Hacker News new | past | comments | ask | show | jobs | submit login
Discord is not an acceptable choice for free software projects (sneak.berlin)
532 points by rauhl on Feb 21, 2020 | hide | past | favorite | 357 comments

I help maintain a pretty popular open source game mod. One of the features the mod provides server owners is anticheat, and one of the consequences of that is needing cheats in order to make sure the anticheat system works, to test exploits, and to make the game safer. Discord permanently banned the server and my account because we were breaking terms of service violations, even though we had blessing from the game developer themselves.

They later reversed the ban on my account, but kept the server deleted because they maintained that we advocated cheating. Again, we develop anti-cheat moderation software.

In my last contact with them, I was told that that it was up to us to moderate the server better too. If any user posted cheating related material, they would of course ban the server for terms of service violations anyway (this essentially inverts the typical idea of "safe harbor" protection that traditional websites have).

The problem with not using Discord is that they successfully captured the gamer and game market. As a game related tool, all of our users are on Discord. It's a shame that one company was able to do this.

The company was only really able to do this because it was a significantly better platform than what was there before. It was amazing to be able to open Discord for the first time and everything just worked! After struggling with voice chat in Skype, ventrilo, teamspeak, and mumble for years prior, that was a huge breath of fresh air. And the easy way it handled invites and text chat was the cherry on top.

It's easy to hate on Discord's practices but it's worth remembering that they're on top because their project is legitimately good.

You struggle with audio settings in discord just like you do in Skype, ventrilo, and teamspeak. Most of the struggles with audio are not with individual programs, but rather your audio hardware, the OS, and its settings. (Windows updates love to screw those up.)

When discord released it didn't even have a Ctrl+f function for a long time. It still doesn't have chat logs on the user end, the permissions system is bad and audio quality is mediocre. On top of all of that, because they don't allow self-hosting it means that discord ultimately controls your conversations.

It caught on because it went viral. The service they offer is good, but the lack of privacy and no self-hosting make it disappointing.

From experience I can say Vent was (is?) pretty horrible. You had to run your own or pay for a server too, which was a huge deterrent to adoption. Skype is fine, but not focused around rooms / channels.

Basically it was a ripe market with extremely bad products. I don't think Discord is anything amazing (seems fine for the most part), but they're clearly significantly better than what existed when they launched.

And their stability is questionable. While it's not that bad, I experienced their server crash more than once. Never had server crash on my own hosted ventrillo server, not once in a 5 years.

I use Discord every day. I would say that there are issues about once a week or few weeks where text messages are delayed by 10-30 seconds. Some of them don't arrive either. Using it for text communication at those times is challenging. I'm unsure what happens to voice chat at those times, but the text part is infuriating.

I disagree on the ease of use of the other tools. I ran a mumble server for a guild for almost 10 years and it was quit easy and awesome to use... for voice. Then due to reasons I turned it off for a while and by the time I came back everyone was on discord...

The main thing that discord did was combine voice with the chat side of things, and with per user chats and history. A lot of people don't know that mumble has a pretty decent html capable chat, but it's the history searching, dynamic rooms etc that set discord apart. Mumble still has the superior voice capabilities (simultaneous multiroom, easy permission, hierarchical, etc)

I have put most of my hope in mattermost to do murmur integration to solve this problem.

In the meantime I find myself considering trying to get everyone back on irc+mumble.

edit: Also, just have to say I bet the gov loves having a single place to send all those NSL's... cough hint cough

Nobody's going to embrace IRC again until multi-device gets solved.

But the default answer to the question "how do I have seamless transition between my desktop and my phone" for IRC remains "pay for a shell/bnc, run irssi in screen, etc" which is of course a UX nightmare.

Discord has a buttery smooth onboarding process.

Maybe The Lounge (https://thelounge.chat/) could help ?

That still means running your own server, and having a machine running 24/7 to host that server. For many, many people nowadays a laptop is their primary and often only machine.

Why not have a little box plugged into your router with an app for your phone or web interface on your desktop with an app store like interface where you pick out the services that you want to run instead of paying $5 a month.

Because iPhones only deliver notifications through Apple's Notification Services which costs money. (Good for battery life though.)

Similarly for Android, the most reliable notification method is using the Google Play Services servers.

Make a Kickstarter for it?

Saying is easy. But for some reason, it still doesn't exist.

Because I don't have static ip.

Most people keep the same IP address for months. Your machine can update the address a public domain or subdomain points to on the rare occasion it reboots. If content is cached by hosts that have previously viewed it then this wont even cause an interruption.

With IPv6 one would suppose that it would be easy to keep the same address given that there is virtually no chance that anyone could accidentally be assigned it.

What I'm describing can't be achieved without server-side changes. The lounge is great but from what I can see it relies on having a persistent connection from the user's desktop.

Doesn't really solve the problem.

> But the default answer to the question "how do I have seamless transition between my desktop and my phone"

The "modern" answer is "don't do that". There is a time to play social games, there is a time to do what you are doing, and you should spend some time talking to yourself too.

Answering a valid usability question with unsolicited suggestions on how someone should structure their social life isn't very helpful.

"The grapes are sour anyway" is the standard open source answer for decades..

Just because it is not the answer you were expecting doesn't mean it is useless. People that give you what you ask for are not always your best friends.

Not fulfilling user requirements however, just means that your product is bad.

Thus the success of discord.

Actually, the modern answer is "use something other than IRC", which is partly why Discord became so popular with gamers.

The answers to changing user tastes is not to proclaim their tastes are wrong. That's the attitude displayed by a lot of IRC server operators and prolific IRC users, and it's that refusal to adapt that's driving IRC into obsolescence.

Maybe those people are ok with an ever-dwindling userbase, and if so that's great. But I'd like to see a Renaissance of IRC to the detriment of proprietary walled gardens like slack and Discord.

I agree with the sentiment of this answer.

While I think it could have been said better, we all need to quit feeling the need to have everything so perfectly connected all the time and feeling frustration when our tech gets in the way.

What made it good was free server creation that didn't require a client download. Just send people a link, and they can join your raid even if they dont have the client. Any actual quality of the provided audio link past that point doesn't matter.

> It's easy to hate on Discord's practices but it's worth remembering that they're on top because their project is legitimately good.

You mean it's easy to forget about Discord's practices because their product is good.

Seriously, you're arguing that they get to do whatever because "their product is good"??

Do I have to spell out how egotistical this attitude is?

Yes. Because that's what matters if you actually want to win. There are a thousand Foss software packages or there that are philosophically superior and have better practices than their commercial brethren. But they lost, and in the end that's what matters.

But only because there are a hundred times more "commercial brethren", some of whom "won" and apparently get to do whatever. It's still a choice that people make, except it's a "tragedy of the commons" situation. Which is what I wanted to point out in my probably somewhat too harshly worded comment.

That's not what I said, but don't let that get in the way of a good rant.

This is a greater problem to solve than Discord. How do a group of people publicly and responsibly disseminate blackhat information to whitehats?

It's a good question, though I think the "publicly" and "responsibly" aspects may be inherently at odds.

Even only hearing your side of this, I think Discord is being reasonable. It sounds like anyone could grab a cheat from your server and go wreak havoc on an unmodded server for this game... surely your mod isn't universally used?

What does that have to do with Discord? What makes them the cheat police?

Trying to maintain cozy relations with game devs.

Then Discord were not being reasonable, since (according to the story that the rest of these details are from) the channel had the blessing of the game's developer.

I think the question for discord is rather if it allows that precedent on one platform it becomes much easier for cheat distribution communities to use this sort of rhetoric as a disguise to avoid being banned.

I think not allowing the distribution of cheat software even for benevolent purposes on a platform so widely used by a general audience is probably a reasonable choice.

No, that's a bogus argument. People always try to justify misbehavior by saying that acting appropriately would create precedent, and applying that precedent to a totally different situation would lead bad results. This argument is bogus because you can just...not do the second part.

The actual slippery slope is that making excuses for companies that act inhuman just allows companies to act more and more inhuman.

Discord is a private company. I know it has been pointed out repeatedly, but there is no slippery slope here because discord is not obligated to host any content it deems bad for its business. This isn't inhuman, nobody is entitled to use anyone else's private platform.

Precedent matters when it comes to what you host because it does put a significant burden on discord to distinguish what content is malicious and what isn't once they allow malware to be distributed on their service. If the platform becomes infested with people spreading malware for games users or other game developers will avoid it, harming discord's business.

If you want to have a community of people that shares content that violates the terms of service of a lot of existing software then you'd probably be wise to host that platform yourself rather than expecting a game chat company to facilitate the sharing of game-breaking software for you.

> Discord is a private company. I know it has been pointed out repeatedly, but there is no slippery slope here because discord is not obligated to host any content it deems bad for its business. This isn't inhuman, nobody is entitled to use anyone else's private platform.

This seems like kind of a red herring, because it doesn't address the question of what behavior is reasonable. You're throwing out a generic talking point that would make essentially any behavior "reasonable" if we actually accepted it as a justification. This is like getting caught cheating by your spouse and trying to justify it with "It's a free country!" It doesn't matter, because your legal obligations are not the point.

> Precedent matters when it comes to what you host because it does put a significant burden on discord to distinguish what content is malicious and what isn't once they allow malware to be distributed on their service. If the platform becomes infested with people spreading malware for games users or other game developers will avoid it, harming discord's business.

