Discord Allow anyone to embed image links

Status
Not open for further replies.

videogamesm12

Well-known member
Developer
Senior Admin
220
IGN
videogamesm12

Background​

When Rebooted was first established back in August 2023, one of the first things decided upon were measures intended to mitigate the possibility of raids against the server actually being impactful. In fact, it was even included as part of the original proposal intended to convince Ryan to hand over TF:
Proposal said:
But what about Akefu? What about all these people?
  • The first step we’ve already taken is removing the ability to upload images on discord and to embed links from every single person except staff themselves.
  • We will try to have spam detection and raid detection bots to prevent such things from happening.
The part about removing the ability to upload images in particular wasn't very popular with the community, and on October 18, 2023 a suggestion was created that intended to allow anyone to post images on the server. There was a noticeable amount of hesitance from the executive team about such a concept. However, the suggestion was still approved sometime later with the implementation being pretty simple: you asked for the embed role and you got it.

A month later, the idea was developed into a system that required you to link your forum account with your Discord account to be able to get the role. This was actually fairly unpopular due to privacy concerns in regards to the amount of information that the linking plugin had access to. However, it was mostly accepted as a necessary evil to be able to protect the community and people kind of just lived with it.

A few months later, an unrelated incident occurred which prompted a more in-depth look into who had access to the Discord server which led to the establishment of a user verification system, and with a much better way of protecting the community in place, I've decided to create this suggestion.

It's inconveniently redundant​

Both the verification system and the forum linking system were implemented to address the same problem: bad actors joining the community under alts to spam, attack, or otherwise harm the server. With both solutions in place, the forum account requirement is redundant, and while redundancy is nice when it comes to security, this redundant solution is actually more inconvenient to individuals who just don't want to link their forum account to their Discord account than actual threats to the community.

It does not protect the community​

On multiple occasions, this measure of requiring a forum account to post media links has failed in its job of protecting the community. I'd like to list some examples.
  • Mosley (former Senior Admin who has since been unappealably banned for his conduct in attacking the server amongst other things) has been using a stockpile of alternate accounts to spy on the community at large. This is so that he can post new content about various people he considers to be "lolcows" into a Discord server he runs or in order to find information about them to document on a wiki he maintains. Blocking embeds for people without forum accounts simply does not protect against that.

  • There was a group of individuals who were involved in a conspiracy to dox shdwo by a picture he posted. The details aren't going to be specified here for obvious reasons, but shdwo has since dismissed the incident as a matter of a fucked up embed permission while he has completely missed the fact that someone malicious was in the Discord server at the time and was able to sufficiently dox him. Blocking the embed permission would have not prevented that.

  • Despite the implementation of the requirement, small-scale raids have been successfully performed in which raid-related musical lyrics are posted instead of images.

The user verification system is historically more effective​

In early 2022 amidst the raids against the original TotalFreedom, a user verification system like the one mentioned above was implemented. This prevented malicious users from joining under alternate accounts to spam gore, raid-related copypastas, and porn. As a direct result of this system, the amount of attacks related to the Discord server decreased by a large amount and it became more difficult for the attackers to target the the platform.

Although it was not successful in stopping the raids altogether (because they never will stop), it was still enough to force them to switch tactics and choose a different vector to attack, and it just so happened to be the Minecraft server which is a completely different platform altogether. This is a testament to the success of that system.
 
I personally support this and am willing to move over unless anyone has any objection that isnt 'we need to use the forum more' cuz that aint my issue + all it does is make life harder for the discord team.

manual verification isn't just checking a box to see if they've ever joined, atm we have manual verification so any new users must be associated with TF in some way. discretion is also used, if a user has joined one time months ago, i personally wouldn't let them in. same for users who joined very quickly and left.

Now ive been told a point against this is that the forum is more secure against the larger threats. To that I have to question what larger threats? Granite castle have been gone for years, the IPT degenerates dont want to associate themselves with us. If there is such a big threat that warrants forum verification, i support it. But as it stands, i don't particularly want to use a verification system that is too complicated for a non existent issue.
 
Last edited:
I'm going to say that we do need a better form of verification so discord staff don't have to manually approve people, options for that can be worked on, but I'll probably just make people link their accounts using Futura once it's out.

Object for media links. I don't know why it's really needed in every chat and media and images exists anyways.
 

Background​

When Rebooted was first established back in August 2023, one of the first things decided upon were measures intended to mitigate the possibility of raids against the server actually being impactful. In fact, it was even included as part of the original proposal intended to convince Ryan to hand over TF:

The part about removing the ability to upload images in particular wasn't very popular with the community, and on October 18, 2023 a suggestion was created that intended to allow anyone to post images on the server. There was a noticeable amount of hesitance from the executive team about such a concept. However, the suggestion was still approved sometime later with the implementation being pretty simple: you asked for the embed role and you got it.

A month later, the idea was developed into a system that required you to link your forum account with your Discord account to be able to get the role. This was actually fairly unpopular due to privacy concerns in regards to the amount of information that the linking plugin had access to. However, it was mostly accepted as a necessary evil to be able to protect the community and people kind of just lived with it.

