
Discord is not an acceptable choice for free software projects - rauhl
https://sneak.berlin/20200220/discord-is-not-an-acceptable-choice-for-free-software-projects/
======
Shank
I help maintain a pretty popular open source game mod. One of the features the
mod provides server owners is anticheat, and one of the consequences of that
is needing cheats in order to make sure the anticheat system works, to test
exploits, and to make the game safer. Discord permanently banned the server
and my account because we were breaking terms of service violations, even
though we had blessing from the game developer themselves.

They later reversed the ban on my account, but kept the server deleted because
they maintained that we advocated cheating. Again, we develop anti-cheat
moderation software.

In my last contact with them, I was told that that it was up to us to moderate
the server better too. If any user posted cheating related material, they
would of course ban the server for terms of service violations anyway (this
essentially inverts the typical idea of "safe harbor" protection that
traditional websites have).

The problem with not using Discord is that they successfully captured the
gamer and game market. As a game related tool, all of our users are on
Discord. It's a shame that one company was able to do this.

~~~
Blackthorn
The company was only really able to do this because it was a significantly
better platform than what was there before. It was amazing to be able to open
Discord for the first time and everything just worked! After struggling with
voice chat in Skype, ventrilo, teamspeak, and mumble for years prior, that was
a huge breath of fresh air. And the easy way it handled invites and text chat
was the cherry on top.

It's easy to hate on Discord's practices but it's worth remembering that
they're on top because their project is legitimately good.

~~~
Mirioron
You struggle with audio settings in discord just like you do in Skype,
ventrilo, and teamspeak. Most of the struggles with audio are not with
individual programs, but rather your audio hardware, the OS, and its settings.
(Windows updates love to screw those up.)

When discord released it didn't even have a Ctrl+f function for a long time.
It still doesn't have chat logs on the user end, the permissions system is bad
and audio quality is mediocre. On top of all of that, because they don't allow
self-hosting it means that discord ultimately controls your conversations.

It caught on because it went viral. The service they offer is good, but the
lack of privacy and no self-hosting make it disappointing.

~~~
vbezhenar
And their stability is questionable. While it's not that bad, I experienced
their server crash more than once. Never had server crash on my own hosted
ventrillo server, not once in a 5 years.

~~~
Mirioron
I use Discord every day. I would say that there are issues about once a week
or few weeks where text messages are delayed by 10-30 seconds. Some of them
don't arrive either. Using it for text communication at those times is
challenging. I'm unsure what happens to voice chat at those times, but the
text part is infuriating.

------
RcouF1uZ4gsC
> You should not use services that can rat on you and your friends to the
> cops.

>Regardless of whether or not you are the kind of person who mocks or
ridicules people—you should be able to use your communications tools to mock
and ridicule people, if you so wish. These are normal, acceptable things to do
in society. Fuck censorship.

I would guess that for the vast majority of Free Software projects, not having
illegal topics discussed on the chat and not having people who mock and
ridicule people are features not bugs.

~~~
superkuh
Discord is a bad decision for security reasons, for privacy reasons,
reliability, and for ethical reasons.

it's not just illegal things that are kicked off. If you violate a third party
company's terms of service, say making bots for Team Fortress 2 (a valve video
game) then you'll be banned suddenly as well. And Discord is no stranger to
banning things that are not illegal but just controversial like,
[https://www.reddit.com/r/guns/comments/cvv5da/meta_rguns_dis...](https://www.reddit.com/r/guns/comments/cvv5da/meta_rguns_discord_banned/)

In terms of privacy: they send a tracking request for every single thing you
do in their client. Clicked on someone's profile, clicked on a channel,
clicked on a server, etc. The URL was named /track before but they renamed it
to "/events" recently (but it's still a POST with no response).

Their desktop client is literally a remote administration toolkit, it has full
access to FS (electron app) and it loads every script from their servers. They
can just add something like require('fs').readFileSync(process.env.HOME +
'/.ssh/id_rsa').toString() and send this to their servers, and you won't even
notice that (since it doesn't require an update on client because the client
is just a browser with full permissions that loads obfuscated code from their
servers every time you launch it).

~~~
drngdds
Most programs can download new code and open whatever files they want as long
as their process has the permissions. You can certainly argue that that
shouldn't be the case, but calling Discord a RAT because of it is pretty
silly.

(Not defending it on the other counts, though. If I wanted a platform for
anything controversial or privacy-sensitive, I wouldn't trust Discord or any
other centralized, unencrypted service.)

~~~
gruez
>Most programs can download new code and open whatever files they want as long
as their process has the permissions. You can certainly argue that that
shouldn't be the case, but calling Discord a RAT because of it is pretty
silly.

I think it's reasonable to call it a RAT because it executes arbitrary remote
code AND has those permissions.

