I run forums, I write forum software, I am pro forums.
However I'd also add that it's important how to engage with a forum.
My top tips:
1. Financially fund a forum, but have the enthusiasts run it so it is arms length but official. If you run it, spin it up as a distinct thing so that future independence is possible and easy.
2. Bless it fully, point everything you have at it and have your support staff answer questions, and allow your engineers to go deep on details where they can. Transparency wins, if you can't do it don't run a forum.
3. Have someone else run it... That was #1, but it means "Don't moderate away dissenting voices". You will never have a more vocal and clear line of feedback to help you improve, you might not like it... your job is to either listen and learn, or to explain why you are where you are and not going to do something, etc. People aren't dumb, "for money" is a fine argument, but don't use moderation to silence feedback you don't like.
4. Forums are great for content that ages well, know your audience... it's not only the person you're replying to, it's the 1,000 visitors who will never create an account but found this issue via a search engine.
5. Don't use moderation to silence feedback you don't like! (Also #1 and #3). Don't even use threats of "we're withdrawing support" or "unblessing"... these are your users and customers, listen to them rather than fight against them.
I think #3 ("don't moderate away dissenting voices") is a pretty good line / tactic; it makes the community look more independent, instead of a "my product, my rules, I am absolute" community. I mean by all means be on staff, but stay out of forum politics - you are inherently biased towards e.g. criticism. Get some staff to help enforce rules / CoC / etc - if people are being dicks then ban them, but if they're providing feedback you don't like then just... leave it?
Having a community as a third party of sorts helps keep you unbiased.
Of course, that doesn't mean that you allow straying too much out of the topic. Competitor's product that does it better? That's for your improvement, don't shut off critics. Geopolitics? Well, you need to draw a reasonable line sooner or later.
Oh please do. This seems like the perfect time to bring this up:
I had a piece of software that used Discord for support. They required that users be verified, which requires you to give you phone number to Discord. I gave them my Google Voice number, which is the only number I have, and they rejected it because they don't support VOIP numbers. I asked them if there was any other way to verify my identity.
They told me, "Just use a friend's phone to verify. As long as they don't try to verify on Discord in six months it should be fine, we won't check again".
Their official answer to identity verification was to impersonate someone else!
I constantly run into this problem, I've used my google voice number for everything for years (yeah it's not a great move but very hard to migrate away from) and a frustrating number of services recently have been rejecting it for verification. I end up having to take the sim out of my laptop and put it in my PinePhone. It's such a hassle. This whole "you're not a human unless you have a phone number" thing sucks. Same thing with having a credit score. You're just assumed to participate in these systems even though there's no mandate to do so or protection for you if you don't.
Just a couple of days ago, I signed in to a gmail account using the correct username and password.
Gmail intercepted me and claimed to be worried that they couldn't recognize the device I was using. According to the flow, they wanted me to verify my identity in one of three ways: (1) I could verify the backup email address associated with the account; (2) if unable to do that, I could provide the 2FA code sent to that same backup email address (how would I be able to know this without being able to know what the address was?); or (3) I could provide a phone number -- previously unknown to Google -- on the spot, and then provide the 2FA code sent to that brand-new phone number. (How is this supposed to help them verify my identity?)
I went for option (2), the email 2FA code. After providing the code, I was informed that, before signing in to my existing gmail account, I must also provide a phone number and enter the 2FA code sent to my new phone number.
So I went back and went for option (1), typing in my backup email address. Same thing happened. Because Google "couldn't recognize the device I was using", I was not allowed to sign in to an account I obviously controlled without providing a phone number with absolutely zero authentication value.
I did find a workaround. If you attempt to sign in to an account afflicted in this way in an incognito browser window, Google will, for the moment, allow it.
Yep, the latest example was my credit card company rejecting my GV number. They easily have the means to see that I've been using it for 10+ years and it's definitely me. Luckily they wanted my business more than they cared about that policy; a CS droid was able to "force" the system to allow it.
Requiring cell phone numbers isn't about anti-spam or 2FA or anything else these services and sites claim.
It's about linking your account to a real person identity, so they can sell that to someone - either live, or later when they get bought out (privacy policies almost always have a clause that allows them to just fork over all your info to whoever buys the company.) "Where was phone number 111-555-1212 at any point in time" is really valuable these days.
SMS for 2FA is less secure because cellular accounts are almost trivial to take over. Carriers never intended for their accounts to become so important to security. These days you can get a second password added to prevent shipping out a new SIM or transferring the account, but that's bypassable by a cellular store on the corner, and poorly implemented (my carrier just adds it as a CUSTOMER VISIBLE AND EDITABLE comment on my profile. WTF?)
If you get someone's unlocked cell phone or a SIM card, you can get access to their email account, their bank and credit cards...damn near everything. How fast can you lock and wipe your phone if it was ripped out of your hands while you were using it in a public place?
> This whole "you're not a human unless you have a phone number" thing sucks.
Oh it’s even worse than that. I have a land line that I use exclusively for when I’m forced to give a phone number (and also for faxing doctors and lawyers which is apparently still a thing). Many internet forms reject it because it can’t accept text messages. Yeah, that’s the fucking point. I don’t want text messages from your shitty service. It’s still a legitimate phone number you can call. Don’t ask for a phone number if you won’t actually accept a valid phone number! FFS!
