It's bizarre how inconsistent they are with this. I signed up with a shady anonymous email, only use it through a VPN and have given them no phone number, but they're still happy to let me use this account. I'm half convinced these companies inconsistently apply these sort of policies to sow doubt and get the users gaslighting each other about what the actual policies and rules are.
"Servers" can set only phone verified users to be able to join. Depending on your usage of Discord you may have never joined a server that has thet turned on.
Even outside such "servers", discord may or may not demand a phone number based on some kind of trust score. Get reported a lot -> better have a phone. Happen to get an IP previously used by someone who got reported a lot -> better have a phone. Use an uncommon browser version -> likely going to need a phone number. Have a slow connection during signup -> gib phone number "to show you are not a bot". Like any such scheme, it barely slows down determined actors since many (especially mobile) ISPs hand out new IP addresses like candy. But I bet it looks good on reports about how many evil users they stopped and lets not think too much about legit users like gp getting caught up in this - those are a small enough fraction that Discord can ignore them without consequence.
I think there's definitely some level of "account reputation" based risk management going on there. My account is similar, but it also dates back to near the origin of the service.
Hanlon's razor is for idiots. Every mischievous child figures out the "it was merely an accident" excuse and it's not as though adults who are up to no good somehow forget it.
Whatever the reason discord has for not asking me for PII, it's not incompetence. This isn't a bug or oversight, I am certain of that.
> Every mischievous child figures out the "it was merely an accident" excuse and it's not as though adults who are up to no good somehow forget it.
Hanlon's razor doesn't argue you should accept "it was an accident" as a given excuse. Hanlon's razor states, that without evidence, it's safer/more likely to be correct, for you to assume incompetence than it is to assume maliciousness. I have also used an unknown domain for emails, as well as never given them a phone number. Just because you can't figure out the entirety of the logic doesn't mean they're intentionally trying to gaslight users (which is an absolutely insane take). Especially when there's plenty more signal they could possibly be using to determine if the account is likely malicious. Off the top of my head, I'd hope that list includes, number of IP addresses per session, number of sessions per IP, amount of maliciousness from current ASN, number of user reports, number of servers connected to, maliciousness of the servers for each user, knowledge source IP is a VPN, amount of abuse from the VPN provider.
You suspect discord is being malicious, or attempting to gaslight users, but not because you have any evidence they are, but instead because of a lack of ability to imagine how it could function the way it does with the limited slice of information you're already aware of. Some system, or some code not doing what you expect is more likely than some Trust and Safety team all got together and decided to gaslight people...
> Hanlon's razor states, that without evidence, it's safer/more likely to be correct, for you to assume incompetence than it is to assume maliciousness.
Yes, amd that is wrong as soon as you are dealing with someone expecting you follow Hanlon's razor. Hence making it useless outside personal relationships with people you know not to be inherently malicious.
So sure, if your friend ends up doing something that hurts you give them the benefit of the doubt. If a corporation does - well, there's a sucker born every minute but you don't have to be one.
> You suspect discord is being malicious, or attempting to gaslight users, but not because you have any evidence they are, but instead because of a lack of ability to imagine how it could function the way it does with the limited slice of information you're already aware of. Some system, or some code not doing what you expect is more likely than some Trust and Safety team all got together and decided to gaslight people...
No you are trying to pass off apathy as incompetence when it is very much malicious. So is penny pinching at the expense of how users are treated - if your automated systems are crap then hire humans to review their decisions and don't take action on users until you can actually be confident about the accusations. Or you know, at the very least let users know that they are subject to some kind of restriction, tell them why and provide them with real means to appeal false positives.