this post was submitted on 03 Jun 2024
54 points (95.0% liked)

Privacy

31998 readers
868 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi all,

I haven't used Discord in a while, but it became so that now I have to use it for communication with certain people getting support for some services that I use. What I'm doing currently is:

  • using a separate randomised e-mail address only for the Discord account
  • using a randomly generated username
  • no profile picture
  • tweaking the settings as best I can for privacy

Other than these points, I'm also being wary of talking about anything personal on Discord. Would you add anything so I can be even safer when using Discord?

all 50 comments
sorted by: hot top controversial new old
[–] [email protected] 40 points 5 months ago (1 children)

Always consider what you say on Discord as potentially public, since there is no E2EE.

[–] [email protected] 6 points 5 months ago* (last edited 5 months ago)

Worse, anti-libre software, Discord, bans us from proving it's claims, if it ever claims privacy, security, anything.

[–] [email protected] 28 points 5 months ago* (last edited 5 months ago) (2 children)

getting support for some services that I use

NAME AND SHAME please.

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (2 children)

That could potentially open them up to legal problems. Whether it's technically legal or not, nobody wants the possibility of their livelihood being taken away by court costs just because some idiot who is wrong wants to fight them and lose anyway, because they can afford it and you can't (and often times they know it).

I once paid for access to a stock options trading group, but they only used discord. Their website had no other contact info at all. My discord account got randomly banned (it happened right after I joined an innocent server, but maybe because a bunch of people were joining at once, that triggered it? idk), so I could no longer use the service I was paying for. The service auto-renewed on my credit card and I had no way to contact the people to cancel my account (couldn't even make a new discord account). I had to dispute the charge with my CC company and it took months of back and forth with them because they simply could not understand that I could no longer access the only method of support that they offered.

[–] [email protected] 6 points 5 months ago

It's not illegal to tell people that a company uses discord for support. You're not slandering them if it's the truth.

load more comments (1 replies)
[–] [email protected] 24 points 5 months ago (2 children)

I know interested people don't like to talk about it...but we, the people, should really be moving away from Discord. A bucket of water doesn't fix a burning house, ya know?

[–] [email protected] 7 points 5 months ago (2 children)

Moving away from Discord can mean you need to stop interacting with the community using it. My personal examples are: Tilt5, Makera, Turbo Sliders. In the these cases Discord is also the way to access support for something you've paid for.

Getting thise communities to move into something open (e.g. Matrix) can be a tall order.

[–] [email protected] 3 points 5 months ago

I get your point, but that's exactly what I do. When someone say "just use discord", I drop their product/service/etc. and move on. I'm not saying everyone else should do that, but my life is too short for "support" via Discord

[–] [email protected] 2 points 5 months ago

It's a hostage situation they're doing like any proprietary social network. You want to encourage people to move away from them, but then you need to interact with those same people in order to do that.

[–] [email protected] 2 points 5 months ago (2 children)

Do you game with friends? If so, what do you use instead of discord?

[–] [email protected] 4 points 5 months ago

Yeah, I text and call them

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

An end to end encrypted chat app that supports group chats and calls.

[–] [email protected] 15 points 5 months ago (1 children)

Use vencord, which bundles OpenAsar, which disables the built-in tracking from the app.

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago)

Is Vencord superior to Discord in the web browser?

EDIT: Never mind; it has browser extensions! https://vencord.dev/download/

[–] [email protected] 14 points 5 months ago

Discord works hard not to private

[–] [email protected] 14 points 5 months ago

Discord doesn't have encryption and, according to the terms of service, can read your messages. If you care about privacy, I definitely would not recommend using it for private conversations, especially after recent rumors about adding ads. I think they won't lose the opportunity to use your DMs for it

[–] [email protected] 11 points 5 months ago (1 children)

Don't waste time your life on harm reduction over solving the root, removing Discord completely.

[–] [email protected] 4 points 5 months ago (1 children)

While this may be a good end goal, these comments are really more harmful than anything else. Removing your dependency on some proprietary service can be very far from trivial, or even doable, there is a wide-range of internal or external factors preventing you from ditching it.
For example, part of my work and a bunch of good online friends of mine use Discord, so I keep it around. If you do any social gaming as well, you'll also most likely find it hard to ditch the platform, as it's grown deep roots in the community.

Anyway, it's better to take small steps in the right direction than trying to make a U-turn and fail miserably.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago)

I would invest more into stopping 'friends' encourging me to get abused than micro-optimising the malware infecting me. Not saying don't break it down into steps.

[–] [email protected] 9 points 5 months ago (1 children)

Depends a lot on your threat model, of course, but here's what I do:

  • use a temporary (but recoverable) email
  • use smspool or similar to verify my phone for less than a dollar
  • run Discord in a hardened Firefox profile (hardened browser settings + uBlock)
  • turn everything relevant off in Discord settings just in case
  • don't share PII in conversation
  • use a VPN (or Tor)

Using a hardened browser and not giving them your real phone are likely the most effective steps, everything else is either less relevant or overkill. As I said, depends a lot on your threat model and on your requirements (some things may be unachievable if you're forced to use Discord by your employer, for example).

[–] [email protected] 1 points 5 months ago (1 children)

I've found that being consistent with what you choose to share is the most difficult thing. Conversations can get personal, and as you get closer to those random nicknames there's the constant urge to share mundane stuff about your daily lives like weather, holidays, and such that will all add up.

[–] [email protected] 2 points 5 months ago

Yeah I feel you. It's often hard to be fully alert of what you're sharing all the time. I have slip ups but it's usually fine, I'm only mega careful regarding things that could give away the city/town/village I live in, and where I work. If I ever really want to talk about it, I will use a different (often temporary) alias.

