-bots.
Seems almost laughable that Discord is making hoops for legitimate bot developers to jump through while taking little action against user-bots.
I suspect that Discord wants to get a chunk of the big money that game bot developers are making, and are pushing bot developers into a more rigid API that will eventually include in-app-purchases. The article author also said:
> No longer will bots thrive with a sandbox limited only by your imagination, but instead Discord is now the sole gatekeeper of approved use cases. The future of Discord bots relies solely on the interaction system; things have to be explicitly written and supported by Discord employees
A bot that doesn’t use the official registration method, which involves setting up an “application,” registering the bot, and then inviting it to your server. This labels it clearly as a bot. A user bot just looks like a user, and also has no restrictions.
Discord is the reason I'm a software engineer. I joined back in 2015 and after a few months of usage I had an idea for a bot, which prompted me to learn programming and develop it. I did so, and eventually my little bot was in over 1500 guilds / servers, which eventually lead me to getting my first internship as a software engineer. Now, 6 years later, programming is how I'm able to live a life I did not think was possible to make by having fun at work every day, and I'm incredibly thankful for Discord for giving me the opportunity to do what I love for a living.
That said, I can't express how frustrating it is to see a platform you're so grateful for grow so much in such a short amount of time, and gradually become worse because of it (or, at best, see no significant improvements). Over the years I have vented over and over to anyone who would listen about the ways I want Discord to be better (not for me, but for everyone), and I don't think I have the energy to do so anymore. I could write huge lists about the basic features Discord is missing, but to me it's a slap in the face whenever Discord prompts me to "join my university's server by inputting my e-mail" (even though I'm not a student), while 6 years after launch you still cannot collapse the sidebar on the left that insists to take up 300px of your screen no matter what.
I understand that it's pointless to complain to deaf ears. Over the years I have applied to work at Discord countless times, even talking to one of their managers over LinkedIn, but unfortunately we couldn't make it happen because of USA Visa restrictions. Because of this, I'm forced to sit at home watching a platform that has given me so much deteriorate over the years. I have considered building a competitor, alternative clients, and even bridges to other services like Matrix, but alas I'm stuck here.
> you still cannot collapse the sidebar on the left
The sidebar bothers me all the time, when I want to have two windows side-by-side on my screen. The actual chat ends up being smaller than the sidebar.
I wrote a javascript bookmarklet that automatically shows/hides the sidebar element on hover. I've gotten a lot of use out of it. It's 821 characters --- less than three tweets long.
Why haven't they solved this problem for users? It's shocking that the only way to shrink the sidebar is to inject javascript.
javascript:(function(){ function sleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } let sidehover = false; let guildhover = false; let sidebar = document.getElementsByClassName("sidebar-2K8pFh")[0]; let guildbar = document.getElementsByClassName("guilds-1SWlCJ")[0]; async function hide() { await sleep(50); if (!sidehover && !guildhover) { sidebar.style.display="none"; } } async function show() { await sleep(150); if (sidehover || guildhover) { sidebar.style.display=""; } }; guildbar.addEventListener("mouseenter", () => { guildhover = true; show(); }); guildbar.addEventListener("mouseleave", () => { guildhover = false; hide() }); sidebar.addEventListener("mouseenter", () => { sidehover = true; show() }); sidebar.addEventListener("mouseleave", () => { sidehover = false; hide() }); hide(); })()
The `sleep(150)` and `sleep(50)` can be tweaked to adjust the delay between when you hover over the server bar and when the channels bar is displayed (that's the 150 ms) and between when you move the mouse off the side bar and when the channels bar disappears (the 50 ms).
If you're using the electron desktop app, you can open the javascript console with ctrl-shift-i and paste it in there for the same effect.
> I have considered building a competitor, alternative clients, and even bridges to other services like Matrix, but alas I'm stuck here.
Despite it's recent missteps, Discord has, if nothing else, provided us with an excellent technical foundation of what a modern one stop shop communications platform should look like. I'm keen to be involved at any level of a competitor.
Wow, we have basically the same story. My first programming project I build without a tutorial was a discord bot using discord.py and now I'm working as a swe intern. Grateful for this community and sad to see it deteriorating
I mean, they're just following the same pattern that every other social media company has with their API: make it very open to help capture user share, then gradually scale it back to shut down abuse and facilitate monetization.
This is what concerns me about telegram now. It has one of most open APIs and I have spent thousands of hours building bots for dozens of my stuff. Can't imagine a time when they restrict it just like Discord
To me, this is a good indicator that they're going to start (or are already in the process of) monetizing user data directly and they are shutting down avenues for third parties to hoover up that data.
