Let bots and OAuth2 apps read user bios and banners

[advaith1]

Description

Currently, user bio and banner fields are only returned on the profile endpoint, so they cannot be accessed via bots or OAuth2. It would be useful if they were returned in endpoints that can be accessed.

Why This is Needed

Currently, many sites that support Discord OAuth2 login allow users to input a bio and banner in the site, but if they already have the data set in Discord then they would need to re-enter it. This would allow sites to automatically show the Discord profile information, either as the only option or as the default data if the user has not overridden it in the site. This would also be useful for bots that show a user's general information; iirc some bots also allow setting a custom bio and/or banner.

Alternatives Considered

There is currently no (TOS-abiding) way to programmatically get a user's Discord bio and banner information, so the only current "alternative" is making the user re-enter the data in the other application. Support for that could be added by adding the data to the /users/:id endpoint (for bots) and the /users/@me endpoint (for OAuth2), or giving applications access to the /users/:id/profile endpoint.

Additional Details

It would make sense if this ability is not added until after Profile Customization fully releases (in case of breaking API changes), but it would be nice to get a confirmation if it will be added or not.

[panley01]

Additional use case for Moderation

Bios have full markdown, meaning users can put links in them. This makes them an escalated moderation concern. There are many automoderation bots that already scan user presences for malicious content, slurs, spam, advertising etc. The moderation concerns for presences are doubled for bios as they always display regardless of presence, and have full markdown allowing someone to link to grabify (for example) in their bio. Malicious bios are more akin to names in that they're a TnS concern moreso than a general moderation concern but the autmoderation concerns are very much still present for bios, and allowing bots to access this content will also allow for better identification and reporting of malign users abusing bios. The same holds true for graphic/TOS breaking content in banners, such as nudity or gore. There are bots that can detect such things, and do so for profile pictures and uploads already.

Additional alternatives

The data in a bio can be sensetive, it may be apt to gate access behind a priv. intent, as was done with presences & members. I can see cases for it being tied to either or both current priv. intents, though I feel presences would be more apt. This would strike a good middleground between user privacy and autmoderation. Additionally, for Oauth, making a new scope for identify.profile may be desired, explicitly making end users aware their banner and bio will be provided to the Oauth application.

Additional details

It's worth noting that flags were previously Oauth only data despite being mostly harmless data and having genuine use cases in server gating bots. I can very much see the same case here where the banner and bio info is mostly harmless and bots having access won't have any real drawbacks, rather it would actually aid in automoderation and in turn in TnS efforts to discover bad actors via reporting.

[braindigitalis]

If this is added it would make sense that its behind a privileged intent? It would contain personally identifiable information, and usually stuff like presence etc are protected under privileged intents. Something like, not being able to call the REST endpoint if the bot's application doesn't have the intent enabled and approved?

[msciotti]

We'll serialize the banner image hash on the user object so that bots can start passively getting that field.

As for bios, we absolutely hear the moderation use cases, but we're not comfortable making those accessible right now.

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.

Privileged intents are great, but the authorization model is still a server owner accepting on behalf of everyone in the server. Presence information that shows what you're doing or short-lived custom statuses just isn't at the same level of a field directly asking "Please tell me personal information about yourself".

As for an OAuth scope, that could be a way to do it, but it wouldn't really solve your moderation use case, the case for things like duplicating bios on other sites isn't something we need to support.

[KyeOnDiscord]

You can send a GET request to https://discord.com/api/v9/users/{user.id}/profile to get a user's Banner, Banner color, bio & linked accounts. This endpoint is not documented by Discord so I'm not sure if you're allowed to use it but use it at your own risk. This endpoint cannot be used by bots.

[advaith1]

1. discordapp.com is deprecated
2. doing requests with a user (non-bot) token (outside of the official client) is considered selfbotting and is not allowed.

[Flicksie]

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped. authorization model is still a server owner accepting on behalf of everyone in the server. (...) same level of a field directly asking "Please tell me personal information about yourself". (...) the case for things like duplicating bios on other sites isn't something we need to support.

Honestly, this only prevents legitimate uses out while bad actors can still access that freely. We can see that just a couple messages above on what kyeondiscord just posted. Userbots are already operating as outlaws so they don't really have to comply with privacy or anything. Actual bots signed an agreement and have to keep compliant.

