>My impression would be that an aged account with a good reputation would be held to much less scrutiny than a new account, regardless of my method of accessing the service.
"Good" accounts turn bad pretty quick. We have some betterments to make around taking account age into consideration - but it's also a well observed event that a prior good account gets compromised, moves between continents and starts sending out spam. We've also observed spammers register accounts, sit on them for a while (we've observed some age for over a year) before using them for spam. So, if we notice an "account traveling around the world at an unreasonable speed" we use that as a signal as well - and it is a very common pattern, almost exclusively exhibited by spam accounts, but also the few users whom connect via tor.
>That doesn't really mean much when Discord openly detests third-party FOSS clients and will not make its server available at least in a similar capacity to GitHub's self-hosted solution
In an ideal world, it'd be nice to support 3rd party clients - but unfortunately - we've observed on many occasions where 3rd party clients have malicious plugins that lead to account compromise. Additionally, having to support 3rd party clients can be problematic from an anti-spam perspective, as it muddles the line between "here's an obviously fake client" and "here's a legitimate 3rd party client." I actually wonder if this is why twitter struggles at anti-spam so much (but I don't know nor have talked to anyone at twitter to verify this.)
I also don't really understand why we have an obligation to offer a self-hosted solution. An advantage of our business is our server infrastructure - and although we occasionally blog about how we do things, maintaining an open source release is neither good for business, nor is it for product velocity - and definitely not something we can support given the available engineering resources. We are a very small team of engineers. For the first 3 years of the product, the infrastructure team at Discord was 2-4 people, in the current day, the IC's on the Core Infra team at Discord is less than 5.
I think a lot of people have this misconception that we are a huge company with a bunch of engineers - however, unlike a lot of valley startups, we actually hire very slowly, and deliberately - and relative to other products in our space, our team is exceptionally small. From what I hear, our entire engineering department is the size of the mobile department at another company in the voice/text chat space. As such, we work efficiently and deliberately - with the goal to build a good product, and also to ensure that we're successful as a business in the long term. These values mean that we do have to make trade-offs. But we do so in the interest of our users. Discord as a product is one that I'm passionate about working on, and a product that I use daily to play games with and talk to my friends.
> If they have my phone number, they have my phone number.
Have you considered using a burner phone? Very easy to pick one up from your local convenience store for a few bucks - and will work with phone verification on our product just fine - and will work with others that employ similar anti-spam solutions.
> Despite what we're stuck with, I do genuinely believe Discord could tune their spam and login mechanisms such that false positives are kept to a minimum.
I do agree! We are actively hiring for this position: https://discordapp.com/jobs/4286902002 - there are many betterments to be made, but we need more people such that we can work on em!
"Good" accounts turn bad pretty quick. We have some betterments to make around taking account age into consideration - but it's also a well observed event that a prior good account gets compromised, moves between continents and starts sending out spam. We've also observed spammers register accounts, sit on them for a while (we've observed some age for over a year) before using them for spam. So, if we notice an "account traveling around the world at an unreasonable speed" we use that as a signal as well - and it is a very common pattern, almost exclusively exhibited by spam accounts, but also the few users whom connect via tor.
>That doesn't really mean much when Discord openly detests third-party FOSS clients and will not make its server available at least in a similar capacity to GitHub's self-hosted solution
In an ideal world, it'd be nice to support 3rd party clients - but unfortunately - we've observed on many occasions where 3rd party clients have malicious plugins that lead to account compromise. Additionally, having to support 3rd party clients can be problematic from an anti-spam perspective, as it muddles the line between "here's an obviously fake client" and "here's a legitimate 3rd party client." I actually wonder if this is why twitter struggles at anti-spam so much (but I don't know nor have talked to anyone at twitter to verify this.)
I also don't really understand why we have an obligation to offer a self-hosted solution. An advantage of our business is our server infrastructure - and although we occasionally blog about how we do things, maintaining an open source release is neither good for business, nor is it for product velocity - and definitely not something we can support given the available engineering resources. We are a very small team of engineers. For the first 3 years of the product, the infrastructure team at Discord was 2-4 people, in the current day, the IC's on the Core Infra team at Discord is less than 5.
I think a lot of people have this misconception that we are a huge company with a bunch of engineers - however, unlike a lot of valley startups, we actually hire very slowly, and deliberately - and relative to other products in our space, our team is exceptionally small. From what I hear, our entire engineering department is the size of the mobile department at another company in the voice/text chat space. As such, we work efficiently and deliberately - with the goal to build a good product, and also to ensure that we're successful as a business in the long term. These values mean that we do have to make trade-offs. But we do so in the interest of our users. Discord as a product is one that I'm passionate about working on, and a product that I use daily to play games with and talk to my friends.
> If they have my phone number, they have my phone number.
Have you considered using a burner phone? Very easy to pick one up from your local convenience store for a few bucks - and will work with phone verification on our product just fine - and will work with others that employ similar anti-spam solutions.
> Despite what we're stuck with, I do genuinely believe Discord could tune their spam and login mechanisms such that false positives are kept to a minimum.
I do agree! We are actively hiring for this position: https://discordapp.com/jobs/4286902002 - there are many betterments to be made, but we need more people such that we can work on em!