30

My local org uses Discord. What should I know about account security / op sec / settings I should immediately change before using it?

all 14 comments
sorted by: hot top controversial new old
[-] Zvyozdochka@hexbear.net 22 points 6 months ago

I know Discord is super convenient and easy to use, but please don't use it for organizing purposes, this is a horrible idea for so many reasons. If you're going to use Discord for this purpose, you may as well just invite the local police officers to your meetings. This goes for Microsoft's Windows as well, but that's a whole different conversation and not in the scope of this post.

Piggybacking on what @hello_hello said, I'd bring Matrix to your organizations attention and lobby for it's adoption. It's free, open-source, decentralized/federated, and end-to-end encrypted (important!) and has everything you'd want like direct messages, group chats, voice & video calls, and plenty more.

If you really must use Discord, make a throw away e-mail that you only use on Discord, do not attach a phone number to your account, pick a username that you've never used on any other platform, don't talk about anything that could be linked back to you, etc. Assume everything you send/do is being looked at, because it is.

[-] CthulhusIntern@hexbear.net 17 points 6 months ago

Opsec: None whatsoever. Use it to shitpost and meme only.

[-] sovietknuckles@hexbear.net 16 points 6 months ago* (last edited 6 months ago)
  • Opt out of the arbitration agreement within 1 month of registering by sending something like this to arbitration-opt-out@discord.com
  • Don't use the official desktop client, which is very bad for privacy. Use ArmCord (unlike other third-party clients like Ripcord, no one has been banned for using ArmCord), which is open source and blocks Discord's trackers.
  • Disable everything in the How we use your data section of the Privacy & Safety settings
  • Disable everything in the Activity Privacy settings so it doesn't scan your computer to detect games that are running
  • Assume everything you put on Discord is public information, data mining companies pay Discord for your data.
[-] Wertheimer@hexbear.net 11 points 6 months ago

Much appreciated. Between what you and @hello_hello@hexbear.net have said it sounds like Discord is a colossal mistake for an org. I wish I had more options locally, but in the meantime I'll keep Discord communication as minimal as possible.

[-] EcoMaowist@hexbear.net 13 points 6 months ago

Discord is horrible. People have already said Matrix. and they're right. Try to get them to switch, and give them the reasons many people here have already listed. As soon as they realize they can be surveilled they should be willing to switch. (Can't discord also ban servers or users at will?)

[-] Wertheimer@hexbear.net 4 points 6 months ago

Yes. I will see what I can do.

[-] hello_hello@hexbear.net 11 points 6 months ago* (last edited 6 months ago)

Ask them if they can switch to Matrix. If they've only been using Discord as free hosting for a chat/video call service then it shouldn't be difficult.

Discord is a horrible platform and I don't trust any leftist org that uses discord for its main communication: zero E2EE (not even in your fucking "private" dms), horrible and juvenile userbase of gamers (most chuds and liberals), poor moderation, predatory user interface and worst of all: forced to use a shitty electron app. You also are required to submit an email address and a phone number to use the service (no telling what other requirements they would impose). Impossible to access via tor or through VPNs.

For video conferencing you can use Jitsi Meet which AFAIK is integrated into the Element client for Matrix. I've not joined orgs because they use shit like Google Docs and Discord for basic tasks.

Case in point a marxist group at my uni uses google forms for signups. Like wtf no I'm not signing up using Google literally just use E2EE email you fucking lib. Maybe a Signal username to the group's main recruiter? Maybe an XMPP username??? There's so many freer ways to do this shit that doesn't require de-anonymizing people.

[-] Zvyozdochka@hexbear.net 10 points 6 months ago

Hell, even the PSL uses Google Forms for initial on boarding where they ask you for things like your full name, phone number, e-mail address, social media handles, and all that jazz. Really big yikes moment, but I understand that hosting an open-source alternative/writing their own solution is a lot of work and they might not have the resources to pull something like that off right now, but still.

[-] Wertheimer@hexbear.net 7 points 6 months ago

You also are required to submit an email address and a phone number to use the service

Goddammit.

[-] someone@hexbear.net 4 points 6 months ago

The last time I used Jitsi Meet was a year or so ago, but I will wholeheartedly second this if it's as good now as it was then.

[-] chickentendrils@hexbear.net 5 points 6 months ago

Jitsi is just using WebRTC I believe, so basically P2P over the web. Call participants will see each others' IP addresses unless any take additional precautions.

[-] Zvyozdochka@hexbear.net 4 points 6 months ago* (last edited 6 months ago)

That's only if a peer-to-peer connection can be made in the first place, which most of the time it can't because of NAT and other things. The Element client even has a checkbox to prevent you from making peer-to-peer connections forcing you to go through your homeserver's TURN server or Matrix's fallback TURN server.

Edit: To clarify the warning under the "Allow fallback call assist server" saying your IP address will be shared, it means it will be shared with matrix.org, not the parties you are calling.

[-] Maoo@hexbear.net 2 points 6 months ago

I'll echo others and say no discord!

Matrix is good though a little complex and unintuitive. I would recommend limiting your online chats in general for opsec reasons and maybe sticking to something simpler like Signal for announcements.

this post was submitted on 08 May 2024
30 points (100.0% liked)

technology

23313 readers
292 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS