Ruining Discord Servers with a Bot Exploit!

Поделиться
HTML-код
  • Опубликовано: 30 окт 2024

Комментарии • 765

  • @NoTextToSpeech
    @NoTextToSpeech  11 месяцев назад +927

    UPDATE: Double counter did a MASSIVE update that addresses all of the privacy issues.
    - They have a way to opt out of the lens feature, both for a whole server and for a user across discord
    - AND, if you request to delete your data, you WILL NOT get banned!
    Nathan, the owner of double counter, turned this around immaculately. Massive respect and props to him. And thank you all for being constructive with your feedback and coming to this result.
    Friendly reminder, these vulnerabilities were disclosed and FIXED before this video. From the Double Counter announcement and from what I saw, this was never exploited in the wild.

    • @thegamerboss2440
      @thegamerboss2440 11 месяцев назад +1

      first reply

    • @uninable
      @uninable 11 месяцев назад +1

      skibidi toilet

    • @bread7620
      @bread7620 11 месяцев назад

      Discordheimer

    • @Stresenbear
      @Stresenbear 11 месяцев назад +10

      ​@@uninablemental brainrot

    • @Azuriian
      @Azuriian 11 месяцев назад

      Nice to hear!

  • @StanleyMOV
    @StanleyMOV 11 месяцев назад +2163

    The fact that they ban you from every single server that uses DC just because you don't wanna be tracked is actually insane. Bottom tier company

    • @X-proguy
      @X-proguy 11 месяцев назад +25

      Yes

    • @KlaroNebulous
      @KlaroNebulous 11 месяцев назад +61

      True, if i would've use that bot, the bot would now just fly out of my Server or getting those permissions rewoked at the very least

    • @infinitehexington
      @infinitehexington 11 месяцев назад +9

      Sounds like someone got banned and is coping 😂

    • @the_real_aa1
      @the_real_aa1 11 месяцев назад +78

      ​@@infinitehexingtonthis is HILARIOUS I'm rolling in the floor LaugGING HAAhHAHAhaaHHaggsASAAAS 😊😹😊😊😊😊😊😊😊 😂😂😂😂😅😅😂🤣😂😂😅😂😂😂😅😂 AG
      also stop liking this trash comment ty

    • @Omega-mr1jg
      @Omega-mr1jg 11 месяцев назад

      low tier bait @@infinitehexington

  • @donovian2538
    @donovian2538 11 месяцев назад +987

    "Military grade" never means "good" to those with actual military experience

    • @0xBlez
      @0xBlez 11 месяцев назад +32

      Relatable ( I didn't go to the military )

    • @DraconixDG
      @DraconixDG 11 месяцев назад +22

      Yeah, some “military grade” things such as certain weapons are complete garbage

    • @wiger_
      @wiger_ 11 месяцев назад +55

      military grade means cheapest bidder

    • @Raxis
      @Raxis 11 месяцев назад +25

      Military grade is just the fancy way of saying 'impressively cheap'

    • @дигл_лайв
      @дигл_лайв 11 месяцев назад +14

      Military grade = overpriced and underdelivered

  • @thephantom5070
    @thephantom5070 11 месяцев назад +673

    People seem to forget that "Military grade" just means mass produced by the cheapest bidder

    • @infinitehexington
      @infinitehexington 11 месяцев назад +8

      Nope, military grade means severely tested

    • @rryangosling
      @rryangosling 11 месяцев назад +13

      Average "military grade" person

    • @bable6314
      @bable6314 11 месяцев назад +72

      @@infinitehexington Military grade means "something the military might use"
      That's the actual definition.

    • @ectothermic
      @ectothermic 11 месяцев назад

      @@infinitehexington Wrong. It just means "it works" it says nothing about reliability or durability.
      It's cheaply made, mass-produced junk. There's a lot of data and articles on this.
      It's marketing speech, nothing else.

    • @shadowsnake5133
      @shadowsnake5133 11 месяцев назад +27

      ​@@infinitehexington severely tested doesn't mean it works, Russia for example during early WW2 tested their main battle tanks... And only 8% of them passed inspections. 8%, nearly 1/10 tanks actually worked as intended for as long as intended. That's a horrible percentage, yet they were cheap enough that you could outproduce the German tanks, and the armor wasn't the part that was failing, so like hey, it'll do for the time being... And then they never actually fixed the problem, with their tanks getting shredded in the later half of the war, as Germans upgraded their guns. Russia, throwing more bodies at the problem instead of actually fixing it since basically forever.

  • @OoperB
    @OoperB 11 месяцев назад +408

    As an individual with no servers i see this as an absolute win.