Profile scraping for republishing is mostly made by selfbots that sneak into public servers (and we probably already have some out there scraping all that somewhere), rarely by bots that are actively added to the server, let alone ones that proved worthy of privileged intents.

[Glazelf]

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped. authorization model is still a server owner accepting on behalf of everyone in the server. (...) same level of a field directly asking "Please tell me personal information about yourself". (...) the case for things like duplicating bios on other sites isn't something we need to support.

Honestly, this only prevents legitimate uses out while bad actors can still access that freely. We can see that just a couple messages above on what kyeondiscord just posted. Userbots are already operating as outlaws so they don't really have to comply with privacy or anything. Actual bots signed an agreement and have to keep compliant.

Profile scraping for republishing is mostly made by selfbots that sneak into public servers (and we probably already have some out there scraping all that somewhere), rarely by bots that are actively added to the server, let alone ones that proved worthy of privileged intents.

Malicious users circumventing any security in place does not mean that it should be made easy for them and leave the door wide open for more, less intelligent malicious users. I can definetly see why you wouldn't want profile text to be scraped, I would love to use it as well, but sadly we live in a world where security measures like this are necessary.

[Flicksie]

I absolutely agree, things should definitely not be easier which is why it is nice to see that's not available for bots out of the box. the only problem is, as you mentioned:

made easy for them and leave the door wide open for more, less intelligent malicious users.

gating that behind both verification AND privileged intents would be good enough to weed out the "less intelligent". It kind of defeats the purpose of building up trust to get to that level if the API still treats the application just like the rest of the bunch.

I personally don't have any use for it as a developer. But on a user's perspective moderating these manually can be pretty tedious, and frustrating, hard to just ignore them especially when malicious clickable links can be there.

[KyeOnDiscord]

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped. authorization model is still a server owner accepting on behalf of everyone in the server. (...) same level of a field directly asking "Please tell me personal information about yourself". (...) the case for things like duplicating bios on other sites isn't something we need to support.

Honestly, this only prevents legitimate uses out while bad actors can still access that freely. We can see that just a couple messages above on what kyeondiscord just posted. Userbots are already operating as outlaws so they don't really have to comply with privacy or anything. Actual bots signed an agreement and have to keep compliant. Profile scraping for republishing is mostly made by selfbots that sneak into public servers (and we probably already have some out there scraping all that somewhere), rarely by bots that are actively added to the server, let alone ones that proved worthy of privileged intents.

Malicious users circumventing any security in place does not mean that it should be made easy for them and leave the door wide open for more, less intelligent malicious users. I can definetly see why you wouldn't want profile text to be scraped, I would love to use it as well, but sadly we live in a world where security measures like this are necessary.

Discord should prompt a message to not put out sensitive bio and stuff like that to prevent this in the first place however there are many reasons discord does or doesn't do stuff so I'll respect their decisions.

[ClaraCrazy]

Discord should prompt a message to not put out sensitive bio and stuff like that to prevent this in the first place however there are many reasons discord does or doesn't do stuff so I'll respect their decisions.

in my opinion bots just shouldnt have access to the about me. It literally says About ME. so while some poeple feel like filling it with eggplant or amogus emojis I think the majority of users uses it for what its made for: giving a bit of info about yourself like pronouns, age, preffered language. And while im ok with you guys seeing said info, Im not ok with a random bot being able to show said info to thousands of unknown people via a 'userinfo id' command just bc I share a guild with that bot.

saying they should warn us to not put info about us in the about me field seems like a joke to me. I just want new potential friends to know what they're gonna talk with but not everyone that somehow has a bot that shares a guild with me.

[sayantan300]

coughs I think we can get about me/status of user without the need to share guilds and bots with them. By just getting an id of a user, we can make a request to get their tag (username#tag) and use it to make a friend request (and while the request is not being accepted, we can click pending requests and click on their profile to see their status and about me. So how is security being maintained here? Bots can't do anything with your data, it's indirectly a user behind the bot who wants to use it, and they don't even need a bot to get your data like this...

If about me was meant to be so much more private, can't we ask users to keep nothing sensitive in status, and put them all in about me, and allow bots to get status? Also if it was meant to be so private, why can any user view one's about me? Shouldn't there be an option like "only allow my friends to view my about me"?

[OfficialCRUGG]

As for bios, we absolutely hear the moderation use cases, but we're not comfortable making those accessible right now.