A few months later, an unrelated incident occurred which prompted a more in-depth look into who had access to the Discord server which led to the establishment of a user verification system, and with a much better way of protecting the community in place, I've decided to create this suggestion.

It's inconveniently redundant​

Both the verification system and the forum linking system were implemented to address the same problem: bad actors joining the community under alts to spam, attack, or otherwise harm the server. With both solutions in place, the forum account requirement is redundant, and while redundancy is nice when it comes to security, this redundant solution is actually more inconvenient to individuals who just don't want to link their forum account to their Discord account than actual threats to the community.

It does not protect the community​

On multiple occasions, this measure of requiring a forum account to post media links has failed in its job of protecting the community. I'd like to list some examples.
  • Mosley (former Senior Admin who has since been unappealably banned for his conduct in attacking the server amongst other things) has been using a stockpile of alternate accounts to spy on the community at large. This is so that he can post new content about various people he considers to be "lolcows" into a Discord server he runs or in order to find information about them to document on a wiki he maintains. Blocking embeds for people without forum accounts simply does not protect against that.

  • There was a group of individuals who were involved in a conspiracy to dox shdwo by a picture he posted. The details aren't going to be specified here for obvious reasons, but shdwo has since dismissed the incident as a matter of a fucked up embed permission while he has completely missed the fact that someone malicious was in the Discord server at the time and was able to sufficiently dox him. Blocking the embed permission would have not prevented that.

  • Despite the implementation of the requirement, small-scale raids have been successfully performed in which raid-related musical lyrics are posted instead of images.

The user verification system is historically more effective​

In early 2022 amidst the raids against the original TotalFreedom, a user verification system like the one mentioned above was implemented. This prevented malicious users from joining under alternate accounts to spam gore, raid-related copypastas, and porn. As a direct result of this system, the amount of attacks related to the Discord server decreased by a large amount and it became more difficult for the attackers to target the the platform.

Although it was not successful in stopping the raids altogether (because they never will stop), it was still enough to force them to switch tactics and choose a different vector to attack, and it just so happened to be the Minecraft server which is a completely different platform altogether. This is a testament to the success of that system.
vouch, this has been a long time coming
I would also like to add the fact that the bot (not execs iirc but that really doesn't help much) gets access to username, avatar, and email address which does not strike me as the greatest (I am paranoid about security)
tf bot.png

also,
Object for media links. I don't know why it's really needed in every chat and media and images exists anyways.
there are times that posting images in #server-chat is useful, I encountered that twice today alone
https://discord.com/channels/1142929916069957712/1143080750120452096/1241534145172209676 (video was actively in server-chat so I could have just asked them there)
https://discord.com/channels/1142929916069957712/1143080750120452096/1241536124338573425 (looks like me talking to myself because context is in #server-chat)
 
vouch, this has been a long time coming
I would also like to add the fact that the bot (not execs iirc but that really doesn't help much) gets access to username, avatar, and email address which does not strike me as the greatest (I am paranoid about security)
View attachment 309

also,

there are times that posting images in #server-chat is useful, I encountered that twice today alone
https://discord.com/channels/1142929916069957712/1143080750120452096/1241534145172209676 (video was actively in server-chat so I could have just asked them there)
https://discord.com/channels/1142929916069957712/1143080750120452096/1241536124338573425 (looks like me talking to myself because context is in #server-chat)
I'm okay for links being sent as long as they don't embed tbh
 
I'm okay for links being sent as long as they don't embed tbh
tell me again WHY we should be using a seperate media and images channel instead of the vastly more used and therefore more convenient serverchat where everymon talks? doesn't seem like it'd HURT in anyway to have embeds and images in serverchat so... why not

anyway i vouch for this
 
I don't know why it's really needed in every chat and media and images exists anyways.
It's more convenient to be able to upload an image into the channel you're having in a discussion in than to have to switch to the #media-and-images channel to upload it and then switch back to tell everybody that you posted an image there. This is backed by statistics showing that people post images more frequently into #server-chat (the most active channel on the Discord server) per day than any other channel, including #media-and-images.

ibOq4KDEEmYj.png


q0zqJxE6RsmG.png
 
It's more convenient to be able to upload an image into the channel you're having in a discussion in than to have to switch to the #media-and-images channel to upload it and then switch back to tell everybody that you posted an image there. This is backed by statistics showing that people post images more frequently into #server-chat (the most active channel on the Discord server) per day than any other channel, including #media-and-images.

ibOq4KDEEmYj.png


q0zqJxE6RsmG.png
of course bro runs a statistical analysis on a Minecraft discord server

and of course the most active the forums will be is... for suggestions using it less. only kidding just thought it was funny.

i am on vacation but will actually respond to this on Monday
 
  • Haha
Reactions: videogamesm12
so this suggestion has already been done and approved but the initial reasoning behind it was to prevent people begging for the embed role. people like telephone got it, abused it, got it taken away, and then begged 500 times every day to 3 staff members asking for it back. i wanted a system that didn't require staff to remember who abused embed and for why. while the bot does ask for those permissions, i have no idea how to restrict it. also, i can't actually even see email addresses, it isn't available anywhere on the backend. i get that's a concern but this is genuinely all that's available in the backend

3Vt1FUJjhH.png
 
Status
Not open for further replies.