    • @rryangosling
      @rryangosling 11 месяцев назад +1

      W for us :)

    • @RoyBlox
      @RoyBlox 11 месяцев назад

      ok

    • @AEGIS-RED-MEGA-VIEWS
      @AEGIS-RED-MEGA-VIEWS 11 месяцев назад +3

      me too, i mostly use groups

    • @Theunicorn2012
      @Theunicorn2012 11 месяцев назад

      As an individual with no servers i see this as an absolute win:

    • @Noob-commenter-lol
      @Noob-commenter-lol 6 месяцев назад

      As a non bot server with no verification i see this as an opinion invalid

  • @amorfatikhb
    @amorfatikhb 11 месяцев назад +108

    ever since i heard someone say that "military-grade" actually just means serviceable, i haven't been able to take any of those claims seriously anymore

    • @macdoodleer
      @macdoodleer 11 месяцев назад +10

      as someone with relatives who were in military service: "Military grade" just means the cheapest one that works well enough

  • @varram3488
    @varram3488 11 месяцев назад +619

    As a programmer who works with secrets and api-keys I am amazed at the sheer stupidity of double-counter. Like its honestly impressive that they are making these mistakes 💀💀
    Ima nerd out here so you can skip this: sending API requests to private API (discord's API in this case) with your own private API key from the clients side is wild and should never be done (Its commen-sense/cyber-sec 101).
    Edit: People (roblox script kiddies) in the comments are waging a war over if I am a "real" programer. I am a programer; I am a full stack dev and code/work with Node.js, Typescript, Next.js, Nest.js, Redis, Mongo DB, SQL, python, etc. And i do in-fact work with secrets and api-keys that need to be kept hidden and protected properly.
    Edit 2: I started a war in the comments 💀

    • @teddythecat0
      @teddythecat0 11 месяцев назад +13

      you're NOT a programmer you just know python/html lmfaoo
      edit: seems I have upset some python "programmers", what I meant is he doesn't know actual hard programming is, he just knows python/html and those are not hard,
      don't cry python fans ❤️

    • @sbanerjeeofficial
      @sbanerjeeofficial 11 месяцев назад

      ​@@teddythecat0you stupid knowing any programming language and able to use them is called programming shit you are lmao go and eat your a**

    • @ramsy0dev
      @ramsy0dev 11 месяцев назад +86

      @@teddythecat0 Since python isn't considered a lang bro.

    • @moony_lol
      @moony_lol 11 месяцев назад +25

      ​@@teddythecat0What makes you think so, lol?

    • @sbanerjeeofficial
      @sbanerjeeofficial 11 месяцев назад

      ​@@teddythecat0don't broke other heart lmao btw I know html css Java script c , c++, sharp, vbs,go

  • @fusedqyou
    @fusedqyou 11 месяцев назад +227

    Here's the thing: authorization is super easy to implement nowadays. Yet for some reason they thought basic clientsided encryption is the best way to secure their application. NEVER put any sort of security logic on the client, because it will be figured out one way or another. I hope everybody ditches this bot and never uses it again, because this is yet another example of idiots with some programming knowledge putting others at risk.

    • @0vxx
      @0vxx 11 месяцев назад

      You should look at Rec Room’s security lmao

    • @Coder_Tavi
      @Coder_Tavi 11 месяцев назад +12

      #1 rule when developing in client-server environments: Never trust the client, or give the client things you don't want others to use.

    • @varram3488
      @varram3488 11 месяцев назад +4

      @@Coder_Tavi istg their bot is being run and coded by 3 dogs in a trechcoat

    • @Theunicorn2012
      @Theunicorn2012 11 месяцев назад

      Here's the thing: authorization is super easy to implement nowadays. Yet for some reason they thought basic clientsided encryption is the best way to secure their application. NEVER put any sort of security logic on the client, because it will be figured out one way or another. I hope everybody ditches this bot and never uses it again, because this is yet another example of idiots with some programming knowledge putting others at risk.

    • @Coder_Tavi
      @Coder_Tavi 11 месяцев назад

      @@varram3488 Nah it's being run by 2 kangaroos in a puffer

  • @notcallmehacker
    @notcallmehacker 11 месяцев назад +165

    I'm absolutely no Lawyer but Double Counter Lens sounds like its gonna violate the GDPR if the user does'nt explicitly agree to have his behavior tracked and data shared

    • @AEGIS-RED-MEGA-VIEWS
      @AEGIS-RED-MEGA-VIEWS 11 месяцев назад +32

      guess what? i join a random server who has the bot. I have dm turned off by default. bot can't show me the notification about tracking. i dont browse all the channels. one day i notice my data on internet. the place where i work offers me free lawyer. i sue and make money. w

    • @Sir_Trollman
      @Sir_Trollman 11 месяцев назад +3

      I am 99% sure you can tell them to remove ALL your data or request it

    • @nathanpeterson5609
      @nathanpeterson5609 11 месяцев назад +18

      @@Sir_Trollman and like in this video is said, get your account banned from all 400 thousand.

    • @Sir_Trollman
      @Sir_Trollman 11 месяцев назад

      @@nathanpeterson5609 they cannot ban you for using your rights

    • @Youwotm8Tk
      @Youwotm8Tk 11 месяцев назад +11

      @@Sir_Trollman Can't request your data to be deleted if you don't know you're being tracked.