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.

[...] Presence information that shows what you're doing or short-lived custom statuses just isn't at the same level of a field directly asking "Please tell me personal information about yourself".

I - to be honest - don't really understand the problem with bots accessing bios. First of all, if people put "really sensitive, personal information" on their bios, they shouldn't be accessible to all users, either. Everyone is able to view your bio, even without being your friend or sharing a server with you. Just your name and discriminator are enough to be able to read one's bio. Letting only users access such information will not prevent malicious use. People who use information such as bios for malicious purposes (such as analyzing bios for advertising purposes, scraping emails, etc.) won't suddenly go "Oh, selfbots are against the terms of service, so I won't do it" Not allowing Bots to read bios prevents those with legitimate use cases from doing so and makes those who would use it for malicious purposes just use selfbots. And I'm pretty sure that bots are way easier to moderate, as they are usually connected with a discord account (lots of people will be stupid enough to just use their main account) instead of banning lots of selfbots which are most of the time just alts.

[advaith1]

I think we can get about me/status of user without the need to share guilds and bots with them. By just getting an id of a user, we can make a request to get their tag (username#tag) and use it to make a friend request (and while the request is not being accepted, we can click pending requests and click on their profile to see their status and about me.

this is not true.

Everyone is able to view your bio, even without being your friend or sharing a server with you. Just your name and discriminator are enough to be able to read one's bio.

this is also not true.

you cannot see a user's presence (status etc), bio, banner (for now), or nitro/boost status if you have no mutual servers and are not friends. even if you send the user a friend request.

if you don't believe me, try it and see (which you probably should have done before stating your assumptions as definite)

[OfficialCRUGG]

@advaith1 Alright, my mistake. However, once you join a single discord server, you always have to expect that strangers can join said server and will therefore be able to see your data. And I don't think that bots should be able to see everyone's bio either, just of the ones they share a server with. Which everyone sharing a server with them can definitely see.

[Milo123459]

We'll serialize the banner image hash on the user object so that bots can start passively getting that field.

As for bios, we absolutely hear the moderation use cases, but we're not comfortable making those accessible right now.

The behavior that we (and you) see, outside of potential moderation issues, is people putting really sensitive, personal information in their bios. We aren't comfortable with that data being scraped.

Privileged intents are great, but the authorization model is still a server owner accepting on behalf of everyone in the server. Presence information that shows what you're doing or short-lived custom statuses just isn't at the same level of a field directly asking "Please tell me personal information about yourself".

As for an OAuth scope, that could be a way to do it, but it wouldn't really solve your moderation use case, the case for things like duplicating bios on other sites isn't something we need to support.

Why don't you just add an option if you want to expose your bio to the API? Something in settings, therefore, if someone theoretically puts something "sensitive" on their bio they can turn it off.

[OfficialCRUGG]

@Milo123459 I think the primary problem is that it would just confuse most users since the average Discord User usually has no clue what an API is.

[Milo123459]

What about something simpler, "Allow bots to see your bio"?

[OfficialCRUGG]

Good idea. So something like this, maybe? (Quick concept design, looks horrible, I know)

And if it's disabled it could just return an empty bio...

Edit: For people who don't have a Bio yet, this could be automatically enabled, because they'd see it when typing in a bio. For users with an existing bio, I am not sure...

[ClaraCrazy]

Sounds like a fair solution for everyone. +1

[ghost]

Spammers would just turn that off and it would defeat the moderation reasons to have that enabled. Sounds like a good idea, but I don't see why it would help bots to see normal person bios but not the spammer bios.

[OfficialCRUGG]

@BenSova Well, there are more use cases than just Moderation, such as the one described in the original post. Of course, a different option, which would also make usage for moderation possible, would be optimal, but this is at least better than nothing, in my opinion.

[AngeloCore]

Ok, now is added...

[Pandapip1]

Suggestion: Maybe provide an (e.g. sha256) hash of a bio and an array containing the TLD of all the links in it.

This enables use cases such as detecting whether or not multiple users have the same bio (or no bio) and preventing invite links in the about me section, while (for the most part) hiding potentially private information.

[XynoxTheDev]

@msciotti @advaith1 Also to mention for future, they must fetch server avatara of the members.

[Pandapip1]

Also to mention for future, they must fetch server avatara of the members.

