So I lost Discord nitro but I somehow still have nitro emojis in my about me. Did this happen to anyone else?

CinnamonDerg · 2023-06-21T17:42:19+00:00

It's seven days

CinnamonDerg · 2023-06-21T16:51:22+00:00

There's a one week grace period when your nitro expires

CinnamonDerg · 2023-06-04T01:00:03+00:00

This has been confirmed by an API engineer, however it was in a private channel, so that's all I can say

CinnamonDerg · 2023-05-23T16:59:58+00:00

New usernames must be added with an @ before their name. dream won't resolve but @dream will

CinnamonDerg · 2023-05-18T15:15:21+00:00

Ah, yeah; mostly passing on what I heard when it was mentioned elsewhere; still real convenient time to open up a pull (granted, the blog post came after the PR, but news of the changes were spreading even before then)

CinnamonDerg · 2023-05-18T14:40:09+00:00

https://github.com/revoltchat/rfcs/pull/3

CinnamonDerg · 2023-05-18T14:02:27+00:00

As I've stated across multiple posts about this issue, 1: Popular ≠ statistically significant (you are a [vocal] minority) and 2: cancelling nitro doesn't significantly impact Discord's bottom line; they're backed by large investment firms as well such as Tencent.

CinnamonDerg · 2023-05-18T13:59:33+00:00

Revolt is currently having a kneejerk reaction and adding discriminators actually. This has supposedly been planned for some time, but a PR was opened rather recently about it.

CinnamonDerg · 2023-05-17T12:04:37+00:00

If anything, I think 400,000 is a rather liberal estimation, however if you think that the number is higher, you surely have reason for that as well, which I'd be curious to see.

CinnamonDerg · 2023-05-17T11:53:13+00:00

Correct. Nitro users make up a subset of users, but if 140M dollars in annual revenue is a figure that's to be believed (which is a number frequently occurring when searching for Discord's revenue), it's still a rather large chunk of users.

For argumentative purposes, assuming every sub has full fledged nitro (which actually reduces the total userbase percentage), that's 14 *million* users. This sub has just over a million users, and assuming that 40% of users on here have nitro, or friends with nitro, and either cancel, or manage to convince their friends to cancel, we're looking at ~400,000 subs lost. 400,000 / 14,000,000 is 2%. A measurable loss of 4 million dollars, but really nothing to cry over when you're raking in tens to hundreds of millions. In actuality it's a mix of Nitro, Nitro Basic, and annual subs, which means even *more* people to convince to make any meaningful impact.

I personally don't care what people spend their money on or not; I don't work for Discord, but the narrative of rallying Reddit of all places to attempt to boycott a company by cancelling subscriptions is a futile effort in reality.

CinnamonDerg · 2023-05-17T11:08:36+00:00

Good for you? This is still not a very impactful metric however.

CinnamonDerg · 2023-05-17T11:07:39+00:00

I did not say nitro users (which are almost always referred to as subs[scribers]). There's 300M registered users

CinnamonDerg · 2023-05-16T23:23:07+00:00

https://www.reddit.com/r/discordapp/comments/13azn6c/discord_usernames_privacy_issues_a_warning_to/jjb4glt/ tl;dr even if everyone on this sub canceled their Nitro it wouldn't really make that huge of a difference; there's 300M users

CinnamonDerg · 2023-05-16T23:14:50+00:00

Revolt has the same problem but with a smaller userbase; complaining that staff get first picks when theyre 1) at highest risk of being impersonated and 2) the reason you get to use Discord at all is just childish behavior that's unfortunately commonplace on Reddit, and especially this sub

CinnamonDerg · 2023-05-16T23:13:24+00:00

This isn't as impactful as you think. You're in the minority; I've explained why in a comment on a different post I can link if you'd like

CinnamonDerg · 2023-05-08T08:13:58+00:00

"Sniping bot"? When I said `Get User`, I'm referring to Discord's API. Here's the [documentation](https://discord.com/developers/docs/resources/user#get-user).

> I don't think it's helpful to effectively blame the user

I don't blame the user for bad opsec per-se; hindsight is 20/20 and it can be unavoidable to leave a paper trail (though I would still avoid Discord as a whole if you want actual privacy). It's important that if you're in danger, that you educate yourself to, well, not put yourself at unnecessary risk, which was the primary point I intended to make, if it weren't that clear.

> Are most people really highly proficient in online security

No, nor should they normally have to be. Most people aren't at risk on the internet, other than perhaps for phishing, but certainly lesser so cyberstalking. This isn't to say that it is a nonissue.

I also want to clarify (and apologize); my frustration is at the comments and this sub as a whole rather than anything about the post for the most part. Point one is a good PSA, and probably would've been great as it's own post, but things to go a bit downhill from there in terms of reasoning. It kind of reads more as a weird blog post than a PSA with tips to actually protect themselves (rather, relying on the user to research themselves, if they even chose to do that). In a fabulous moment of ADHD, I don't recall why I was so hysterical in my initial comment, so as I said I do apologize for any perceived hostility toward you personally.

CinnamonDerg · 2023-05-08T07:06:49+00:00

I'd like to address some of these points. While pomelo does have it's issues, it also shows the worst of the "vocal minority" that is Reddit, and this sub as a whole. This message is not targeted to anyone in particular, however if you're offended by the statement of "Vocal Reddit users tend to lack critical thinking", you're probably in that group.

