cross-posted from: https://lemmy.world/post/10799766

Recently read this on a Steam game’s reviews section …

User Comment…

The game’s Discord REQUIRES your personal phone number to get access at all. This is a very intrusive, and 100% unnecessary requirement, in order to just be able to interact with others about the game, it’s content, player experiences, and many other things. It’s also intrusive in regards to being able to contribute any input to help other players in any way at all.

Dev Response…

It’s Discord that’s asking you for verification of the account. We’re not getting your phone number. This is standard practice on bigger servers that allows for a better user experience, filtering bots/ spam accounts, trolls, etc.

Could companies please STOP lying about it being Discord’s choice, its not, is the Discord server’s choice to ask for it.

Its a “Verification Levels” setting that the server op sets, and they have multiple options that they can choose from, its not an on/off switch. They can dial it back one notch and still have spam/bot protections.

The only difference between “High” and “Highest” verification levels is the addition of asking for a phone number, all other features of “High” is in “Highest”, and “Highest” has no other extra features besides asking for the phone number.

Makes it really hard to have an pseudonym account on the Internet, for gaming purposes, and then be asked for your real phone number. I don’t need to be tracked 24/7.

  • planish@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    But if the developer makes a Discord “server” for their game community, they are telling Discord to set up a service. If the developer encourages people to join it and retains moderation rights, they’re taking that service they ordered from Discord and providing it to other people. If the developer failed to get some legally required in their jurisdiction contractual terms from Discord about what Discord can and can’t do with data on the people who use the service, the developer could get in trouble when they provide that service to people without the service following local laws.

    • thoughts3rased@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      10 months ago

      In that case, is a YouTuber liable for the GDPR failings of Google? Of course they aren’t. It’s the same here.

      Is McDonald’s liable for the GDPR failings of X? They have an account with their name and brand on it. They even pay X for a golden checkmark.

      Is Taylor Swift or UGM liable for the GDPR failings of Spotify?

      Are individual eBay sellers liable for the GDPR failings of eBay.

      I could go on, but you don’t quite seem to realise what the implications of what you’re saying are if they are true. You’re basically making every user liable for any GDPR on any service that collects any data. This isn’t the case, or businesses wouldn’t use these services.

      • planish@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        As long as what is going on here is basically comparable to what is going on when a company uses a third-party service as a peer to individuals, then yes, the company probably isn’t somehow responsible for what the service is doing. Government Twitter pages have been found to legally constitute public forums, but that was in the context of restricting the government from blocking people. The person whose page it is still don’t really run the place and probably isn’t responsible for the actions of the platform.

        But if a company hires another company to build and operate a communication platform for it (more of a Mailchimp or Invision Community situation), then you probably have a data controller-data processor style relationship.

        So, is Discord more like Spotify or is it more like Mailchimp?

    • sirfancy@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      10 months ago

      I’m sorry, but it’s probably in your best interest to do some research and actually read the discord Terms of Service and Privacy Policy before arguing about something you lack knowledge in. Creators of a Discord server are not responsible for members’ data that they send to Discord. That relationship is between Discord and the Member, not the creator of a server. Any “contractual agreement” you are talking about is covered when you click “I agree” when creating an account, the devs’ accounts included.

      This is a ridiculous argument that has a correct answer that Discord themselves will tell you.

      Source: CASP+ Certified

      • planish@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        Does the server operator avoid any responsibility for data protection by just having the actual physical copies of all the data they do have access to (user names, post contents, etc.) physically live over at Discord? If the company president’s PC is hacked and someone steals copies of all the personal information in support chats that were conducted over Discord, or the contents of private channels where people posted their home addresses for Secret Santa, or whatever, can the company get out of having any sort of data breach disclosure obligations because the data was really Discord’s data?

        • sirfancy@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          I’ll be honest, I don’t even know what you’re asking. Discord owns all data on Discord. Server “owners” do not own anything from a data security standpoint. If you are asking a question in good faith, please rephrase it into smaller sentences. If you are arguing in bad faith, I have no desire to continue this thread.

          • planish@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            8 months ago

            Server “owners” do not own anything from a data security standpoint.

            How can you tell that this is true?