The problem is admins haphazardly adding tons of toy bots to servers with sometimes hundreds or thousands of members, and those bots being a front for storing tons of user data (including eg. user online status, user tag (name#1234) history, a large DB of the users' messages across years). The users in these servers aren't informed of such change and Discord can't trust these developers to say "we don't log messages" without requiring them tie a legal identity to any potential malicious logging.
> Unfortunately, at the same time, there were growing concerns with a user-bot ring that made a website and scraper known as "dis.cool", which farmed user information.
> Most library developers felt the changes were misdirected and targeted the wrong type of bot. The threat model was based on user-bots being bad actors, and not regular bots, while the changes targeted regular bots. We also felt that it was easy to sidestep the restrictions by just having a bot ring, similar to what is now done today with user-bots.
> Discord claimed [the new requirements, including government ID] would help with security and privacy by preventing malicious bots from growing and obtaining sensitive data. The library developers responded that it wouldn't help since malicious bots had to be invited and the crux of malicious bots were, and still are, user-bots.
Seems like a reasonable description of the issue to me, covering everything in that comment.
If you feel it gets lost in the words then I think the proper thing to criticize is the writing style, not the credibility.
(If the term is unclear, "user-bot" means it's a normal user account being used in an automated way.)
