Discord Bot | User Safety Improvements

[Yonio]

What's your Minecraft Username?: YonioTheNacho
What's the title of your suggestion?: Discord Bot | User Safety Improvements

What's your suggestion?:
Introduction
I'm sure most of you know that the discord bot across the RoleplayHub network has access to execute bulk tasks within every server it's in. This way, IP bans can be carried out network-wide. This is a smart way to avoid having to ban players without going into each server over and over again.

With that out of the way, I have a suggestion to improve user safety.

---

Sensitive Links
One of the main ways "sensitive content" is distributed across the network is using discord links. These links show an embedded file with content that goes against the server rules. A way to stop this distribution is to add a database in the schoolrp.net domain that the bot has access to. If an user tries to send one of these links, they will automatically be timed out in all servers and a staff member will be notified about their behavior so proper action can be taken.

This way, people who try and spread this malicious content will be taken care of without having to rely on staff's sometimes delayed support on this matter.

---

Sensitive Files + Verification
Now, what happens if people try to send files altogether instead? Well, in that case we'll need a more "radical" alternative. To ensure user's safety, it's necessary that all sub-servers prevent new users from sending attached files. This, of course, can be prevented if the user verifies their account with their phone number. Users generally don't use their verified accounts to send sensitive media. Instead, they'll create burner accounts with no personal information attached to it to do so. Moreover, enabling this option is really easy, and shouldn't take more than 5 minutes to implement

---

While this will definitely take some time to take effect, I believe it's necessary if we want to put an end to the continuous spread of sensitive media.

 

[frenzyyy]

+1

I was actually thinking about this earlier with the RoleplayHub bot, I like it!

 

[adalynoc]

Okay, so here is the thing. This will solve literally nothing. You cannot and will not prevent users from being exploited or sensitive information being released. It's virtually impossible to do so. No matter how many discord bots you make, how many people you ban, there will always be bad faith actors in every community.

I wish we would all stop pretending there is some magical switch to prevent this from happening and face reality. the majority, no in-fact ALL of the issues with "Sensitive User Information" being leaked or exploited is contributed atleast one of the following reasons.

1. an insider source leaking confidential information to an outsider.

2. Terrible Cyber safety practices i.e (over sharing of personal information)

3. Social Engineering

4. Bad privacy laws.

5. Bad faith actors/People with Malicious intent.

Discord bots/rules are nothing more than a bandaid for a broken leg. If someone wants to do something malicious they're going to do it regardless.

You actually want know the best way to stop people from getting your private information? STOP TELLING PEOPLE YOUR PRIVATE INFORMATION.

 

[Yonio]

Your response seems dismissive of what I’m trying to suggest. No measure should be unwelcome when it comes to placing barriers that hinder the efforts of doxxers or leakers. While it’s true that such measures won’t completely solve the issue (as you pointed out, it’s virtually impossible to do so), SRP is a massive community that should prioritize the safety of its users and provide tools to help prevent and manage these incidents.

Moreover, your last comment is overly generic and doesn’t address every situation. Nobody on the internet wants to be doxxed—that’s objectively true. No one wishes to endure such a traumatic experience just for attention. Unfortunately, there are circumstances beyond a person’s control that result in their personal information being exposed. As you mentioned, many factors involve privacy laws and individuals with malicious intent. While there are ways to erase one’s digital footprint, doing so may not be easy or even possible in some cases. It might also be too late—most users on SRP are minors and may lack knowledge about online safety.

Blaming the victims and refusing to support them during such difficult times will only tarnish the image of SchoolRP.

 

[adalynoc]

Your response seems dismissive of what I’m trying to suggest. No measure should be unwelcome when it comes to placing barriers that hinder the efforts of doxxers or leakers. While it’s true that such measures won’t completely solve the issue (as you pointed out, it’s virtually impossible to do so), SRP is a massive community that should prioritize the safety of its users and provide tools to help prevent and manage these incidents.

Moreover, your last comment is overly generic and doesn’t address every situation. Nobody on the internet wants to be doxxed—that’s objectively true. No one wishes to endure such a traumatic experience just for attention. Unfortunately, there are circumstances beyond a person’s control that result in their personal information being exposed. As you mentioned, many factors involve privacy laws and individuals with malicious intent. While there are ways to erase one’s digital footprint, doing so may not be easy or even possible in some cases. It might also be too late—most users on SRP are minors and may lack knowledge about online safety.

Blaming the victims and refusing to support them during such difficult times will only tarnish the image of SchoolRP.