If they started monetizing user data, I would immediately leave Discord and so would my entire community of software developer friends. The best way to push all of us to Matrix.
That being said, they already have a revenue stream in Nitro. I don't see them caving into advertising and selling user data very easily. Especially this late in the game where all their users are used to not having them.
No you won't. You may think that right now, but when the day comes the majority of your group will be too lazy to switch and you'll be stuck. Which is exactly discords plan.
You don't claim to...except that by saying "when", you actually claim to. I understand not believing what everyone on the internet claims, but that doesn't mean you should be presumptuous.
Discord has only been ramping up and making their API better recently? Slash commands, webhooks, interaction elements like buttons and dropdowns, and the new context menu API are all pretty cool I think.
As someone who has used Discord for the past few years, it's kind of sad to see how dominant and arbitrary it's become. Gotta say I would prefer Matrix if the communities I participate in used it.
It's gotten pretty far from the good old days of IRC --- which I'm quite aware is still alive! --- and that's both good and bad at times. But one of the biggest flaws is that it's not an open standard. (Interop is only done by prohibited programs like Ripcord!)
Matrix is controlled by the Matrix.org Foundation (https://matrix.org/foundation). The original team who created Matrix subsequently set up Element (New Vector) in order to fund Matrix work, but we very deliberately split Matrix into an independent foundation.
Unsure what you mean by “not a standard” - all APIs of the Matrix spec have been successfully implemented at this point by indpependent developers: this makes it an open standard. Eventually, once the standard has reached maturity, we may try to contribute to W3C or IETF - or we might turn it into a dedicated standards body like W3C did for the Web.
That is exactly what I mean by not a standard, standards are usually a bit more stable in the flow of new features than I see with a specification. That all api have been independtly implemented is news to me as I have no knowledge of any server implementations that are still not heavy wip so I will retract that comment and similarily the one of the relationship with New Vector.
> When asking an innocent question to Mason, the Project Manager of the Bot & API team, about whether my bot could connect to the gateway without being verified, he responded rudely and called me a "martyr" with an unnecessarily threatening tone:
Just wanted to say that I had a completely different read of Mason's response - without any other context, it seemed like he was joking around. "We won't ban you, y'know, unless you're into that kind of thing" style. Am I totally off base?
I didn't read it that way, I think a common interpretation would be that he implied the maintainer was probably a martyr or was likely looking to become one, which even if it was partially joking would be taken as threatening to me.
I think a lighter interpretation like "We won't ban you unless you want us to" has a different context that usually doesn't follow a question about your service in particular banned, nor does it imply someone might have a specific "quest" to be banned - especially as a random person who also has had grievances with low communication to the point of making a competing API discord.
I think you're being extremely generous by ascribing any ambiguity to it. Especially as there is context.
That's not how I read it, I think almost everyone would read it as Rapptz did.
Tone is difficult to gauge over the Internet. Maybe Mason just messed up how it would be interpreted. I suspect we've all done that. I know I have.
But the term "martyr" is a really loaded one. This didn't feel like a playful tone misjudged to me.
Both of the Discord employees in that were screenshotted come out of this looking really bad. Unprofessional and hostile. The question is just whether they were actually also hostile, or just unprofessional.
That sort of response isn't very professional, and I'm perfectly aware of Discord's "playful" culture, but it was out of place when someone was trying to discuss something seriously.
'Happy to oblige however I can in the cause for a martyr' - just read this sentence in your head and tell me it doesn't sound like it's dripping with sarcasm
Assuming you're not a jerk and you don't say jerk things, you wouldn't have said this jerk thing being quoted. So saying you wouldn't have said it doesn't change the meaning of what was said.
I'm with you on this one. Not sure how every reply to you can only see this as threatening. Maybe I'm in a bubble, but I don't think I could read or use the term "martyr" (especially in such casual context) in the 21st century without it being seen jokingly.
Exactly, it shouldn’t even need saying! But, wonderful place though HN is, it is not known for being full of people who understand humor; the majority are going to be all straight-faced and disagree.
Danny and Mason had known eachother for several years when this conversation happened. While not great from a PR standpoint, I don't think this kind of banter with someone you've known for so long is out of line.
I wouldn't have personally said it -- saying he's looking to martyr himself could be read as insulting his judgment, as perhaps it was -- but I read it as a joke too.
If one doesn't own a platform then one is at risk of being kicked out in the name of owners' (shareholders') profits.