Yeah same. ETrade recently changed their phone verification system and can no longer send me a text message to verify my identity. I'm actually ok with that because it forces them to use the security token instead, which they should be doing anyway!
And often I'll run into problems with silently failed messages because they don't accept the number.
I think this is completely different than having a credit score.
I’ve never ‘needed’ a credit score unless I was requesting a line of credit. I’m which case a credit score is better than the alternative where I need to personally know someone that the lender already trusts and trusts their ability to trust other people.
You don’t ‘need’ a credit score but if you want a line of credit then it’s good to have. Otherwise you get the products that they offer to high risk individuals which costs a pretty penny.
> I end up having to take the sim out of my laptop and put it in my PinePhone
Just in case you are not aware, you can receive verification SMS on your laptop as well! On Windows 10 there is a built-in app simply called "Messaging" which shows you all the SMS received on that number. I'm sure something different exists for other OSes.
This is what I do when asked for a verification number and there is absolutely no way around it, I just put the phone number of my laptop's SIM card, that way I don't have to worry too much about spam too because I will never use that number in a real phone.
I’m sorry you ran into that problem. I ran into the opposite problem, of thousands of fake accounts a day using VoIP phone numbers to create accounts. Almost all of them were fake/abusive when they were investigated manually. Blocking these numbers felt like the sensible thing to do, because it made the abusive account creators spend more time, money and energy creating their accounts. I’m sorry it impacted you.
Using SMS as a login verification thing is just so irritating. My bank asks me to enter an SMS OTP every time I login to the website. I know my username and password! Let me into my bank account!
I've had a Google Voice number for so long it's the only voice number I have these days. I can't say it's a recent experience that it doesn't work with certain things though it has been a recent experience the things are aware it doesn't work and will alert you. Overall though I've yet to run into anything I couldn't use an alternative method for authentication be it luck (e.g. got into Discord before they required phone numbers) or email or calls being a thing (and working when text doesn't).
Ironically the biggest PITA I had was when I decided to migrate my primary cell number to Google Voice it was my fallback contact number. Thankfully I only ran into that as an issue once and was able to get back in to set up Google Authenticator (which was also new and hip at the time).
Isn't it a shame how the world got Google Voice backwards? The savvy among us saw it as a way to present our one true phone number/identity to the world, and have options for different back end phones and services we could use. Cell phones, land lines, Hangouts, computer voicemail, all that. But the average schmoe sees Google Voice as a way to get multiple disposable numbers to sacrifice to spammers and bar hookups and commit minor fraud. So it became useless for its main purpose: being your phone identity.
Every one used to use your social security number instead to uniquely identify people but that was made illegal because of the many problems this caused. But company's want a unique identifier for people. Now that everyone has cell phones people never change their phone number so it is a great unique identifier that is legal to use. Not enough edge cases, yet, like yours too worry about. Maybe it will be made illegal in the future.
I had been using my gv number for 9 years for everything as well. I recently ported it out of gv into my mobile carrier since no one knew my carrier number and I was running into too many annoying voip restrictions. So far I don’t miss gv.
Phone verification can certainly be annoying, but anyone who's been part of large Discord communities will know that spambots that DM users with all kinds of scams are a huge issue. Phone verification stops someone from raiding a server with it enabled with hundreds of bot accounts. As for VOIP numbers not being allowed, that also makes sense; VOIP numbers are extremely cheap and allowing them to be used would defeat the whole purpose of phone verification.
Personally I think that giving server admins the ability to require phone verification is a good thing. It's not mandatory and it's only used if the server admin enables it. I don't think it's fair to blame Discord when it's a choice made by the server admin, plus a forum could have the same requirement.
My problem isn't with the phone verification. I totally understand why they do that. I don't even have a problem with not accepting VOIP. I get why they do that too.
My problem is that they don't have an alternative, and there is no way for channel admins that turn on that feature to know how many people can't get in because of their choice.
They should either have an alternative way to verify oneself, or a way for the channel admin to allow you in without the verification, or both.
There’s a bot that will ban most of those spam bots called Beemo. You realize a lot of bots are verified right? I’ve seen scripts to verify accounts on GitHub and spoken to the kinds of people who would automate accounts via scripts just to have a bunch of alts. They get numerous alts into servers just to spy. Its a kind of art I guess. I wouldn’t recommend doing any of these things.
Personally I just wish Discord wouldnt rate limit bans if they’re not going to make a true effort to catch these bot farms. Gee I wonder how likely it is that three thousand accounts will decide to join the same exact server at the exact same minute? Having modded a decent (tens of thousands) sized Guild I gotta say people pop in every few minutes or seconds. Unless something big and relevant to your server happens that draws more traffic, but even then never thousands in seconds.
>As for VOIP numbers not being allowed, that also makes sense; VOIP numbers are extremely cheap and allowing them to be used would defeat the whole purpose of phone verification.