I'm dismissive because you're creating false hope and lying to people.

You know as well as I do that something like this will do absolutely nothing, and if anything it'll just encourage people to move to alternative discords/sites to continue their malicious actives. How is this discord bot gonna stop someone from DMing someone or Making an alternate website or buying a domain to post on?

You're not offering a solution, you're offering a false sense of security. Which is not the correct way to go about this.

 

[Squidjees]

+1

 

[ethxx.ltd]

This would end up effecting me, despite me being unbanned from all SchoolRP server's and discord servers, my main remains banned, and you yourself said that I would need to use a alt to use SRP discords, if this was added who knows how many other people are in the same situation as I am.

 

[Yonio]

This would end up effecting me, despite me being unbanned from all SchoolRP server's and discord servers, my main remains banned, and you yourself said that I would need to use a alt to use SRP discords, if this was added who knows how many other people are in the same situation as I am.

Not sure how that would affect my suggestion

1. If you can't verify through your phone number, the discord server's staff have an option to manually verify you without one

2. The links blacklist would still apply regardless. There is no circumstance where you'd be sending that in a public discord server

 

[ErikFinster]

User Safety: Protecting the players (and especially minors) from harm caused by malicious links, doxxing, or sensitive information leaks is a high priority!
Legal Liability: If minors or users experience harm due to insufficient safeguards, the server could face ethical (or even LEGAL) repercussions.
Trust: Players expect Mods and Admins to prioritize their safety. Failing to meet those expectations can erode it's credibility and the communities trust.

+1

What I take from the feedback is that authority should earnestly acknowledge the limitations of public safety measures. Is has to be made clear that no single measure can fully prevent malicious activities - and that we instead - focus on building a layered approach. Next to automated cyber-security, we can provide guides that help players spot phishing links and make them aware of the danger and typical nature of scams. It can be as primitive as getting 10.000 yen for clicking on an NPC and going through a small safety workshop.

 

[Maysi_]

ദ്ദി ( ᵔ ᗜ ᵔ )

 

[Ecocide]

+1
Cant ever say no to something to try and improve safety
As long as staff can keep up with it for when problems like

This would end up effecting me, despite me being unbanned from all SchoolRP server's and discord servers, my main remains banned, and you yourself said that I would need to use a alt to use SRP discords, if this was added who knows how many other people are in the same situation as I am.

this pop up

Adalyn is also right tho, this is a 'bandaid for a broken leg', the community just has to be a lot more careful when talking about personal information or with things they send/receive from people.

 

[findouticly]

Sensitive Links
One of the main ways "sensitive content" is distributed across the network is using discord links. These links show an embedded file with content that goes against the server rules. A way to stop this distribution is to add a database in the schoolrp.net domain that the bot has access to. If an user tries to send one of these links, they will automatically be timed out in all servers and a staff member will be notified about their behavior so proper action can be taken.​

I don't see how this would help honestly. What would you even add to the database? Because every time you import an image into Discord, a new link gets created, so there would be nothing to add to the database.

Let me show you an example of how useless this would be if implemented.​

---

Joe sends an image of him holding oranges.​

​

The owner doesn't like oranges, so he adds the link:​

​

To a database which would block the image.

Joe gets angry, because he wants to show everyone his beautiful oranges! In this situation, Joe renames and re-sends the image elsewhere on the platform [Discord in this situation]:​

​

And then he copies the link:​

​

And sends it in the Discord again, and it works... Even though the link was blacklisted!​

---

Well it turns out that both of those images are considered as 'completely different' in the eyes of Discord and the database...


Compare both of these links and tell me, if you only looked at both of them, would you tell me that those are the same image?
​

Spoiler

ORIGINAL​	RENAMED & RESENT​
https://cdn.discordapp.com/attachments/1067604271115288627/1313635719691898961/20240913_094111.jpg?ex=6750da19&is=674f8899&hm=9154b19366d138795ef1caf5395cbaff43f3cb4f02f233e59498a8652018a6a4&	https://cdn.discordapp.com/attachments/1097948963350532278/1313639580645200025/orange.jpg?ex=6750ddb2&is=674f8c32&hm=75d2a831b7940c6cf95da9b5b42e109716782b2c6fa3809dacb9868c2ead4824&

​

So basically the solution you gave would not only, as adalynoc said, give temporary hope, but will work temporarily as well, and could be bypassed by a person who has been using Discord for a week.​

Sensitive Files + Verification
Now, what happens if people try to send files altogether instead? Well, in that case we'll need a more "radical" alternative. To ensure user's safety, it's necessary that all sub-servers prevent new users from sending attached files. This, of course, can be prevented if the user verifies their account with their phone number. Users generally don't use their verified accounts to send sensitive media. Instead, they'll create burner accounts with no personal information attached to it to do so. Moreover, enabling this option is really easy, and shouldn't take more than 5 minutes to implement​

---

Continuation of the Joe situation.


