[ivraatiems]

I suspect it's less they thought "this is a great implementation" and more "if people figure out how to break it, we'll patch it." This is the first time in several years of using Discord that I've heard of anyone even trying to circumvent their access/permissions structure for Nitro, so I see no reason why they'd bother unless this was widespread.

[aeturnum]

Once you think about the tech I think there's an obvious steady state:

- It's cheaper not to check on every call sever-side and the people who are most likely to dodge in this way are also not likely potential sources of revenue.

- you shouldn't ban every person who tries this. They will gum up support and, on average, won't even be trying to earnestly get features for free.

- Also people who exploit the obviously vulnerable account interfaces may do other things that clue you in to vulnerabilities you care about.

It seems like it's a situation where you can let people fiddle around with this a bit (a few hours, a few days) and ban folks who do it too long (a month?). People who use it heavily are unlikely to be real revenue prospects and, at the end of the day, it's an engagement funnel. People rarely use hacks on a platform they aren't using.

[theshrike79]

And banning/punishing in waves is better than doing it immediately.

You gather a bunch of offenders for weeks or months and then one day they just go poof and everyone knows why.

This way you can weed out the ones who were just experimenting (few attempts) from those who use it regularly.

[bentcorner]

> one day they just go poof and everyone knows why.

I thought the point of ban waves was precisely because there's no direct cause-and-effect. E.g., if you perform an exploit and get banned immediately, you know that the system can detect your exploit. If you get banned a month later, it might have been your exploit or something else you did between then and now.

This reduces the selection pressure on black-hats to produce ban-avoiding exploits.

[riversflow]

Yeah, this isn’t a (multiplayer) video game cheat where users are actively harming your product by existing. This is a loophole that allows users more features than they pay for. If they do a ban wave off this, it won’t be good for business. Discord is a social media company, they live and die by the community.

[rollcat]

Most people don't realise you can plug almost any HLS URL into ffmpeg and trivially rip the stream. Most live streams don't bother with DRM because it's expensive, fragile, and user-hostile. It's often difficult enough to get the motion picture to display properly at all, let alone with acceptable resolution, latency, and artefact-free. The smart companies prioritise UX over policing the "high tier" features.

[Aulig]

Modded discord clients have been around for quite while. But indeed, the threat of being banned deters most people and if just a handful of people use a modded client discord doesnt care probably.

[SSLy]

There are even people like me, who have Nitro and still use modded client for different reasons.

[rvnx]

Being able to delete your previous messages in bulk is a very good reason for example,

it's borderline (or completely ?) illegal to threaten users to ban them if they choose to use their right to mass-delete their previous messages.

[meowface]

Yeah, I think it's one of those things where Discord reserves the right to ban anyone using automation on their user account, but in practice they don't take action unless you're clearly doing something malicious or annoying. At least as far as I know.

[t0bia_s]

How can I delete previous messages in bulk on Discord?

[super256]

https://github.com/victornpb/undiscord

[t0bia_s]

Thanks, that's super handy.

[WhrRTheBaboons]

illegal in EU (unless they provide some other option to comply with GDPR)

[p1necone]

I use a modded client to remove the minimum window size limit.