Cool, except whoever or whatever is deciding what is and isn't VOIP is not doing a good job at making that determination. A few years back I ported my old cell phone number to a VOIP provider. I now have a new phone number on a different carrier. $OldPhoneNumber is apparently not a VOIP number and $NewPhoneNumber is. So I had to use the $OldPhoneNumber on a VOIP provider to verify my account because $NewPhoneNumber with a carrier wasn't acceptable.
But hey, it's their closed platform and they can use whatever means of keeping people off of it that they want. I don't really care for it anymore.
That's not true at all. At any point your account can be flagged by their internal system and on your next login you will be forced to add a phone number "for security purposes". It happens to people all the time, but in particular, though not limited, to TOR and VPN users. So, yea, sure Discord's not at fault in the situation where a server admin turns on the phone number requirement, but they are definitely to blame when they force users, some who prefer to remain anonymous, to either give up personal information or lose their account forever (support will not help you).
Not sure if this can still happen if you've got 2FA turned on, but seeing as I see it mentioned more often from tech literate people (e.g. on here) who are more inclined to setup 2FA I doubt it makes a difference.
Phone verification would be fine if discord had support for multiple accounts/identities. It's a fundamentally important feature of any online social service to be able to retain privacy and have different identities for different purposes. Discord makes this very difficult.
If they allow the user a chance to send an appeal or out-of-band alternative method to verify then this becomes less of an issue. It's when people presume certain baselines — like a phone number — that it becomes a showstopper to community.
Discord pushes SMS verification because it a)gives them your identity which is valuable and b)avoids them having to spend money on proper bot/troll mitigation.
VoIP number bans don't accomplish much because there are lots of services that sell real-sim-backed numbers and nowadays there's even eSIMs.
Not just that. Why do you need to share such private information for every service out there? It's pure madness. It is, and will be used for tracking you online everywhere.
I have a regular phone number in Singapore from a new range of numbers that doesn’t work with many services, even with some government services.
Customer care typically replies by having me first prove that the number is real (by showing a phone bill for getting an verification OTP, think of the irony) and then goes silent because they can’t work around their (human) robot way of thinking when something is unaccounted for in the handbook. (Already shifted a significant portion of my regular spend on groceries to a different provider, but they don’t seem to care)
It’s very frustrating because there are other ways to prove my identity (government even provides a digital Id / signature app) and contacting me.
Services should work with the minimal needed set of properties from the user, discord and slack are very annoying , there’s no need for all this hassle for a small question. I would spend the extra time looking for an alternative product where I can than signing up.
What happened to people caring where users drop off in the funnel?
Losing a user or customer once you’ve spent all that time, effort or money acquiring them by having barriers that don’t have any benefit is just silly.
On the other side of there are bots that impersonate users to send spam or raid servers to overrun moderation and “DoS” the server’s communication. Part of the value proposition of running on Discord or Slack is that they handle offloading a large amount of user verification/spam prevention and moderation tooling. The only one you really have to do is manage rules and have some sort of rotation so at least one moderator is online to handle potential issues.
What I like about forums is that a) they're indexable by search engines! and b) because there's no expectation of an immediate response, people tend to put more time into their requests for help.
I support a FOSS project via Slack, and information sparse requests are sadly the norm, I found that 95% of my responses are "Can you please provide more logs/configuration/actual description of what you were expecting, and what happened instead".
> What I like about forums is that a) they're indexable by search engines! and b) because there's no expectation of an immediate response, people tend to put more time into their requests for help.
For me there is also c) I can browse the content that is already there without signing up. Not going to join your Discord "server" when I don't even know anything about your community.
I don't think it's really about identification. Binding user accounts to SIM-based phone numbers is an effective way of limiting account creation as it's effectively binding it to a physical token.
I can only guess why Discord wants to do this (fighting scam bots?), but for example for Tinder this is a very effective way of preventing abuse on the huge early discovery boost after signup or long inactivity.
I understand why they do it, and I have no problem with that. My problem is their lack of an alternative. Either have an alternative way for me to verify, or a way for an admin to let me into their channel without verification.
The real issue parent and many sibling comments are running into has answers all the way down in individual liberty and sovereignty. Technology companies have pulled out the rug from under us to deliver the illusion of convenience and safety. Benjamin Franklin seems to be ever relevant: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety."
But we're here now, and as much as I might fantasize I can't make myself believe that anyone would willingly accept a significant regression on the convenience front. The only way out that I see is to reconstitute sovereignty in a modern form.
We need "something" and I think we're getting close. Web3, dapps, and cryptocurrency are all aiming in that direction, and even if some instances are a miss I think we'll hit it eventually.
This is super frustrating. Discord requires server operators to enable phone number verification if they want any of the additional "Community" features. It's a hugely backwards requirement and it's the main reason I haven't given the community feature set a second look for any of the servers I run.
> Members of the server must have a verified email on their Discord account before sending messages or DMing anyone in the server. (Note that this doesn’t apply to users that have assigned roles!)[1]
I also help with running a community server which doesn't have the phone number requirement enabled either. It's also not required for partnered servers as far as I'm aware.
You can even get around the email requirement if you just add a bot that gives every new user a role, since any role will automatically verify you as mentioned here.
From what I see the only verification related setting you need to enable for community features is the member email verification requirement - Please correct me if I'm wrong.
