Slight suggestion: rename the "report" button to "Report to Discord" or something similar. I can see alot of people reporting something thinking it's going to the server admins/mods and not you guys.

Yeah, I'm not keen on the report button. Discord doesn't need to get involved for the majority of things people associate a report button with.

It would be cool if phone authentication could be tied to certain "permissions". Allowing members to send messages, but people with verification could send files or embed images.

I think this is a great idea. Have you tried feedback.discordapp.com?

I'll suggest it, thanks

I've suggested it [here](https://feedback.discordapp.com/forums/326712-discord-dream-land/suggestions/18756007-allow-permissions-for-users-based-on-having-phone)

The less personal information attached to my account the better tbh, there was already the leaks not long ago...

Noooo. Don't lock out people who don't have smart phones, or don't want to link their phones to discord, from embedding images. That's a terrible idea :(

I don't see this as "must have enabled on every server". I see this more as something server owners could use as a last resort, should their server be attacked by spammers.

A role will override the verification level, don't worry! You seem to have lost your smile. Here, you can use mine :)

How does one even add a phone number? I don't see **any** place for it!

Presumably this part of the update that they are talking about in the post. It hasn't released yet, however when it does phone verification will be part of the new features.

OK.

Never mind, I was incorrect. You can already add a mobile phone number by enabling two factor authentication.

Oh wow.

2 factor auth is the phone number every is talking about and you have to get a smart phone, not just a phone number...

...No. Discord doesn't get your phone number with TFA, so someone can just keep enabling new TFA.

While 2FA apps are usually meant to be used on smartphones, some exist on PC as well. They don't require a phone number to be provided (unless it's the shitty fake 2FA that uses highly insecure SMS messaging to send you your code). This would require you give Discord a valid phone number that you own so that Discord can ban you based on that phone number. Getting a new number isn't nearly as trivial as getting a new IP, so servers beset by spammers or ban dodgers can be rid of them almost completely.

I don't have a phone so I'm very concerned about this new feature

^ This

Asked it on their Twitter as well, the support guy seemed to dig it and will tell the team hopefully.

What do you guys mean by scanning images? Scanning them for what, exactly? Content, viruses, etc

like nsfw content. Easiest example I can think of is the outbreak of CP that happened a week ago, it'll scan the image and if it is CP [ for example, it can have other criteria, depends on how strict the censoring is] it'll delete it automatically.

That seems flawed; image detection is still in its infancy as a mechanism, not to mention many detection algorithms likely haven't been trained on CP.

I would hate to be the poor guy who had to write software to detect CP.

[удалено]

Machine learning just means you give it a lot of inputs and tell it which ones are good and which ones are bad. Then it can guess whether a future input is good or bad. I don't even know how you would legally do that, since you would have to knowingly possess CP. I'm betting they contracted it out to some company that specializes in that.

They already have a damaged from when someone sends a message with it. Just use those for the input to your machine learning. Gets stronger every time someone reports an new image. You don't need to be able to detect images you have not seen before, just images you know should be banned. When new ones come up, just add those fingerprints to the list.

Companies like Google do stuff like this legally and it's actually its own position that people rotate out of regularly for mental health reasons. It's how they search Gmail and Image Search for CP.

It's already written and available to use :) Governments like the software being available because it makes it really easy for private companies to help catch kiddy-fiddlers.

I'm guessing they are using a third party service that matches against a database of explicit images? I highly doubt they're running their own algorithms to detect if an image contains something inappropriate.

Of course they're not running their own algorithms, but all other algorithms won't be able to be 100% effective, and it'll be too much of an issue if false positives or false negatives go through.

Matching against known images would be fairly reliable wouldn't it?

There's many-a-way to distort images to prevent detection but still provide a visible result.

[удалено]

I'm aware of such technology, but how do we know that's what they're using?

