1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Pending: Friends DiscordRep

Discussion in 'Community Applications' started by leny32, Feb 17, 2020.

  1. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    Basic Information:

    Community name: DiscordRep
    Community website: https://discordrep.com
    Location: Norway
    Languages spoken: Norwegian
    Size of community:
    1500 unique visitors each week​

    Links:

    Main website: https://discordrep.com
    Scam reports: https://forum.discordrep.com/report
    Ban appeals: https://forum.discordrep.com/appeal
    Other related websites and API usage:

    Staff and groups:

    Steam group:
    Admin group:
    Staff ID blocks:

    Application:

    What are your community's policies on scamming & scamming-related activities?
    Any scam-related activity or scamming within the Discord Community is subject to a ban, and report to Discord's Trust & Support Team. We ban without hesitation if the evidence is provided, and the case is investigated.​

    API usage:
    At the moment of writing this application, we're developing a way to integrate their DiscordRep profile with their SteamRep profile. As of this moment, it's not finished. This will link to their profile, and display if a user is banned/cautioned on your service.​

    Why does your community wish to exchange banners and become a Friend of SteamRep?
    We would like to become a Friend of SteamRep in the essence that we both have the same goal of preventing fraud and scammers from ruining people's day. We also would like to expand the user reputation field and provide a secure service for our users.​

    Tell us more about your community:
    DiscordRep is a free reputation community that aims to provide a simple service in the prevention of being scammed. The service allows you to search up Discord users, and get useful information, retrieved by the Discord API. You can build up your reputation and become all set for safe trades. You can vote for users either +rep or -rep, each user will have a score on their profile that reflects their reputation, you can also leave feedback on a user's profile.
    We have a Discord Bot anyone can add to their servers, and add +rep & -rep to each others profiles, everything is linked with the Website.
    We provide a free to use API service where you can retrieve all the reputation data about a user.

    DiscordRep has existed for over half a year and began with wanting a way to get the reputation of users within Discord. We had a strong belief to fight against fraud and online scamming activities. Our goal is to help prevent the Discord community from being scammed. We have taken down multiple phishing sites by reporting them, and have banned/warned a lot of users. A lot of our staff has helped to report into the Discord Trust & Safety Team making us close with them when it comes to our cases.

    We are not affiliated, associated, authorized, endorsed by, or in any way officially connected with Discord, or any of its subsidiaries or its affiliates.​

    Questions or Comments:

    Attached Files:

    alkon likes this.
  2. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    Mistake in application.
    Languages spoke: English
  3. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,670
    SteamRep Admin:
    STEAM_0:1:46187366
    I'd like to start by saying I'm glad to see someone is trying to fill the gap in Discord, which is for the most part fundamentally incompatible with our investigative policy. At a glance, I do believe you have your heart in the right place, so please don't take my criticisms personally. That said, there are a number of issues we need to address before considering your application.

    Looking at your forums, with 18 threads in your report section, 12 threads in your staff applications section, less than 5 thread anywhere else, and less than 200 online users in your official Discord server at any of the random times I checked, I'm having a hard time believing your community has anywhere close to 1500 active members. Generally speaking, a single request taken from your access logs is not treated as an "active member". We can take that total (or other factors) into account if the number is very large, and your community is in a position that makes tracking active members fundamentally difficult, but neither of those apply in your case. Some examples of things we could conceivably take into account when deciding if a service like yours meets this threshold would include the number of servers your bot is in, how large and active they are, and how widely your API is used. But just meeting 1000 by those measures wouldn't be enough.

    Additionally, your forums and parts of your site look strikingly like someone just blatantly copied and pasted the layout and wording from a bunch of places on our site, much like the name. Is this intentional? If so, we're flattered that you're inspired by us enough to create your own similar service, but that kind of rubs me the wrong way.

    Discord is indeed overlooked, so it'd be great if someone filled the gap which we cannot. (One fairly large affiliated community who already does this to some extent is RLTracker.) Our use of forums in the structure you see is not because that works especially well, but rather because it's very difficult to safely migrate nearly 100,000 scam reports and 10,000 appeals from a forum created 8 years ago - which nobody expected to grow into what it is today - into a new platform safely and without data loss. I can understand having to start somewhere, and indeed that is where we ourselves started, so I can't really judge on it, but it seems like you copied everything from us, even the parts which don't always work especially well for us.

