Discord? Discard!
Why using Discord as a regular communication tool is a horrible idea.
UNLISTED POST; DO NOT SHARE
Image by K4YT3X, adapted from Alexander Shatov; Unsplash License
Online multiplayer games often feature voice chat functionalities within the game so players can chat with each other during the game. For example, Rainbow Six Siege, a popular online FPS (first-person shooting) game, integrates TeamSpeak, a third-party VoIP (voice over internet protocol) solution, as their in-game voice chat system. These in-game voice chat solutions often have very little features, which lead to the birth of Discord.
Figure 1: A gamer using Discord for voice chat (ELLA DON; Unsplash License)
Discord’s name shouldn’t be unfamiliar to any video gamers. It is one of the most popular voice chat platforms. Discord allows players to join servers and voice/text channels to communicate with each other during game sessions. It also provides fancy features like noise cancellation with Krisp and automation with Discord bots. The elegantly designed user interface made it popular beyond gamers. Although most of Discord’s users are still gamers (31.3% by 2021, according to a user survey), a lot of non-gamers and organizations also use Discord as their preferred platform for communications. A lot of users use Discord as an instant messaging (IM) app in replacement of traditional IMs like WhatsApp and Signal. However, you’ll see why this might not be a good idea after digging into their privacy policy and terms of service.
A lot of people have heard about the names of privacy-respecting apps like Signal and Telegram, especially after WhatsApp’s new terms of service change in March 2021. However, not everyone knows exactly how these apps are more private.
One of the most commonly evaluated criteria is how much data the app collects. Thanks to Apple’s new policy, all apps published on AppStore must now display the categories of data this app collects. We can do a simple comparison between Discord and Signal to see the differences. Discord’s AppStore page shows that its mobile app collects the following categories of data:
Figure 2: AppStore showing the data which Discord collects (source)
We can see that discord is collecting seven categories of data, a lot of which could be private and sensitive. For instance, it collects the photos, videos, and all other contents you send over the platform, which means that none of your conversations on Discord are truly private.
Figure 3: AppStore showing the detailed information about the information Discord collects (source)
In fact, Discord’s privacy policy has reserved it the right to collect almost everything generated from your use of their platform or sent over their platform. Discord could be silently collecting more categories of data unlisted on their AppStore page. Their desktop app might also be silently collecting more types of data than their iOS counterpart. For this reason, you should consider all of the activities you perform and data you share on Discord public. I would personally also consider Discord a semi-spyware.
Figure 4: Discord’s privacy policy reserving them the right to collect any data generated or transferred over their platform (source)
In contrast, Signal’s iOS app collects almost nothing. The only piece of information Signal collects is your phone number, which is required for the app to function since your phone number is your account ID. From this comparison, it is not all too difficult to see how Discord is not very respectful of its users’ privacy: it collects too much private information about you.
Figure 5: AppStore showing the data which Signal collects (source)
Discord claims that they don’t sell the users’ data, but they legally can. There is no clause in their privacy policy nor terms of service that legally prevents them doing so. Even if they strictly keep it to themselves, data breaches can still happen. Equifax’s massive data breach didn’t happen that long ago.
Discord may also share your data with law enforcements. FBI scraped the chat history of the leader of a protest in Charlottesville named “United The Right” in 2018, and the chat history were found to be admissible evidence in court. Some chat history were also published online by news medias. Discord’s transparency report also shows that they comply with most of the requests they receive from law enforcements:
Figure 6: Discord’s compliance history with law enforcement requests in H1 2021 (source)
The horror story doesn’t end there. There are more caveats in Discord’s privacy policy and terms of services. In 2018, Discord modified their terms of service and revoked the users’ rights to sue the company or join a class-action lawsuit. The new dispute resolution provision forces users to enter an arbitration with the company and prevents them from going to a court trial, which means no jury will be involved in the process – potentially a huge disadvantage for the user.
Figure: 7: A section of Discord’s dispute resolution provision (source)
Furthermore, a class waiver clause prevents the user from entering any class-action lawsuits. Combined with the dispute resolution provision, Discord has forced the users to only be able to enter an arbitration alone with the company should there be a dispute, which put the user at a very uncomfortable position to hold the company accountable for anything that it does.