This is not saying Discord's treatment of OP was reasonable, it's just speculating that Discord are unreasonable because it's cheaper to be that way. I agree that's probably true. And I'm saying I think we should carefully consider whether we want to deal with companies that have that particular set of priorities. Maybe the answer is yes for you, but a lot of people and businesses have been burned by similarly inhuman customer service from (for example) Google, so I think it is at least worth recognizing unreasonable behavior.

>Discord is a private company. I know it has been pointed out repeatedly, but there is no slippery slope here because discord is not obligated to host any content it deems bad for its business.

You're right. And this is another reason why Discord should not be used.

Which company do you work for and does it share your values in this question?

I work for a small robotics company in the UK, I haven't worked in social media or communication if that's your question.

No. If the game dev agrees this particular collecting mechanism (a discord server) is worthwhile then they've granted an exception. This overrides the "not suitable" aspect by virtue of that granted exception. Cheating communities can still be shut down even with one community having the exception. "Fairness and equal ability to apply an exception to a rule" is not a valid defence in this circumstance.

It would be like saying that police aren't allowed to speed when they have their lights flashing. No. The exception has been granted. You can't use the police's exception when you speed because you aren't operating with that granted privilege.

If someone came here complaining that the cheats that they were developing and selling got banned from Discord, their comment would have been downvoted and flagged. I'm responding to their justification for why they said they needed to host cheats on Discord in the first place, not Discord's ToS.

Its using discords stuff. Nothing, but I don't see how that's relevant.

Yeah, I'm sure that kind of thing could be shared privately by email between the relevant parties

when was the last time Gmail banned someone for sending controversial e-mails from their platform?

How would anyone know? I keep seeing HN posts of people losing their Google accounts for some unspecified ToS violation (that is, if they can get any information about their ban from Google at all).

No one ever reported that by the way. With their massive user base it would have already happened at least once especially in the light of all of these scandals of lack of platform neutrality.

Twitter, Facebook, YouTube but never Gmail.

What are you talking about? People constantly report their Google accounts being banned, very often for things they did in their emails. It seems impossible to me that you've never heard of someone being banned by Google because of something they sent with their Gmail account. Usually Google reports it as an unspecified ToS violation, but that doesn't mean it wasn't related to things they did in "private" correspondence via email.

> very often for things they did in their emails.

Do you have an example? I don’t recall ever seeing that. I’ve seen mostly for other services.

I believe it has been many years since any Google employee has looked into a Gmail accounts message contents without prior permission from the account holder.

"Privately" and "by email" are directly in conflict with each other as well.

If you're referring to the fact email is usually not encrypted / verified, that is clearly not what OP was referring to by "privately". Email is in general a "private" (as opposed to "public") means of communication.

Why cant cheaters just use a web site and irc to do this? Having a policy of kicking cheaters as found ought to be enough.

We need (a) Linus Torvalds to scratch this itch. We need someone to write a serious open-source alternative, like happened with Linux and git. Only, it's going to be very difficult for software that needs critical mass to succeed, like chat or social networks. I haven't heard of interoperable social networks, instant messengers, or chat systems. Pidgin works as a wrapper around several IM accounts.

It sounds like you would be interested in Matrix. [0]

[0] https://en.wikipedia.org/wiki/Matrix_(protocol)

This has been done with Mumble, it just needs some refinement. Mumble (the client) and Murmur (the server) [1] [2] can handle many people on a small server. I have run a murmur server for a long time and it is very stable. The voice quality is superior to anything else I have used. The client does need a little bit of refinement to be as happy-clicky easy as Discord. If anyone has not tried version 1.3 [3], give it a go. There are public servers if you want to try the client without hosting your own server. Their code is all on Github and I am sure they could offer suggestions if you were using their libraries in your application.

[1] - https://www.mumble.info/

[2] - https://github.com/mumble-voip/

[3] - https://www.mumble.info/blog/mumble-1.3.0-release-announceme...

One thing I'd really like is for Mumble to stop pushing certificate-based authentication so hard.

You can make whatever security arguments you want, but it's going to drive away users. And then they'll still be using passwords anyway, on whatever chat service they use instead of Mumble.

Like git, even an open protocol will come to be dominated by one supplier.

Github is very popular in the hobby/open-source world, but their offering still seems very "light" to me. In the "enterprise" world, products like Gerrit and Jira are probably beating github by a large margin.

I can't see how Jira is similar to Github. Do you mean Gitlab or Stash?

He probably means Bitbucket.

He probably meant what he wrote. Github has an issue tracker after all.

Just like https is dominated!!

People have moved through different messaging apps so many times over the years that this in not a secure position for Discord.

This is what E2E encryption is for. Disseminating code that violates a platform's TOS would surely lead to banning. And cheating in games puts people at an unfair advantage so they'd want to mention it in their TOS.

The question then becomes how to motivate the average gamer to jump onto a different messaging platform.