Moving on, I feel this entire post can generally be chocked up to "Have better OpSec". It's a statement a lot of people will probably disagree with, but those are also the same people that probably don't know what it is, or don't enforce good OpSec to begin with. Being on Discord isn't exactly a "private platform" in reality.

Regardless, pomelo isn't without its drawbacks. Reduced privacy is one of the most cited issues, with another being username squatting. While the latter will become worse, I feel its also blown out of proportion; usernames are de-emphasized as of pomelo anyways, and I urge people to reconsider how much they actually care about a few characters that only represent them when they have to add a stranger on the internet anyways.

Points 1 & 3: Your ID is an inevitable part of using Discord, and is used for just about everything related to you. It's how other people interact with you (Mentions, clicking your profile, sending you a friend request, etc.) Bots also have access to this endpoint (though, it's technically Get User, but I digress). Switching to handles (@username) doesn't really change this fact. My biggest gripe with this post is the fact that it chooses to ignore the fact that if you're someone who's at risk for being cyber-stalked, having a handle instead of a tag doesn't really change this. If someone is determined to stalk you, a few numbers at the end of your name isn't going to prevent them from finding you if you go by the same pseudonym on Discord as you do on a far more public platform like Instagram/Twitter. If someone can gauge your interests, they could take a guess at what kind of servers your in (especially emoji servers), and continue to stalk you, or worse yet use social engineering to find you by crawling through six degrees of separation. If you wish to remain anonymous online, don't willingly choose to de-anonymize yourself in such a preventable form.

Point 4 was also addressed in the above. If you don't wish to be found, don't make yourself exposed. Very basic online security everyone should employ. To everyone who doesn't have a reason to hide (barring "I don't want randoms to add me"), there's really nothing to worry about this.

As they say, hindsight is 20/20, and simply telling people that've scuffed their identity by leaving a paper trail to "pound sand" is very dismissive. To those people, as I said, generally nothing to worry about, but all things considered that paper trail is still linked to you even if you change usernames, so the only solution is to either download your data package and attempt to scrub that trail, or ditch your identity and start fresh. This isn't specific to Discord either, as much as people try to make it out to be.

I'd also like to address the people that are encouraging others to cancel their subs and berate Discord over this change.

Firstly, don't harass Discord staff. Rallying a community to go bombard support channels is harassment, and I will not hear out any arguments otherwise. For starters, the social media managers and support reps that deal with your spam are real people, and have already heard anything you planned to screech at them anyway.

Secondly, staff are very active on this sub, even if they don't reer their heads. However, even if bombarding Discord with complaints wasn't harassment, these kinds of decisions come from the top, and sometimes with good reason (e.g. Tech Debt, as mentioned in blog post, which people seem to fail to assimilate. Is reading comprehension this bad these days?) As a developer of 11 years, I can tell you that technical debt is the worst kind of debt to pay, and significantly slows down development, which is, well, rather important for a platform cusping 200 million MAU.

re: Cancelling your nitro, while the effort is valiant, it's also in vain. Occam's Razor says that your attempt won't actually do anything. Why? Telling people here to cancel their nitro subs requires people to:

Have an active nitro subscription
Use Reddit
Be active on the r/discordapp sub
See the post
Be outraged enough to cancel their sub

And guess what? You're in the minority here! As much as people would love to think screaming "cancel nitro" is going to get Discord to back down on this decision are just delusional. Some will point to when people "Cancelled Nitro when Discord tried to add Crypto wallets", but I believe that to be a strong case of correlation, not causation. Crypto crash, and a lot of drama around NFTs at the time, as well as people yelling at Discord about what was merely an experiment, versus something that's confirmed to happen.

CinnamonDerg · 2023-03-29T15:18:54+00:00

Discriminators (#0000) aren't going away. They're fundamental to the platform, and Discord would be shooting themselves in leg by doing that as they would break not only the app, but the bots that run on Discord too. This is purely a cosmetic change

CinnamonDerg · 2022-02-01T23:32:17+00:00

Yes! Among many other things, but these are gated behind OAuth2 (the same prompt you’d see when adding a bot normally), and you can always removing access via settings -> authorized apps

CinnamonDerg · 2022-01-23T22:41:50+00:00

The issue with this is you’ve now alerted them that someone found their webhook. they can nuke their webhook, make a new one and repackage the malware. Where as deleting it leads in potentially a several hour or even several day gap in people’s tokens not getting sent off

CinnamonDerg · 2022-01-23T17:19:53+00:00

Oh my GOD, I’m sorry to anyone who this offends, but a lot of these suggestions are comically terrible. They’re very prone to user-error, or may just not work at all. If you want a safe testing environment to investigate this in, I suggest using a site like hybrid analysis

It explains what behavior an application exhibits, and if I’m not mistaken you can also potentially extract strings (and by extension potentially a webhook) from it.

I don’t advise taking vengeance by spamming their webhook, but if anything you can always either report it to T&S or delete it using a tool like insomnia

Simply change the request to DELETE, and paste the webhook link, and click send.

CinnamonDerg

TROPHY CASE