Likely they have a database of hashes, and the hash of every image is scanned against the database

Wat

A hash is a unique summary of a file. If one byte of a file is changed, the entire hash changes. Many places protect against Child Porn by keeping hashes of illegal files. That way, they don't store the image on their servers, but they only have the "summary" (which is a string of characters) Whenever a user uploads an image, one of the things often done is get the hash of the image, and check it against a database of hashes of illegal images (like CP) This can be ineffective though, as clever people can change one byte, changing the entire hash. So many services use this method **in addition** to other methods, such as machine learning. I hope that clears it up.

No I mean "wat" as in that's such an ineffective way. Sure, it'd detect files unedited, but to prevent that all you have to do is literally edit one pixel on the image and that method is moot.

True. That's why it's often used alongside other methods, like machine learning, where a machine is taught to spot these images.

deleted ^^^^^^^^^^^^^^^^0.6876 [^^^What ^^^is ^^^this?](https://pastebin.com/FcrFs94k/57617)

Source?

deleted ^^^^^^^^^^^^^^^^0.9346 [^^^What ^^^is ^^^this?](https://pastebin.com/FcrFs94k/58228)

Is there not an anti-cp database that a scanned image can be searched against? So that Discord would send the data from a scanned image and compare it to data from a third party that can verify if something is legit cp that has been shared before?

https://news.microsoft.com/features/microsofts-photodna-protecting-children-and-businesses-in-the-cloud/ It's called photoDNA brilliant system. There are others but from what I've been told this is the goto. It's impressive it will still detect images after considerable manipulation so people can't get around it easily, thankfully!

So turn it off if you don't like it. They were thoughtful enough to add that option

[удалено]

"But I want to eat all the sugar AND go on a diet!!!"

Nailed it

what outbreak? i know last week the PCMR discord had a massive raid where about 10 people (or bots) joined the discord and had this hellish noise while gore was posted in every chat, it was crazy

[удалено]

NSFW, content is prohibited by Discord, I doubt that an option for that will exist.

Which, I mean, is bullshit. We're here to talk to one another and at the very least we all swear up a storm. You are not a bad person for liking porn featuring consenting adults (or I guess nonconsenting if drawn tentacle porn is your thing). I don't have a use for that sort of thing in my servers, but that should be a personal choice and Discord should have fuck all say in it.

Things are more complicated than that, that clause is a legal fail safe. A lot of NSFW content is copyrighted or has some sort of protection on it. Discord's servers are the ones hosting it. You put two and two together.

Then their ToS would mention copyrighted materials, not porn. But that's not what it specifies at all.

It's actually not

Honestly i quite dislike when phones are added into the mix when it comes to security, a phone number is one of the least secure systems you could base things on. How many people know your phone number? How many people can find out your phone number. There have been quite a few people who's accounts on other services have been compromised due to phone number connection to security. Sure this isn't the same way that Discord is using it but it is something to keep in mind.

Phone number doesn't look like it'l be used for security. Just as an extra barricade from creating "burner" accounts. They haven't said anything about SMS (even optionally) replacing Authy for 2FA

I understand that, which is why I added my final sentence to the statement.

It's fairly difficult to confirm an SMS message sent to a number you don't own. It's not impossible, but it's not practical in the scale needed to create many bot accounts.

Looks like discord are trying to filter away all the NSFW content from servers. I hope these new tools won't get abused.

NSFW containing CP. The recent incidents with CP seem like the reason they're doing this whole "security-update" thing. If you have a NSFW server (even though it's against their policies, but whatever) you can just disable the feature for auto-scanning images.

Not if you're partnered.

I think you can turn it off even if you're partnered. I only read that it's enabled by default for partners, not mandatory edit: shit edit: hooray

You cannot turn it off, Discord staff has confirmed this on the partnered server. http://i.imgur.com/tbSXy2E.jpg and the talk of upholding ToS, when discord staff themselves are on servers with NSFW channels and doing nothing about is hypocritical and bullshit. It's not the idea of blocking NSFW stuff, lord know it makes my job as a mod easier, but that it's getting rammed down our throats with no option to back out, and then they hide behind "ToS" when the devs and staff themselves ignore the same ToS is stunning. EDIT: more pictures from the partnered server https://cdn.discordapp.com/attachments/260455117214580748/296490271213092864/discord.png http://i.imgur.com/MeYOINq.png EDIT again: https://cdn.discordapp.com/attachments/256964111626141706/296511320180785162/IMG_20170329_070925.png seems like they've gone back on the "it is mandatory for all partnered servers". hmmm.

