Closed Skillz4Killz closed 4 years ago
muddyfish
commented
4 years ago If this were to be implemented, it would be best to have it reference a message id that the content was generated from so TNS can use that to determine the likeness of the processed message and the user input
Lachee
commented
4 years ago Why can't you just report the message like normal?
AltriusRS
commented
4 years ago Why can't you just report the message like normal?
"A malicious user decided to make bots say "bad"(doxing) things using certain features on the bots and then mass reporting it." Literally any user-generated content that is possibly breaking ToS can be reported, reporting a mesage like normal is not possible because it is the malicious users reporting, not you.
a "containsUserContent" property would be useful to prevent a bot from being insta banned for having malicious users report their own ToS breaking content by linking their message's content to the message in question allowing for TnS to review the message which caused the generated content to occur, and the message resulting from said generated content.
LikeLakers2
commented
4 years ago I can't help but see this suggestion as more of a band-aid.
There's far too many bots for T&S to reasonably have a list of where UGC could be and where it couldn't be. Even if you have a property that tells T&S that a message has UGC in it, they would still have to figure out what part of the message is UGC, and what part is your bot's doing -- something that isn't always that easy.
It's easy for T&S to know that a role name shown through <@&ROLE_ID>, or something like a nickname on your bot, could be UGC. In those cases, T&S would probably just clear the bot's nickname, or notify the guild owner that their role name is against ToS. However, stuff like dumping a copy of the rules into a user's DMs, or putting a message through a webhook, isn't so easy to figure out -- even if T&S has your source code on hand, the message is still coming through your bot, leading to a level of uncertainty.
My suggestion, if a bot includes hard-to-verify UGC, is to subject that UGC to an approval process. You don't have to stop using UGC -- you just need to make sure that what's being sent isn't something that might get your bot banned. This also ensures that you aren't just implicitly trusting user input (in more ways than just "will this compromise my server?").
AltriusRS
commented
4 years ago your suggestion of approving UGC is actually a very good one, but i will tack on the idea of providing a notice that the UGC in question is subject to approval by the bot's developers and that the bot cannot be held responsible for said UGC until it has been approved. in the event the UGC is disapproved then simply clear said UGC and inform the guild owner in question that the UGC was not satisfactory.
I am also of the opinion that the containsUserProperty solution is a band-aid on a larger problem, but it is a step that could be made in the right direction to provide more faith in the report system to not be abused and get your bot banned for user generated content
jhgg
commented
4 years ago This is not something we're going to pursue for a variety of reasons, one main one being that people would just simply set this flag to true by default, or not understand the nuance.
The problem is not with the API, but with the enforcement of ToS - and this is something our T&S team is continuously improving. No, your bot should not get banned if someone uses it to do something bad and mass reports it. That problem is on us, not you.
Description
A new property that bots can send in messages that can be checked by TnS team whether a message from a bot contains user-generated content.
Why This is Needed
A malicious user decided to make bots say "bad"(doxing) things using certain features on the bots and then mass reporting it.
5 bots were reported and 4 of them were banned. The 5th wasn't banned because most likely it was one of the largest bots on Discord and would cause a nightmare having that bot banned. TnS were also against appealing the bans on the 4 bots until the large bots developer got involved and having to do a ton of research and data gathering and reporting to a Discord staffer directly.
Alternatives Considered
Sending all bot messages that contain any form of user generated content through Webhooks
Including but not limited to: tags, afk, welcome/goodbye messages, say command, quote command, command usage error alerts, role reactions embeds, any embeds in general even like in rules channels, roleinfo, userinfo commands.
Additional Details
Although this flag should not automatically make TnS think this bot is not malicious. It should help TnS avoid unnecessarily insta-banning bots without first giving a proper thorough investigation.
Or at the least TnS should give verified bots a thorough review before banning.