I have to imagine that most SWATTING is done using a VOIP number of some kind. No one would use their cell phone or land-line connected to their real identity (also: your real identity likely isn't physically located in the area you want to perform swatting. You wanna change your area-code to match the target)
It's also not required by discord. Discord doesn't even require that you have an account. They leave it up to "server" admins. You can pick options from allowing guests, allowing only accounts, and requiring only phone number verified accounts.
That is bad enough, but the worst part is that the content is not really discoverable outside of Discord. Sometimes you don't want that of course but I have seen communities pretty much dying because they only met there with no influx of new users.
You’re probably deleting its cookies. I had the same problem until I set up a (Firefox) container for it and whitelisted its cookies in that container. Now, no university reminder and no need to re-login either.
(I use the Cookie AutoDelete extension to automatically delete cookies.)
I used a VoIP number with Discord, because, f them, "I don't [need to] have a mobile phone". Also I think we should call ADA violations on any company that requires people to have a mobile phone.
It's possible to use a VoIP number. Happy to share how if you can prove to me that you don't work for them.
Hmm, something in my uBlock Origin filters blocks their signup page.
Anyways, I've been using https://www.numberbarn.com/ for SMS-based 2FA for a few years. Works great for stupid services that demand a US phone number (I'm an American who lives abroad, grrr) and don't have time-based one-time passwords.
just wait til they roll out 2FA with the phone number being needed for a confirmation call (no authenticator app, there was a bug found in auth app 7000! voice calls only way!)
I just wish people would use a system that's integrated into where the code is. I don't want to have to register for a forum when GitHub has a perfectly good ticketing system (and now discussions), and yet I have to register at another place where my details can be leaked from because who knows the technical capability of this one single person who may or may not have done any security.
If it's a company, please have the forum integrated into your software.
I seriously do not want yet another login unless there is a good reason. It's ridiculous. I have nearly 700 logins in my password manager and I'd say probably 500 of those items are websites I've registered once to ask a question (quite often questions that go unanswered). Half of these forums do not even provide the capability to removing my account without contacting the admins, which is just an unnecessary hassle.
> If it's a company, please have the forum integrated into your software.
Counterpoint. Other companies absolutely suck at making forum software. It's because it's not their core business, so why would they put more than token effort into it?
Edit: upon re-read this seems to be exactly what you are suggesting, so please disregard my reply.
The solution here is a forum set up with robust and plentiful SSO solutions, so existing authentication providers can be used.
I’m a believer in just creating a subreddit. It’s free and easy, many people already have Reddit accounts and it’s a much better forum than the ones that would be self-hosted, including moderation tooling and bot ecosystem. The threaded discussions are also better than what Github offers.
I agree that subreddits have a very low barrier to entry, but all that comes at a cost. Among other things, one of those costs is that your content is no longer owned by you.
Should Reddit decide to take itself private, or make ethically questionable decisions, etc., you are locked in due to the networking effect.
The biggest downside of Reddit is that it's so darn hard to find your own posts. The Reddit search seems completely broken for this, so you rely on DDG/Google etc. but this is far from perfect.
I downloaded all my messages with some script, but that doesn't seem complete either since there are messages missing I'm *sure* I posted on Reddit. It's also not very convenient.
Why do I want to find my own posts? Sometimes I write something at length explaining X, and then a few weeks, months, or even years later someone asks about X again and I want to link my previous detailed post.
You need a certain amount of reddit karma to make a subreddit IIRC. You can farm it, but it's yet another thing unrelated to working on your project you need to do, plus it takes time (could take days).
The whole process is opaque too, it feels distinctly like "we have arbitrarily bestowed upon you the privilege of operating subreddits... for now".
I like the reddit format so I've tried this option myself.
I wrote this a year ago as my employer was starting up their forum[0]. While we have since added slack, the forum is the main support mechanism for our community (people who pay us money get support tickets).
I still stand by that choice for:
* SEO
* durability
* question quality
I can't recall the exact numbers, but something like 5-10% of our overall traffic is to the forum.
FusionAuth is a pleasure to work with. Thanks for the work and documentation :+1. You folks done saved me a lot of time, hopefully if I make a dollar will pay it forward.
I think "less capable moderation tools" is really underselling how purposefully useless and nonexistent Slack's moderation tools are for open communities. I cannot overstate how terrible Slack is in this regard.
To be clear, I really and truly don't fault them for this: Slack's always been clear that their focus is on business communication, which is a totally different animal when it comes to moderation needs. Discord is nearly infinitely better in the sense that they have any tooling at all, but it's still considerably far behind the resources I've got when moderating a large Discourse instance.
I understand your pain. Even simple things like moving posts from one channel to another aren't possible for an admin to do in Slack, although this has been basic forum functionality since...ever?
Do you not have seperate channels for that sort of thing? We have a channel called "big-wins" where the sales people can flag up new/extended deals. I have it muted but check it out from time to time to see if we've bought in any interesting customers.
Channels and channel discipline are the key to keeping Slack manageable. Have lots of channels with specific purposes and people can choose what they care about and ignore the rest.