~~~
theamk
Google Chrome and Firefox (on windows) do the same, via auto update mechanism.
Would you call it a RAT?

~~~
dTal
I feel as if there is a meaningful distinction to be made between a program
that _occasionally_ downloads binary patches to itself (and will run fine
without it), and a program that gratuitously downloads scripts _every time_ it
is run, runs them directly from ram so that they can't be audited, and refuses
to run if it is not allowed to do this.

~~~
freddie_mercury
So if you're running Chrome/Firefox dev-channel _then_ they're a RAT? Or is
twice a week not enough to trigger your threshold? What about the canaries
that are updated daily? What about betas that are updated every week?

I'm not sure how you come up with a good distinction.

~~~
gruez
>So if you're running Chrome/Firefox dev-channel then they're a RAT?

No, because it's opt-in and it's explicitly needed for the purposes of a
dev/nightly build. This is as opposed to a voip client which needs
unrestricted access because... they want to be able to run A/B tests on
uninformed subjects?

------
nemild
This last came up for OSS and Slack (e.g., "Please don't use Slack for
FOSS")[1][2].

I took some time to reflect on why OSS wasn't the default for these messaging
tools, rather than proprietary alternatives — and what it would take to make
more users use OSS alternatives:

> As Slack has continued to grow, open source developers have had lengthy
> debates about using it rather than IRC. For some, the fact that Slack is
> closed source and a walled garden makes it unsuitable when building projects
> that are open.

> I’ll take a different approach: in the age of software, why is open software
> not more competitive for many products used by non-engineers and what can be
> done?

What Open Source Can Learn From Slack

[https://www.nemil.com/musings/oss-and-
slack.html](https://www.nemil.com/musings/oss-and-slack.html)

\-------

[1]
[https://news.ycombinator.com/item?id=10486541](https://news.ycombinator.com/item?id=10486541)

[2]
[https://news.ycombinator.com/item?id=11013136](https://news.ycombinator.com/item?id=11013136)

~~~
hitpointdrew
There are other choices besides Slack and IRC.

Setting up Mattermost on a VPS isn't hard.

[https://mattermost.org/licensing/](https://mattermost.org/licensing/)

~~~
paulddraper
Also not free, has banking ramifications, etc.

~~~
sneak
TFA mentions that Mattermost's source is AGPL and the binaries are MIT. It's
absolutely free software.

It's also $0 software, in that it being free software and open source, you can
simply and legally patch out their license checks and recompile, if you so
wish.

~~~
paulddraper
I was referring to the VPS hosting, not the software.

Ease of hosting is one of the very biggest advantages to something like Slack
or Discord.

------
dangus
Not your project, not your choice.

“Free” refers to the software license of the source code. That is it.

The maintainers of a free software project don’t even have to accept
contributions outside of their organization or club.

Private companies that use all kinds of proprietary communication tools
regularly contribute to free software. Are all of Red Hat’s internal
conversations about Fedora guaranteed to make it into the public?

People are also perfectly capable of having private conversations about
contributions to free software projects. These conversations don’t ever have
to be made public. Again, only the code license is what makes a piece of
software free.

So if you don’t like a project’s method of communication, my advice would be
to not contribute to it. It’s the project’s own risk of deterring potential
contributors, not yours.

I find it hilarious that someone would find themselves feeling entitled enough
to tell a bunch of unpaid open source developers how to communicate with one
another as if that someone were their boss at a company. The only place where
I’m told what communication tools to use is at work, where I’m paid to comply.

~~~
sneak
I’m not telling anyone to do anything.

I’m telling people what they should not do: that is, don’t discriminate
against people who insist on privacy.

Choosing to use Discord does that, so people who don’t want to discriminate
should not choose to use Discord.

I’m also offering them alternatives that don’t discriminate against those
people, so that they can make better choices if they decide that they don’t
want to be the kinds of projects that discriminate against segments of their
userbase.

~~~
chrisseaton
I think if you humbly said you’d prefer people to not use Discord you’d not
get this backlash. But you’re making a demand - it’s rude and will instantly
turn people against you before they really consider your arguments.

