yup, agreed- worth going over the non tl;dr (sufficient to say the tl;dr misses some good juice, but thats what the page in full is for).
i was sorta curious on the policy changes over time, since botghost has been around since '18. all i can say is good luck to botgost
histories of policies-ish:
- from the tl;dr (they also explain #4 as well in the non-tl;dr):
> Discord issued a breach notice to BotGhost, claiming the platform violates Developer Policy 4 by handling bot tokens, which has been a core part of how BotGhost has worked since 2018.
> 4. Do not collect, solicit, or deceive users into providing passwords or other credentials. Under no circumstances may you or your Application request or attempt to obtain login credentials from Discord users. This includes information such as passwords or account access or login tokens.
> Do not collect, solicit, or deceive users into providing user login credentials. Under no circumstances may you or your Application solicit, obtain, or request login credentials from Discord users in any way. This includes information such as passwords or user access or login tokens.
- and archive.org of github of the before 2022 change (mentioned in the above archive) (does not really mention collecting of user auths - as per my quick glance [i welcome a double check]): https://web.archive.org/web/20220921062136/https://github.co...
> NEITHER DISCORD NOR ITS AFFILIATES, SUPPLIERS, OR DISTRIBUTORS MAKE ANY SPECIFIC PROMISES ABOUT THE APIs, API DATA, DOCUMENTATION, OR ANY DISCORD SERVICES.
The existence of terms like this make any discussion of the other terms look pretty silly.
Their policy is simply that they do whatever they want, and that hasn't changed.
It's also funny how selective-enforcement the discord TOS and dev policies are -- they turn a blind eye if not even encourage third party/modified first party clients "because retro" / "haha discord on windows 95 funny" (and even encourage it in some cases), yet those modified clients are explicitly banned in the TOS.
Every business does this. Every business. Every institution, even.
Rules are there for a few reasons, but precisely enumerating the things you can and cannot do isn't one of them. (That's why programmers definitely shouldn't litigate pro se.)
One purpose is to try to indemnify the institution making the rules: "See, we said you're not allowed to do X. Damages resulting from X aren't our fault." Another purpose is to deter bad behaviour: if they say you're not allowed to do X, you're less likely to do X. A third purpose is to provide cover for their actions - most easily by writing a rule that literally everyone breaks and then selectively enforcing it, or by writing vague rules you can selectively interpret. If they can punish you and then point to a rule you allegedly broke, you're more likely to accept it and less likely to retaliate. Notice how all of these purposes have to do with manipulating other people. (Are you reminded of any countries?)
You should do it too, if you want to be successful in an amoral business environment. Don't hate the player, hate the game.
Unless your customers pay extra for well-defined rules to create a stable environment for themselves. In that case, you should do that, and take their money. That sort of thing is, for example, why some people would rather pay more for a technically inferior Fairphone or Librem than a flagship Android phone or iPhone.
i was sorta curious on the policy changes over time, since botghost has been around since '18. all i can say is good luck to botgost
histories of policies-ish:
- from the tl;dr (they also explain #4 as well in the non-tl;dr):
> Discord issued a breach notice to BotGhost, claiming the platform violates Developer Policy 4 by handling bot tokens, which has been a core part of how BotGhost has worked since 2018.
- policy from discrap: https://support-dev.discord.com/hc/en-us/articles/8563934450...
> 4. Do not collect, solicit, or deceive users into providing passwords or other credentials. Under no circumstances may you or your Application request or attempt to obtain login credentials from Discord users. This includes information such as passwords or account access or login tokens.
- policy in 2022 (of that page, but note the random digits in the numbers make it terrible to easily see history), thanks archive.org!: https://web.archive.org/web/20221001073449/https://support-d...
> Do not collect, solicit, or deceive users into providing user login credentials. Under no circumstances may you or your Application solicit, obtain, or request login credentials from Discord users in any way. This includes information such as passwords or user access or login tokens.
- and archive.org of github of the before 2022 change (mentioned in the above archive) (does not really mention collecting of user auths - as per my quick glance [i welcome a double check]): https://web.archive.org/web/20220921062136/https://github.co...
edit: fix copy-pasta