  • @JakeIGuess
    @JakeIGuess 11 месяцев назад +57

    The moment I heard "This bot has Administrative privileges" my face almost went through my desk.
    STOP GIVING BOTS ADMIN

    • @_kitaes_
      @_kitaes_ 11 месяцев назад

      ikr like bot only have to see you on a server and thats it

    • @WillOnSomething
      @WillOnSomething 11 месяцев назад +13

      I wouldn't even give *my own bot that I programmed myself* admin privileges. It doesn't need it, i'll just add the least amount of permissions I need for it to work properly

    • @AEGIS-RED-MEGA-VIEWS
      @AEGIS-RED-MEGA-VIEWS 11 месяцев назад +1

      @@WillOnSomething same, is very easy (but time consuming) to run a token generator and guess the token of a bot. any bot can be hacked and ppl should be aware of this

    • @mathmagician8191
      @mathmagician8191 11 месяцев назад

      @@AEGIS-RED-MEGA-VIEWS Theoretically yes, but there are so many possibilities that it will never practically happen (it would take trillions of years on average to get a single valid token) even if you could guess a million tokens per second without being rate limited

    • @Liggliluff
      @Liggliluff 11 месяцев назад +3

      @@Schmaggleschticker Almost every bot requests this. I deny every single permission and create my own role. I'm not going to have every bot with its own role. They're just going to have a bot role.

  • @fxiqval
    @fxiqval 11 месяцев назад +33

    as a cybersec guy myself, while i do specialize mostly in maldev, evasion, gamehacking and binary exploitation, i'm really considering finding vulnerabilities in stuff like this cuz of this

    • @questwalkerko
      @questwalkerko 11 месяцев назад

      Unless the service you are auditing specifically has a bug bounty up, don't. If they don't have a bug bounty and you find a vulnerability they'll probably just sue you instead of fixing it.
      article about it: aHR0cHM6Ly9yb2JkeWtlLmNvbS9ob3d0by1kaXNjbG9zZS8=

  •  10 месяцев назад +10

    So far, Discord bot developers are the only ones that seem able to take the cake from WordPress plugin developers in terms of outrageously stupid vulnerabilities.

  • @cron1807
    @cron1807 11 месяцев назад +49

    Military grade just means the cheapest that works

  • @JustTheJames
    @JustTheJames 11 месяцев назад +64

    That lens thing honestly sounds like it's illegal in Europe. GDPR states users must explicitly consent to all tracking (not just cookies). Not sure if this being a discord bot is some kind of loophole though, I'm no expert.

    • @pizza-pi
      @pizza-pi 11 месяцев назад +14

      Sounds like the kind of thing that should be illegal everywhere, tbh.

    • @Milenakos
      @Milenakos 11 месяцев назад +2

      they can probably argue its legal because its not personally identifiable information or some bullshit

    • @AEGIS-RED-MEGA-VIEWS
      @AEGIS-RED-MEGA-VIEWS 11 месяцев назад

      @@Milenakos how do i not know it store my ip? discord after all it reads user's ip

    • @Hellscaped
      @Hellscaped 11 месяцев назад

      @@AEGIS-RED-MEGA-VIEWS ips arent read off to bots

    • @Hellscaped
      @Hellscaped 11 месяцев назад

      @@Milenakos also hello milenakos :3

  • @pingupongoo
    @pingupongoo 11 месяцев назад +66

    I want to say that while what you mentioned would be definitely be bad, if you have a bots client secret you can essentially just write your own code and feed it that secret and you control the bot. I'm not sure why this wasn't mentioned, because with a bot's clientid you can just write code to have it loop through every server, ban every player, delete every message... you get the idea. While its certainly more fun and chaotic to give everyone admin if someone actually wanted to do damage they could have wiped every server this bot was in with some very simple code

    • @pingupongoo
      @pingupongoo 11 месяцев назад +7

      @@gorilla_gorl you are right, I meant the bots client secret. ill update it.

    • @VI.mp4
      @VI.mp4 11 месяцев назад +6

      No, I believe you're mistaken. The client secret is not what you use to write code for the bot. You need a bot token for authorization, which is not the same thing as the client secret.

    • @fxiqval
      @fxiqval 11 месяцев назад +5

      there's 3 of those values for a bot,
      the token = private, used to authenticate for the rest api and gateway api,
      the client id = public, used to identify the bot
      the client secret = used for oauth2
      the client secret can only be used for some things, such as authorizing an oauth2 access code of someone.

    • @dylanharding5720
      @dylanharding5720 11 месяцев назад +5

      Because what was leaked wasn't the bot token. It was the application client secret, which is different - you cannot control a bot with it.

  • @RoyBlox
    @RoyBlox 11 месяцев назад +15

    As a person who doesnt use Double counter, I see this as an absolute win.

  • @coletomlinson3824
    @coletomlinson3824 11 месяцев назад +16

    Fun fact: Double counter will also ban you from any servers you try to join if you happen to have a sibling or someone else on your wifi network that also uses discord because it thinks you're an alt account

    • @Liggliluff
      @Liggliluff 11 месяцев назад +7

      Apparently it saves which account is associated with the IP. Meaning 1 user per IP. If you need to create a new account, or as you said, multiple people on the same network, you can only do 1 account. IPs aren't exclusive per user and can sometimes change.

    • @trentonking764
      @trentonking764 10 месяцев назад +1

      ​@@Liggliluffthat is a trash verification system lul you can just restart your router to get a new IP an than log into a different account with a different gmail..

    • @Tom-uy4io
      @Tom-uy4io 2 месяца назад

      @@trentonking764 or release and renew WAN IP

  • @DjXavier189
    @DjXavier189 11 месяцев назад +33

    That bot can destroy discord predator server

  • @Prometheus_Alt
    @Prometheus_Alt 11 месяцев назад +28

    I've never heard of this bot, but I think it's great that I don't use this bot.

  • @arqez.
    @arqez. 11 месяцев назад +22

    this was a military-grade youtube video

  • @ccgm_harpy
    @ccgm_harpy 11 месяцев назад +17

    As someone who's made a few Discord bots, this is embarrassing. I have no clue how you write this code and don't expect something terrible. I'm not an expert, I'm not even smart. I'm just in awe. I hesitate to call the second issue a vulnerability, it's more like a backdoor. If you're using this bot, stop using it immediately.

    • @ccgm_harpy
      @ccgm_harpy 11 месяцев назад +6

      EDIT: Other developers in the comments are getting doubt about their legitimacy. There's a mod I've made that includes a Discord bot, video tutorials and github link on my channel.

    • @aidenstanley7305
      @aidenstanley7305 11 месяцев назад +1

      It's about the same level of competency as demanding you accept sitewide tracking (by a third party no less) on pain of mass banning.

  • @Mutrax4706
    @Mutrax4706 11 месяцев назад +2

    i love how when you said that eva got paid when reporting the bug, and you said "so its worth being a good citizen, since you might get ...", an ad just played
    omg an ad for payment! awesome!
    (i just find the timing to be rly comedic)

  • @applestone7580
    @applestone7580 11 месяцев назад +27

    Imagine how bad it'd be if some kid got into a massive server with this bot, and just took over? It'd be pretty bad..
    Anyways, it's always a good day when NTTS posts. Keep up the good work, you impress me everytime!

  • @oksurreal
    @oksurreal 11 месяцев назад +1

    I've been subscribed to NTTS since you had 2.7k subs i think, these videos are getting better and funnier. keep it up!

  • @deivedux9342
    @deivedux9342 11 месяцев назад +9

    The real issue with the "military grade" term is that it's overused to the point that it no longer has the same meaning. I mean, HTTPS technically uses "military grade" encryption, and while VPN providers also have it as their main selling point, they're also not technically wrong, which is how they keep getting away from being accused of false advertising.
    As Tom Scott used to describe VPN providers overusing the term: "is the sort of marketing that scares people into buying something they might not need".

    • @holy3979
      @holy3979 11 месяцев назад

      @@Schmaggleschticker Usually refers to stuff "made to military specifications" what's really funny about this is that a lot of the stuff the military uses is actual garbage and civilians have access to far better equipment...

  • @ArnoldsKtm
    @ArnoldsKtm 11 месяцев назад +19

    Giving admin is a child's play. At that point you had the power to delete all channels indiscriminately, and ban absolutely everyone in those thousands of servers. Could even sort servers by member count and target the large ones first.

  • @datCatInSunglasses
    @datCatInSunglasses 11 месяцев назад +12

    I'm not sure this lens thing really complies with the EU's GRPD, you can't just gather user data without asking first, and you certainly cannot do this without giving the user an option to refuse having its data gathered or an option to have it removed.
    And apart from that yeah it's true that we don't act the same everywhere on discord, I act like a complete moron on friends servers and we ban each other for fun, so that rating system is kinda broken

  • @Agentdodger
    @Agentdodger 11 месяцев назад +2

    new editing style wild

  • @bandiddums
    @bandiddums 11 месяцев назад +7

    I've recently found out about DC when I accidentally clicked on a setting while setting up my emote server and oh boy the bot seems quite aggressive with the tracking and stuff even without the lens feature. Granted, before it's mostly to verify if you're an alt or not for that specific server but it still doesn't look good

  • @bruhther6260
    @bruhther6260 11 месяцев назад +11

    Petition for Double Counter to remove "military-grade" from their title

    • @fusionsub
      @fusionsub 11 месяцев назад +1

      Take my signature

    • @robloxxer593
      @robloxxer593 11 месяцев назад

      𝓻𝓸𝓫𝓵𝓸𝔁𝔁𝓮𝓻

    • @raptordarwish887
      @raptordarwish887 11 месяцев назад

      𝓡𝓪𝓹𝓽𝓸𝓻𝓭𝓪𝓻𝔀𝓲𝓼𝓱

  • @EnBunk
    @EnBunk 11 месяцев назад +5

    A naked man fears no pickpocket.

  • @Rexormi
    @Rexormi 11 месяцев назад +1

    This was the most funny video of your career.

  • @Azuriian
    @Azuriian 11 месяцев назад +7

    That Double Counter Lens thing is making me feel like a goddamn star, GOTTA LOVE BEING STALKED BY BOTS!