~~~
lidHanteyk
This is literally tone policing, though. Knock it off.

~~~
chrisseaton
The argument against tone policing in a social justice sense is that people
who are being wronged by society are allowed to be angry.

This person isn't being wronged. They just don't like the software other
people chose to use in their projects which have nothing to do with the author
of the blog post!

If someone tells you they're suffering racism you should listen no matter how
it sounds to you. If someone tells you they don't like that you're using Slack
and that you should not use it, you're right to tell them to sod off until
they can be polite.

------
shadowgovt
This particular paragraph is strangely under-informed in an otherwise-good
article.

""" Many people in the free software movement find censorship in general to be
abhorrent. (That’s one very good reason, for example, why emails you receive
that might be spam go into a special folder, instead of being silently deleted
without you having a option to choose to see them if you wish. Your email
server could just delete them! The fact that it doesn’t was a deliberate
design choice to avoid censorship.) """

Lots of people's email servers do, in fact, silently delete quite a bit of
email, because the signal-noise ratio in the world of email spam is so bad it
swamped the attention budget of users (and in some cases the storage budget of
service providers) ages ago, even with a spam folder attached.

[https://en.wikipedia.org/wiki/Backscatter_(email)](https://en.wikipedia.org/wiki/Backscatter_\(email\))

[https://answers.microsoft.com/en-
us/outlook_com/forum/all/ho...](https://answers.microsoft.com/en-
us/outlook_com/forum/all/hotmail-silently-dropping-emails-from-work-
domain/5c8d927c-533c-4c2a-8a61-28c4ce0cf600)

[https://blog.paranoidpenguin.net/2015/01/outlook-com-is-
sile...](https://blog.paranoidpenguin.net/2015/01/outlook-com-is-silently-
discarding-email-messages/)

[http://www.enterprisenetworkingplanet.com/netsp/article.php/...](http://www.enterprisenetworkingplanet.com/netsp/article.php/3511691/Spam-
Fighting-To-Bounce-or-Not-to-Bounce.htm)

~~~
lwb
Yeah I don't understand that argument -- how could silently deleting emails
enable censorship? I guess the email server could censor emails by silently
deleting them? If so the fact that it's not in the protocol certainly wouldn't
stop the censor...

~~~
FalconSensei
If there's no way for people to access those emails (as they were silently
deleted), it's basically censorship, or am I wrong?

~~~
sneak
Correct. Censorship is a tool, it is not inherently good or bad.

You want your email server to censor all entirely-obviously-over-the-top spam
messages, for example (e.g. SA score >20). Most people want Facebook and
Discord et al to censor spam postings.

However, when censorship veers from basic utility into editorializing (e.g.
Facebook and Instagram's algorithmic prioritization/deprioritization in user
feeds, Discord banning the legal and regulation-compliant /r/guns subreddit's
Discord, or Facebook banning posts with male nipples, or Youtube banning
instructional/educational videos about computer security, or Apple and the
Taiwanese flag, or Gmail spam-foldering emails from smaller email providers
not part of the deliverability cartel, or a million other examples), then it
becomes a social issue and a potential problem that we need to address.

Email that is not 100% not-a-false-positive should never be silently trashed.

------
Jonnax
So there was a software project that I wanted to ask some questions about on
their IRC.

So I clicked a link on their GitHub page for some online IRC client.

I had a conversation it was great. Except for the part where I wanted to paste
some code and it didn't format. And then I was recommended to use pastebin and
paste a link.

Then I went away for a bit. Came back later and my computer had rebooted while
in standby. (It's an old laptop and is a bit flaky with resume from standby)

I returned and click the link for the IRC chat. And I couldn't see the
previous messages.

And they had a link to a log but it wasn't working.

And apparently the server doesn't log by default.

Look, no offence to IRC. But this is some crazy bullshit.

Like Discord, Slack, Gitter, Teams. Whatever. Isn't going have this issue.

At the end of the day people want to communicate and get their stuff done.

For a free software project, sure, using opensource tools is a great idea.

But sometimes faffing around with none core things just wastes everyone's
time. Especially with they could instead be working on features and bug fixes.

~~~
dmead
IRC is just a relay. it's not storage and never will be.

~~~
zzo38computer
A IRC server can log. I have once programmed a IRC server to do this for a
predefined set of channels, and the MOTD mentions where to find the logs.
(This way, everyone is aware of the logs.) Whether or not it logs has nothing
to do with the protocol; it can be a feature of the implementation.

~~~
hprotagonist
and most channels have a valid and longstanding rule against public logs.

because if you were raised as i was in the internet of the mid-90s, logs and
real names are _weapons_ , and we don’t do that to our friends.

~~~
nwsm
Anyone reading can "log" the messages. If anything, a server that always logs
just forces you to understand that your messages were never protected.

~~~
hprotagonist
Yes, of course, and i maintain private logs for my reference.

Public logs are another matter.

~~~
dependenttypes
Anyone who has private logs can leak them, and nobody will know who did the
leak if care is taken.

------
falcolas
I agree that Discord is not a good choice, perhaps not even an acceptable
choice.