This is already possible with the GET /users/{user.id} endpoint

[advaith1]

members' per-server avatars are already accessible (to read) and are on the member object #3081; they aren't in the user object since they're per-server

they don't have anything to do with user profile features like banner and bio

[roobscoob]

why is the banner field not returned when accessing the user field on a member object? This requires me to do double the requests for my use-case, and I can't see the reasoning behind it

[AnotherZane]

why is the banner field not returned when accessing the user field on a member object? This requires me to do double the requests for my use-case, and I can't see the reasoning behind it

Look at this for some info about it.

[Kinomora]

No. All data from a user profile should be accessible by bots for review and moderation concerns. The server I moderate, which is a support server for a software service managed by the company I work for, CONSTANTLY has an influx of scam account pretending to be tech support. As it stands, right now there is NO WAY for me to detect this user account unless I monitor literally EVERY SINGLE JOIN EVENT which is simply not acceptable.

[renhiyama]

Also, there's a new feature: per server bio If the current global bio is being implemented, there also needs to be a way for bots to read that too, right?

[advaith1]

Bots aren't getting access to users' global bios, see Mason's comment in this thread

The feature request for per-server banners and bios is

• 4217

[Pandapip1]

What about a user profile intent and/or oauth2 scope?

[Gesugao-san]

Any updates?

[renhiyama]

Discord should now be able to allow us to moderate this via their "AutoMod" bot/service ? It's a win-win for everyone! Server admins can efficiently blacklist stuff out, and no pressure of bot Devs making a bot fetch bios then?

Btw on an alternative note, can't we tell users to not provide sensitive information in their bio when they edit it? Internet itself is not a safe place to just give out any private information...

[Pandapip1]

It's a win-win for everyone!

...except for where it might be necessary for a bot or other application to function. Honestly, how hard could it be to add an intent for this?

[OfficialCRUGG]

It's not hard in a technical way, it's just a privacy concern. Just making something an intent doesn't stop any malicious use.

[Pandapip1]

1. I find it hard to see a malicious use or a privacy concern for it. It's public data. If message intent is a thing, then profile intent should at least be a thing.
2. Intents do stop malicious use. That's why they exist at all. If not, Discord would have removed them, because it probably costs them a lot of money to pay people to review the intent requests.

[panley01]

I'm removing myself from this thread because I think the engineering staff have made it clear this isn't a feature they want to implement but I'll add this:

We now have the guilds.members.read scope to get member profile information per-guild, this still doesn't return bios but it does return everything you normally get from members. This appeals to the use cases menioned further up this thread asking for access to per-server data.

I stand by the moderation use cases I mentioned before. Considering how prolific scam bots have gotten on the platform, reading user bios provides an integral data point to smart anti-scam bots built to counter these scam bots. This is an incredibly specific use case and I'm only even aware of 2 bots that have any systems robust enough to detect scambots by profile data. For this use case to actually be useful it'll have to be an intent, and an entire intent for a handful of bots just doesn't make sense.

Manual moderation of bios hasn't proven that difficult, clicking a user once is all it takes. I've also only found a handful of cases where a bio has anything in it that violates TOS, it's markedly more common in statuses (perhaps because they're easy to change to cover tracks).

AutoMod rules being applicable to bios/names/statuses is the ideal solution here, keeps data in-house, and if bots are allowed to post to the AutoMod endpoints we can even update these rules to adapt to new threats automatically.

Also intents don't really stop misuse in practice. I've seen bots claim to have moderation features for the messages scope only to violate dev TOS by providing targeted insights for users. Oauth is even worse with the email scope recently being used by MEE6 to violate GDPR and the guilds.join scope abused daily to mass join hundreds of thousands of users to guilds for money.

Adding bios to the mix is gonna make more of a nightmare for developer enforcement for a handful of use cases. While it's nice to always assume good faith, if we assume bad faith we can quickly imagine a scenario where a very large bot is able to create facebook level inferred connections on users.

Finally do you really want to get an event every single time a user updates their bio or per server bio? The sheer volume of events from the presence intent is already so large it outweighs pretty much every other intent. Adding on bios, you're getting so many more events, so much more event processing, only for maybe 5% of those bios to actually have malicious content (and that's being very generous).

tl;dr I think it would be nice but it's quite abusable, staff don't seem to want to implement it and a dead horse I beateth not.

