Discord in the land of ICOs
Is the Discord text and voice collaboration platform, primarily designed to cater to the needs of the gaming community going to save us in the scammer and hacker riddled wild west of crypto?
Without talking about popular collaboration platforms like Slack or Telegram; I will jump straight into Discord security to give readers such as team admins, community managers or community members a quick breakdown of key security features.
Before we jump into it, note that I am not affiliated with Discord in any way and am not getting paid or sponsored by anyone for this informative piece.
Account Settings
1.1 Two Factor Authentication and IP Location Lock
Right off the bat you can switch on 2FA on your account in a few clicks, all you need is the Google Authenticator application or Authy installed on your mobile.


Once you’ve verified your account, you will be required to confirm via email any log-in attempts from IP’s different from the ones that you normally use.
1.2 Privacy and Safety
From Discord’s official blog — “ To keep the baddies at bay, we’re adding Safe Direct Messaging. Images you receive in a DM from a non-friend will be automatically scanned by our robo-hamsters using fancy machine learning. Any flagged images will be deleted.”
There are 3 options that you can set on direct messaging — shown below:

They also have some additional options for direct message security as well as who can add you as a friend.
1.3 Text and Image Options
Last but not least there are also some really great features that talk to text and image links. The link preview option for example is useful to keep phishing links compact.

It is important to note that discord has built in virus scanning.
Server Settings
2.1 Moderation
According to Discord; “Verification refers to a basic level of security a user must meet before they’re allowed to send text messages in a channel. This is particularly useful in preventing bots and spam accounts from mass-joining your server, especially if you’ve made it public or have a never-expiring Instant Invite hanging around the web somewhere.” See option choices below:

Remember the fancy machine learning used in 1.2 to filter explicit direct messages, well here is where you set the global configuration to automatically detect and delete images and uploads deemed inappropriate.

As an added bonus you can disable dangerous administrative actions to admin accounts who do not have 2FA enabled.
2.2 The Audit Log
The Audit log is a really useful feature, covers a bunch of activity and is logged for up to 90 days. See list below:
- Channel Creation, Deletion, and Updates
- Channel Permission Creation, Deletion, and Updates
- Emoji Creation, Deletion, and Updates
- Invite Creation, Deletion, and Updates
- Member Kicks, Bans, and Unbans
- Member Role and Nickname Updates
- Role Creation, Deletion, and Updates
- Server Updates
- Webhook Creation, Deletion, and Updates
- Message Deletion by Non-Bots

2.3 Roles
By far the most configurable feature relating to users are the roles.

You can add multiple roles to users and you can also set different permissions per channel, which we will jump into later. Let’s first have a look at the role settings. Below we are looking at the settings of the @everyone role.





As you can see the role configuration is really comprehensive it covers some of the security concerns that crypto projects have to deal with on other platforms like webhook permissions and embedded links.
2.4 Invites and Bans
With Discord if you have the permission enabled you can create custom instant invites that you can set to expire after 30 minutes, 1, 6, 12 hours, 1 full day or never. You can also set the max uses for the invite.
Enabling the temporary membership option means that members who join are automatically kicked when they disconnect unless a role is assigned.

In server settings you will then be able to see all your invites.

Bans are also visible in the server settings. According to Discord the current ban system does an IP ban. What about VPN and dynamic IPs? If users are circumventing the IP ban, they highly recommend that you create additional permissions that require you to have a role in order to participate in the server.

2.5 Spoopy Link Filter
One of the coolest features I think is that when you click on a link from a non-friend in a DM, Discord pops up a warning to expose masked links. Really useful against those embedded links sent by scammers.

Channel settings
Before we talk about channel settings, it must be noted that you can set a global permission on your server within the home screen server drop down to prevent direct messages from server members.

Let’s run through the channel settings really quickly. The overview screen is pretty basic and is self explanatory.

3.1 Channel Permissions
Channel permissions are configurable per role or per member so it is quite granular allowing you to fully configure all the permissions you need.


Conclusion
As you can see Discord is highly configurable as far as security is concerned. It may not talk to every single security concern you may have and may not have all the bells and whistles other platforms have but it is years ahead when it comes to the configurability of security options. With all the scams that ICOs are being hit with, Discord may just be the hero that is much needed right now especially in the crypto space.
