this post was submitted on 05 Dec 2023
210 points (86.7% liked)

Technology

59392 readers
3274 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Franzia@lemmy.blahaj.zone 23 points 11 months ago (2 children)

Discord is spyware and all of my friends are the laziest most boring people for thinking they should spend their entire social lives on one app.

[–] _number8_@lemmy.world 12 points 11 months ago (3 children)

plus doesn't it just feel awful to use as software? the way lemmy looks and responds to clicks is night and day versus the le epic gamer kid dark mode awful buggy weird PC web view thing discord does where like, if you want to copy and paste you have to use their little tooltip menu which sucks instead of the system one. every time you launch it it forces you to wait 10 minutes for it to download every piddly little update which probably sucks and doesn't matter....

lemmy is buggy and has its flaws as well of course but it's just like...this is a good solid website. good bones. like the old days.

[–] morrowind@lemmy.ml 5 points 11 months ago* (last edited 11 months ago) (1 children)

I don't ever use the desktop version because of these constant updates

[–] Sir_Kevin@lemmy.dbzer0.com 2 points 11 months ago

Same. I use the app on android and a browser on desktop.

[–] Franzia@lemmy.blahaj.zone 3 points 11 months ago

Lemmy feels great. Discord alternatives, some of them feel OK and when I bring up issues with their performance I'm reminded they are open source.

[–] sour@kbin.social 3 points 11 months ago

you can’t use find tool normally

[–] deranger@lemmy.world 11 points 11 months ago (4 children)

I see a few claims of spyware in here. Not that I doubt you, but where can I find out more?

[–] BaldProphet@kbin.social 10 points 11 months ago

I'm not sure it's correct to call Discord spyware, but it certainly has privacy implications. https://nerdbot.com/2023/02/24/using-discord-consider-these-security-and-privacy-factors/

[–] sirfancy@lemmy.world 10 points 11 months ago (1 children)

Anything closed source with a privacy policy is spyware to Lemmy users.

[–] Franzia@lemmy.blahaj.zone 1 points 11 months ago (1 children)

Why do you read Lemmy, while discounting the opinions and perspectives of other people here?

[–] sirfancy@lemmy.world 3 points 11 months ago* (last edited 11 months ago) (1 children)

Because I don't want to live in a bubble? Isn't the whole point of Internet forums to have dissenting opinions? I made that comment to start a discussion or have others reflect on what their perspectives might be, because it really seems like almost all of Lemmy is anti-corporate, pro-hyper-privacy. I'm not pro-corporate by any means, but I really think it's time people reflect and think of reasons why some people may use a platform like Discord, instead of just assuming they are stupid, or otherwise lesser, and like being spied. Because it's just simply hyperbolic and not true. Not everything has to be FOSS, there are use cases for otherwise.

[–] Franzia@lemmy.blahaj.zone 1 points 11 months ago (1 children)

I believe communication should not be a commodity. It should be FOSS. I believe discord is free because it feels like something that provides little to no value, and yet the company has shareholders and must provide value to them. Ridiculous.

[–] sirfancy@lemmy.world 1 points 11 months ago (1 children)

That is a fine perspective, and I'm here to learn about yours. However, that does not make it spyware.

[–] Franzia@lemmy.blahaj.zone 1 points 11 months ago (1 children)

Idk what the bar is for spyware but Ill be specific about my belief: discord is basically the most red flags of any social media and also has the facade of a very private and personal space.

[–] sirfancy@lemmy.world 1 points 11 months ago* (last edited 11 months ago) (1 children)

You were the one that called it spyware. Your opinion is valid, but my opinion was that Lemmy users tend to exaggerate when talking about closed source software. People are so quick to trash on anything not FOSS, then when asked about sources to back claims up, they are mostly anecdotal and not directly related to the additional claims. Case-in-point, someone asked why you called it spyware, and you responded with the first two points referencing a clauses of a privacy policy that is nearly identical to every social media platform in existence today, and the last point referencing security flaws. The security flaws, in the past, were mostly around cookie stealers (which isn't Discord's fault, literally any browser is at risk if you download malware), and some chromium bugs. A lot of the "hacks" that went around were just scare-pastas that were just made up too. So, no, I don't think there are notable, active flaws that are currently being abused by third-parties as you claim, because Discord has a financial interest to keep their platform secure. If there were active holes being exploited and they just sat around and did nothing, it would upset shareholders, which you noted they did have.

