I’m in the process of deleting my entire messages, both from channels and threads. I’m not brave enough to use XMPP, so I’m moving over to Matrix. I’ve tried removing the phone number multiple time from my Discord app, but it keeps asking for verification, after which, it asks for another phone number. So basically, there’s no way out.

And design-wise, I think it’s pretty shit. By chance, if I were to reuse a phone number that’s been used by another person before, who also happens to have abandoned their Discord account, then there’s no way to sign in.

If you were to try accessing the abandoned account, how does that go? Try logging in with your phone number, request for password and then what? It will still send link to the email for account recovery. What if your Discord your email was stolen/abandoned or/and your account was stolen? You’re going to be stuck with a phone number that cannot be used, and the malicious actors gets a free pass to do anything.

Now I just want to know if Discord will comply with the GDPR laws, even if I’m not from Europe? Because as of now, I do not want to stay a minute longer over there.

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Now I just want to know if Discord will comply with the GDPR laws, even if I’m not from Europe? Because as of now, I do not want to stay a minute longer over there.

    The GDPR doesn’t protect non-EU citizens/residents/etc., so you can’t enforce action in any way. Of course Discord doesn’t know you’re not an EU citizen, so it’s your word against theirs. You can always try to send an email. However, if they refuse, you can’t do anything else.

    They’ll probably want some form of identification from you. GDPR measures shouldn’t allow you to delete your friend’s Discord account through the “GDPR prank”, so knowing a phone number and email address usually isn’t enough. Most likely, they’ll tell you to go to the account settings and hit delete, but if you’ve lost your phone number and access to your email address they may be able to match your ID with something like payment information (Nitro).

    If you get hacked, you get hacked. Your account will probably be sold online and it’ll get banned within a few days.

    The limited availability of phone numbers is a feature, not a bug. You can register a million accounts and a million email addresses, but getting your hands on a million phone numbers is very expensive. That’s why online services demand a phone number. They don’t really care who you are, they care that you’re not a bot.

    I’m not sure if there has been a ruling on using phone numbers like that. I believe the argument that phone numbers are used to validate you being a real person will stand up in court, but I’m no judge. Websites are also allowed to collect IP addresses without explicit consent to detect and prevent abuse, despite them being PII. I’d expect a judge to allow Discord to refuse service if you don’t provide a phone number.

    Discord already received an 800.000 euro fine for a whole bunch of random infractions (like “discord chat doesn’t close when you hit the X button” because it disappeared to the tray icon like some kind of 2006 chat client), so if the DPA had issues with using phone numbers like this I’m sure they would’ve included that in the charges.

    Lastly, if you want data protection, contact your local politicians and ask them to implement something GDPR like. It’ll be a long shot, but the more people ask for it, the more likely politicians will think they can win voters by getting it done.

  • spudwart@spudwart.com
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    had a phone number attached, just removed it, it allowed me to use my authenticator as verification.

      • DuskyRo@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Most if not all require you to pay since free ones would already be claimed. There’s esimplus but I don’t know if they are trust worthy. Try searching for prepaid phone number online and see if you find something.

    • ripe_banana@lemmy.world
      link
      fedilink
      arrow-up
      43
      ·
      1 year ago

      The world would be a better place if companies deleted your information as soon as you delete your account.

      • Amju Wolf@pawb.social
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        Anything else you do doesn’t matter either if that’s your approach. Only not giving them your number in the first place would work.

    • Izzy@lemmy.ml
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      They have probably already sold the information 100 times.

    • m-p{3}@lemmy.ca
      link
      fedilink
      arrow-up
      3
      arrow-down
      3
      ·
      edit-2
      1 year ago

      They may retain the phone number as an exemption to GDPR as a reason to fight spam and abuse of their system.

      EDIT: look for the “legitimate interests” clause in GDPR.

      • serratur@lemmy.wtf
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        How? According to GDRP phone numbers is considered personal information, they dont have any right to use it to combat spam if the person asked for erasure.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Spammers would have a great time if the one thing stopping them from creating validated accounts en masse can be lifted by a GDPR email.

          I bet they’ll do it if threatened with actual legal action, but I don’t think anyone is going to take them to court over this.

          You can always try to file a complaint with your local DPA but most of them have got bigger fish to fry.

        • Atemu@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Combatting spam and other attacks on their systems where the protection of said systems outweighs individual users’ rights is PII processing that you explicitly do not need consent for under the GDPR.

          This is called “legitimate interest”.

        • m-p{3}@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          That could be covered under the “legitimate interests” clause, which covers “Fraud prevention” among other things. They do need to justify it if there is an audit.

        • miss_brainfart@lemmy.ml
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Tell them, you know what will likely happen? The damn Clyde Bot will respond in the most unhelpful way. They do not give a single shit, they demonstrate that every time you try to get touch about anything that isn’t one of the three things they let you contact them about.

          • macniel@feddit.de
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            then they have a huge huge problem at hand. And a big fine to pay as well.

  • lordxakio@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    If you are in the US, there are apps that give you a temp number you can use for calls and texts. It gets deleted when you don’t use it after sometime or manually delete it from your account.