Figure 8: The class waiver in Discord’s terms of service (source)
There are many more caveats with Discord’s privacy policy and terms of service. It is both time-consuming and difficult for an average user with untrained eyes to pick out all of these legal tricks Discord pulled off in its documents. Luckily, an open-source, volunteer-powered project called ToS;DR could help. Many volunteers, including professional lawyers, translate and summarize the complicate legal languages in different platforms’ terms of service documents into plain English to help average users better understand what they’re up against. You can view their page for Discord to see exactly what else is Discord hiding in their documents:
Figure 9: Caveats in Discord’s privacy policy and terms of service listed by ToS;DR
If the reasons above still aren’t enough for you to quit Discord, here are some more. Richard Matthew Stallman has also written a post to discourage people from using Discord. You can also see a more technical analysis here for why Discord is very close to being spyware.
While Discord might not be the ideal platform for anything private or sensitive, it may still be a compelling or the only option for communications in a lot scenarios. For instance, a conference might entirely be organized on Discord, or the game party that you play with only uses Discord. If you absolutely have to keep using Discord for some reason, here are some tips to minimize Discord’s privacy impact on you:
As the previous sections have discussed, Discord isn’t the best place to send private/sensitive messages because Discord can see all your messages and has the power and will to share them to law enforcements. Minimize your conversations and activities on Discord to minimize Discord’s impact on your privacy.
By default, Discord’s explicit content filter reads through all of the messages you send to flag explicit materials NSFW. If you don’t wish this automated service to read all of your chat messages, you can mark your channel NSFW. The explicit content filter will not filter through messages sent in channels labeled NSFW.
Use the web version of Discord in your browser instead of the desktop app. A native desktop application can access a lot of information on your computer, such as what other apps you’re running, how long has your computer been on, and so on. Even if Discord isn’t collecting some information for now, Discord can easily update their app to silently start collecting them in the future. In contrast, modern browsers like Chrome are highly sandboxed so malicious web pages cannot harm your computer. Discord’s web app can access a lot less of your information than its desktop counterpart. Try to run Discord in your browser unless you truly need its desktop-only features.
Figure 10: Login into Discord on your browser (source)
If you have to use Discord’s desktop app – perhaps becuase you need a feature that’s only available in the desktop version, consider putting your Discord in a sandbox like Sandboxie or Firejail. These sandboxes will limit Discord’s access to your computer and minimize its footprint on the system.
There are several settings you can tweak within Discord’s privacy settings to protect your privacy. By default, Discord scans all of your direct chats for explicit content, which means their bot will read all of your messages. You can disable this feature so the bots don’t read your chats:
Figure 11: Discord’s safe direct messaging setting
You can also minimize what Discord can use your data for in the settings. It is also a good idea to periodically request your data from Discord to see how much Discord knows about you.
Figure 12: Discord’s data usage settings
Another thing that you should be mindful of is how using Discord could impact your digital identity. Discord is a strongly gamer-flavored platform. Preferring it as your default method of communication might leave the others with the impression that you’re somewhat “unprofessional.” By default, Discord also shows the game that you’re playing or the app that you’re using to other users. The kind of games that you play or apps that you use may also tell the other users things about you.
Figure 13: Discord’s status panel showing what other users are doing
In both Signal and Telegram, you could set self-destruct timers for messages. You can even delete both yours and the other person’s messages in a private chat for both parties. Unlike Signal and Telegram, it is much harder to delete your past messages and conversations in Discord. What you said a long time ago could be easily dug out, so you’ll need to be extra careful about what you say on Discord. They might be used against you someday and ruin your image.
Almost the entirety of this article is explaining how Discord is undermining your privacy, but a problem I often come across is, “so what?” To answer this question for the viewers that are wondering the same, below are some great resources explaining exactly why privacy is important:
Aside from the resources listed above, a slightly older presentation from 2014 by Glenn Greenwald named Why Privacy Matters also does a fantastic job at explaining the importance of privacy.
最后修改于 2022-01-27