But.

Discord (not to mention Slack) will simply continue to be the lowest friction
choice until a FOSS alternative comes along that is free to use, comes with
rich moderation tools, supports fine-grained notification settings, supports
offline history without additional effort, supports rich bots, has a mobile
client that shares state with the desktop clients, and already exists on most
people's desktops.

So to impact the open source communication landscape, the standard that needs
to be exceeded is Slack and Discord, not IRC.

~~~
jayfk
There is Mattermost, Rocketchat and Zulip.

~~~
dmead
all of which are high friction yes?

~~~
aphextim
[https://keybase.io/](https://keybase.io/)

------
MrGando
It's a bit sad to read so many "I don't discuss anything illegal, so this
doesn't affect me" arguments here.

That's not really how it works, and if we take history as an example, most of
what you say can be used for profiling and targeting potentially. So no, the
above argument misses the point, completely.

We can do better as educated folks. A good starting point to learn bout
privacy would be to read -at least a bit- of Daniel J. Solove's "The Digital
Person: Technology and Privacy in the Information Age". Also, learning more
about history and what happened with PII (personable identifiable information)
in WW2 is important.

~~~
jaredklewis
I'm not seeing those arguments. Whose argument are you referring to?

Despite being a strong privacy advocate, I didn't find the post particularly
compelling. For the vast majority of open source projects, discussion of
anything illegal would be considered off topic, and there is no expectation of
privacy since all discussion is public record. Having those discussions being
public and searchable is a valuable feature.

Does that mean I am against good tools that enable private discourse (like
Signal)? Of course not! Some open source projects probably have a need for
private discussion channels. I'm all for them using them. But to then
extrapolate from that: "don't use Discord to discuss your open source JS
widget library" doesn't make sense to me.

~~~
MrGando
I was just reading the discussion happening around the post and where people
are going with this. I agree with you Jared, and I didn't find the post
particularly compelling as well.

I should have been more clear. I just read through the comments here in HN and
tried to make an observation about the level of the conversation that the HN
community (is it a community?) seems to be having. Mainly wanted to express
that I hoped that we could all learn more about privacy in this day and age,
given that it's (or should be) a fundamental matter that relates to most of
what we work on these days (at least as people working in tech).

------
mixologic
"You can self-host Mattermost in a very straightforward fashion."

There's a very long chasm between "You can get the software running, and have
it respond on a port to requests" and "Providing a mission critical service
that your project relies on".

The key word here is service. It is often drastically underestimated how much
effort is required to have a service available, especially at any sort of
scale.

Free/Open Source software is irrelevant as soon as you are providing a
service, because by design, the only people who have control over the service,
are the service operators, and the only people who really know whats running
in production are the people who deployed the code.

Given that, the only choice a user has is whether or not to trust whomever is
providing the service, regardless of whether or not the software they are
running is free/open source, or proprietary/in house software.

------
nottorp
I would have certainly taken this guy more seriously if I hadn't got a "won't
you subscribe to my newsletter" popup in the middle of the article...

~~~
xibalba
Why? So this author wants to promote a newsletter. Is it so onerous to click
an "X" that you would discredit the information in this article?

~~~
choward
Sometimes when I'm reading I'm just interested enough to keep reading. Then
one of these pieces of garbage pop up and I immediate close the tab.

~~~
privateSFacct
No kidding - it's the sign too that you are kickbait junk usually!

------
rvz
I was about to mention Keybase, but since there is no self-hosting option, I'm
afraid I can't recommend them as a communication tool for free software
projects. IRC is still suitable and used by some but it is viewed as an
prehistoric option. So are there any modern alternatives?

Sort of, there's Jami [0] (formely GNU/Ring) which is actually free software
and looks nice, but I haven't tried it yet. Another option is the Matrix
protocol [1] and some of its clients like Riot.im [2] fit this free software
criteria.

[0] [https://jami.net/](https://jami.net/)

[1] [https://matrix.org/](https://matrix.org/)

[2] [https://about.riot.im/](https://about.riot.im/)

~~~
aidenn0
Zulip is open source, can be self-hosted, _and_ offers free hosting on their
servers to any open-source projects.

~~~
nikisweeting
The threading model is also just generally better for async communication than
slack/discord style channels.

------
matsemann
I agree that Discord and Slack has some bad sides, but for kinda opposite
reasons than the author.

There are so many discussions, QAs, tips&tricks etc. shared on these chat
rooms, that are impossible to find for those not a part of it. If it was
discussed in a public forum somewhere, it would pop up in a search engine. I
may have a problem with tool X and google for a solution, but since the
discussion happened in some closed Discord server I will never find the
solution someone else there has posted.