This is a recurring theme and I am puzzled that there isn't a bigger dev audience at internet of ownership ( https://ioo.coop/ ) or for platform cooperativism ( https://platform.coop/ )
I'm sure devs would be happy to sign on to these things if any of these platforms had significant pull with users. For some reason the people who are interested in building these types of coop platforms seem unable to acquire the types of mega-userbases that plugin and bot devs are interested in targeting.
My plugin and bot development is targeted first and foremost at my own needs. Anything I can share with others is gravy.
Which means if your platform doesn't let me talk to the users I personally want to talk to/do the things I want to do, I'm not going to write anything for it without compensation.
I’m not pleased about this. I maintain a bot for work (not bigcorp), and this is going to waste a tonne of my time. This isn’t just a little breaking change that you can code around, getting rid of message content will make many bots impossible, or will necessitate a rewrite. Discord needs to listen to its community. /rant
I'm in a similar situation. Unless your bot for work is used in 100 servers, locking message content behind a privileged intent will only affect you minimally, unless of course the library your bot is based on languishes like discord.py, which is a very real concern. The general trend of locking things down and hint at moving to an approved-interactions-only model is worrisome too.
"Guy spends six years developing library to interface with proprietary non-self-hosted platform for free, gets fscked over by said platform."
In other news, water is wet.
Sorry for the snark, but WHY DOES THIS KEEP HAPPENING? Is it just not happening frequently enough for people to take note or learn?
Quick, move your whole infra to the azure cloud, M365! 3000% price hike? Better accept it or you'll be shut down. Can't even just keep running the old version, cause you're not actually running anything anymore yourself.
Edit: Leaving this comment up, but my updated understanding is that Discord's policy change only effects bots >100 servers. So it's less applicable to the 'learning how to code' demographic.
It seems to me like Discord has, for some reason, decided that small bots are a problem. Which is a bummer.
I've been on Discord since 2016, in programming and academic circles, and the grassroots bot community has always been amazing. I'm in a server with 30 of friends, which has 4 bots made by members of the server.
Something about the simplicity of listening for messages, parsing them how you want, and sending back text that shows up just like a user is really satisfying. I know it's been a motivation for many people who have little to no interest in programming anything else.
Since he's stepping down, I hope he opens an avenue for donations. Watching some of the earlier drama as it was happening (fwiw only hinted at in the gist) was disheartening. I'm surprised that he managed to not only make it through 1 rewrite but almost make it through another, of a relatively complete codebase too.
Even though unpaid in the programming field, very much a professional IMO.
Sounds like they're fixing (what discord considers) some major security issues in basic discord, but the project management is a disaster, and there are no stakeholders that care about api access actually working for developers. That doesn't sound fun.
I feel back for all the suckers that have invested time and money into the discord ecosystem. They are going to milk you dry. If you aren't in the know as to the intent of discord straight from the beginning, it's to build a freemium monopoly and then extort you for every penny they can get.
So Discord has begun the slow slide into being unusable while its developers ignore everyone. I speculated about this a while ago, I think after there were rumors of it being acquired, though that hasn't happened yet.
First it was AIM/YIM, then MSN, then Skype, then Discord, and so on. Some people used IRC or ICQ or whatever, or still do, I know. But many of us have migrated from one platform to the next as each one was ruined in turn.
> By the way, check out how hard Discord makes it to report abuse:
From a dev POV, I'd say it is a deliberate choice from Discord. If they added a "Report" button to every message, people would assume that the report is sent to the server manager and mods, so there'd be a heap of reports while the messages do not necessarily break Discord's TOS, but rather the server's rules. It's the kind of thing that you need to establish/take into account when enabling customers to create their own "platforms."
There are far better solutions to that problem than just making it extremely difficult to report anything. Show a pop-up that says "this will send the abuse information to Discord staff" to clarify. Or, add true reporting functionality for mods themselves.
This reminds me of the words in the video "Why Bing Isn't a Failure (& the Future of the Internet)" [0]
> At the very bottom are plugins, extensions, mods and hacks. They fundamentally depend on the indifference or obliviousness of a larger company, who they often mean very little to. And when their goals differ the larger company always wins.
Any third-party dependent on another party will be at the whims of the other party. yt-dl can see it happening with age-restricted videos, people using tools to migrate from Spotify depend on them turning a blind eye to leaving customers taking their data with them, fan-made games that continue a story (pokemon for example) and get a cease-and-desist, probably many other examples, and now this too.
Kudos to this dude for writing an entire framework for bots as a friggin' doctor in his spare time. Hats off for staying at it for so long. Also, respect for drawing a line in the sand and not giving in to any demands from Discord or users to just lie down, take it, and continue developing the framework with more constraints.
