search

z-huang / InnerTune

A Material 3 YouTube Music client for Android
GNU General Public License v3.0
4.11k stars 257 forks source link

Remove kizzy from app #1392

Closed rushiiMachine closed 3 weeks ago

rushiiMachine commented 4 weeks ago

Checklist

Feature description

Kizzy is a selfbot that does not properly mimic an official Discord client when connecting to Discord's gateway (which is against TOS) leading to a possibility of being account banned.

Here's are some examples: https://github.com/z-huang/InnerTune/blob/f3ba2519de37fc4bffc7c3ed0f812efc398bf2dc/kizzy/src/main/java/com/my/kizzy/gateway/entities/Identify.kt#L24-L28 This does not even closely resemble an official client and could lead to higher antispam suspicion/captchas/phone verification locks/etc.

https://github.com/z-huang/InnerTune/blob/f3ba2519de37fc4bffc7c3ed0f812efc398bf2dc/kizzy/src/main/java/com/my/kizzy/gateway/DiscordWebSocket.kt#L53 Wrong connection url, does not implement compression

Why do you want this feature?

Kizzy has a history of misleading it's users (source: my issue from 2022, strongly urge to read) Even 2 years later, they have not fixed the issues, and have even removed the disclaimer that it poses a risk to your account that was added after my issue.

Additional information

If you don't want to remove it, then please put a banner in-app before letting people sign in with their account that it "is a Discord TOS violation and may lead to account termination" to not mislead users

z-huang commented 4 weeks ago

I will add a notice like what SpMp did.

z-huang commented 4 weeks ago

Do you know the legal way to implement Discord RPC?

rushiiMachine commented 4 weeks ago

The only official way to implement RPC is to connect to the local server hosted by desktop clients — mobile clients don't have them (because it would be a huge waste of battery).

However, Discord currently turns a blind eye to what type of client RPC events are sent from, which is partially what allows kizzy to work

ruskcoder commented 4 weeks ago

https://github.com/discord/discord-rpc/blob/master/documentation/hard-mode.md

Correct me if i'm wrong: It is legal to use websockets to make your own connection. It is not recommended, but possible. We may be able to change it to work like this?

https://discord.com/developers/docs/topics/gateway

rushiiMachine commented 4 weeks ago

Correct me if i'm wrong: It is legal to use websockets to make your own connection.

If you read the first sentence from that first link it has an answer:

Discord's Rich Presence feature is designed as an obfuscated addition to our existing RPC infrastructure.

(the aforementioned local RPC server hosted by desktop clients)

Connecting to the gateway under any circumstances with a user account with your own implementation is unsupported/not allowed and may lead to the aforementioned account flags