[akpi816218]

tl;dr I think it would be nice but it's quite abusable, staff don't seem to want to implement it and a dead horse I beateth not.

It's not abusable. This is data available to all users. /whois commands just aren't complete without this. I think this would really help. It may not have to go into an intent because this is public data available to all users. Kinda unfair, right? Users can access this but bot users can't. Users can see personal information about each others, but for bots this isn't available.

[Woovie]

Currently experiencing 2-3 bots per week accessing a Discord I moderate. They always have an about me section mentioning DMs for art commissions. It would have been amazing to do some warning to my moderators for certain keywords in the their about me, but I guess that won't be happening.

This makes moderation harder. Please reconsider this decision or stop the bots in the first place. Unless Discord creates the appropriate tools to fix this, we should at least be able to make our own tools to deal with bots.

[Geeekie]

Running a 50k+ member server, and every week we have users DM our members regarding gfx work. Like @Woovie mentions having the ability to trigger bot alerts on keywords in bio would negate this problem by ALOT since moderators will catch way more of them. Until the bots ofc change their tactic.

[Reeceeey]

No. All data from a user profile should be accessible by bots for review and moderation concerns. The server I moderate, which is a support server for a software service managed by the company I work for, CONSTANTLY has an influx of scam account pretending to be tech support. As it stands, right now there is NO WAY for me to detect this user account unless I monitor literally EVERY SINGLE JOIN EVENT which is simply not acceptable.

Couldn't agree more with you.

Would really like to be able to do this without breaking TOS, so unable to detect when cake accounts pretending to be staff or moderators are able to scam our community of crypto/Nfts are falling victim to this.

The argument people are putting sensitive data in their bio is not out weighing that innocent users are getting scammed because we can't detect this and remove the users before it gets to that stage.

[Pandapip1]

Might I add: not allowing bots to access the endpoint fails to stop malicious users from accessing it, because, not being afraid of breaking the ToS, they will just create a bunch of alts and selfbot the endpoint.

Also, if you are someone that actually uses discord privately, and only ever joins private servers with their IRL friends, then chances are that message history is far more sensitive than the about me section.

If the discord team doesn't want to let bots access the endpoint without users consenting, at least make an 'identify.aboutme' OAuth scope, like so:

[Aristide021]

Would be very useful if I could use the api auto kick people like this guy before they cause harm. Earlier today this guy stream porn in one of my channels. Would've been very preventable incident if we had api access to the about me.

[Chew]

AutoMod will have a way to block people from chatting based on their bio, but it hasn't been rolled out to everyone yet. Kinda sucks that you're forced to use proprietary methods to moderate your server, but oh well, it's something.

[lllIllIlllIlIl]

Been writing a bot for a server that requires new member verification/screening and one of the key elements to allowing a user to pass into the rest of the server is bio contents. Malicious bots and scammers seem to have a way of letting us know what they are by putting certain phrases in the about me section (ie "crypto" this and "porn" that) and idealy it would be nice if a bot could access that and give a moderator a heads up about that user. We do this for the usernames/nicknames already.

[WhoDunDidIt]

This is an absolute must IMO. Once your server gets into the thousands of members, you require extra insight, and the about me has been a goldmine in my experience. Being able to access data that is otherwise publicly available should be the default.

I'm 100% okay with making it a privileged intent, but we need access to it.

To those who say "but my privacy!", I can only say: DON'T POST PRIVATE STUFF IN PUBLIC PLACES!

[Cynosphere]

To those who say "but my privacy!", I can only say: DON'T POST PRIVATE STUFF IN PUBLIC PLACES!

Then it should be limited to discoverable guilds only if you're going to have that mentality about it.

[Pandapip1]

Then it should be limited to discoverable guilds only if you're going to have that mentality about it.

Then, by your logic, message intent should also be limited to discoverable guilds.

I'd argue limiting it to discoverable guilds is still better than not having the ability to view "about me"s at all. If this is the decision Discord makes, I won't be happy, but it's better than nothing.

[WhoDunDidIt]

To those who say "but my privacy!", I can only say: DON'T POST PRIVATE STUFF IN PUBLIC PLACES!

Then it should be limited to discoverable guilds only if you're going to have that mentality about it.

So it's fine for a bot to log all available user data (mostly their UID) and then proceed to track said user across any guild the bot is in, logging every single message that they post.

But a bot reading the "about me" part of a users public profile is a step too far?