[aeturnum]

Once you think about the tech I think there's an obvious steady state:

- It's cheaper not to check on every call sever-side and the people who are most likely to dodge in this way are also not likely potential sources of revenue.

- you shouldn't ban every person who tries this. They will gum up support and, on average, won't even be trying to earnestly get features for free.

- Also people who exploit the obviously vulnerable account interfaces may do other things that clue you in to vulnerabilities you care about.

It seems like it's a situation where you can let people fiddle around with this a bit (a few hours, a few days) and ban folks who do it too long (a month?). People who use it heavily are unlikely to be real revenue prospects and, at the end of the day, it's an engagement funnel. People rarely use hacks on a platform they aren't using.

[theshrike79]

And banning/punishing in waves is better than doing it immediately.

You gather a bunch of offenders for weeks or months and then one day they just go poof and everyone knows why.

This way you can weed out the ones who were just experimenting (few attempts) from those who use it regularly.

[bentcorner]

> one day they just go poof and everyone knows why.

I thought the point of ban waves was precisely because there's no direct cause-and-effect. E.g., if you perform an exploit and get banned immediately, you know that the system can detect your exploit. If you get banned a month later, it might have been your exploit or something else you did between then and now.

This reduces the selection pressure on black-hats to produce ban-avoiding exploits.

[riversflow]

Yeah, this isn’t a (multiplayer) video game cheat where users are actively harming your product by existing. This is a loophole that allows users more features than they pay for. If they do a ban wave off this, it won’t be good for business. Discord is a social media company, they live and die by the community.