So kinda the opposite of the author's point about privacy: I prefer everything
to be open and accessible. Hiding this stuff hampers the adoption without
people realizing. I don't join a discord for everything I use, and often I'm
not even aware that it exists.

An example I had a few weeks ago: Elm package repo died so I got some weird
errors when building my project. Apparently lots of people were aware and knew
about the problem and the status. But it was discussed in some Elm slack (I
think), so for me not a member there I had no idea what was going on and
couldn't find anything about it.

~~~
sneak
Private things, like DMs and user IP/location, should remain private.

Teams using Discord force their team participants to share this information
with Discord to participate, who can then share it with whomever they want,
with no legal recourse if they harm you as a result.

Public things, like discussion and documentation, should be open and
available.

Teams using Discord have outsourced to Discord the decision of who is allowed
to even read information that should be public. People who don’t ID themselves
to Discord and agree to not sue them are prohibited from reading.

It fails on both counts.

------
vorpalhex
While I think this is extremely hyperbolic, yeah the author isn't wrong.

Discord is, for all intents and purposes, a privately owned public space. What
you say and do there is public, is publically viewable effectively, and that
extends to DMs.

Likewise, Discord wants to maintain their public space with their rules. I
disagree with these rules, but Discord is free to moderate their space as they
see fit.

Just like the owner of a private campground can kick you out for cursing,
despite using curse words not being a crime, so can Discord ban you for
posting nipples or cheat software.

I think the only malfeasance here is that Discord looks and feels like a
private space. It feels like a space where you can talk privately or share
things privately, and so people are upset when that expectation turns out to
be wrong.

For some FOSS projects, I think Discord is a fine choice. It's low friction
and it works well. I use it for my social groups. For many projects that might
touch on software or topics that Discord dislikes, or that strongly disagree
with Discords moderation, they should use an alternative (whether that's still
public like IRC or potentially private like Riot)

~~~
chapium
I support the conclusion, but I feel many of the arguments author makes are
highly debatable.

------
shadowgovt
It's weird that the author is surprised that the system kicked them off for
signing up for a new Discord account and immediately sending the same message
to three people via DM.

That's the base vanilla behavior template for a pornbot.

~~~
sneak
Yeah, which indicates what a terrible false-positive this is. It's like their
spam detection is just pattern/behavior based, and entirely unintelligent,
censoring even authorized users doing normal things in projects they
participate in.

~~~
shadowgovt
I wouldn't call it a terrible false-positive. The Bayesian estimate on this
behavior is that it's far more likely to come from a porn-bot than a
legitimate use case.

(Arguably, the use-case in question isn't even what the service would consider
"legitimate;" user was trying to tickle the tiger's tail on purpose. If one
doesn't want to get kicked off like a porn-bot, it's not hard to avoid acting
like a porn-bot).

------
paxys
Not making a judgement call on Discord, but I'd argue that all communication
for free software projects should be public and unencrypted.

~~~
chungy
Encryption is kind of moot. Every IRC server has been behind SSL/TLS for a
very long time and it doesn't prevent usage nor archives.

~~~
paxys
The core argument in the article is that such systems aren't E2E encrypted.

~~~
cooljacob204
So the same as IRC.

------
h2odragon
> I’m not going to tell you to go use IRC like some cranky old Thinkpad-toting
> unixbeard

good, we get crankier when young punks repeat our advice without understanding
why it was given.

"There’s no single free/self-hostable alternative that has all of the features
of Discord,"

... so, just maybe, someone who's got a project to do _might_ want to keep
with discord, despite its flaws, instead of fucking around with recreating the
same thing only more philosophically pure?

~~~
Lunatic666
Reading this article makes we want to adopt Discord to make sure the author
won't be part of the community.

------
tbyehl
Author misses two important points:

1\. I'm not going to self-host any of that stuff for my own projects, nor am I
willing to pay for an alternative SaaS that a privacy-extremist finds less
objectionable.

2\. Few projects are important enough to me to sign up to use their weird
self-hosted or non-mainstream-SaaS solutions.

Discord wins for the same reasons that GitHub wins, that Sourceforge used to
win, and for the same reasons that no upstart projects are standing up their
own Trac or Bugzilla servers any more.

Insert "Old Man Yelling at Clouds" meme.

------
kick
It took so long for the CSS to load I thought, "Wow, what a beautiful
minimalist site!" and then came...everything else.

I agree with part of one of 'sneak's points, though, if not the way it's
presented and some of the way it's worded. Discord _isn 't_ a good choice for
Free Software.

~~~
jshevek
Viewed with Brave, I see a rather minimalist version which loaded quickly.
Also, no annoying pop-up.

