Discord in the land of ICOs

5t1ll
5t1ll
Jul 20, 2017 · 6 min read

Is the Discord text and voice collaboration platform, primarily designed to cater to the needs of the gaming community going to save us in the scammer and hacker riddled wild west of crypto?

Without talking about popular collaboration platforms like Slack or Telegram; I will jump straight into Discord security to give readers such as team admins, community managers or community members a quick breakdown of key security features.

Before we jump into it, note that I am not affiliated with Discord in any way and am not getting paid or sponsored by anyone for this informative piece.

Account Settings

1.1 Two Factor Authentication and IP Location Lock

Right off the bat you can switch on 2FA on your account in a few clicks, all you need is the Google Authenticator application or Authy installed on your mobile.

a. Enable 2FA on the My Account header under “User Settings”
b. Switching on 2FA

Once you’ve verified your account, you will be required to confirm via email any log-in attempts from IP’s different from the ones that you normally use.

1.2 Privacy and Safety

From Discord’s official blog — “ To keep the baddies at bay, we’re adding Safe Direct Messaging. Images you receive in a DM from a non-friend will be automatically scanned by our robo-hamsters using fancy machine learning. Any flagged images will be deleted.”

There are 3 options that you can set on direct messaging — shown below:

They also have some additional options for direct message security as well as who can add you as a friend.

1.3 Text and Image Options

Last but not least there are also some really great features that talk to text and image links. The link preview option for example is useful to keep phishing links compact.

It is important to note that discord has built in virus scanning.

Server Settings

2.1 Moderation

According to Discord; “Verification refers to a basic level of security a user must meet before they’re allowed to send text messages in a channel. This is particularly useful in preventing bots and spam accounts from mass-joining your server, especially if you’ve made it public or have a never-expiring Instant Invite hanging around the web somewhere.” See option choices below:

Remember the fancy machine learning used in 1.2 to filter explicit direct messages, well here is where you set the global configuration to automatically detect and delete images and uploads deemed inappropriate.

As an added bonus you can disable dangerous administrative actions to admin accounts who do not have 2FA enabled.

2.2 The Audit Log

The Audit log is a really useful feature, covers a bunch of activity and is logged for up to 90 days. See list below:

  • Channel Creation, Deletion, and Updates
  • Channel Permission Creation, Deletion, and Updates
  • Emoji Creation, Deletion, and Updates
  • Invite Creation, Deletion, and Updates
  • Member Kicks, Bans, and Unbans
  • Member Role and Nickname Updates
  • Role Creation, Deletion, and Updates
  • Server Updates
  • Webhook Creation, Deletion, and Updates
  • Message Deletion by Non-Bots

2.3 Roles

By far the most configurable feature relating to users are the roles.

Example Role List

You can add multiple roles to users and you can also set different permissions per channel, which we will jump into later. Let’s first have a look at the role settings. Below we are looking at the settings of the @everyone role.

As you can see the role configuration is really comprehensive it covers some of the security concerns that crypto projects have to deal with on other platforms like webhook permissions and embedded links.

2.4 Invites and Bans

With Discord if you have the permission enabled you can create custom instant invites that you can set to expire after 30 minutes, 1, 6, 12 hours, 1 full day or never. You can also set the max uses for the invite.

Enabling the temporary membership option means that members who join are automatically kicked when they disconnect unless a role is assigned.

Invite settings applied per channel

In server settings you will then be able to see all your invites.

Bans are also visible in the server settings. According to Discord the current ban system does an IP ban. What about VPN and dynamic IPs? If users are circumventing the IP ban, they highly recommend that you create additional permissions that require you to have a role in order to participate in the server.

2.5 Spoopy Link Filter

One of the coolest features I think is that when you click on a link from a non-friend in a DM, Discord pops up a warning to expose masked links. Really useful against those embedded links sent by scammers.

Channel settings

Before we talk about channel settings, it must be noted that you can set a global permission on your server within the home screen server drop down to prevent direct messages from server members.

Let’s run through the channel settings really quickly. The overview screen is pretty basic and is self explanatory.

3.1 Channel Permissions

Channel permissions are configurable per role or per member so it is quite granular allowing you to fully configure all the permissions you need.

Conclusion

As you can see Discord is highly configurable as far as security is concerned. It may not talk to every single security concern you may have and may not have all the bells and whistles other platforms have but it is years ahead when it comes to the configurability of security options. With all the scams that ICOs are being hit with, Discord may just be the hero that is much needed right now especially in the crypto space.

)
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade