Discord? Discard!
2022-1-28 00:0:0 Author: k4yt3x.com(查看原文) 阅读量:6 收藏

Discord? Discard!

Why using Discord as a regular communication tool is a horrible idea.

UNLISTED POST; DO NOT SHARE

title
Image by K4YT3X, adapted from Alexander Shatov; Unsplash License

Discord: THE Voice Chat Platform for Gamers

Online multiplayer games often feature voice chat functionalities within the game so players can chat with each other during the game. For example, Rainbow Six Siege, a popular online FPS (first-person shooting) game, integrates TeamSpeak, a third-party VoIP (voice over internet protocol) solution, as their in-game voice chat system. These in-game voice chat solutions often have very little features, which lead to the birth of Discord.

gamer
Figure 1: A gamer using Discord for voice chat (ELLA DON; Unsplash License)

Discord’s name shouldn’t be unfamiliar to any video gamers. It is one of the most popular voice chat platforms. Discord allows players to join servers and voice/text channels to communicate with each other during game sessions. It also provides fancy features like noise cancellation with Krisp and automation with Discord bots. The elegantly designed user interface made it popular beyond gamers. Although most of Discord’s users are still gamers (31.3% by 2021, according to a user survey), a lot of non-gamers and organizations also use Discord as their preferred platform for communications. A lot of users use Discord as an instant messaging (IM) app in replacement of traditional IMs like WhatsApp and Signal. However, you’ll see why this might not be a good idea after digging into their privacy policy and terms of service.

Discord, a Data Hoarder

A lot of people have heard about the names of privacy-respecting apps like Signal and Telegram, especially after WhatsApp’s new terms of service change in March 2021. However, not everyone knows exactly how these apps are more private.

One of the most commonly evaluated criteria is how much data the app collects. Thanks to Apple’s new policy, all apps published on AppStore must now display the categories of data this app collects. We can do a simple comparison between Discord and Signal to see the differences. Discord’s AppStore page shows that its mobile app collects the following categories of data:

discord-appstore
Figure 2: AppStore showing the data which Discord collects (source)

We can see that discord is collecting seven categories of data, a lot of which could be private and sensitive. For instance, it collects the photos, videos, and all other contents you send over the platform, which means that none of your conversations on Discord are truly private.

discord-appstore-details
Figure 3: AppStore showing the detailed information about the information Discord collects (source)

In fact, Discord’s privacy policy has reserved it the right to collect almost everything generated from your use of their platform or sent over their platform. Discord could be silently collecting more categories of data unlisted on their AppStore page. Their desktop app might also be silently collecting more types of data than their iOS counterpart. For this reason, you should consider all of the activities you perform and data you share on Discord public. I would personally also consider Discord a semi-spyware.

discord-pp-information-we-collect
Figure 4: Discord’s privacy policy reserving them the right to collect any data generated or transferred over their platform (source)

In contrast, Signal’s iOS app collects almost nothing. The only piece of information Signal collects is your phone number, which is required for the app to function since your phone number is your account ID. From this comparison, it is not all too difficult to see how Discord is not very respectful of its users’ privacy: it collects too much private information about you.

signal-appstore-details
Figure 5: AppStore showing the data which Signal collects (source)

Discord claims that they don’t sell the users’ data, but they legally can. There is no clause in their privacy policy nor terms of service that legally prevents them doing so. Even if they strictly keep it to themselves, data breaches can still happen. Equifax’s massive data breach didn’t happen that long ago.

Discord may also share your data with law enforcements. FBI scraped the chat history of the leader of a protest in Charlottesville named “United The Right” in 2018, and the chat history were found to be admissible evidence in court. Some chat history were also published online by news medias. Discord’s transparency report also shows that they comply with most of the requests they receive from law enforcements:

discord-requests-from-law
Figure 6: Discord’s compliance history with law enforcement requests in H1 2021 (source)

The horror story doesn’t end there. There are more caveats in Discord’s privacy policy and terms of services. In 2018, Discord modified their terms of service and revoked the users’ rights to sue the company or join a class-action lawsuit. The new dispute resolution provision forces users to enter an arbitration with the company and prevents them from going to a court trial, which means no jury will be involved in the process – potentially a huge disadvantage for the user.

discord-arbitration
Figure: 7: A section of Discord’s dispute resolution provision (source)

Furthermore, a class waiver clause prevents the user from entering any class-action lawsuits. Combined with the dispute resolution provision, Discord has forced the users to only be able to enter an arbitration alone with the company should there be a dispute, which put the user at a very uncomfortable position to hold the company accountable for anything that it does.

discord-class-waiver
Figure 8: The class waiver in Discord’s terms of service (source)

There are many more caveats with Discord’s privacy policy and terms of service. It is both time-consuming and difficult for an average user with untrained eyes to pick out all of these legal tricks Discord pulled off in its documents. Luckily, an open-source, volunteer-powered project called ToS;DR could help. Many volunteers, including professional lawyers, translate and summarize the complicate legal languages in different platforms’ terms of service documents into plain English to help average users better understand what they’re up against. You can view their page for Discord to see exactly what else is Discord hiding in their documents:

discord-tosdr
Figure 9: Caveats in Discord’s privacy policy and terms of service listed by ToS;DR

If the reasons above still aren’t enough for you to quit Discord, here are some more. Richard Matthew Stallman has also written a post to discourage people from using Discord. You can also see a more technical analysis here for why Discord is very close to being spyware.