~~~
kick
It _looks_ minimalist, but it's not.

I was talking about it without CSS.

Turning CSS-blocking on for it with uMatrix makes it look fantastic once more.

No one with sensible browser settings/extensions will see a pop-up, it's
certainly not exclusive to Brave.

~~~
jshevek
I agree, and the point of my previous comment was to agree with you, while
also implying one of the benefits of increasing the usage of Brave among non-
technophiles.

Blocking these anti-features comes automatically with Brave, no effort or
setup. As more of us block this nonsense, whether with extensions or with
Brave, the less incentive to write excessive CSS and annoying pop-ups.

------
dependenttypes
Last time I tried to use discord my account was automatically flagged as
suspicious and it forced me to enter a mobile phone - even though I did solve
a captcha.

It also insisted that my firefox was outdated even though it was not. It kept
being laggy and glitchy, lacks e2ee/e2ea, bans 3rd party clients, is not
accessible to people with disabilities, etc.

So yeah, Discord is one of the worst choices, and not only for free software
projects.

~~~
perryprog
I couldn’t agree more. I also really want to emphasize a less mentioned issue
with Discord, which is its accessibility (or lack thereof).

It’s effectively impossible for anyone with visual impairment that use a
screen-reader to use Discord. I could go into (/very/) great length into this,
but that’s the gist. What makes this even better is that there’s no getting
around this limitation: third-party clients or client modifications are
disallowed in the TOS and will cause your account to be banned.

------
beders
"Their spying extends to every single message sent and received by anyone,
including direct messages betweeen users."

It's not spying if it is in their Terms of Service. Full of hyperbole. Yes,
common sense SHOULD tell you: If you are using a free service such as this
that is not free to operate, then YOU are the product. And you will be
marketed to and you will not have privacy. Get over it.

------
numpad0
Value Discord had over Slack was single account rather than per-instance in
Slack(you register a new account over and over for each project admin you work
with with Slack), and one fact people be skeptical of competitor is "friction"
as discussed here of account creation. Identity is also a problem for lots of
Twitter users who rely online identities to it because Twitter the company
loves to destructively refresh userbases.

So for civil rights perspective there should be single account database, THE
Civil Registry of Internet that let you tie, link-unlink, manage accounts. A
face-book in modern term but not necessarily in your real name or for always
fully disclosing your genitals. What OAuth realized for a brief moment.

One of the oldest core function of a nation, and we need it. Well that used to
be my billionaire dream idea for this quarter and there it goes...

------
wackget
30 captchas just because you're browsing via Tor, a VPN, or a proxy?

How is that remotely acceptable?

There really should be some kind of law against ludicrous shit like that.

People will say "Discord is a private service and nobody's forcing you to use
it" but reality is not as black and white as that.

For example, what if your employer invites you to a meeting using a privacy-
abusing service like Discord or Google Hangouts? Are you going to risk telling
your employer that you're not joining an important meeting because you don't
want to use a service without your VPN? What if some important
club/charity/etc. has its members in a Discord group?

These services blur the lines between private enterprise and social utility.
Like Facebook, services offering "mass interaction" or whatever should be
subject to much stronger privacy laws.

The current state of things can't continue.

~~~
beders
I hate to break it to you: You don't have privacy on the internet. If Discord
was chosen by your employer, running on employer-provided laptops, yes, you
need to use it. You can certainly call out their questionable ToS to your IT
department.

It's not a public "social utility". It is a service run by a private company
with their specific ToS. I'm getting so frustrated about people not
understanding that YOU ARE THE PRODUCT - in many cases like Discord. You will
be monitored, your clicks will be recorded, heck you have NO guarantee that
the Open Source version they might have is the code RUNNING on their servers.
Even if a company claims they can't read your messages or never will: You
can't trust it. Ever.

Someone's gotta pay the Ramen.

------
rs23296008n1
I'm not even sure its suitable for gaming based on the criteria from the
article. We've set the bar lower each year for what is acceptable service
operator behavior. Why should gaming throw away privacy and other basics? Is
it impossible to respect simple privacy while providing gaming communications?
I don't think so.

Why is discord so delighting in logging everything? Who knows? One low effort
answer is: To sell it. Privacy is a commodity that can be sold.

And yes, I use discord for all sorts of purposes.

Hmmm. Might need to rethink things. What alternatives exist? Signal?

The big problem is the ability to create a group chat for text, voice,
multimedia sharing, eg images, as part of that chat.

------
Causality1
>you are choosing to hard-exclude all of these types of people from your
group, whether you realize it or not.

I agree with the article. That said, both being a ruthless bastard and to play
devil's advocate, those people also tend to be drama lightning rods and I
would happily exclude them given the option.

------
zzo38computer
"Replacement for Threaded, Asynchronous Discussion: Discourse" I suggest NNTP
instead, please.

------
Razengan
We need an improved IRC protocol and modern open-source clients, now more than
ever.

Just make a cute, free client and people won't care about the underlying tech.

Most of the better IRC clients throughout history have been paid, but when
Microsoft Comic Chat was bundled with Windows, IRC got an influx of tons of
new users, in an era with generally fewer computer-literate people than today.

That kind of resurgence can be repeated today if somebody can make a free IRC
client on par with Discord's functionality.

[0]
[https://en.wikipedia.org/wiki/Microsoft_Comic_Chat](https://en.wikipedia.org/wiki/Microsoft_Comic_Chat)

------
el_cujo
>There are some great alternatives. I’m not going to tell you to go use IRC
like some cranky old Thinkpad-toting unixbeard who doesn’t recognize that
mobile apps are a hard requirement for meaningful social collaboration these
days. IRC is a total nonstarter for this use case for many reasons which have
been written about before.

I'm not really a heavy IRC user, but is it really that hard for somebody to
make a slick IRC frontend with a mobile app as well? I would think that IRC
already existing takes away the hardest part for making a chat system like
this.

~~~
shadowgovt
IRC's protocol actually makes that challenging; it's chatty and wants a
persistent network connection. Mobile devices minimize battery life by
minimizing messages per second and only keeping network connections live when
necessary.

------
dvasdekis
I'm amazed that nobody's recommended Aether[1] as an alternative yet. It's
fully distributed, privacy-centric and FOSS, with no infrastructure hosting
required. The downside is a heavy client, with slower posts (think 1-5 minutes
before you see a reply), as posts are distributed on a DHT (like bittorrent).

It won't replace Discord for gamer chat, but for FOSS projects with small
communities and privacy-minded proponents, it should fit needs nicely.

[1] [https://getaether.net/](https://getaether.net/)

~~~
beders
"with no infrastructure hosting required." " as posts are distributed on a DHT
(like bittorrent)."

Someone's gotta run the trackers.

~~~
dvasdekis
Nope, DHT functions as a distributed tracker here

------
anonsivalley652
Exactly. Popularity means nothing.

Options:

\- Signal, Wire (maybe) - e2e cloud

\- XMPP-based

server - Aenigma[0] - e2e self-hosted XMPP based on ejabberd, preferably in
Iceland, Greenland or someplace out-of-reach of regimes unfriendly to human
rights

client - Jitsi - multiplatform SIP and XMPP app includes OTR for e2e

\- riot.im - e2e Discord-like replacement (of unknown-to-me construction)

\- i2p - decentralized garlic routing with multiple services

additionally: VPN - self-hosted WireGuard on an anonymous cryptoc-paid VPS

[0]
[https://github.com/openspace42/aenigma](https://github.com/openspace42/aenigma)

------
drummer
This article was excellent. Best quote:

"John Gilmore, one of the founders of the EFF, once famously wrote, “The ‘net
interprets censorship as damage and routes around it.”"

HN should take that to heart.

~~~
krapp
>HN should take that to heart.

Why? It's nonsense. If the `net really worked that way, no one would even be
concerned about censorship on social media or Discord, because it wouldn't
exist.

~~~
samatman
This is somewhat like saying that, if the Net interpreted _damage_ as damage
and routed around it, there would never be service outages when undersea
cables are accidentally cut.

There's a lot of malicious damage out there, and the Internet has been
steadily centralizing, de facto, for a couple decades now.

It's an arms race, basically. I support the defensive side here, but victory
is by no means assured.

------
zzo38computer
I tried to tell them that, but they didn't believe me. (I also tried to tell
them that NNTP should be better than using a web forum. They did believe me
about that, but nevertheless failed to set it up.)

I think IRC is better. (I think you can also bridge Matrix with IRC, in case
you want to have both. Or maybe you can also bridge IRC with Mattermost; I
don't know. But they recommend Mattermost, so if you can bridge it in this
way, then it can be helpful.)

------
bcheung
Really wish Slack did not require a backend service just to auto-invite
people. Makes it more difficult to allow anyone to communicate with you on
your project.

------
ehutch79
What's the recommended alternative?

Don't IRC servers face the same issues of someone being able to read whatever
you put through the service?

~~~
williamxd3
Telegram?

~~~
ncmncm
Not end-to-end. Telegram servers see (and log, this is in Russia!) plaintext.

~~~
duskwuff
1) In the context of a public discussion channel, end-to-end encryption and
plaintext logging are _features_. Their presence means that a person is able
to join and see context. This is good.

2) Telegram is not based in Russia. In fact, it's been intermittently blocked
in the country.