  • @SentakuuGaming
    @SentakuuGaming 11 месяцев назад +3

    DAMN this is like horrible i hate being tracked on discord or any platform and literally double counter is doing the worst thing ever like people gonna switch to different discord bots for sure and i myself gonna leave servers that use double counter dont want to get tracked by the stupidity of the devs.

  • @TaranTatsuuchi
    @TaranTatsuuchi 11 месяцев назад +4

    "Military Grade"
    Civilians - :D
    Military - D:

  • @DePhoegonIsle
    @DePhoegonIsle 11 месяцев назад +1

    The outside for NTTS is just a painted basement room with felt on the floors & walls. X} Good content yo.

  • @AEGIS-RED-MEGA-VIEWS
    @AEGIS-RED-MEGA-VIEWS 11 месяцев назад +8

    7:58 isnt that breaking european laws about privacy? they could literally end up in jail, even that their intentions were to actually protect users

    • @theronejose
      @theronejose 11 месяцев назад +1

      Theyre not in europe so they cant be jailed

    • @anonymousguy7005
      @anonymousguy7005 11 месяцев назад

      Not everyone lives in Europe 🤦‍♂️

    • @aidenstanley7305
      @aidenstanley7305 11 месяцев назад

      @@theronejose if the names are put on a list, they don't realise, and then go on holiday, they'll find themselves in deep shit the moment they present their passport to a border officer.

  • @brokenexlite
    @brokenexlite 11 месяцев назад +3

    another good day when ntts uploads

  • @joeswagson
    @joeswagson 11 месяцев назад +2

    i cannot believe they #1 had an exposed key, and #2 had a very very simple authentication method for setting sensitive values

  • @b1oodzy
    @b1oodzy 11 месяцев назад +1

    Alternate title for this video:
    "Reporting" this server breaking bug by absolutely abusing it.

  • @Liggliluff
    @Liggliluff 11 месяцев назад +3

    Another issue with letting bots have full control over servers. Why don't people learn? Why did NTTS not say anything about how Double Counter _should not_ be an administrator. If all it does is: give roles, kick and ban users. Then it should only have those roles. It should not have the roles to modify channels, rename users, and more.
    Plus if you want to use Double Counter for verification but not banning, you could prevent it from banning users. This also means that if a user wants their data deleted, Double Counter can't ban that user from your server.

    • @aidenstanley7305
      @aidenstanley7305 11 месяцев назад +1

      Ah, but that would mean the credit score opt-out punishment wouldn't work, and that would be a bad thing! (lies)

    • @Liggliluff
      @Liggliluff 10 месяцев назад +1

      @@aidenstanley7305 at least they went back on that idea

  • @mokufreeman4692
    @mokufreeman4692 11 месяцев назад

    I really love when people say "Military Grade" on something, since Military Grade stuff is generally outsourced to the cheapest producer and mass produced for millions of soldiers. you want PMC Grade gear, that's the good shit.

  • @strawberrylexta
    @strawberrylexta 11 месяцев назад +1

    that last point made with double lense would be a big issue with how I run my discord, I tap people on the wrist for cursing or caps spam, few seconds mute get their attention and a message just keep it in mind to reduce the amount cursing and caps, I've had people trigger it a lot and to me its not that big a deal but dam their DSCS would get destroyed

  • @Xelger
    @Xelger 8 месяцев назад

    We just added this bot about a week ago, and I saw that it wanted Administrator privilege... I didn't give it that privilege to see if it would function fine without it... and it does. The only thing that it can't do without it is give us server statistics, and we don't care about that. I also put Double Counter's role below all of our moderator roles. I am glad we were careful about that now that I have seen this, though it's good to know that they patched those issues.

  • @monicavix6036
    @monicavix6036 11 месяцев назад +22

    Props to Blahaj girls for making NTTS videos possible

  • @tubers94.
    @tubers94. 9 месяцев назад

    This is really MILITARY GRADE preformance.

  • @jones4106
    @jones4106 11 месяцев назад +1

    Honestly, military-grade is perfectly apt to describe this.

  • @officialromanhours
    @officialromanhours 11 месяцев назад

    "Some people just don't understand the dangers of mass surveillance."

  • @warner3224
    @warner3224 11 месяцев назад +4

    Programmer with engineering degree here.
    I've seen some code and this here is worse than code from students that i've seen.
    To those who don't know too much stuff about programming:
    Most websites are built using Three-Tier Architecture (or in simpler words, are using three different "components" to work). Basically that goes down to three tiers:
    - Presentation tier (what you see, all the shiny stuff)
    - Application tier (processing of the data, etc)
    - Databse tier (database and "back-end" stuff)
    And most important here is the back-end stuff. The back-end is simply just a "brain" of the web application. Back-end processes vulnerable data and HAVE TO BE HIDDEN AT ALL TIMES!
    There are languages that hide code automatically (or simply you don't have access to it because server won't let you) and they are used to create back-end of the application.
    Here, they simply put some of the back-end stuff in the front-end code (and this should never happen in the first place - and certainly NOT ENTIRE ID's AND OTHER DATA).
    Literally they made this code so bad I'm thinking it may be intentional - because it's really hard to mess up back-end that bad (back-end code is hidden by default)

  • @ErwanFrosterFox
    @ErwanFrosterFox 11 месяцев назад +2

    I wonder how they'd respond to a well-phrased, perfectly legal, ask for a GDPR data export. Not a "do not track me and ban me" a simple "Hey, what data did you actually collect about me ? Gimme."
    It would probably be enlightning to know.

