1315
Please don't use Discord for FOSS projects
(drewdevault.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 02 Mar 2024
1315 points (96.0% liked)
Open Source
31358 readers
46 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
Discord collects every message you ever send in cleartext.
So does lemmy, so does matrix if that's what the admin wants to do.
Lemmy is public and my matrix server doesn't.
Yeah, e2ee on activitypub platforms isn't widely implemented yet, but it's likely it will be.
I don't see discord making that jump.
You can even request your entire metadata blob to see for yourself.
That's how joining a server and being able to see history works
That's how discord does it.
Do you want to explain how to do it better?
Well, first, at least encrypt your damn DMs.
Second, allowing access to message history is perfectly doable if the invite process involves the inviter providing the decryption keys to the invitee.
You're actually joking with the "inviter providing the decryption keys to the invitee" part right?
The whole point why people use discord is that it's simple, this is a feature that'd only annoy the average person, and every single extra step is a disaster for user retention (look at any eshop study).
Stuff like this is completely irelevant to discord, the tiny subset of people who actually care will and should use Matrix / other solutions, because that's the people they were made for.
Have you ever had to worry about the encryption keys in chat apps that encrypt messages? No?
That's because the app handles it all. Why would you think I'm suggesting something complicated?
All I'm telling you, is that the technical limitation you claim exists, doesn't.
They are exchanged between the two devices.
Have you tried using Signal on desktop? It doesn't offer history syncing. Cross device for whatsapp for example is also a terrible experience. Unusable for something like Discord.
For a seamless experience Discord would probably have to store the keys themselves, defeating the whole point.
That's because both Signal and WhatsApp don't store the message history anywhere except on your primary device. (plus personal backups) That's why WhatsApp desktop stops working if your phone is off. Because it works by getting your message history, from your phone.
So to get the message history on Signal/WhatsApp in a chat you just joined, someone else already there would have to send you the entire chat history from their primary device. Which might not be on. Or have the battery to spare to stream years of messages to random people coming and going from the chat.
For "a seamless experience" Discord only needs store the message history on their servers, just as they already do, but do so encrypted.
For you to see that history, all that needs to change with how invites work, in that they would come with a decryption key transferred in the same secure way normal messages are. So your client can then access that server-stored chat history and decrypt it.
The difference here isn't that WhatsApp and Signal are encrypted, it's that they fundamentally handle messages differently from discord. Their servers only deliver them. So you can't get the chat history from their servers, because it isn't there.
Yep, guess that'd do it.
You'd still have to handle transferring keys across your devices, every time you login on a new one.
Also, searching would probably not work, at least as well as it does right now, since all messages are indexed on the discord side, which they wouldn't be able to do without seeing them. Everything would have to happen on device, meaning the devide would have to store all messages.
Matrix does all of this. When you log in on a new device, you verify the login on an old device where you are already logged in (or provide the master key, set up when you created your account).
Some clients will indeed cache your entire chat history to provide search. And not all rooms are encrypted, you can disable it for rooms where it's unwarranted.
And as Signal/WhatsApp show, doing all this on device is quite doable. It's just a pain sometimes with the message history not also being stored on an always accessible server, and messaging relying on always going through that one, single, primary device.
"If you have nothing to hide" has never been a valid excuse to compromise on privacy.
Yeah, most of the time you don't actually need it, but if you don't make it the norm, one day you'll wake up and find that the entire concept of encrypted communication was made illegal.
As the UK is actively trying to do. And the first sparks of which have been seen in the EU as well.
And that's before even bringing up that even innocent normal conversation data can be used to profile individuals and mass-influence the democratic voting process with targeted campaigning.
What?
You need a forum, not a fucking discord server.
Again. What?
Discord is a DM platform first, a public space second. And it's way better at being the first, than the second.
Providing support on discord is stupid, it's only semi-public and hides solutions to already solved problems beyond the reach of search engines and real public platforms.
Discord is NOT a public space.
Well yeah. But it sure likes to pretend at being one.
I'm not trying to convince anyone to ditch discord.
You pushed the point that "it doesn't need to be secure because it's all public" which is complete bullshit. Not everything on discord is public.
That its secondary ability to function as a public space has over the years become the standard way to provide a point of communication in a manner that tries to fit the round peg into the square hole, is not an excuse for their privacy policy to be as crappy as it is.
Where is this coming from?
All I did was confirm that discord has zero merit in terms of privacy, in reply to a comment that merely suspected it. And yeah, I personally find it less than suitable as a point of communication for software projects.
But the only big problem I had with you was pushing the "if you have nothing to hide" fallacy in any shape or form.