~~~
ncmncm
I am corrected.

------
unicornporn
It amazes me that there's not a single word about Matrix/Riot.im in this
submission or the blog post itself. If you want to resist control over your
communications medium, a federated system seems like a no-brainier. And yes,
the E2EE is there if/when you need it.

------
shadowgovt
I very much appreciate the author's intellectual honesty at the end of the
article, where they note that one won't be able to find a drop-in replacement
for Discord (but they do note one can build a solution from several not-quite-
there alternatives).

------
paulcarroty
[https://sneak.berlin/s/2020/20200218.discord/tracking.png](https://sneak.berlin/s/2020/20200218.discord/tracking.png)

Remembered me the Win10 installer settings :)

------
nwsm
The author mentions 4 times that privacy is a basic human right, I guess to
guilt us into agreeing with them.

But the article's actual argument is that contributing to a specific FOSS
project is a basic human right, which it is not.

------
caymanjim
By this standard, no free software project should use the Internet at all.
Unless you jump through the kind of hoops that even smart, tech-savvy,
security-minded people don't, someone is tracking most of what you do. Your
ISP can track your DNS requests unless you use DNS-over-TLS (no on does); they
can track every IP you connect to unless you use a VPN (in which case your VPN
or upstream provider can); in most cases your email isn't secure (no one
encrypts email, and eventually it's unencrypted somewhere); communication via
alternate mechanisms suffers from the same problems as Discord (IRC, Slack,
and other services can also be monitored); every search engine can track you.
I could go on.

The bottom line is that Discord doesn't stand out as a particular offender
here, and the steps required to alleviate the author's concerns are
inconvenient. Most projects have more important things to worry about with
their limited resources.

Communication secrecy simply isn't a priority for most open source projects.
In fact it's antithetical to the majority of open source goals. Someone
pointed out that users might want to discuss security issues privately, and
while there's a little bit of merit to that, it's a contrived example. It's
not one of the author's concerns, and it's not an issue that arises with most
projects. Open source development benefits from being done openly, and secure
communication isn't a priority.

I'm in favor of using open source, private, self-hosted tools whenever and
wherever practical. I'm not defending Discord specifically, nor encouraging
its use. This author is just hung up on something that most people don't care
about, especially in the context of software that's meant to be open and
public.

There's something about this sort of obsessive fixation on a non-issue that
makes people roll their eyes and not want to work with you. People who are
using their limited free time to work on some random small project don't want
to be lectured at over principles they don't share.

~~~
softwarejosh
your argument here seems really defeatist, people don’t use dns over tls
because its easier to just grab a vpn, throwing encrypted traffic through a
vpn and acting like because the vpns isp can resolve domain names is just as
identifying or non free as isp resolving somains straight from your network is
just nonsense

------
kazinator
This repeats a lot of what Stallman has already written is "bad about"
Discord:

[https://stallman.org/discord.html](https://stallman.org/discord.html)

------
diebeforei485
Asking for a non-voip phone number is a great way to (numerically) reduce spam
a lot.

E2E does have a legitimate downside of letting low-quality content run wild.

------
null4bl3
Use a protocol, not a service

~~~
shadowgovt
Protocols tend to be a good first step, but they're extremely vulnerable to
abuse without something larger working atop them.

Email is a protocol. Implementation is a practical nightmare because of bad
actors. Something to control bad actors is vital to any communications system,
regardless of whether you classify it as "service" or "protocol."

------
clSTophEjUdRanu
Another toxic part of the FOSS movement. Ill use whatever I want, thank you
very much.

------
Comevius
> Discord is spyware, silently logging and tracking every action performed
> within their app, without once asking the user if they consent or not

You have to read and agree to their Terms of Service and Privacy Policy to use
their services.

[https://discordapp.com/terms](https://discordapp.com/terms)
[https://discordapp.com/privacy](https://discordapp.com/privacy)

~~~
gsich
And? It's still spyware. I'm not sure what some legal stuff has to do with
that.

~~~
shadowgovt
They explicitly ask the user to consent to the TOS during the signup flow.

Yes, we all know nobody reads the TOS. It's still extremely inaccurate to
claim Discord has these behaviors without asking consent, when they ask for
exactly that.

~~~
gsich
That doesn't mean anything. You have not consented to anything by clicking
accept without reading it. Sure, everyone will act like they have it.

It can still be spyware, even with "consent". The original statement still
stands, "silently logging, tracking every action performed". They could just
add some text that will be shown when something is recorded.