I prefer forums due to similar reasons, but I found asking questions as a user on Discord more "successful", so to speaking.
On a forum, the chance of your question being totally ignored is much, much higher. Some do have some staffs that seem to be obligated to reply, and they will just.. copy and paste some templates.
On Discord, even the devs and staffs are not always there to answer questions, there are often enough other users that can help you, and they are willing to discuss with you if details are not clear (as soon as you're polite). Even though they don't always solve the problem, you can tell someone actually looked into it. And all these happen in real-time, without at best half day delay between each exchange (it helps that Discord is hella popular so lots of people are online all the time, and the chance to notice your message on a server they're in is much higher. Can't say the same for any random forum.)
I still prefer GitHub issues, but after that, Discord. Forums (or the communities it normally forms) really don't cut it.
I totally agree, and I believe that was also the reason why IRC was so successful in F/OSS communities.
Traditional thread-based forums are great for archival but also seem to encourage a full-sized post, which is a conversational barrier by itself and also limits the potential engagement by reducing the number of people willing to reply. It doesn't seem to me that the discouragement of short posts is inherent to forums though, for example traditional South Korean forums had been traditionally evolved from BBS and had a strong dichitomy between posts and comments, so short comments and quick reactions were norms (longer replies are typically posted separately in a post). GitHub issues seem to be somewhere between those different models.
This. I help moderate for the community surrounding Obsidian.md. We have a discourse forum, a subreddit, and a discord. The discord is by far the easiest place to actually get help — and not because the forum isn't active (it is) but because it's real-time and there's always someone around.
Whenever I have to go find a forum for a product I'm using that doesn't have a discord, I have to twiddle my thumbs for a day before maybe getting asked a clarifying question.
Sure, there's a "static knowledge base" but in my experience, most search features suck for figuring out if something has already been asked before, but at least discord doesn't make you feel dumb for not having found the old relevant thing already. Plus, it's a lot harder than it used to be when I was active on jcink boards to actually trawl all the new content (a problem for me because I write the community newsletter every week — consistently the one thing I don't actually read all of is the forum. I'm able to keep up with everything else, including twitter).
I understand the value of threading, but don't underestimate the value of linear, chronological thought, either. As a moderator, there's a lot of emotional relief in being able to be sure that I saw everything, and didn't miss a new comment in a thread I stopped reading a week ago.
+1. Also, IMO many users already use Discord for other purposes, so they're more likely to check your project's channel while checking other things. Meanwhile, nobody really goes out of their way to look at a project-specific forum, not until that project build sufficient momentum.
Dev teams also benefit a lot from having an async way to discuss bigger issues that require thoughtfulness and long form answers, especially remote teams. There's a reason mailing lists are still somehow alive and well in open source projects that have been remote first for decades.
We're using discourse internally for this (in conjunction with matrix) and it's allowed us to have discussions I don't think we would have otherwise had.
Prior to Slack I spent many years as an OSS maintainer. I also participated in a Slack channel that discussed my OSS tool's general problem space. That Slack workspace was on the free plan, so messages older than 6 months were memory-holed.
In practice that wasn't too big of an issue. Most developers understood that GitHub was the place for concrete actionable things and long-term discussions, whereas Slack was the place to build relationships and address burning questions quickly. Most developers understood this distinction, though occasionally some would have to be steered towards GitHub when discussing potential bugs that benefitted a proper write-up.
I also worked at a large company that paid for Slack, and it was much more of a long-term memory resource. But as always, whenever I found myself repeatedly searching in the message history for a particular piece of information it always made sense to put it somewhere more defined — in a readme or some other sort of document.
At Slack we have the same basic breakdown — Slack (the software) provides a really useful context for why certain decisions were made, and in a pinch the search feature is great for finding particular nuggets of information, but that doesn't stop us using Quip, GitHub and Jira for tracking longer-lived information.
As an end user, I find that in practice most projects don't actually move any information to a suitable spot.
I can't tell you how many times I've Googled an obscure error message and the only two results were the source code where the error came from and that self-hosted, open-source Slack alternative that Google can index. At that point, I already went to check the source code, and when I click the chatroom where the message is supposed to be, I reach some kind of archived page that's clearly at completely the wrong place in the chatroom history with no way to find what I was actually looking for.
At least the open source clone is searchable, so many troubleshooting could've been avoided if people had used forums rather than Slack/Discord/Mattermost for "support forums".
If they'd been using a forum, would you have a good record of the solution? Or would the problem just never have been solved? The low friction of slack-like tools matters.
Readit News
However I'd also add that it's important how to engage with a forum.
My top tips:
1. Financially fund a forum, but have the enthusiasts run it so it is arms length but official. If you run it, spin it up as a distinct thing so that future independence is possible and easy.
2. Bless it fully, point everything you have at it and have your support staff answer questions, and allow your engineers to go deep on details where they can. Transparency wins, if you can't do it don't run a forum.
3. Have someone else run it... That was #1, but it means "Don't moderate away dissenting voices". You will never have a more vocal and clear line of feedback to help you improve, you might not like it... your job is to either listen and learn, or to explain why you are where you are and not going to do something, etc. People aren't dumb, "for money" is a fine argument, but don't use moderation to silence feedback you don't like.