1. If facebook can be blamed cambridge analytica, discord can be blamed for bots collecting data. Locking down the bot API with exceptions for verified operators is a natural step to avoid such an incident.
In a similar vein, discord doesn't allow custom clients. I think this is a situation where the legal situation should be adjusted.
This also explains why discord is so focused on bots using the bot-api, instead of user-bots. Bots using the API are in some sense condoned by discord, so it's much easier to argue that they're liable for abuse. While user-bots are already disallowed and get banned when detected, so they can already argue that those aren't their fault.
2. Bots often require excessive privileges. For example music bots wanting the right to read messages in all channels or even manage channels (presumably for easier setup), while they should be fine with slash commands and other harmless privileges. I would like to see bots reduce the privileges required to use them.
3. It sounds like the transition was mishandled by discord
Judging by my previous interactions with their engineering and "Trust & Safety" team, yes, this is generally how it goes.
Working for Discord and getting that badge must give you quite the ego boost. Conversations with them feel very arbitrary and it's like they consider any word they say to you wasted - of course this doesn't have to apply to all of their staff, but it's certainly a pattern.
Incoming unsupported generalization: this is what happens when you mostly hire fanbois. I think (had a couple acquaintances move from hobby bot/gateway development to Discord employment) they source a lot of their team from people who were evangelists of some sort for the platform pre-employment. You also see it in gaming sometimes - OSRS comes to mind - where community members end up in community management/dev roles. There's something about that elevation from unwashed peon to One Of The Big Boys With A Forum Badge that really messes with the ego.
Seriously, these people are building value and contributing so much to the platform only for the project manager to turn around and treat them this way.. Embarrassing.
This is a shame, almost every Discord server I'm in has a bot of some kind to serve some purpose: humor, moderation, utility, etc. I have my own bot I use as a playground for expanding my development skills. My friends get to mess around with it and I've got a project I can talk about and demonstrate to the subsection of my friends who are into software development.
Think a lot of companies who were in the bidding war for Discord dodged a bullet when Discord pulled themselves off the market. Reading the way the people "Mason" and "kadybat" mentioned in the gist conduct themselves with users, especially competent library developers, of the service is concerning. Might even prefer if a BigCorp™ expand their more sterile chat client into Discord's market at this rate.
Nothing new here unfortunately: this is pretty much how every story of open source development targeting proprietary platforms end, especially web-based platforms such as *aaS or social media. I remember the same thing happening with Twitter 9 years ago.
The arrogance of these corporate reps is incredible. They clearly do not care about supporting bot devs.
Perhaps the goal is to kill the bot dev community in order to centralize it around Discord corporate, and then start putting more bot-related features behind Nitro and other subscription paywalls.
Seems like a nasty way to go about it, but I can't imagine any other reason to behave this way towards a community of unpaid volunteers who add tremendous value to your platform.
I think there's a lot of potential for a VC-funded startup to pour some cash into Matrix and then swoop in when the Discord ecosystem eventually starts falling apart.
Discord is likely burning a lot of money on servers & payroll. I would be surprised if they broke even in 2020 given their revenue numbers[0]. Why any VC would back an open source, modifiable project like Matrix just to compete with Discord's existing stranglehold on the market is beyond me.
0: > Discord declined to share how many Nitro subscribers it has, but the Wall Street Journal reported that Discord generated $130 million in revenue last year, up from $45 million in 2019. In the same time period, its monthly user base doubled.
With somewhere in the thousand plus range of employees they'd have to be spending a hundred million on servers. I'd sure hope costs aren't that high. I'm pretty sure I could host every discord server I'm on for the price of a nitro subscription.
Edit: I mean, imgur has an estimated revenue of twelve million. Staple a hundred IRC servers on the side and you have most of discord's functionality accounted for. Unless the voice calls are really tough, and they're actually a streaming company by majority of expenses, where would the costs come from?
Knowing none of the background, that post was a wild ride. I can 100% relate to his feelings of futility while working really hard to try to make something great.
tl;dr, Discord is forcing bots that are in over 75 servers to make use of slash commands, because Discord will no longer send raw messages starting April 2022. So no more `!pause`, or whatever else you might normally type. And this change isn't easy to implement for Discord.py, and would require full bot rewrites for devs using the library. So along with a lot of other negligence towards bot developers from Discord, Discord.py's single developer has stepped down, and no other core library developers chose to step up.
> Discord is forcing bots that are in over 75 servers to make use of slash commands, because Discord will no longer send raw messages starting April 2022
Can someone explain why that is? My understanding is that adding bots to a server requires Admin/Owner access, who are already at liberty to read all messages. If you don't trust bots scraping your messages in a server, don't you implicitely distrust the owners? Just leave the server?