What if I Have to Use It

While Discord might not be the ideal platform for anything private or sensitive, it may still be a compelling or the only option for communications in a lot scenarios. For instance, a conference might entirely be organized on Discord, or the game party that you play with only uses Discord. If you absolutely have to keep using Discord for some reason, here are some tips to minimize Discord’s privacy impact on you:

1. Don’t Send Private/Sensitive Messages

As the previous sections have discussed, Discord isn’t the best place to send private/sensitive messages because Discord can see all your messages and has the power and will to share them to law enforcements. Minimize your conversations and activities on Discord to minimize Discord’s impact on your privacy.

2. Mark Your Chats NSFW

By default, Discord’s explicit content filter reads through all of the messages you send to flag explicit materials NSFW. If you don’t wish this automated service to read all of your chat messages, you can mark your channel NSFW. The explicit content filter will not filter through messages sent in channels labeled NSFW.

3. Use the Web App

Use the web version of Discord in your browser instead of the desktop app. A native desktop application can access a lot of information on your computer, such as what other apps you’re running, how long has your computer been on, and so on. Even if Discord isn’t collecting some information for now, Discord can easily update their app to silently start collecting them in the future. In contrast, modern browsers like Chrome are highly sandboxed so malicious web pages cannot harm your computer. Discord’s web app can access a lot less of your information than its desktop counterpart. Try to run Discord in your browser unless you truly need its desktop-only features.

open-in-browser
Figure 10: Login into Discord on your browser (source)

4. Sandbox the Desktop App

If you have to use Discord’s desktop app – perhaps becuase you need a feature that’s only available in the desktop version, consider putting your Discord in a sandbox like Sandboxie or Firejail. These sandboxes will limit Discord’s access to your computer and minimize its footprint on the system.

5. Tweak Discord’s Privacy Settings

There are several settings you can tweak within Discord’s privacy settings to protect your privacy. By default, Discord scans all of your direct chats for explicit content, which means their bot will read all of your messages. You can disable this feature so the bots don’t read your chats:

safe-direct-messaging
Figure 11: Discord’s safe direct messaging setting

You can also minimize what Discord can use your data for in the settings. It is also a good idea to periodically request your data from Discord to see how much Discord knows about you.

how-we-use-your-data
Figure 12: Discord’s data usage settings

How Using Discord Could Impact Your Digital Identity

Another thing that you should be mindful of is how using Discord could impact your digital identity. Discord is a strongly gamer-flavored platform. Preferring it as your default method of communication might leave the others with the impression that you’re somewhat “unprofessional.” By default, Discord also shows the game that you’re playing or the app that you’re using to other users. The kind of games that you play or apps that you use may also tell the other users things about you.

what-you-are-playing
Figure 13: Discord’s status panel showing what other users are doing

In both Signal and Telegram, you could set self-destruct timers for messages. You can even delete both yours and the other person’s messages in a private chat for both parties. Unlike Signal and Telegram, it is much harder to delete your past messages and conversations in Discord. What you said a long time ago could be easily dug out, so you’ll need to be extra careful about what you say on Discord. They might be used against you someday and ruin your image.

Why Privacy Matters

Almost the entirety of this article is explaining how Discord is undermining your privacy, but a problem I often come across is, “so what?” To answer this question for the viewers that are wondering the same, below are some great resources explaining exactly why privacy is important:

  • Privacy Is a Human Right: This article by Tor Project, the organization that built the famous Tor Browser, started a campaign explaining why privacy matters: because it’s a human right. Tor Project’s argument is simple: privacy is important because it’s declared as a human right in the Universal Declaration of Human Rights in 1948, and that is enough reason for people to respect and protect their and other people’s privacy.
  • The terrifying now of big data and surveillance: A conversation with Jennifer Granick: One of the issues Discord has is the will to aid law enforcements. In this interview with TED, Jennifer Granick, an American attorney, says “if you care about any political issue – whether it’s tax reform or Black Lives Matter – we need to ensure these people can operate freely in the political world.” When platforms like Discord deprives people’s privacy and toss their data carelessly to authorities, it affects much more than an individual’s comfort. The lack of privacy in a society threatens this society’s free will.

Aside from the resources listed above, a slightly older presentation from 2014 by Glenn Greenwald named Why Privacy Matters also does a fantastic job at explaining the importance of privacy.


最后修改于 2022-01-27


文章来源: https://k4yt3x.com/discord-discard/
如有侵权请联系:admin#unsafe.sh