4. Forums are great for content that ages well, know your audience... it's not only the person you're replying to, it's the 1,000 visitors who will never create an account but found this issue via a search engine.
5. Don't use moderation to silence feedback you don't like! (Also #1 and #3). Don't even use threats of "we're withdrawing support" or "unblessing"... these are your users and customers, listen to them rather than fight against them.
Having a community as a third party of sorts helps keep you unbiased.
I had a piece of software that used Discord for support. They required that users be verified, which requires you to give you phone number to Discord. I gave them my Google Voice number, which is the only number I have, and they rejected it because they don't support VOIP numbers. I asked them if there was any other way to verify my identity.
They told me, "Just use a friend's phone to verify. As long as they don't try to verify on Discord in six months it should be fine, we won't check again".
Their official answer to identity verification was to impersonate someone else!
Gmail intercepted me and claimed to be worried that they couldn't recognize the device I was using. According to the flow, they wanted me to verify my identity in one of three ways: (1) I could verify the backup email address associated with the account; (2) if unable to do that, I could provide the 2FA code sent to that same backup email address (how would I be able to know this without being able to know what the address was?); or (3) I could provide a phone number -- previously unknown to Google -- on the spot, and then provide the 2FA code sent to that brand-new phone number. (How is this supposed to help them verify my identity?)
I went for option (2), the email 2FA code. After providing the code, I was informed that, before signing in to my existing gmail account, I must also provide a phone number and enter the 2FA code sent to my new phone number.
So I went back and went for option (1), typing in my backup email address. Same thing happened. Because Google "couldn't recognize the device I was using", I was not allowed to sign in to an account I obviously controlled without providing a phone number with absolutely zero authentication value.
I did find a workaround. If you attempt to sign in to an account afflicted in this way in an incognito browser window, Google will, for the moment, allow it.
"Don't be evil" is long gone.
Requiring cell phone numbers isn't about anti-spam or 2FA or anything else these services and sites claim.
It's about linking your account to a real person identity, so they can sell that to someone - either live, or later when they get bought out (privacy policies almost always have a clause that allows them to just fork over all your info to whoever buys the company.) "Where was phone number 111-555-1212 at any point in time" is really valuable these days.
SMS for 2FA is less secure because cellular accounts are almost trivial to take over. Carriers never intended for their accounts to become so important to security. These days you can get a second password added to prevent shipping out a new SIM or transferring the account, but that's bypassable by a cellular store on the corner, and poorly implemented (my carrier just adds it as a CUSTOMER VISIBLE AND EDITABLE comment on my profile. WTF?)
If you get someone's unlocked cell phone or a SIM card, you can get access to their email account, their bank and credit cards...damn near everything. How fast can you lock and wipe your phone if it was ripped out of your hands while you were using it in a public place?
Oh it’s even worse than that. I have a land line that I use exclusively for when I’m forced to give a phone number (and also for faxing doctors and lawyers which is apparently still a thing). Many internet forms reject it because it can’t accept text messages. Yeah, that’s the fucking point. I don’t want text messages from your shitty service. It’s still a legitimate phone number you can call. Don’t ask for a phone number if you won’t actually accept a valid phone number! FFS!
And often I'll run into problems with silently failed messages because they don't accept the number.
I’ve never ‘needed’ a credit score unless I was requesting a line of credit. I’m which case a credit score is better than the alternative where I need to personally know someone that the lender already trusts and trusts their ability to trust other people.
You don’t ‘need’ a credit score but if you want a line of credit then it’s good to have. Otherwise you get the products that they offer to high risk individuals which costs a pretty penny.
Just in case you are not aware, you can receive verification SMS on your laptop as well! On Windows 10 there is a built-in app simply called "Messaging" which shows you all the SMS received on that number. I'm sure something different exists for other OSes.
This is what I do when asked for a verification number and there is absolutely no way around it, I just put the phone number of my laptop's SIM card, that way I don't have to worry too much about spam too because I will never use that number in a real phone.
I've had a Google Voice number for so long it's the only voice number I have these days. I can't say it's a recent experience that it doesn't work with certain things though it has been a recent experience the things are aware it doesn't work and will alert you. Overall though I've yet to run into anything I couldn't use an alternative method for authentication be it luck (e.g. got into Discord before they required phone numbers) or email or calls being a thing (and working when text doesn't).
Ironically the biggest PITA I had was when I decided to migrate my primary cell number to Google Voice it was my fallback contact number. Thankfully I only ran into that as an issue once and was able to get back in to set up Google Authenticator (which was also new and hip at the time).
Personally I think that giving server admins the ability to require phone verification is a good thing. It's not mandatory and it's only used if the server admin enables it. I don't think it's fair to blame Discord when it's a choice made by the server admin, plus a forum could have the same requirement.
My problem is that they don't have an alternative, and there is no way for channel admins that turn on that feature to know how many people can't get in because of their choice.
They should either have an alternative way to verify oneself, or a way for the channel admin to allow you in without the verification, or both.