    The reason we don't handle Discord reports at SteamRep is because of fundamental problems with provably verifying the scammers' identities - one of our 3 cornerstones of investigating scam reports - not because we don't feel it's our responsibility. Put simply, if we put someone in Steam (or Discord) shared ban list, they could claim they were never involved, and we'd have no way to prove or disprove it was them after all. A large part of this is that Discord conversations don't readily show any form of identification, and it's more complicated to even find the ID of who you're talking to. Not only are impersonation and mistaken identity reports widespread in Steam (nevermind Discord), but we have a demographic of users repeatedly doctoring evidence to get people banned - often scammers attempting to extort their victims - so our admins need to know what to look for in both those cases, differentiate the fake or misfiled reports from legitimate ones, and make an accurate decision without hurting an innocent victim. It's far easier to change your name and avatar to someone else's in Discord and impersonate them than it is in Steam, which is the main reason Discord is such a popular platform to scam on. We do have (undocumented) ways of spotting both when everything is kept within Steam, and ways to figure out who's lying if evidence comes into dispute, but that all goes out the window as soon as the evidence relies on Discord.

    It's already an uphill battle getting users to understand checking Steam IDs, but teaching users to enable Developer Mode in Discord and find the ID of users (as opposed to messages, channels, or servers) and properly document that introduces a whole other level of complexity that I'd be surprised if very many children in CS:GO understood. Furthermore, with Discord, the ID is not readily available in any documented screenshots (only name), the linked Steam account is not always visible (user preference), the name can change very quickly, and there generally isn't an easy way to follow a scammer once they leave a server whereas you can always find a scammer's Steam profile after a trade is completed. Put simply, there is too much plausible deniability for both the Steam and Discord user with any report we would receive. How do you expect to prove the identity of potential impersonation or libel victims, in the face of misinformed or malicious reporters? What avenue is there for an innocent victim of such fake reporting to appeal a judgement?

    Another issue I noticed is that your bot requires full administrator permissions on any server where it's invited. Is there some way it can work without that level of access, on principle of least privilege? Most of the time, you can simply grant a bot with a few select permissions, such as kick/ban, manage messages/channels, or manage roles, depending on what it's intended to do. But granting it the level you ask for is quite dangerous, and would make me reconsider running your bot anywhere myself.

    I can see you already put some thought into this, so please don't take my concerns too harshly or personally, but I'd still like to see how you address these problems.
  4. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    Hello Lava,

    First off, we don't take into account that forum and Discord is "active members". Currently, we have had 5,5k unique visitors, and increasing, as shown in the thumbnail attached under. Which I hope would be valid enough to show we're having at least 1,5k every week.
    upload_2020-2-27_15-59-24.png

    And yes, we're inspired by SteamRep and worked off at the beginning of how SteamRep's fundamentals worked. Our current forums are temporary and will be sorted into a website solution of reports to the next update.

    To your reply on handling reports coming to Discord, we've currently got a Browser Extention under development that will track identification and can scan DMs when clicked on a button and send directly to a link where evidence cannot be fabricated.

    Well, as stated above we can use this extension to receive both User ID and chat logs of victims, where we can detect impersonations.

    Indeed, we've fixed the issue and will deploy the update. This should not be a problem furthermore.

