zlacker

Discord Is Threatening to Shutdown BotGhost

submitted by exists+(OP) on 2025-06-23 20:16:33 | 139 points 131 comments
[view article] [source] [go to bottom]

NOTE: showing posts with links only show all posts
◧◩
37. paxys+88[view] [source] [discussion] 2025-06-23 21:08:58
>>czk+E3
After Reddit's API shutdown the writing was on the wall. Services like Reddit and Discord are huge data troves, and now this data has a concrete $$ value. Offering unrestricted API access means that third parties will store and sell this data. So shutting them down (and monetizing your data yourself) is an obvious decision. Slack recently changed its ToS to disallow this as well - https://www.reuters.com/business/salesforce-blocks-ai-rivals....
◧◩
54. out-of+Sb[view] [source] [discussion] 2025-06-23 21:31:26
>>throwa+R8
yup, agreed- worth going over the non tl;dr (sufficient to say the tl;dr misses some good juice, but thats what the page in full is for).

i was sorta curious on the policy changes over time, since botghost has been around since '18. all i can say is good luck to botgost

histories of policies-ish:

- from the tl;dr (they also explain #4 as well in the non-tl;dr):

> Discord issued a breach notice to BotGhost, claiming the platform violates Developer Policy 4 by handling bot tokens, which has been a core part of how BotGhost has worked since 2018.

- policy from discrap: https://support-dev.discord.com/hc/en-us/articles/8563934450...

> 4. Do not collect, solicit, or deceive users into providing passwords or other credentials. Under no circumstances may you or your Application request or attempt to obtain login credentials from Discord users. This includes information such as passwords or account access or login tokens.

- policy in 2022 (of that page, but note the random digits in the numbers make it terrible to easily see history), thanks archive.org!: https://web.archive.org/web/20221001073449/https://support-d...

> Do not collect, solicit, or deceive users into providing user login credentials. Under no circumstances may you or your Application solicit, obtain, or request login credentials from Discord users in any way. This includes information such as passwords or user access or login tokens.

- and archive.org of github of the before 2022 change (mentioned in the above archive) (does not really mention collecting of user auths - as per my quick glance [i welcome a double check]): https://web.archive.org/web/20220921062136/https://github.co...

edit: fix copy-pasta

◧◩◪◨⬒
59. mslans+Sc[view] [source] [discussion] 2025-06-23 21:37:42
>>koakum+2a
Literally four commands that can be copypasted. https://docs.docker.com/engine/install/fedora/#install-using...
◧◩◪◨
65. like_a+pe[view] [source] [discussion] 2025-06-23 21:48:56
>>macspo+F7
I'm not being facetious, I'm pointing out a real problem - the market fraction accessible to a new business, that isn't reliant on the good will of some giant incumbent, is shrinking. This time it's Discord, another time it's Google ads/search blacklist, or Microsoft flagging your website or program as malicious, or Facebook shadowbanning you (or charging to show your posts even to people who explicitly followed you [1]), or Walmart extorting you for shelf space access, VISA and PayPal rejecting you..

If your move is to simply retreat, and give up all this ground, what market is left for you? People who get their news and ads by paper mail, shop only at tiny independent stores, paying in cash? How many businesses can survive with ~5% (a generous estimate of the described market's relative size) of their current traffic?

[1] https://www.bentbusinessmarketing.com/why-your-fans-arent-se...

◧◩◪◨
70. out-of+Wg[view] [source] [discussion] 2025-06-23 22:06:00
>>throwa+zf
> Their policy is simply that they do whatever they want, and that hasn't changed.

yup! and don't forget they can change their policy whenever they want too

also they rank D on this site: https://tosdr.org/en/service/536

77. nxrabl+dk[view] [source] 2025-06-23 22:32:29
>>exists+(OP)
> A recent security breach on our platform brought BotGhost to Discord’s attention.

The breach in question is documented here: https://youtube.com/watch?v=lUiLBBab1RY

I don’t think there’s a text write-up, but tl;dw a combination of missing input sanitization and no-code UI trickery made it possible to leak other users’ bot tokens, and despite patching the exploit pretty quickly on exposure, BotGhost’s developer tried to cover it up and refused to reset potentially affected tokens.

◧◩
79. rozab+Qk[view] [source] [discussion] 2025-06-23 22:37:51
>>nxrabl+dk
Seems like this is it. They should have got Discord to revoke all the potentially affected tokens. Instead, they tried to hide it and Discord forced their hand.

I really dislike the way they try and play this down in the doc:

https://update.botghost.com/#-summary-of-the-breaches-

◧◩◪◨
80. majorc+tl[view] [source] [discussion] 2025-06-23 22:42:39
>>nubine+te
They flip-flopped on the issue: https://0x0.st/8wYc.png
◧◩◪◨⬒⬓⬔⧯▣
98. Mashim+Nh1[view] [source] [discussion] 2025-06-24 10:15:19
>>koakum+0h1
I'm 80% sure i use this one and it works for me https://packages.debian.org/trixie/docker.io
◧◩◪◨⬒⬓⬔
124. pnw+cl3[view] [source] [discussion] 2025-06-25 00:18:56
>>altair+BE2
For consumer products the DMA focuses on companies with at least 45m monthly active users in the EU. They also exempted some categories that might otherwise qualify e.g. the DMA doesn't appear to cover video gaming consoles because they are "special purpose hardware".

You can see the list of covered companies at https://en.wikipedia.org/wiki/Digital_Markets_Act#Identified...

It's basically Apple, Amazon, Google, Meta, Bytedance and Microsoft.

◧◩◪◨⬒⬓⬔⧯
126. altair+ug5[view] [source] [discussion] 2025-06-25 17:36:05
>>pnw+cl3
https://support.discord.com/hc/en-us/articles/12477677109143...
[go to top]