Thankfully I never used this website exactly because I feared this.
There was a link to join a discord server via Discord.io that showed as a top Google result.
I clicked it not even aware it was 3rd party. Thankfully OAuth gave me the friendly confirmation page saying "You are about to connect with this third party service and grant full access to your account."
I said WTF? NO
Shame on the Discord legal team and their executive team for completely lacking diligence on this.
If Discord was allowing this website to run for so long using this brand, don't they risk losing the trademark because of the dilution due to non-enforcement ?
> The circumstances under which a company could actually lose a trademark—such as abandonment and genericide—are quite limited. Genericide occurs when a trademark becomes the standard term for a type of good (‘zipper’ and ‘escalator’ being two famous examples). This is very rare and would not be a problem for Canonical unless people start saying “Ubuntu” simply to mean “operating system.” Courts also set a very high bar to show abandonment (usually years of total non-use). Importantly, failure to enforce a mark against every potential infringer does not show abandonment.
Yes. Trademark law says the use of a trademark as a trademark is an issue. Using the discord logo to link to a discord channel is fine. Allowing a site to be named Discord with a different TLD is using a trademark as a trademark and that can have consequences. The whole point of trademark is to distinguish goods/services and by failing to prevent the use of discord.io they kinda dropping the ball here in my opinion.
No, it’s still trademark infringement. Especially since it relates to the same product. It would be different if they were unrelated but this is about as bad as infringement and brand confusion can get. Any competent legal OR marketing team would have sent them a C&D ages ago.
If Discord.io was using OAuth then this would largely be a non-issue as those tokens could be invalidated or revoked, by Discord, trivially. And they wouldn't have any password data, hashed or otherwise.
Granted, I don't use discord.io , so maybe I'm missing something.
> Salted and hashed passwords (mainly concerning users prior to 2018 when Discord.io began exclusively using Discord for logins)
So it sounds like they used to have their own accounts before integrating via Discord OAuth, and some users may be affected by this. Unsure if they didn't delete users' hashed PWs once they migrated to the OAuth flow or something like that.
Based on the screenshot it would seem they do have hashed passwords, specifically it looks like bcrypt hashes with a cost factor of 8. Not sure why the cost would be so low, or indeed why the hashes are available at all.
There was a link to join a discord server via Discord.io that showed as a top Google result.
I clicked it not even aware it was 3rd party. Thankfully OAuth gave me the friendly confirmation page saying "You are about to connect with this third party service and grant full access to your account."
I said WTF? NO
Shame on the Discord legal team and their executive team for completely lacking diligence on this.