Jump to content
yamamushi

Public Discord Auth Bot [WIP]

Recommended Posts

So many of you know that I wrote the Authorization system for the Dual Universe Community Discord Bot, which allows for you to link your forum account to Discord so that you can have access to the NDA channels in the DU Community Discord.

 

There are several hundred people using it at the moment, and although it's a bit of a process to use it, it seems to have gone over fairly well.

 

Here are some stats about the current linked backer accounts on Discord:

 

Backer-PieChart-Aug_31_06-36-18.png

 

I was thinking about possibly exporting the account information in the bot database into another database, and creating a separate public Auth bot for discord that would allow for any discord to verify whether or not their members have NDA access.

This would let other groups have their own NDA channels, so they could discuss NDA topics in a safer way.


However, I'm aware that this would have privacy implications for people using the auth bot on the DU Community Discord.

So I am wondering, would anyone be opposed to me doing this, or would you guys rather me not do it and just let other discords figure out their own way of verifying people?

It's not going to hurt my feelings if you guys don't want me to create it, I just thought that perhaps it might be useful for the various communities out there.

Share this post


Link to post
Share on other sites

This is very hard to do without breaching EU GDPR laws. You can't share any personal data obtained from EU citizens without their explicit permission with anyone else.

 

Share this post


Link to post
Share on other sites

I was considering asking about this a week or so ago for the terran union but I quickly answered my own question. Why do we need our own when we could just have someone verify themselves in the DU discord, and perhaps even ping us in an authorization channel, then have someone apply the appropriate tags to grant that person access to NDA channels.

 

Its less overhead for the other organizations overall, and it verifies you for the DU discord as an added benefit.

 

I don't see why not, but I also don't see as to why either.

Share this post


Link to post
Share on other sites

GDPR is not so easy subject. Technicly it apply only with company/organization storing identyfication data, It do not apply to person(not being an organization).

 

So technicly as a person you can have database of other peoples. But company like NQ can't give it to you.

 

For me it's greate idea :) 

Share this post


Link to post
Share on other sites

I will work on this bot then, seeing as how many people have told me they'd find a use for it.

 

Obviously, it's going to be open source, but the database it connects to will remain private for (also) obvious reasons.

 

I'll update here or make a new thread when it's ready, and I'll reach out to people who I've spoken to about testing it in their own discords.

 

I'm not a company, so GDPR doesn't apply here. 

 

The authorization process will still start within the DU Community Discord, so members will still need to auth that way, but it will then sync out to individual discords so that permissions are maintained wherever the bot is used. 

 

Of course, individual discords can override the auth on their own servers, but this is merely going to be a way for automating the process so that backer roles are in sync wherever users go. 

 

At the moment I would argue that this is the most trusted verification system for pre-alpha members on Discord, but that will speak for itself over the coming weeks.

Share this post


Link to post
Share on other sites

Technically, a bot can connect to your Discord server and compare users ID and groups.

So, all information is already "public".

 

GDPR does not apply to a person (assuming the Discord management is not considered an "organization", I didn't check the GDPR definition and all its local adaptations),

Local legislation does apply though, and sharing personal information without consent is illegal in several EU countries.

In theory, you should inform any player of the implications before they register (if they process, they consent).

 

On the development side, I would start by publishing a list of { discord_id, name, pledge_level } on an API.

- The bot is just sugar on top of it and can be open sourced.

- If someone wants to code his/her own bot, he/she can do so too.

 

@DarkHorizon from an organization perspective, users may not like to give their info to an external Discord, be it the Discord community one.

 

Regards,

Shadow

Share this post


Link to post
Share on other sites

The bot is ready for testing now, it is already running on several Discord servers, but could use additional testing:

 

Installation and usage instructions are available here: 

 

https://github.com/yamamushi/du-authbot/blob/master/README.md

 

 

 

 

Share this post


Link to post
Share on other sites

@yamamushi

Looks like this bot only works if someone has previously authorized themselves on the unofficial DU Discord. Anyone who has not done so gets an "Error: not found" response.

I may be missing something but it should not be a prerequisite to visit the unofficial discord and register there to be able to use the bot.

Share this post


Link to post
Share on other sites
22 hours ago, blazemonger said:

@yamamushi

Looks like this bot only works if someone has previously authorized themselves on the unofficial DU Discord. Anyone who has not done so gets an "Error: not found" response.

I may be missing something but it should not be a prerequisite to visit the unofficial discord and register there to be able to use the bot.

 

*Official Dual Universe Discord ? 

Of course, the Discord Staff has been aware of this handover, we just couldn't tell anyone. 

The reasons for the requirement of authing on it should be more clear now, it wasn't an arbitrary decision ?

 



 

Share this post


Link to post
Share on other sites

The operation of the official discord server was approved before being handed over, it was done with the agreement that nothing would be changing about the day to day operation or the functionality of the bots or auth process. 

 

As I said in a previous comment, it would soon become apparent why this is the most trusted authorization process for Discord. 

 

It's not like this stuff is closed source, and I have always been willing to let people contribute to it, just nobody has ever taken the initiative to submit code for it, and up till now, it has only been me working on the bots. 

Share this post


Link to post
Share on other sites

Yeah no, there shouldn't even be community members as moderators, to many hands in the cookie jar, and it is subject to people acting in regards to personal vendettas. On top of a bot that isn't exclusively NQ written, to much potential for shady stuff to happen.

Share this post


Link to post
Share on other sites

@yamamushi

Thanks for the explanation. It does however mean I will not use the bot and remove it from my Discord.

 

IMO there is too much conflict  of interest, friend for friend behavior potential and other issues I see with this requirement.

Share this post


Link to post
Share on other sites
1 hour ago, Tex007 said:

Yeah no, there shouldn't even be community members as moderators, to many hands in the cookie jar, and it is subject to people acting in regards to personal vendettas.

You already have community moderators on the forums :P. There is no much difference with Discord.

I'm assuming that NQ now has management rights and that they can react if they don't like moderators work (as they have being working on moderation for quite some time now, so it's not like they gave the keys to anonymous players).

 

As for the bot, I'm a bit worried about giving information to unknown players, but making the server official doesn't change anything: everyone was already doing it before and you are still free to not use it.

 

~ Merwyn

Share this post


Link to post
Share on other sites

I get all that but for me this requirement makes the bot pointless as I will not allow the link in. If DU has an actual OAUTH mechanism then I'd be happy to use it but  that is about it.

Share this post


Link to post
Share on other sites
16 minutes ago, Lethys said:

Good thing i never authed there xD

But... you are... maybe not with the bot, but anyone can get the data.

 

Regards,

Sahdow

Share this post


Link to post
Share on other sites

It doesn't hurt my feelings if people don't want to use the auth system, it's just more conversations they are excluding themselves from in the Official Discord at this point. 

Share this post


Link to post
Share on other sites

Is everyone who isn't going to use it going to post about it? ?

 

Meanwhile, almost 500 people (a quarter of the official Discord) are using the auth system now without issue, and it is in use on several Discord servers:

 

Backer-PieChart-Sep_11_15-59-07.png 

 

 

I am pushing out some feature updates for Discord owners tonight as well. 

 

Chances are they won't roll out until the late AM central US time, so keep an eye out on Github for the changelog ? 

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...