I wonder if it's the real target here is bridges - without being able to relay messages (without ToS violating puppeting), it's going to get a lot harder to migrate users from discord.
I remember a while back reading a thing where basically there were bots out there essentially scraping entire chat logs without its users really being aware of this. There's probably also a lot of stuff going around with identity (like people making bots that look like official ones but aren't) etc.
I get people complaining about this situation, but there is a gradient of access between "no content access whatsoever" and "the bot can see everything". Slack's API does a pretty good job of making some of this work
There is a third party you have to implicitly trust, the bot developer. Given most of these bots are used to provide specific functionality, them being able to read messages seems too broad in scope – I know I don't want to have to trust another invisible party to also do the right thing.
That said, this looks like very poor communication and imposition of a lot of developer toil on Discord's part.
They should allow server owners to choose whether every bot they have added can read every message or just /commands. But that would require too much intelligence on their part :P
The problem is admins haphazardly adding tons of toy bots to servers with sometimes hundreds or thousands of members, and those bots being a front for storing tons of user data (including eg. user online status, user tag (name#1234) history, a large DB of the users' messages across years). The users in these servers aren't informed of such change and Discord can't trust these developers to say "we don't log messages" without requiring them tie a legal identity to any potential malicious logging.
> Unfortunately, at the same time, there were growing concerns with a user-bot ring that made a website and scraper known as "dis.cool", which farmed user information.
> Most library developers felt the changes were misdirected and targeted the wrong type of bot. The threat model was based on user-bots being bad actors, and not regular bots, while the changes targeted regular bots. We also felt that it was easy to sidestep the restrictions by just having a bot ring, similar to what is now done today with user-bots.
> Discord claimed [the new requirements, including government ID] would help with security and privacy by preventing malicious bots from growing and obtaining sensitive data. The library developers responded that it wouldn't help since malicious bots had to be invited and the crux of malicious bots were, and still are, user-bots.
Seems like a reasonable description of the issue to me, covering everything in that comment.
If you feel it gets lost in the words then I think the proper thing to criticize is the writing style, not the credibility.
(If the term is unclear, "user-bot" means it's a normal user account being used in an automated way.)
Yes. That is the case, and we (developers) argued that, the response we received was "but the _users_ may not know, even if the owner has authorized the bot".
For anyone look into another bot/chat platform. I really like the telegram bot API. The API is very practical where they can accept both of GET or POST request, and the token is in the URL.
The bot can do interactive button/menu etc. I have been putting lot of my automation into Telegram bot.
This is unfortunate, and while I do like Discord (enough to pay them $50/year), I hope transgressions like this drive more people to set up self-hosted places to hang out. Discord is responsible for driving a lot of innovation in the communication sector, and they'll always have a place for doing that: but it's going to be difficult for such a large company to keep the interests of their shareholders out of the business of their users.
The percentage of normal users that know how to (and are willing to) setup self-hosted instances of something is definitely far below 1%, as unfortunate as it may be. Discord is definitely here to stay (and IMO will continue to do extremely well this decade - network effects are an amazingly strong force) as far as I can tell. Although I do think it's good news that they have a decent profit model, the future of the platform still may not be as bright as most of its users (who do not understand the business nor the data collected on them) may hope for.
If there are 100 people in a server, only 1 of them needs to be able to set up a self-hosted instance to get the whole thing going. People do it all the time for Minecraft, for example. I think the problem is less the barrier to entry and more the fact that Discord is actually better than any self-hosted option available right now.
I don’t follow. All users in the server are able to read the messages. Why would a bot you invite to the server not be? That kind of defeats the point of having a bot…
I tried recently, but that documentation is insufficient to update a developer application's Activity status. I think they removed some vital information when they replaced it with GameSDK. Perhaps you will have better luck.
GameSDK is not an option for some applications, such as those wishing to include only open-source dependencies.
Thinking back to that article on discord that was shared earlier this week and how people went on about how matrix sucked, IRC sucked, etc etc sucked. I guess this is one thing I don't need to worry about.
Based purely on speculation and timing, this sort of stuff was probably brought up during gap analysis done by Microsoft when considering acquisition. Discord is not filled with the best and brightest engineers, but they've done a lot right. I think they deserve the benefit of the doubt and we should not treat them like they've always been a $15B company.
I don't write discord bots so you can type a slash command to do a thing. That's boring. Good bots can read messages. Discord will be very "not dope" and "not cool" if bots are forced to become a sterilized pick-list of interaction options.