So while you are entitled to your opinion, I do challenge you to consider the other sides of the argument, and consider that closed source software users may have good reasons to use such software. Also do consider that some of the points you made are hyperbolic and that you may be moving the goal posts a bit with your claims.

I wish you well, take care.

[–] Franzia@lemmy.blahaj.zone 2 points 11 months ago

Okay, so... I just conceded that I can't define spyware, and you're accusing me of moving the goalposts over it but I think Ive given ground.
I have not ever brought up the privacy policy.

I stand by my point that security flaws are of strategic benefit to the powers that be. We can't assume what shareholders want other than money. Yeah most of the exploits that were publicized were pretty basic and easy to avoid. These exploits are fundamentally discords fault that they were around so long, so easy to employ, etc.

~~Looking into it, I found those malicious scripts on google on the first page... Discord could have issued takedown requests to google and Github. When a company is so large, laziness is malice. Someone said "no, don't fix that."~~ ha that's the scare-pasta you brought up, isn't it? Ah well.

You're asking me to consider that discord is just doing what everyone else is doing and doing what its told by shareholders, who want a perfect and safe platform. You're not asking me to change my mind, but actually make my arguments weaker. To moderate them. No thanks, I find the sharpest point to be more useful than a dull one.

Of course! Hope you're all good, too. Getting on with the replies I'm thinking like... Damn I use discord everyday, I use discord and occasionally talk to people who still use Twitter (X)... Ha. 🤷‍♀️
Will I ever stop using Discord?

[–] Franzia@lemmy.blahaj.zone 8 points 11 months ago (2 children)

So the basics of what I've read is:

  • Discord stores all messages and media. If you delete it, or delete your account, its still there.
  • Discord does not SELL that data. Instead, they hand it over to the ad companies that are the shareholders of Discord.
  • Discord has lots of security flaws that are abused by third parties all the damn time.

I know its different now because Discord has nitro and there are lots if good reasons to subscribe. But Discord ran without all if that subscriber funding and in that time they probably found ways to make money off of what resources they had at the time... Information.

[–] MacNCheezus 2 points 11 months ago (2 children)

Discord stores all messages and media.

I mean, how else do you think they can make it so all your existing chats show up when you log into your account from a different device? Signal stores all your messages and media as well, the difference is they encrypt it on their servers. Discord doesn't.

If you delete it, or delete your account, its still there.

That's more problematic, and there should honestly be a law against that. Come to think of it, doesn't that violate the GRDP? Either they have to treat their EU customers differently when it comes to this, or there's a lawsuit waiting to happen. In the former case, you might be able to force them to delete your data by using a VPN to pretend you're in Europe.

[–] tcely@fosstodon.org 2 points 11 months ago (2 children)

> Signal stores all your messages and media as well, the difference is they encrypt it on their servers.

What evidence do you have to support this claim?

The last time I looked into this, messages and media were only stored encrypted on servers until they were retrieved or expired.

After that, the local device is where things are stored.

@MacNCheezus

[–] MacNCheezus -1 points 11 months ago (2 children)

What evidence do you have to support this claim?

How do they manage to make the same messages appear on multiple devices? I use Signal on my phone and two other computers. Even if one of them is offline, once I go online, it will show the same messages as the other devices, even if I have already seen them on my phone. They sure aren't going to connect to my phone to pull the messages from there.

I do think there is a limit to this feature – when you connect a new device, you will not see any history on there. Only messages you receive after activating the device will show up, so it's possible they just keep track of how many active devices you have, and once a message has been retrieved by all of them, it will be deleted from the server. But that would also mean that if you don't sign out of a device before retiring it, messages COULD potentially stay on their servers forever, unless they delete them after a certain period.

[–] tcely@fosstodon.org 3 points 11 months ago* (last edited 11 months ago) (1 children)

> How do they manage to make the same messages appear on multiple devices?

For a long time, they didn't.