Personally I just wish Discord wouldnt rate limit bans if they’re not going to make a true effort to catch these bot farms. Gee I wonder how likely it is that three thousand accounts will decide to join the same exact server at the exact same minute? Having modded a decent (tens of thousands) sized Guild I gotta say people pop in every few minutes or seconds. Unless something big and relevant to your server happens that draws more traffic, but even then never thousands in seconds.
Cool, except whoever or whatever is deciding what is and isn't VOIP is not doing a good job at making that determination. A few years back I ported my old cell phone number to a VOIP provider. I now have a new phone number on a different carrier. $OldPhoneNumber is apparently not a VOIP number and $NewPhoneNumber is. So I had to use the $OldPhoneNumber on a VOIP provider to verify my account because $NewPhoneNumber with a carrier wasn't acceptable.
But hey, it's their closed platform and they can use whatever means of keeping people off of it that they want. I don't really care for it anymore.
That's not true at all. At any point your account can be flagged by their internal system and on your next login you will be forced to add a phone number "for security purposes". It happens to people all the time, but in particular, though not limited, to TOR and VPN users. So, yea, sure Discord's not at fault in the situation where a server admin turns on the phone number requirement, but they are definitely to blame when they force users, some who prefer to remain anonymous, to either give up personal information or lose their account forever (support will not help you).
Not sure if this can still happen if you've got 2FA turned on, but seeing as I see it mentioned more often from tech literate people (e.g. on here) who are more inclined to setup 2FA I doubt it makes a difference.
VoIP number bans don't accomplish much because there are lots of services that sell real-sim-backed numbers and nowadays there's even eSIMs.
Not just that. Why do you need to share such private information for every service out there? It's pure madness. It is, and will be used for tracking you online everywhere.
Customer care typically replies by having me first prove that the number is real (by showing a phone bill for getting an verification OTP, think of the irony) and then goes silent because they can’t work around their (human) robot way of thinking when something is unaccounted for in the handbook. (Already shifted a significant portion of my regular spend on groceries to a different provider, but they don’t seem to care)
It’s very frustrating because there are other ways to prove my identity (government even provides a digital Id / signature app) and contacting me.
Services should work with the minimal needed set of properties from the user, discord and slack are very annoying , there’s no need for all this hassle for a small question. I would spend the extra time looking for an alternative product where I can than signing up.
What happened to people caring where users drop off in the funnel?
Losing a user or customer once you’ve spent all that time, effort or money acquiring them by having barriers that don’t have any benefit is just silly.
I support a FOSS project via Slack, and information sparse requests are sadly the norm, I found that 95% of my responses are "Can you please provide more logs/configuration/actual description of what you were expecting, and what happened instead".
For me there is also c) I can browse the content that is already there without signing up. Not going to join your Discord "server" when I don't even know anything about your community.
"Hey, I have a problem, can someone help?"
No actual information follows, just minutes idle, waiting for someone to respond.
Slack is like a bird's nest. Baby birds chirp loudly, open up their mouths, and hope you'll regurgitate some worms into them.
I can only guess why Discord wants to do this (fighting scam bots?), but for example for Tinder this is a very effective way of preventing abuse on the huge early discovery boost after signup or long inactivity.
But we're here now, and as much as I might fantasize I can't make myself believe that anyone would willingly accept a significant regression on the convenience front. The only way out that I see is to reconstitute sovereignty in a modern form.
We need "something" and I think we're getting close. Web3, dapps, and cryptocurrency are all aiming in that direction, and even if some instances are a miss I think we'll hit it eventually.
I also help with running a community server which doesn't have the phone number requirement enabled either. It's also not required for partnered servers as far as I'm aware.
You can even get around the email requirement if you just add a bot that gives every new user a role, since any role will automatically verify you as mentioned here.
[1] https://support.discord.com/hc/en-us/articles/360047132851-E...
It won't get better if we keep caving.
I cancel it then it comes back next time
I'm in my 30s...
(I use the Cookie AutoDelete extension to automatically delete cookies.)
Deleted Comment
It's possible to use a VoIP number. Happy to share how if you can prove to me that you don't work for them.
Note: no affiliation, just a satisfied user. Also, not free.
Anyways, I've been using https://www.numberbarn.com/ for SMS-based 2FA for a few years. Works great for stupid services that demand a US phone number (I'm an American who lives abroad, grrr) and don't have time-based one-time passwords.
Deleted Comment
Deleted Comment
If it's a company, please have the forum integrated into your software.
I seriously do not want yet another login unless there is a good reason. It's ridiculous. I have nearly 700 logins in my password manager and I'd say probably 500 of those items are websites I've registered once to ask a question (quite often questions that go unanswered). Half of these forums do not even provide the capability to removing my account without contacting the admins, which is just an unnecessary hassle.
Counterpoint. Other companies absolutely suck at making forum software. It's because it's not their core business, so why would they put more than token effort into it?
Edit: upon re-read this seems to be exactly what you are suggesting, so please disregard my reply. The solution here is a forum set up with robust and plentiful SSO solutions, so existing authentication providers can be used.
At least if using github for code, enable an option to login with github in the forum software?
Should Reddit decide to take itself private, or make ethically questionable decisions, etc., you are locked in due to the networking effect.