Joe gets banned by the owner due to the bypass... He's sad. He had so many friends on the server, and no one want to talk to him. He wants to show the orange picture again. Joe decides to make an alt, and joins the server.

Turns out he needs to verify his phone, and he only has one. He thinks for a few seconds... Joe removes his number from the main, and puts it on the alt.
Bypassed again.​

---

It's not like I don't care about the peoples safety, but its just that your suggestions would bring nothing but false hope to people and even more disappointment if implemented.​

+1
On the fact that something should be added to improve the users safety.



-1
On your idea of how to do it.

​

im a big willem dafoe fan as you can see

 

[Yonio]

I don't personally get the "false hope" counterargument you're trying to display here. Sure, the solution may not be perfect, and as I've stated before, these features are intended to discourage and put barriers that make it harder for people to spread this kind of content. Some people will bypass it, of course. This will happen with any solution that's brought to the table. However, this doesn't mean that SRP does not have the responsibility to protect its playerbase.

SRP is not promoting "Hey, in our servers it's 100% impossible to get doxxed!". No. This feature wouldn't even be publicly announced. It's simply a layer of added security that will lower the amount of incidents SRP players encounters. As long as one or two perpetrators are stopped or caught before they can even send this sensitive media, then this suggestion will have achieved its purpose.

I think you fail to understand that most other discord servers have these added layers that I mentioned, as well as extra steps to verify that someone does not have malicious intents. For example, Hypixel uses an in-game verification system where you're restricted from their server until you verify that you can indeed log into Hypixel itself. I didn't want to add this to the suggestion since the game-discord link is quite buggy and hasn't worked properly for a while, but it would also be a neat idea to prevent players who are banned from committing these acts in our discord servers

 

[staceyz]

I don't see how this would help honestly. What would you even add to the database? Because every time you import an image into Discord, a new link gets created, so there would be nothing to add to the database.

Let me show you an example of how useless this would be if implemented.​

---

Joe sends an image of him holding oranges.​

View attachment 73168​

The owner doesn't like oranges, so he adds the link:​

View attachment 73169​

To a database which would block the image.

Joe gets angry, because he wants to show everyone his beautiful oranges! In this situation, Joe renames and re-sends the image elsewhere on the platform [Discord in this situation]:​

View attachment 73175​

And then he copies the link:​

View attachment 73176​

And sends it in the Discord again, and it works... Even though the link was blacklisted!​

---

Well it turns out that both of those images are considered as 'completely different' in the eyes of Discord and the database...


Compare both of these links and tell me, if you only looked at both of them, would you tell me that those are the same image?
​

Spoiler

ORIGINAL​	RENAMED & RESENT​
https://cdn.discordapp.com/attachments/1067604271115288627/1313635719691898961/20240913_094111.jpg?ex=6750da19&is=674f8899&hm=9154b19366d138795ef1caf5395cbaff43f3cb4f02f233e59498a8652018a6a4&	https://cdn.discordapp.com/attachments/1097948963350532278/1313639580645200025/orange.jpg?ex=6750ddb2&is=674f8c32&hm=75d2a831b7940c6cf95da9b5b42e109716782b2c6fa3809dacb9868c2ead4824&

​

So basically the solution you gave would not only, as adalynoc said, give temporary hope, but will work temporarily as well, and could be bypassed by a person who has been using Discord for a week.​

---

Continuation of the Joe situation.


Joe gets banned by the owner due to the bypass... He's sad. He had so many friends on the server, and no one want to talk to him. He wants to show the orange picture again. Joe decides to make an alt, and joins the server.

Turns out he needs to verify his phone, and he only has one. He thinks for a few seconds... Joe removes his number from the main, and puts it on the alt.
Bypassed again.​

---

It's not like I don't care about the peoples safety, but its just that your suggestions would bring nothing but false hope to people and even more disappointment if implemented.​

+1
On the fact that something should be added to improve the users safety.



-1
On your idea of how to do it.