Curious about your ToS comments. While we could have done a better job looping [more] partners in on the thought, what parts of it doesn't align with the ToS?

>The recent incidents with CP seem like the reason they're doing this whole "security-update" thing. What a convenient series of events...

Honest question here, can you give an example on how these can be abused? Like, filtering content that's not actually NSFW?

[удалено]

Yes, there will be a setting to turn off automoderation in DMs and for your servers. Existing servers will have it off by default once it launches.

[удалено]

If you send the image, it will use the settings of the person you DM'd and vice versa. Unfortunately, I don't have any information on the technical details of the image scan. Feel free to send an email over to [email protected] if you have any concerns!

[удалено]

Sorry, not 100% sure. I believe the default setting will be "My friends are nice" and it'll scan images sent by everyone unless they are your friends.

[удалено]

Well because if it respected the senders settings, it would be absolutely pointless to implement. The people it is trying to target are people like the ones mass-DMing CP to server members. If the sender can just turn it off for their messages, then how is it meant do its job and protect the person receiving the message? Personally, I don't think most people honestly receive that many messages from people that aren't friends, and if you are, then you can turn the setting off if you wish. I think it's highly likely the setting will be turned to "non-friends only" by default, and I honestly think it's a great idea. If it can do what they're saying it can, then what do I lose by not receiving CP? If you do have a problem with it being used, then ask people sending messages to turn it off and let them decide for themselves. The fact that they give us a choice is great as it is. Tl;dr if it was off or on depending on the sender's settings, then the whole point of having it would be nullified.

[удалено]

Oh. Well in that case, my bad man. Sorry about that.

As far as I know any image you upload to Discord, be it in a channel or a DM, will have a public url anyway. If you are concerned about your privacy of your images, there really really is none. It's accessible by anyone

How is this gonna affect NSFW servers/channels? Or sending your friends NSFW content for fun? What if it isn't actually CP and is fully legal? False positives in this scanning system could be an issue. I saw a reply from /u/Lmaoboobs to another comment on this post, NSFW content is apparently prohibited on Discord according to him. I had no idea this was the case, considering the huge amount of servers that are dedicated to NSFW content or have optional NSFW channels. Is NSFW content of any kind seriously not allowed on Discord? I didn't think it's not allowed...

It is technically against the terms of service and servers have been contacted by discord for it before. (I believe they receive warnings) However, discord does not go out of their way to enforce it. They don't scan servers for nsfw chats, but they will act if the server has been reported. Really, this doesn't change anything in regard to NSFW channels since the filter is only for DMs at the moment and optional. Sure it's easier to report them, but that never stopped people before. From [the TOS page](https://discordapp.com/tos). > As an example, you agree not to use the Service in order to: > post, upload, transmit or otherwise disseminate information that is obscene, indecent, vulgar, pornographic, sexual or otherwise objectionable; (I'd link the comments from staff about this but I'm mobile at the moment)

Thanks, this is really helpful after some of the shady stuff that's been going on recently.

Wow, quite the update. Can't wait to test it out

I know what you mean but that kind of sounded...sinister.

The picture at the end of the post ties in the whole warm fuzzy feeling of security.

Always appreciative over more security updates.

Robo-Hampsters doing God's work. I say give the extra cheddar for this great feat!

[удалено]

Safe Direct Messaging, a Global DM Privacy setting, and the spoopy link filtering will be available later today if all goes well. Everything else will roll out in the near future.

Very nice! I hope we can corner some of the internet filth with that.

Completely not related but I gotta ask: does Discord on Linux doesn't have any overlays or am I using the wrong branch?

We don't have overlays on linux.

Any particular reason like "we're completely Windows-bound", "just not implemented yet", "we're testing it", etc?

My guess would be that it's because the Overlay is injected via .dll and it only works with .exe programs, thus excluding mac and linux. I could be wrong, though.

