Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hello From No Text To Speech! #73

Open
SandFoxy opened this issue Nov 27, 2023 · 13 comments
Open

Hello From No Text To Speech! #73

SandFoxy opened this issue Nov 27, 2023 · 13 comments

Comments

@SandFoxy
Copy link

No description provided.

@FireDevilX
Copy link

@andro2157 You've been caught! https://www.youtube.com/watch?v=y8crpVOLcpY

@pierrelasse
Copy link

pierrelasse commented Nov 27, 2023
edited
Loading

Dumb vid tbh.

Arguments:

  • Not protecting yourself against yourself
  • Gives you false sense of security
  • Makes you think you are unhackable
  • README can lie and the program can be a virus (not that it's opensource and he can ask someone to check the code)
  • Dev can update it to a virus
  • Grabbers can disable the protector
  • Runs on pc but not automatically running on phone so it's very bad and you should not use
  • Not automatically installing a extension on all of your browsers that blocks malicious websites
  • Is not a perfect antivirus
  • Not protecting your bank account
  • NOT PROTECTING YOUR EMAIL

At the end, no program can protect you from yourself and you should always know what you download and execute.

@NetscapeDreams
Copy link

I completely agree. The arguments made were absolutely ridiculous.

@andro2157
Copy link
Owner

My reply to NTTS :
https://www.youtube.com/watch?v=y8crpVOLcpY&lc=Ugzgwz81u-gtkab34zJ4AaABAg

Hi! DiscordTokenProtector (later refered as "DTP") dev here,

TLDR : DTP protects the TOKEN not the account, nor all your pc. And the bypass has been patched a long time ago.

I just wanted to clarify some points. First of all, the main point of DTP is to protect your Discord token. Not your banking details or other sensitive information on your computer. Therefore, with no surprise, it will indeed only protect you from Discord grabbers. Something that does somewhat well from what you've shown.

This software is opensource, so anyone can check the code, and compile their own versions of it. That's literally why I opensourced this project. And even if I were to push something malicious, it would be obvious in the diffs of the release. And there's no auto update, so it's won't infect every computer that downloaded DTP.

About the "bypass", it has been patched for over a year now. I have seen many grabbers (even recent ones) that use this "bypass". Firstly, the bypass only works if you give admin permissions (with UAC) to the grabber - and if you do so, you've got much more stuff to worry about than just your Discord token as you stated. And second of all, even if you give admin perms, all it does is to remove DTP, and the grabber is NOT able to decrypt the token that is securely stored.

The goal for the end user is that they can be protected from one vector of attack that is commonly used by grabbers. Yes, there are other ways (QR code phishing, RATs with full control of the PC, ...), but DTP's point is not to protect your Discord account, only your Discord TOKEN that is stored on your computer.

@NoPlagiarism
Copy link

Maybe close this issue to give more priority to #74? (It's just has normal issue name, description and link)

Also, maybe temporarily pin #74, so if ppl wanna talk about NTTS, they talk in one place instead of creating new issues

@32bitx64bit
Copy link

Dumb vid tbh.

Arguments:

* Not protecting yourself against yourself

* Gives you false sense of security

* Makes you think you are unhackable

* README can lie and the program can be a virus (not that it's opensource and he can ask someone to check the code)

* Dev can update it to a virus

* Grabbers can disable the protector

* Runs on pc but not automaticly running on phone so it's very bad and you should not use

* Not automaticly installing a extension on all of your browsers that blocks malicious websites

* Is not a perfect antivirus

* Not protecting your bank account

* NOT PROTECTING YOUR EMAIL

At the end, no program can protect you from yourself and you should always know what you download and execute.

I completely agree, NTTS usually doesn't do the best job of reviewing crap, which is why I don't bother watching him anymore. Especially after this video. The points he brought up where so stupid.

@Serpensin
Copy link

But he is right, that the protector can be bypassed very easily.

@NoPlagiarism
Copy link

@Serpensin pls, read andro's message again. If you have UAC fully-fully disabled or if you stupidly give any program admin rights. Maybe you shouldn't care about your Discord client, cuz no one wanna update virus to bypass low-popular tool. But you should be aware of all other data on PC

@Serpensin
Copy link

I've read that.

@NoPlagiarism
Copy link

Then read goodpractice.md. https://github.com/andro2157/DiscordTokenProtector/blob/master/goodpractice.md

And if you don't need it, then you don't need it. It's easy as that

@pierrelasse
Copy link

pierrelasse commented May 15, 2024
edited
Loading

Just not get token logged in the first place...

@Serpensin
Copy link

Serpensin commented May 15, 2024 via email

@pierrelasse
Copy link

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@andro2157 @NoPlagiarism @Serpensin @pierrelasse @32bitx64bit @FireDevilX @SandFoxy @NetscapeDreams