    Sincerely,
    Leo
  5. Sniper Pro

    Sniper Pro FirePowered Head Admin Partner Community

    Messages:
    176
    Steam:
    STEAM_0:1:49525162
    Do you think there's any problem with "reputation" on your site from being a product of donations, chat activity, and upvotes from any random users? If users can essentially "pay to be reputable" how can anyone using your service be confident the reputation really means anything?
    Roudydogg1 likes this.
  6. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,670
    SteamRep Admin:
    STEAM_0:1:46187366
    How do you ensure that?
  7. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    The "reputation" on users is being validated and checked by Staff. Of course, we don't have the ability to check and validate every single upvote as we have thousands of them coming in. We don't allow pay for rep or any form of rep for rep. Votes will give users the ability to give insights into users' online reputation. We cannot ensure that this person is trusted even though they have a lot of votes. We also have automated validation to detect if users are giving false reputations or are detected as an alt account.
  8. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    We can use different methods for this, such as screen-sharing methods, where users are asked to join us in a call on Discord. We can also use the extension to refresh the page and load in content by Discord right away.
  9. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,670
    SteamRep Admin:
    STEAM_0:1:46187366
    So you would require users appealing a judgement to run your extension no matter what?
  10. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    Well, no. In the first place, we’ll use the extension as evidence for Scam Reports. This way we can minimalize false reports by a lot. In appeals, only if there is no other solution, it would be nessecary to ask them to provide their side, with evidence.
  11. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,670
    SteamRep Admin:
    STEAM_0:1:46187366
    Does that mean a report made using your extension cannot be contested? Or can't be contested unless the appellant also uses your extension?
  12. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    Of course, there may be situations where the evidence gathered from the extension can be unclear, and therefore have to evaluate other factors, which can be given by us through the appellant or reporter themselves. In cases where we possibly may think a false report has been submitted, we'll have a look to see if the reported user has anything which is unlike the victims evidence. Each case will be validated & evaluated based on evidence if we somehow have insufficient evidence, we will not be punishing, and might request better evidence or decline the report.
  13. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,670
    SteamRep Admin:
    STEAM_0:1:46187366
    To rephrase my question: Does this mean evidence collected from your extension cannot be contested?
  14. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    Yes, the extension cannot be contested.
  15. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,670
    SteamRep Admin:
    STEAM_0:1:46187366
    How do you prevent someone from tampering with the extension, reverse engineering, or otherwise uploading bogus data to the same upload destinations your extension would use in order to frame someone?

    At SteamRep, we never require users to run any arbitrary software, or even provide it, and discourage affiliated communities from doing so themselves, as this creates a pretext for account hijackers to coerce users into clicking malware links. Quite a bit of malware today - at least most that we run into - is in the form of browser extensions, often with fake review bombs to appear legitimate. Are you concerned about malicious clones of your extension being used to steal accounts and personal information from people who think they're dealing with you?
  16. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    To answer your first question, we can identify if the upload was through the official extension or not through the extension id provided by Google. Everything is manually verified and checked out before emitting any action, we take both sides and do a manual investigation. Through the extension, we'll have a more trusted and reliable source of evidence or proof. Which is better than a normal screenshot provided by users.

    Secondly, the extension we provide will be the only "official", and we'll only be promoting this extension when a user is reporting evidence. We will only be releasing one official version of the scanner. The official extension will only be downloadable from the Chrome Web Store, which we will link to from our website.
  17. Sniper Pro

    Sniper Pro FirePowered Head Admin Partner Community

    Messages:
    176
    Steam:
    STEAM_0:1:49525162
    A good rule of thumb for software: if you think a dedicated hacker can't find a way to circumvent your system, you're wrong.

    I have a lot of concerns, both with you requiring users to run this software, and the fact that the evidence produced from it is considered infallible. Asking users to download an extension, regardless of whether you deem it "official", goes against everything that SteamRep and Valve promote in terms of keep yourself and your account secure. Asking your users to do this opens them up to phishing attacks and data privacy concerns.
  18. leny32

    leny32 New User

    Messages:
    18
    Steam:
    STEAM_0:0:109744853
    You got it wrong in some way, we don’t require users to use the extension. We only provide a legitmate scanner, by ourselves as a better way of obtaining chat-logs. Using the extension that we provide, we can ensure that the chat was not inspect elemented.
  19. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,670
    SteamRep Admin:
    STEAM_0:1:46187366
    Suppose someone comes to appeal your judgement, from a report made using your extension. They claim they're innocent, and never spoke with this reporter but that a different user was trying to extort them with the threat of framing them and getting them banned as a scammer in multiple places. They've never heard of your site before, and don't feel comfortable running your code, but offer to provide screenshots, or other information or evidence you might need to clear their name, on demand (e.g. Twitch stream). Do you require them to run your software? Do you allow them to appeal at all?
    Sniper Pro and Roudydogg1 like this.
  20. Enstage

    Enstage SteamRep Admin Partner Community Donator - Tier V

    Messages:
    4,651
    Steam:
    STEAM_0:1:52569926
    What technology or technique are you going to use to ensure evidence from your extension cannot be fabricated or "inspect elemented"? Specifically what level of accuracy are you claiming this extension is going to have?