this post was submitted on 28 May 2024
119 points (100.0% liked)

effort

7420 readers
13 users here now

Welcome to c/effort, the home of effort posts! This is a space where you can write on an topic, as long as it reflects real time and effort to put together.

Rules

Posts are text-only. No images or videos.

2.While the topic can be on anything, posts still require “effort”. While there isn’t a minimum word limit or anything, generally this means it’s longer than most other posts and there’s also that the expectation that your posts required real effort to write up.

“Master” posts that have a lot of links are welcomed.

No copypastas

founded 3 years ago
MODERATORS
 

TL;DR Discord loves to present itself as a company run by a few gamers just like you. The service aggressively advertises itself as "for gamers" with the hope that this "reputation" alone will propel Discord to the top. This has worked really well. The Discord team has refused, however, on multiple occasions to take certain steps to protect their userbase, described in more detail above such as adoption of E2E encryption or going open source. Instead, the Discord team states clearly in their privacy policy that they will gladly hoard a plethora of data about their users indefinitely, loosely claiming to only delete it when its no longer needed. The data they collect and store includes (but is not limited to) full chat logs, all chat media, a list of who you chat with, email address, IP address, device ID, behavioral analysis, activity tracking on the service, pulling info from social media accounts you link, and much more as stated above and in their Privacy Policy. Discord shares this same data with all of its partners, affiliates, agents, and "Related Companies" while lazily instructing you to check their privacy policy to find out what happened to your information, as its no longer any concern to Discord. In addition, Discord goes further to say "Developers using our SDK or API will have access to their end users’ information, including message content, message metadata, and voice metadata". Their very vague "information" wording allows Discord to send whatever they please while, of course, leaving it up to you to go check their privacy policy and figure out just where and to who Discord sloppily throws your data around. Discord continues to show little to no progress or effort in considering open source code, strong end-to-end encryption adoption, or even something as simple as allowing the deletion of an old account. It is important to note that while Discord allows the "deactivation" of an account, their support team will happily inform you that they do not delete your data and your account cannot be deleted. This data is again stored for an indefinite period of time.

Discord is proprietary spyware. Using it means endorsing and legitimizing it.

Discord relies on its reputation to lure its victims. Despite just starting out as a way for freeze-gamer to mingle in chatrooms and VoIP rooms, Discord has now expanded to any sort of purpose, even extending to schools where students will use Discord for clubs as well as online projects where communication is done over the platform.

The reliance on Discord is dangerous. Any thing you type or do in this program is recorded for the highest bidder (that be your government or private data brokers). The interface and UX is designed to keep you in the app for as long as possible.

There's no way to "smartly" or "responsibly" use Discord. One way or another, Discord will extract value from you. It's not just about you, but about everyone who uses the platform.

Solutions

There are no "alternatives" to Discord. I'm not going to try to fool you by saying there's a magic bullet to defeat Discord's presence in western society (other than socialism and gamer-gulag). But that doesn't mean there aren't ways to help.

  • Matrix: A decentralized messaging protocol. It supports video conferencing on its main instance as well as support for the Discord "Server" functionality. Easiest solution for a drop-in replacement.

  • IRC: The one that came before Discord, community networks can be used if you need to communicate and is just as secure as Discord (public chat rooms with zero end-to-end encryption besides TLS)

  • GNU Jami: If there was a magic bullet, this would be it. Completely decentralized, peer-to-peer messaging network that is device based. It is a GNU package, possibly the most guarantee for freedom you can get in this world. The team is small, but if you need somewhere to host your leftist activities that will require more than a court order (or a simple bribe) to de-anonymize by state and non-state (those funded by other states) actors then this is it.

Conclusion

This is a post for self crit. If the service is free of charge, then you're the product. Any leftist should take steps to eliminate their dependency on Discord and proprietary messaging programs. Also any leftist should spread this message and inform others about the risks of using proprietary software.

We should also take Discord as a lesson in how to identify the dangers of proprietary programs and why it could make us vulnerable to abuse (which as we know in a capitalist society, is coming one way or the other). Discord isn't the lone offender, but an example of how nonfree software will always pose a threat to a free and democratic society and only benefits the bourgeoisie.

Let this be the last thing I have to say about this accursed program

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 5 months ago* (last edited 5 months ago)

nice!

As someone who is a computer person but not specifically a cryptographer and obviously with limited time on my hands, I never know what to trust. Everything has flaws. Signal is very very centralized and some speculate about it being a US intelligence honeypot, Matrix is still somewhat centralized and gives homeserver operators perhaps too much power, and I worry that the protocol is so complicated that nobody outside the people creating it really would know if it was backdoored or flawed, the list goes on

Now that I'm reading up, there are some flaws/controversies about tox too, seen on the wikipedia page and playing out in the github issues. https://en.wikipedia.org/wiki/Tox_(protocol)

But I still like that it exists, given that it is fully decentralized unlike most alternatives. I actually appreciate that the maintainers didn't just take the entire project down and label it insecure like the more annoying guy in the github issue wanted, even if they could probably do more to inform users of the flaw

(basically the flaw is, if your keys are compromised, someone who controlled your network connection could potentially impersonate your contacts to you and show up as legitimate/authenticated in the app. IMO its the kind of thing cryptographers shit their pants over, and potentially very scary yes, but not really in the threat model for most users at all. If someone's compromised your device to that level its already fuckin way past game over, they own you, you're not realistically gonna notice their tampering, they're not going to go to the effort of MITM'ing you when they can just put a virus on your device or a million other things)