Discord Is Threatening to Shutdown BotGhost

Original Article ↗ Hacker News Discussion ↗

Data harvesting, privacy, and AI training

  • Several comments highlight how bot platforms can quietly log messages from millions of private channels, creating valuable but opaque datasets.
  • Past examples like “Spy Pet” are cited as showing Discord’s risk surface: mass logging, resale of data, and possible state-actor interest.
  • Some point out that Discord now gates message-content access via privileged intents and approval for larger bots, reducing but not eliminating abuse potential.
  • Concern is expressed that Discord’s crackdown is less about user privacy and more about keeping that data and monetization potential (e.g. for AI) to itself, similar to Reddit and Slack.

Discord vs forums/IRC and platform lock‑in

  • Multiple commenters lament that support and communities migrated from forums/IRC to Discord, making important knowledge less searchable, more ephemeral, and locked behind sign‑up.
  • IRC is framed as a protocol with an expectation of ephemerality and easy log export; Discord is a centralized platform with long‑term retention but poor user control if it shuts down.
  • Some promote self-hosted alternatives (Revolt, Mattermost, Rocket.Chat, Zulip), but others argue they’re still not equivalent in UX or voice/video features.

“Never build on someone else’s platform” – debated

  • Many argue this saga reaffirms: don’t base your main business on a closed, consumer-first platform (Discord, Reddit, Twitter, Facebook), which will eventually change APIs or terms once you’re no longer useful.
  • Others counter that virtually all modern businesses depend on large platforms (OSes, app stores, cloud), and many have made billions anyway; the real distinction is between platforms whose core business is serving developers (e.g. cloud infra) versus those that treat developers as expendable.

BotGhost’s security breaches and Discord’s rationale

  • A disclosed BotGhost exploit allowed leaking other users’ bot tokens via no-code UI tricks and poor input sanitization.
  • Criticism focuses not just on the bug, but on BotGhost’s alleged reluctance to force token rotation, lack of sufficient logging, and attempt to downplay the impact.
  • Many see this as likely the real trigger for Discord’s enforcement of its “no credentials/tokens collection” policy, even if larger bots allegedly do similar things without being targeted.

User lock‑in, “no‑code” claims, and self‑hosting

  • BotGhost says its “no-code” nature prevents exporting user configurations; commenters are skeptical, interpreting this as proprietary lock‑in rather than a technical impossibility.
  • Some urge open‑sourcing or providing a Docker image so users can self‑host; others note the target audience is non-technical and that widespread self-hosting of token‑holding bots would pose serious security and maintenance risks.