I bet most of the people reading this article have already come in contact with a selfbot before. Maybe a friend of yours suddenly posted a massive wall of text within a mere two seconds. Or perhaps some person sent text within a box with a single colored side, as seen below.
A basic embedded message, also called ?embed?
However, for everyone who doesn?t know those exist, allow me to explain.
What is a selfbot?A selfbot is basically a bot inside your own account. It uses your token to post messages as you. It reacts to you and you only.
A token is a small piece of encrypted text. It basically is the key all Discord applications will need to connect to the account the app should run on. That?s why both bot accounts and user accounts have tokens.
Since selfbots have access to the Discord API (Application Programming Interface, a.k.a. the direct link between code and code being able to work on Discord), they can use functions that normally only bots would be able to use, such as the previously mentioned embeds. They can also bypass any restrictions coded only in the client.
What can you do with a selfbot?A selfbot can do everything you can do yourself and a little more. It can, for instance, change your or someone else?s nickname on a server you have the ?Manage Nicknames? permission on. It can also be used as a sort of clipboard that posts a large text when a command is typed. Or automatically change your avatar and playing status.
But it can also do things you as a user can?t. Let?s have a look at the embed. The function to embed text is implemented in the API, likely with the reason that it?s useful for bots posting large texts. This is also due to the fact it can be formatted in a ton of different ways, for instance here.All those possibilities are being loved by a lot of Discord consumers.
But what about Discord itself?Discord tends to have a little trouble with the use of selfbots. It?s in the OAuth policy, but because it?s so often overlooked, Jaytron decided to post about it on the Discord support site, quoting from the policy:
Discord?s API provides a separate type of user account dedicated to automation, called a bot account. Bot accounts can be created through the applications page, and are authenticated using a token (rather than a username and password). Unlike the normal OAuth2 flow, bot accounts have full access to all API routes without using bearer tokens, and can connect to the Real Time Gateway. Automating normal user accounts (generally called ?self-bots?) outside of the OAuth2/bot API is forbidden, and can result in an account termination if found.
This of course is quite hard to get with no further information, so let me make it a bit easier:
Discord has user accounts and bot accounts, from which bot accounts are made for automating responses to certain commands. Unlike the standard user authorization method, OAuth2, bot accounts can fully use the API without having to request access all the time, and can communicate to Discord real-time.Using selfbots is forbidden, and you can be banned for it.
So basically, what Jaytron says is that by using selfbots you can avoid a lot of ratelimits and other detection systems by just bypassing the normal user authorization. This is breaking Discord rules and therefore isn?t allowed.
So, if you ever want to use a selfbot, think about if you really want to give up your social li-, I mean Discord account, for it.