​

im a big willem dafoe fan as you can see

this is an amaziing point, i don't think this can be done properly or at all because other servers have tried making bots censor links with sensitive content (people still find a way/it doesn't really work) but if there's a get-around to that then i think it could help speed things up for staff

 

[findouticly]

For example, Hypixel uses an in-game verification system where you're restricted from their server until you verify that you can indeed log into Hypixel itself.

Why would you compare a multi-million dollar company/Minecraft server with an average of 45k-50k online people daily to a Minecraft server with an average of 300-500 people online daily. Of course Hypixel has those types of protections, they've got the money to do so and to hire multiple developers. Comparing SchoolRP to Hypixel is like comparing a local bakery to an international food chain.

It's simply a layer of added security that will lower the amount of incidents SRP players encounters.

these features are intended to discourage and put barriers that make it harder for people to spread this kind of content.

People who doxx others usually don't give up right after they get banned or get the message blocked from being sent. These people usually don't have anything to do and will do anything to make others lives miserable. Your suggestions might look good on paper, but would be hard to implement due to the SchoolRP staff having to import new blocked content to the database, which as I showed above could be easily bypassed with an easy file rename, Copy and Paste.

SRP is not promoting "Hey, in our servers it's 100% impossible to get doxxed!"

I haven't mentioned anywhere that this is what you're trying to achieve with this suggestion.

This feature wouldn't even be publicly announced.

The fact that this suggestion is public makes it announced if it got accepted.

I think you fail to understand that most other discord servers have these added layers

I think you fail to understand that this is NOT what most servers have. Most servers have attachments blocked behind either a certaint level or a paywall with for example, boosting the server. As I've stated above, having to add a link to a database is a pain in the ass when a group of banned 13 year-olds could easily bypass it.

 

[kustomzero]

+1
User safety should always be a priority especially towards minors, not saying that legal adults don't deserve safety, I'm saying overall everyone deserves to feel safe and should be a priority and taken more into an account when it comes to minors.

 

[adalynoc]

I've spent some time compiling ideas that can lead to more user safety, again not solve this issue, but it will significantly help.


1. In all public SRP related discords hide all channels unless you have verified role and have a zero tolerance on verifying users because they do not/cannot link a phone number. (users cannot interact with anything on discord server if the server requires a phone number linked or verified email attached to the account.

2. On the forums Hide the staff roster page. Make it a punishable offense to create staff rosters on the forums. (hypixel does this already and its worked very well)

3. Disallow the posting of images, links and any media in any public channels across every discord.

4. In the case of a the help channel utilize a private ticket system if people need help in game.

5. Disable the ability to view members on the discord server list/forums

You don't need some discord bot to do like any of this.

 

[adalynoc]

1. If you can't verify through your phone number, the discord server's staff have an option to manually verify you without one

This is like, a massive loophole to permitting bypassers/banned players back into the community.

there should be no option for this.

 

[KimiNoUso]

Reviewed
Thank you for your suggestion!

I believe storing images people send poses a greater safety issue than it solves, not only this, but Discord themselves already do this. We provide fairly extensive user safety guides and promote online safety on our forums already. Note that we do not own the platform/app 'Discord', we cannot prevent safety issues in private messages or ever truly 'ban' someone forever, it'd be virtually impossible to prevent these issues regardless of the way you look at it; this is exactly what our Discord Bot, Discord Rules, and Moderation is already in place for (we already heavily moderate our rules in related Discords servers).​

​

Discord has their own Trust & Safety team, so if you see a message that doesn't look right you can always report it directly in the app itself (this includes images), not just to our server/discord server staff; see Discord's own guide here. We always respond to urgent matters in a timely manner, especially when there's clear proof.​

​

As some of you realise, we already have safety features built in to our Discord Bot, this includes filters and other safety measures, however we never store images or messages sent by users unless the data is captured by a slash command or pop-up modal, as this is necessary for the bot to function.​

​

We will not prevent the sharing of images as this would pretty much put an end to almost all of our Community Discords, e.g. Tailors, Shops, list goes on. We're all for promoting and moderating safety concerns, however we will always priortise what is right for our community, and unfortunately a lot of these ideas would be the opposite of that. We already require Discord Users to be verified on the strictest setting in all of our official Discords, e.g. Karakura Town, Roleplay Hub, MazeRP.​

​

A lot of the responsibility for preventing safety concerns in DMs and in general falls onto Discord to respond to reports they receive, as although we can do so much, we once again do not own the platform.​

​

Nevertheless, this issue is very important and we're pleased you've brought this to the wider community's attention.​