[–] [email protected] 8 points 5 months ago
[–] [email protected] 7 points 5 months ago* (last edited 5 months ago) (1 children)

In that situation, I would also:

  • Only use it through a browser (with fingerprinting protection), never a Discord app.
  • Dedicate a browser installation, or at least a user profile, to Discord.
  • Only use it over a VPN connection dedicated to Discord, or Tor if it's allowed.
  • Have an alternative channel (maybe Matrix?) ready and waiting for contacts who might be willing to switch.
[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

When I tested it, VPN do work after sms verification. Tor nodes, however, resulted in all my test accounts being banned.

[–] [email protected] 7 points 5 months ago (1 children)

You can use it in a browser or opt for WebCord.

Note that any text send to discord currently stays there forever. I don't know when, but you can bet your ass they will be investigated for a violation of the GDPR, which hopefully stops that for good.

[–] [email protected] 6 points 5 months ago

You forgot the VPN.

[–] [email protected] 5 points 5 months ago
[–] [email protected] 5 points 5 months ago (1 children)

If youre just talking to friends directly without joining servers so this might not matter. But discord might require a phone number for verification? Im not sure what triggers it specifically- I dont think its required just for an account though

[–] [email protected] 1 points 5 months ago

It depends on the server. Most servers set it to require an email verified account because of all the bots and spammers, I haven't joined any that required a phone number but might if they support a product and want to link your discord to their orders or something

[–] [email protected] 4 points 5 months ago

What is your threat model?

If your running discord on your computer, you have to assume they know its your computer, your location, and any other PII on your computer.

If you just dont want third parties (other than discord) to know which groups your in, then what you describe is probably fine.

[–] [email protected] 4 points 5 months ago (1 children)

The biggest issue IMO is the random phone-walling. Eventually, all the things you try to do to increase privacy will just cause Discord to force your account into phone verification. This happened to me many times. It's now to the point where I cannot even sign up for discord whatsoever because it immediately transitions from the logged in screen to "something suspicious going on" and forces you to give out a personal mobile number, which I refuse.

[–] [email protected] 3 points 5 months ago (1 children)

Yeah, they have upped their "paranoia" quite a bit in the past couple of years. A while back, I discovered smspool.net while trying to register for Claude (wanted to give it a shot, was disappointed) and was so satisfied by their interface and prices I've used it again in 3 other occasions. There may be other similar services out there, you should give one a try next time Discord prompts you for a number.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

thanks for the recommendation, but unfortunately due to my privacy settings, most cloudflare sites do not work, I just get endless "are you human" prompts that never go away.

Plus any site that uses crimeflare isn't private anyway because they can MITM all your traffic including credit card info etc.

[–] [email protected] 2 points 5 months ago (1 children)

If you're on Tor, that's the very unfortunate reality atm. If you're on a VPN, you may try switching providers or servers inside the same provider. I can recommend Mullvad, which works very well, even if you get some CAPTCHAs.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (1 children)

Neither, it happens because my browser settings make it more difficult for them to fingerprint me which makes it think I'm a bot or something untrustworthy.

[–] [email protected] 0 points 5 months ago

Interesting, my Discord profile is also very hardened, and while it prompts me for confirmation, it's always doable in a moment

[–] [email protected] 3 points 5 months ago

Use any matrix client unstead.

[–] [email protected] 3 points 5 months ago

Use a Foss client that blocks the client tracking aspects, tor to connect, and only post pgp encrypted messages on it?

[–] [email protected] 3 points 5 months ago

I'll give you the most extreme solutions I can think of, and let you decide how much of each you want to enact.

First and foremost: use a secure and privacy friendly OS—Qubes on a burner pc or GrapheneOS on a burner phone—with secure and privacy-friendly networking—use DNS-over-HTTPS, or self-host as much of the infrastructure as you can, consider a VPN, keep the device on an isolated VLAN—use a secure/private web browser like LibreWolf.

General rules of online interaction apply for maintaining privacy within the servers: e.g. don't talk specifics about your location, your age, your physical appearance, your childhood, your employer, etc.

As with most modern apps, the web app is necessarily less intrusive than the installable binary. Use the web app when you can, and limit your usage to only when you can use the web app on a computer and network you own—privacy enforcing habits are more important than all the software stopgaps in the world.

If you absolutely must use a binary, consider breaking Discord's TOS and using a modified front-end: I know some people who use Aliucord for Android, and I just this moment learned about GoofCord for desktop

don't install/run any software without verifying the integrity of the developers/distributors and binaries yourself, or building from source and verifying the code

It's better to have Discord stealing your browsing data to sell you shit than have some random github malware rootkitting your phone.

[–] [email protected] 1 points 5 months ago

Did you sign up with a VPN turned on? Are you always using a VPN and private DNS? You could also use a voice changer.

[–] [email protected] 1 points 5 months ago (1 children)

Don't share any personally identifiable information and use the TOR network when using it for additional privacy.

[–] [email protected] 1 points 5 months ago

Good luck with that

[–] [email protected] 1 points 5 months ago

You can use Armcord or other Discord client which is for sure better than the offical.

[–] [email protected] 0 points 5 months ago (1 children)

A VPN and the other stuff you mentioned will deal with it

[–] [email protected] 1 points 5 months ago (1 children)

VPNs do not protect your privacy. Please don't spread FUD

[–] [email protected] 1 points 5 months ago

They do not protect one's privacy if someone is motivated enough, i.e. nation states, or if OP's VPN company sells their information. You can be reasonably assured that Mullvad and IVPN aren't exactly doing that. In terms of obfuscating one's IP, if that's a step towards one's privacy from big tech, then yes good VPNs definitely protect one's privacy