    • @aidenstanley7305
      @aidenstanley7305 11 месяцев назад

      I'd love to be a fly on the wall if they got a lawyer to explain the requirements to them, there would be a lot of shouting because of the total illegality of the coerced consent.

  • @SpeedUpThatComputer
    @SpeedUpThatComputer 11 месяцев назад +4

    This is why i make sure any bot roles are below any roles with permissions. Better yet if you put all your integration roles (bot roles) to the bottom of all your roles it is the best place for security reasons. I also don't use verification bots anymore but rather just let people in using discord's own system and if we get raided i just pause invites for 24 hours and investigate to see what link is being used to raid the server and then delete it. If it's disboard or something i'll just make the listing private and remake the invite.

    • @AEGIS-RED-MEGA-VIEWS
      @AEGIS-RED-MEGA-VIEWS 11 месяцев назад

      bots are always bellow mods and 'active loyal members' role

  • @nclsDesign
    @nclsDesign 11 месяцев назад +1

    I'm a web developer and seeing this makes me absolutely palm my face... face my palm (wait what?!).
    The fact that they used this encrypted server ID as a verification which was also generated on the client... Rule #1 of web dev: Never trust the client.
    They are logged in. Use the session or JWT to verify the permissons WTF?! It's that easy

  • @Orlemn
    @Orlemn 11 месяцев назад +3

    This bot runs off ip so if you live with someone that has been authorised by this bot that means you can't join a single server it is and it's support doesn't give two damns and say "Welp your problem not ours"

  • @nekrosis4431
    @nekrosis4431 11 месяцев назад

    If you use AES, SHA or HMAC (all widely used and basically the standard), you are using "military-grade". You still need to implement them correctly, but the algorhithms themselfs are top tier.
    That is what "Military-Grade" means in software security every single time.
    Use it as a warning label, if someone calls his security features "military-grade", he is either trying to deceive you or doesn't know much about security/cryptography.

  • @PhoenixDuhh
    @PhoenixDuhh 11 месяцев назад +2

    Double Counter is the worst bot out there. You get banned on Discord for spamming or something? "Oh you're an alt, and also we can't help you undo the considered alt even thought it's literally a deleted account" they ruin the discord experience because they have no way of support. All of their support for help is js left to a dead end. DOWN WITH DOUBLE COUNTER!!

  • @dunste123
    @dunste123 11 месяцев назад +4

    Pretty sure that their lens feature is against the developer tos and will cause massive api spam if it bans you on all servers

    • @lucykitsune4619
      @lucykitsune4619 11 месяцев назад

      It's also against EU data protection laws

    • @AveryChow
      @AveryChow 11 месяцев назад +1

      I'm guessing it bans you upon joining rather than banning you everywhere all at once lol

    • @aidenstanley7305
      @aidenstanley7305 11 месяцев назад

      @@AveryChow making it explicitly illegal as it shows a flagrant violation of the right to be forgotten request.

  • @cassiuscartland
    @cassiuscartland 2 месяца назад +1

    double counter is still a seriously annoying bot. the amount of servers I have been kicked off for an alt account i dont even own, and then when i try to contact double counter to let me through, THEY BAN ME FROM EVERY SINGLE SERVER USING DOUBLE COUNTER.

  • @Dawid23_Gamer
    @Dawid23_Gamer 11 месяцев назад +4

    So, this bot immediately starts tracking you as a user when you join a server that contains it, probably without you specifically getting a prompt to agree to such terms (especially with auto-verification)?
    Oh European Union!

  • @Metruzanca
    @Metruzanca 11 месяцев назад

    We're now at a point in time where everything is using at least military grade encryption. Sometimes more. Tranditionally, military grade = AES256. So this means that if you seen https in your browser's address bar, you're using AES (advanced encryption standard). Which basically means everything is using military grade encryption.

  • @Renault_75-34MX
    @Renault_75-34MX 11 месяцев назад +1

    If you've ever seen Lockpickinglawyer, you'll know Military grade is just cheap shit for the cheapest contract bidding price, or a Masterlock

  • @Jarool21
    @Jarool21 11 месяцев назад +2

    I can't wait for someone to figure out how to get the developer of Double Counter banned by their own bot!

  • @DefaultYoutubeUserAccount
    @DefaultYoutubeUserAccount 11 месяцев назад +1

    Double Counter Lens smells like a GDPR violation

  • @AnCapGamer
    @AnCapGamer 11 месяцев назад

    lol "military grade" is cheapest quality at the lowest cost! Army vet here, so I have seen this!

  • @vigintillion6690
    @vigintillion6690 9 месяцев назад

    The fact that they claim to be a security bot yet they don't know a thing about cybersecurity or how to build secure software is quite amuzing

  • @arlissven1555
    @arlissven1555 11 месяцев назад

    "Military Grade" unironically means "very bad, very cheap, does bare minimum" type of stuff. So they're not wrong there.

  • @chairedge
    @chairedge 11 месяцев назад +16

    By the way, the developer plans to give the Lens feature an opt-out and also wipe anything that was collected before then towards Sunday or so. The whole idea was one huge GDPR infarction waiting but hats off to the dev

    • @AEGIS-RED-MEGA-VIEWS
      @AEGIS-RED-MEGA-VIEWS 11 месяцев назад +2

      bet his intentions were good, but he doesn't realize he can end up in jail for such things, this, only if his bot makes him money, else nobody would bother too much

    • @Liggliluff
      @Liggliluff 11 месяцев назад +1

      But if a user wants to not be tracked, are they still going to be banned?

    • @chairedge
      @chairedge 11 месяцев назад +1

      @@Liggliluff You will be able to opt out of the Lens system as both an user and a server without going through that ban thing. And that ban thing was also misworded - you weren't going to get banned off the servers, only that DC wouldn't be able to verify you anymore, meaning that you would have to be manually verified by the server staff if DC is being used

    • @aidenstanley7305
      @aidenstanley7305 11 месяцев назад

      ⁠​⁠@@chairedgethe ban thing is still up and it is very very clearly worded. The only clear way to stop it from sending any account it doesn't like to the gulag would be to stop it from banning people entirely.

    • @aidenstanley7305
      @aidenstanley7305 11 месяцев назад +1

      The opt-out isn't a real opt-out as it still has the same very harsh punishment of a global ban.

  • @kvxtr
    @kvxtr 6 месяцев назад

    its kind of funny how there is some random group of people making bots controlling people across servers with tracking and stuff while discords sits there and watches.

  • @me2-684
    @me2-684 2 месяца назад

    the year of protection being unprotective fr

  • @AveryChow
    @AveryChow 11 месяцев назад +4

    has no one learned their lesson from that Minecraft plugin that banned you globally if you got banned on more than 2 servers that had the plugin installed? bad actors would just make two fake Minecraft servers then ban someone from both lol. I imagine something similar might happen if you piss off a mod/admin that mods multiple discord servers

  • @CodingisCoolCodingCool123
    @CodingisCoolCodingCool123 11 месяцев назад +3

    Military grade, seems like apple tbh

  • @leafofyume7838
    @leafofyume7838 11 месяцев назад

    he makes a security bot that can be essential for some servers and desides to sometimes just dont think faar and just do stuff. also the amount of small thing he dont bothers about. like this banning thing for deleting your data as law forces them to if you request it. its just a "screw you, we dont bother because you dont play into our cards" solution. or giving the bot admin when inviting it even trough thats risky and the bot only needs permission that are avable as role permission. yeah just implementing a monitoring feature that has several flaws that make it partly useless. but then advertising your bot whit a huge claim. its hard to tell if all this stuff is intentional but if it is then this is just careless

  • @Lopolin_LP
    @Lopolin_LP 11 месяцев назад

    that lens feature just screams for a lawsuit from a few germans...

  • @thepersonandtheguy
    @thepersonandtheguy 4 месяца назад

    pretty sure "Military grade" is like BARELY JUST FUNCTIONAL, like the worst of the worst but still functioning

  • @rubiusoficial
    @rubiusoficial 11 месяцев назад +1

    So they had all the logic in the frontend of their website. XD.

  • @ImSkye
    @ImSkye 11 месяцев назад +3

    Yeah that lens feature can’t be legal (under GDPR)
    On another note, I’ve known about this exploit for over a year, so now I can finally say why I wouldn’t let the community use this bot. 😂

    • @AEGIS-RED-MEGA-VIEWS
      @AEGIS-RED-MEGA-VIEWS 11 месяцев назад +1

      most bots break it, their devs just dont write about what they do

  • @joao34386
    @joao34386 11 месяцев назад

    According to every military person I know, "military grade" just means "barely functional".

  • @WickedFalcon
    @WickedFalcon 11 месяцев назад +2

    double-counter have never heard of GDPR...

  • @itsnotAZ
    @itsnotAZ 11 месяцев назад +1

    a wise man once said:
    "never... EVER... trust the goddamn client"

    • @Tom-uy4io
      @Tom-uy4io 2 месяца назад

      might as well forget about client security bc at this point everyone's just finding hacks and bypasses for it.
      just focus on doing stuff serverside.

    • @itsnotAZ
      @itsnotAZ 2 месяца назад

      @@Tom-uy4io we live in 2024 and developers still trust the client to do important stuff (security-wise)

  • @HasX-wo7zv
    @HasX-wo7zv 10 месяцев назад +1

    As a Cysec Engineer, This is a military grade bot... Like Russia's military xD

  • @Zabe_B
    @Zabe_B 11 месяцев назад +1

    this tool seems very intrusive in general. it does seem useful to be able to detect alt accounts, however, i would never want to automatically ban them. most of the time, in my experience, alt accounts are actually just kids/tech illiterate people who forgot their pw/forgot they made an account already... not to mention the case of a shared ip address between multiple people. and honestly the usefulness doesn't outweigh my regard for people's privacy anyway...