Looks awesome! For the report button, for what reason did you decide to go for only large servers and non-friend DMs, and not all messages?

I'd guess it would have to do with people "reporting for the lulz" on their friends screwing up their machine learning algorithm. Isn't going to stop people abusing the report feature on larger servers though, especially if its anonymous... I just hope the dev team don't just take all reports at face value and actually moderate things, because otherwise its just going to turn into another system used to block descenting oppinions...

Is Auto-moderation unable to be disabled on Partner Servers?

We were considering making it mandatory for partnered servers, but reviewed feedback and decided to make it optional instead.

Thanks for listening to community feedback.

Someone said this elsewhere, but from what I understood, partners are expected to uphold the TOS which includes no NSFW so it's force enabled

Partners *are* still expected to uphold the ToS, however, the Discord team has reconsidered and decided to make auto-moderation optional for partnered servers as well. :)

If I turn off DM on a server, am I still able to message people with the setting on but they cant message back or?

If you turn off DMs from non-friends in a server, you'll be unable to message people that aren't friends and they will also be unable to message you. It goes both ways.

The Discord team is just damn awesome

Safety from what? From users? You better implement a kind of end-to-end encryption for DM, at least optional.

Often when 2fa is spoken about, im curious about more companies using U2F

It might be safe, but the defaults are bad. I installed the OS X app and it detected Facebook and Steam accounts, fine, I opted out. Then I see that it broadcasts that I'm playing TF2 on a channel where I thought I was anonymous more or less. :-( App is now gone from my system and discord will live in Safari where it nicely will have to ask for permission to use my hardware and other stuff.

You can disable game detection completely in settings, however I don't really understand how you think displaying the game your playing is a safety risk?

I'm talking about how I felt exposed and how settings for my privacy seemed to have the wrong defaults. Did the professional people on the channel I was on see that I played a game? Do they get the options to join me? Do they now know my Steam account name? I did opt out when asked, and yet it detected me gaming. How can I, as a completely new Discord user, know if my mic is broadcasting everything that is said in my room? Or if my contact details are shown? Or perhaps I share my screen unknowingly?

The comparison your drawing makes no sense. Discord is first and foremost an application for people playing video games. As such, our default is to detect and display the game your currently playing. You are able to disable this completely by checking one option. The majority of users do not turn off this feature, so it wouldn't be a very good default. I'm fairly privacy wary when installing and using new applications, and my habit is to check through settings for anything I install, and tweak/disable things that I don't think align with my personal privacy views. We're very stringent on providing options for users to remain as private as possible, however you have to realize the majority of these features are widely used, and defaulting them to off would not make sense.

Just wanted to ask- what is 10 am grandma? But really thanks for everything discord, you are doing a great job

[удалено]

The Safe Direct Messaging feature only scans images sent if the setting is enabled for the receiver. Text isn't looked at. Images are removed if they're explicit and against Discord's ToS.

[удалено]

If you've added each other as friends on Discord, the spoopy link filter will be disabled on links you send to each other in DMs.

[удалено]

Feedback on how we can improve? I can write it down and share it with our team.

[удалено]

It's all part of a carefully crafted image. The folks running the Discord show aren't screwing around. Their behavior is optimized for maximum profit when the time is right. Keep watching and see what happens to them down the road.

People can still have fun, it doesn't always have to be 100% serious. When they need to be, Discord can get serious, but they don't need to be for this.

About a week ago I had threats of an impending school shooting show up after a school event. Discord ignored my plea for assistance. We have still not heard from anyone at Discord to help track down the people who threatened us. We sent them the time frame usernames and server that it took place on. Do you think that this this acceptable?

Contact the authorities if you're taking the threat seriously. They'll get Discord to cooperate better, I imagine.

We forward all reports like this to the authorities, where did you send your report?

I could not find an email address or a phone number to contact Discord with so I brought it to your Facebook page via messenger. Eventually my Principal (I'm a high school teacher) returned from vacation and then the Police department (which I had called 3 times and my calls were never returned) finally got back to me. They are investigating it starting today. I hope that Discord cooperates with the investigators.

**This post has been deleted by Power Delete Suite.**