This forum is built with early 2000s technology. It doesn't even use two-factor authentication or captchas for creating accounts. This was honestly bound to happen sooner or later.
> but they should definitely have a captcha of sorts to limit bot accounts
Captchas don't do much, they're super cheap to solve with services like 2captcha, capmonster, etc.
You can get recaptcha solved for $0.6/1k, hcaptcha for $0.8/1k or cheaper. (email is pretty cheap too, but still more expensive than captcha solving)
Requiring phone verification would be the most effective out of those because it's pretty expensive for the attacker, something like $0.02-$0.11 per verification is usually what I see
I feel strongly about privacy and I always loved the fact that I can post pretty much anonymously on HN (I don't mean this account - it's pseudonymous at best). It's sad bad actors get to ruin this.
I don't know... Hacker News keeps complaining that they want the old 90's web experience back, now it feels like some shitty PHP messageboard from back in the day getting pwned by script kiddies. Enjoy the nostalgia while it lasts I guess.
I clicked on the Discord link in the spam message for fun, entered a random username, and immediately got asked to verify with my phone number before I could even read the messages in the chatroom. HN doesn't need to do that and I don't want them to do that, but a simple captcha or a proof of work algo like what Cloudflare uses would at least slow down the flood of bot accounts.
That’s the Orwellian way that discord cracks down on users that it deems, for whatever reason, “suspicious”. It is tied to the IP address and anything else associated with it, but if you had an existing account before the flag then that account won't be flagged, only new accounts. There is no appeal process and they won’t even tell you what your offense was.
Unfortunately I’ve had to pay for an extra cell phone line just to use the app for work. VOIP numbers are rejected and must be unique per account. In my case it was likely because I had the audacity to back up my chat messages with a script. After a few years I can make new accounts again but I feel like I’m playing Russian roulette every time I do.
If you don’t use separate accounts for privacy someone can dump a list of potentially any known server you’ve ever been in. I knew it would be only a matter of time until something like this would happen: https://www.reddit.com/r/privacy/s/A5nvuZBLab
This "suspicious activity" can even be triggered if you click the wrong invite link, although you have no way to tell where it leads you anyway.
Discord sadly was pretty successful to lure in users and even a lot of devs build their community there. I think it is a bad choice because of lacking discoverability and the proprietary nature of the platform. It feels lively because it is a chat. But otherwise most projects are better hosted elsewhere.
I don't use Discord anymore but the phone number thing seems new, in the past I was able to visit as a guest and be able to read messages but not chat. Then again Twitter and Reddit are doing the same thing now and forcing people to log in, so I'm not surprised.
Considering how many community groups and open source projects now use a Discord in place of a public forum this looks like a disaster going forwards since all the information in there will become locked up. And of course the chats and internal discussion threads aren't indexed by search engines.
Pretty sure I remember hacker news having cloudflare captchas some time ago. Maybe they enabled the "attack mode" back then? Not sure why it wasn't enabled today. @dang could answer maybe.
I created a new account recently and I had to complete a captcha. It was the Google kind that is easily defeated by either bots or mechanical turk, though.