Shown in No Text To Speech's video about discordtokenprotector HOT 5 OPEN

A lot of NTTS' videos are pretty good, but this one pissed me off.. he lowered the reputation greatly of this cool project that someone spent weeks if not months making for free. And for what? Views? Unbelievable...

from discordtokenprotector.

My reply to NTTS :
https://www.youtube.com/watch?v=y8crpVOLcpY&lc=Ugzgwz81u-gtkab34zJ4AaABAg

Hi! DiscordTokenProtector (later refered as "DTP") dev here,

TLDR : DTP protects the TOKEN not the account, nor all your pc. And the bypass has been patched a long time ago.

I just wanted to clarify some points. First of all, the main point of DTP is to protect your Discord token. Not your banking details or other sensitive information on your computer. Therefore, with no surprise, it will indeed only protect you from Discord grabbers. Something that does somewhat well from what you've shown.

This software is opensource, so anyone can check the code, and compile their own versions of it. That's literally why I opensourced this project. And even if I were to push something malicious, it would be obvious in the diffs of the release. And there's no auto update, so it's won't infect every computer that downloaded DTP.

About the "bypass", it has been patched for over a year now. I have seen many grabbers (even recent ones) that use this "bypass". Firstly, the bypass only works if you give admin permissions (with UAC) to the grabber - and if you do so, you've got much more stuff to worry about than just your Discord token as you stated. And second of all, even if you give admin perms, all it does is to remove DTP, and the grabber is NOT able to decrypt the token that is securely stored.

The goal for the end user is that they can be protected from one vector of attack that is commonly used by grabbers. Yes, there are other ways (QR code phishing, RATs with full control of the PC, ...), but DTP's point is not to protect your Discord account, only your Discord TOKEN that is stored on your computer.

from discordtokenprotector.

@andro2157 I totally agree with you. Rarely have I seen such an amazingly stupid excuse by a YouTuber like No Text to Speech to get some content. Someone makes a cool open-source software that does it's job, but then Mister I-know-it-all says "yeah I have no idea what this code does but let's find some reason to bash it."

You've done a very good job building this tool. What NTTS is doing is nothing but pathetic.

from discordtokenprotector.

He does make some valid points, considering the people most likely to use it are either...

1. Those who know what they're doing, can probably read the code, and likely don't need this protection.
2. Idiots who do need this protection, and can't read the code, and will most definitely do something stupid.
3. Users who are actually interested in the malware posted by scammers, and would run said malware in a virtual machine with a discord account installed.

Considering his target audience for that video, I'd say it's probably valid for those users. People who are actually in these forums are not his intended audience, so those points do not apply as much. To be fair to the developer, I doubt that you would implement your own malware, however there's nothing preventing a malicious user from forking it and somehow becoming the dominant search result, thereby scamming your would-be users out of their discord accounts.

Altogether it's an interesting program, and I'm sure you know what you're doing. However while you may feel insulted by NTTS' video, please keep in mind his intended audience for this video is for users who do not know what they're doing on the technical side of Discord, and as such is safer for them to avoid downloading programs from less reputable sources.

I do not mean any offense to anyone here by saying that, it's just that while as programmers we can determine if a GitHub user is trustworthy ourselves, the average discord user who watches NTTS cannot. To make things worse, GitHub itself is a reputable site, but the code and programs that can be downloaded from here are not necessarily safe, So there are no protections that modern browsers offer that might prevent a user from downloading malware off of GitHub by accident.

TL;DR I like the concept of this tool and also like NTTS. The (still relevant parts of the) criticisms are valid in terms of his viewers. I would just take the criticism and understand it's safer for most of his viewers to be cautious rather than a bunch of tools they do not understand to protect themselves.

That's my take I guess. NTTS' video neither left a bad taste, nor made me think less of this project. (I was aware of it before this due to reading some older token grabbing code)

from discordtokenprotector.

@jaypaw549 I completely agree. Though I believe that regular people would find it difficult to navigate github and ultimately give up, I'll give you the benefit of the doubt. A suggested remedy for this problem would be to not pre-compile the exe, and force the user to compile it themselves. I highly doubt a regular person would be able to figure out a compiler, and therefore only people who know what they're doing would be able to use this tool. Would be a bit annoying for the users to have to compile it for every new release, but I think its better than what would otherwise happen.

from discordtokenprotector.