I don't know for sure, but I expect it involves keys that multiple devices share. Any "linked" device would be able to download the encrypted copy and decrypt the message that way. Once any device has done that, it can send a copy to any other devices using the unique keys it knows for that device.

This link describes independent queues for devices: https://support.signal.org/hc/en-us/articles/5532268300186-Disappearing-Messages-with-a-Linked-Device

@MacNCheezus

[–] MacNCheezus 1 points 11 months ago (1 children)

Right, that makes sense, although the article doesn’t go into detail about how the server decides when it’s time to delete a message.

It also doesn’t back up your claim that multiple devices sharing the same account will ever exchange messages amongst each other. Which would be a technical nightmare BTW since they could be located behind firewalls etc. and this still require a central server to coordinate. Might as well keep the middle man in that case and leave the messages on the server until they’ve been retrieved.

My initial point therefore is mostly correct: messages ARE stored on their servers in encrypted form for an unknown length of time, although likely not forever.

[–] tcely@fosstodon.org 1 points 11 months ago

The algorithm for when to delete could be very simple: 1) is expired? or 2) the client confirmed download.

Thinking of it as a shared account is likely wrong. Every device has its own place to check. Exchanging messages doesn't have to mean direct connections. It doesn't mean that for Signal.

The messages temporarily on the server can't be read by the server, that's the important difference. They also are not stored forever. The storage costs would grow forever that way.

@MacNCheezus

[–] tcely@fosstodon.org 1 points 11 months ago

> messages COULD potentially stay on their servers forever, unless they delete them after a certain period.

If you receive a message and no devices are active to retrieve it, then yes it gets deleted from the server and is never decrypted or seen.

This also means the sender never received the delivery confirmation, or the read confirmation for the message.

@MacNCheezus

[–] Franzia@lemmy.blahaj.zone 1 points 11 months ago

If you connect to Discord via VPN they will ask for your phone number haha

[–] Traister101 2 points 11 months ago (1 children)

That's how Reddit works/worked. Probably lemmy too though I haven't looked too close. Deleting your account doesn't necessarily mean the content your account created is taken with it. Things not being deleted with your account is a werid thing to cite for spy ware, lots of stuff works like that and you can delete it, just isn't automatically deleted with your account.

Discord having security flaws does not make it spy ware. There have been some pretty severe security issues but almost every one I've heard of has its roots in a gullible user running some sort of application on their machine or scanning a QR code with the Discord app which makes it extremely clear you are logging into another device... The only one I'm aware of that I found very concerning was iirc a werid video player vulnerability that could yank your token.

I highly doubt Discord is giving advertisers access to the messages on their platform. That sounds insanely illegal and also largly a waste of time cause if they are doing that it doesn't work very well.

[–] Franzia@lemmy.blahaj.zone 1 points 11 months ago

On reddit you can simply use a tampermonkey script to remove your data. On discord, there is no option to delete all your messages. To the extent that there's a discussion worth having about whether Discord is following the GDPR.

Not tackling security issues means discord is okay with third parties exploiting the software to gain info about certain users - which could include hacker groups or government actors targeting single targets.

I dont think discord can give individual messages over, legally, although they are stored unencrypted on Discord's server.

[–] Franzia@lemmy.blahaj.zone 2 points 11 months ago (1 children)

Alright, replies to my initial comment got me motivated to look for the receipts:

https://discord.com/blog/how-discord-stores-billions-of-messages

  • yes discord saves every message forever, to an extent that they are almost certainly breaking GDPR laws.

https://www.reddit.com/r/privacy/comments/rsxeee/you_should_never_use_discord_and_heres_why/

https://meaww.com/discord-who-owns-jason-citron-microsoft-acquisition-company-net-worth-10-b-talks

I heard this argument so long ago that basically Discord doesnt sell data but instead shares it with shareholders, which includes many ad companies, including tencent. They probably give this data to their linked partners like twitch and Microsoft. Discord still isnt profitable and they are a public company, they are expected to exhaust every opportunity to give value to those shareholders.

https://www.fastcompany.com/90157501/how-widely-do-companies-share-user-data-heres-a-chilling-glimpse

https://stallman.org/discord.html

[–] deranger@lemmy.world 2 points 11 months ago

Thanks! I’ll take a look this evening.