  • @WalnutBun
    @WalnutBun 10 месяцев назад

    Fun fact: "military grade" more often than not means "lowest bidder" - aka cheap.

  • @tankmemer
    @tankmemer 11 месяцев назад

    90% of 'hackers' are just good Samaritans at this point

  • @NeotintYT
    @NeotintYT 11 месяцев назад

    Funny how i got an ad for a nuking bot as this video finished

  • @thetvexplorer
    @thetvexplorer 11 месяцев назад +1

    2:42 Oh My Guyot

  • @L20412
    @L20412 6 месяцев назад

    I remember abusing unpatched thing in the old days: I bypass any account with just brave browser, no console

  • @antekpaztek
    @antekpaztek 11 месяцев назад

    The "military grade protection" on the internet may not be as flattering as it seems because we all know that the military still uses 20 year old computers

  • @7avery
    @7avery 2 месяца назад

    We need a face reveal of our fav Discord Mod. Much love to all of you and NTTS❤

  • @thewizardbrand
    @thewizardbrand 11 месяцев назад +1

    ah great, a way to finally get rid of bad servers

  • @t-ree
    @t-ree 11 месяцев назад +1

    They will ban us, if we delete our data. So, what if we create a lot of alts and then request data deletion on all of that account and it will probably crash the bot banning us from all the servers...

  • @averagegamez240
    @averagegamez240 11 месяцев назад +1

    Military grade is not a good thing.
    Military grade means it’s made to barely complete the task as cheaply as possible.

  • @Jenner_IIC
    @Jenner_IIC 11 месяцев назад +2

    Hey, militray grade is not inaccurate here, the US military was well known for having tons of really awful cybersec that solely relied on the system being closed off

    • @bable6314
      @bable6314 11 месяцев назад +1

      I mean... Not being connected to the internet is excellent cybersecurity.

    • @Jenner_IIC
      @Jenner_IIC 11 месяцев назад +1

      @@bable6314 On paper yes, in practice you are entirely relying on everyone accessing that network not doing something stupid, like say connecting their personal phone to the work PC (And if that sounds dumb and silly, no, actually happened)

  • @theepicslayer7sss101
    @theepicslayer7sss101 11 месяцев назад +1

    yeah that lens thing makes this bot useless, the 2 vulnerabilities are impossibly bad, like how much more under the hood does it have that don't make sense?! and again with the lens thing, no one wants that, getting banned everywhere due to one server with strict rules due to auto mod, getting tracked everywhere (spyware), what does this bot brings to the table that others don't?
    the lens thing would only serve someone who is getting stalked or a server trying to keep 1 creep out... problem with that is you get banned platform wide and automatically... you only need petty beef with one server owner who deletes months of messages (10k?) to look like you are a psychopath or maybe Discord TOS changes so they have to delete bulks of messages and people will be mass banned everywhere...
    that lens thing is garbage, basically a land mine for your own friends to friendly fire with. problem is i doubt those 400k servers realizes that.

  • @itsoutchy
    @itsoutchy 11 месяцев назад

    Gross bot, even I know how to hide a token, like it literally grants access to the *entire* bot, which can be very bad if the bot has enough permissions, so the way they just had it in plain sight is ridiculous

  • @krispcode
    @krispcode 11 месяцев назад

    The fact that double counter is logging people ips and sending them to server owners is insane to me. Way over the top and creepy tbh.

  • @Lulu5239
    @Lulu5239 11 месяцев назад

    I've reported bugs to a somewhat popular bot's developer and the only thing I got in exchange was 3 months of the bot's Premium subscription (equivalent to 15€)... that I couldn't fully use because the developer banned me from using most of the bot's features.

  • @enzovulkoor
    @enzovulkoor 11 месяцев назад +1

    They also don't like adblockers. Was curious what my score was but not that much to turn off my adblocker.

  • @VaupellGaming
    @VaupellGaming 11 месяцев назад

    Military grade usually means hardware is rugged, but in general. Military grade is worse and outdated than civilian but has some hardware protection.
    So if anyone add's this to a software as a advertisment, before even looking what they are "selling" i think SCAM/SPAM or kids who has no idea about "military grade"
    I never think anyone working with any defence department going solo afterwards to use "military" grade, it's like saying on a scale from 1-10, our stuff is around 6..

  • @bensoos
    @bensoos 11 месяцев назад

    I saw you outside. Joke, I'm never going out.

  • @billyhatcher643
    @billyhatcher643 11 месяцев назад

    I find it so cringe when companies use military grade as a selling point its so annoying

  • @orangemc9358
    @orangemc9358 11 месяцев назад

    "military grade" is not only a gimmick, but often times much worse than enthusiast grade or literally almost anything civilian. I've never been military, but plenty of my coworkers and friends are, alongside some of my family. That terminology means nothing good.