I downloaded all my messages with some script, but that doesn't seem complete either since there are messages missing I'm *sure* I posted on Reddit. It's also not very convenient.
Why do I want to find my own posts? Sometimes I write something at length explaining X, and then a few weeks, months, or even years later someone asks about X again and I want to link my previous detailed post.
The whole process is opaque too, it feels distinctly like "we have arbitrarily bestowed upon you the privilege of operating subreddits... for now".
I like the reddit format so I've tried this option myself.
GitHub just has critical mass. Everyone has an account. UI is not bad. Just use it.
I wrote this a year ago as my employer was starting up their forum[0]. While we have since added slack, the forum is the main support mechanism for our community (people who pay us money get support tickets).
I still stand by that choice for:
I can't recall the exact numbers, but something like 5-10% of our overall traffic is to the forum.0: https://fusionauth.io/community/forum/
When it launches, I'd love to interview you for a community story like https://fusionauth.io/blog/2020/11/18/reconinfosec-fusionaut... if you'd be game. My email is in my profile.
To be clear, I really and truly don't fault them for this: Slack's always been clear that their focus is on business communication, which is a totally different animal when it comes to moderation needs. Discord is nearly infinitely better in the sense that they have any tooling at all, but it's still considerably far behind the resources I've got when moderating a large Discourse instance.
I have no professional reason to communicate with this team, why should my day be interrupted with their whooping and macho sales competitiveness.
Channels and channel discipline are the key to keeping Slack manageable. Have lots of channels with specific purposes and people can choose what they care about and ignore the rest.
Could you expand on this a bit?
A lot of this thread seems to be coming down to opinions. Are there specific moderation features that Discord lacks?
On a forum, the chance of your question being totally ignored is much, much higher. Some do have some staffs that seem to be obligated to reply, and they will just.. copy and paste some templates.
On Discord, even the devs and staffs are not always there to answer questions, there are often enough other users that can help you, and they are willing to discuss with you if details are not clear (as soon as you're polite). Even though they don't always solve the problem, you can tell someone actually looked into it. And all these happen in real-time, without at best half day delay between each exchange (it helps that Discord is hella popular so lots of people are online all the time, and the chance to notice your message on a server they're in is much higher. Can't say the same for any random forum.)
I still prefer GitHub issues, but after that, Discord. Forums (or the communities it normally forms) really don't cut it.
Traditional thread-based forums are great for archival but also seem to encourage a full-sized post, which is a conversational barrier by itself and also limits the potential engagement by reducing the number of people willing to reply. It doesn't seem to me that the discouragement of short posts is inherent to forums though, for example traditional South Korean forums had been traditionally evolved from BBS and had a strong dichitomy between posts and comments, so short comments and quick reactions were norms (longer replies are typically posted separately in a post). GitHub issues seem to be somewhere between those different models.
Whenever I have to go find a forum for a product I'm using that doesn't have a discord, I have to twiddle my thumbs for a day before maybe getting asked a clarifying question.
Sure, there's a "static knowledge base" but in my experience, most search features suck for figuring out if something has already been asked before, but at least discord doesn't make you feel dumb for not having found the old relevant thing already. Plus, it's a lot harder than it used to be when I was active on jcink boards to actually trawl all the new content (a problem for me because I write the community newsletter every week — consistently the one thing I don't actually read all of is the forum. I'm able to keep up with everything else, including twitter).
I understand the value of threading, but don't underestimate the value of linear, chronological thought, either. As a moderator, there's a lot of emotional relief in being able to be sure that I saw everything, and didn't miss a new comment in a thread I stopped reading a week ago.
We're using discourse internally for this (in conjunction with matrix) and it's allowed us to have discussions I don't think we would have otherwise had.
I have used this to great effect in my teams.
Prior to Slack I spent many years as an OSS maintainer. I also participated in a Slack channel that discussed my OSS tool's general problem space. That Slack workspace was on the free plan, so messages older than 6 months were memory-holed.
In practice that wasn't too big of an issue. Most developers understood that GitHub was the place for concrete actionable things and long-term discussions, whereas Slack was the place to build relationships and address burning questions quickly. Most developers understood this distinction, though occasionally some would have to be steered towards GitHub when discussing potential bugs that benefitted a proper write-up.
I also worked at a large company that paid for Slack, and it was much more of a long-term memory resource. But as always, whenever I found myself repeatedly searching in the message history for a particular piece of information it always made sense to put it somewhere more defined — in a readme or some other sort of document.
At Slack we have the same basic breakdown — Slack (the software) provides a really useful context for why certain decisions were made, and in a pinch the search feature is great for finding particular nuggets of information, but that doesn't stop us using Quip, GitHub and Jira for tracking longer-lived information.
I can't tell you how many times I've Googled an obscure error message and the only two results were the source code where the error came from and that self-hosted, open-source Slack alternative that Google can index. At that point, I already went to check the source code, and when I click the chatroom where the message is supposed to be, I reach some kind of archived page that's clearly at completely the wrong place in the chatroom history with no way to find what I was actually looking for.
At least the open source clone is searchable, so many troubleshooting could've been avoided if people had used forums rather than Slack/Discord/Mattermost for "support forums".