Secure E2E encryption of multicast/broadcast traffic is hard and borderline intractable problem.

> You should not use services that can rat on you and your friends to the cops.

>Regardless of whether or not you are the kind of person who mocks or ridicules people—you should be able to use your communications tools to mock and ridicule people, if you so wish. These are normal, acceptable things to do in society. Fuck censorship.

I would guess that for the vast majority of Free Software projects, not having illegal topics discussed on the chat and not having people who mock and ridicule people are features not bugs.

Discord is a bad decision for security reasons, for privacy reasons, reliability, and for ethical reasons.

it's not just illegal things that are kicked off. If you violate a third party company's terms of service, say making bots for Team Fortress 2 (a valve video game) then you'll be banned suddenly as well. And Discord is no stranger to banning things that are not illegal but just controversial like, https://www.reddit.com/r/guns/comments/cvv5da/meta_rguns_dis...

In terms of privacy: they send a tracking request for every single thing you do in their client. Clicked on someone's profile, clicked on a channel, clicked on a server, etc. The URL was named /track before but they renamed it to "/events" recently (but it's still a POST with no response).

Their desktop client is literally a remote administration toolkit, it has full access to FS (electron app) and it loads every script from their servers. They can just add something like require('fs').readFileSync(process.env.HOME + '/.ssh/id_rsa').toString() and send this to their servers, and you won't even notice that (since it doesn't require an update on client because the client is just a browser with full permissions that loads obfuscated code from their servers every time you launch it).

Most programs can download new code and open whatever files they want as long as their process has the permissions. You can certainly argue that that shouldn't be the case, but calling Discord a RAT because of it is pretty silly.

(Not defending it on the other counts, though. If I wanted a platform for anything controversial or privacy-sensitive, I wouldn't trust Discord or any other centralized, unencrypted service.)

>Most programs can download new code and open whatever files they want as long as their process has the permissions. You can certainly argue that that shouldn't be the case, but calling Discord a RAT because of it is pretty silly.

I think it's reasonable to call it a RAT because it executes arbitrary remote code AND has those permissions.

Google Chrome and Firefox (on windows) do the same, via auto update mechanism. Would you call it a RAT?

I feel as if there is a meaningful distinction to be made between a program that occasionally downloads binary patches to itself (and will run fine without it), and a program that gratuitously downloads scripts every time it is run, runs them directly from ram so that they can't be audited, and refuses to run if it is not allowed to do this.

So if you're running Chrome/Firefox dev-channel then they're a RAT? Or is twice a week not enough to trigger your threshold? What about the canaries that are updated daily? What about betas that are updated every week?

I'm not sure how you come up with a good distinction.

>So if you're running Chrome/Firefox dev-channel then they're a RAT?

No, because it's opt-in and it's explicitly needed for the purposes of a dev/nightly build. This is as opposed to a voip client which needs unrestricted access because... they want to be able to run A/B tests on uninformed subjects?

One other distinction to make is that auto-update typically runs the same code on a lot of computers, rather than a RAT which is good at running code on a specific computer.

There's still room for problems... the auto-update could deliver a special version for special people or deliver a version that has special code targeted at run-time, but it's not as easy. And I'd love to see work on minimizing problematic updates as well.

> Most programs can download new code and open whatever files they want as long as their process has the permissions

We should avoid and shame the programs that do that. This is literally a backdoor.

You would have to add every program with an auto-updater onto that list, because that's what they literally do; take files streamed online and slap them into its install directory

Like shit, I have 3rd party mod managers for video games that are exclusively built to do such that

Most programs I use (on Linux) do not come with an auto updater. Instead, I get updates through my distro's package manager.

I have Discord installed, because unfortunately that's where my friends are. However, it cannot access arbitrary parts of the file system because it is installed via flatpak; it only has access to ~/Downloads and ~/Pictures.

This is one benefit of Linux distro package managementany people forget - apps can't just update themeselves (possibly after their updater being compromised) but go via package maintainers and are built from source on trusted distro infrastructure.

Not most programs that I run (ie, hexchat for IRC which is better than discord in all ways). And those that do don't do it silently every time they start, and not just after they start, but any time they're running with no notification to the user.

No, a program with an 'update' feature built in is much less offensive than a program who's entire code is remote and new every time but still has local privs.

I don't care if discord knows my friends list or who I've clicked on.

There are no alternatives. Bandwidth costs money, and P2P is deadly. That's why discord exists in the first place.

Which is why discord gets run in a browser tab for me.

Other software could do that too without you having any idea, surely that's an argument for being careful with permissions and how your software runs rather than against Discord in particular?

> before but they renamed it to "/events" recently

Pretty sure it has been /science for at least 2 years.

> They can just add something like require('fs').readFileSync(process.env.HOME + '/.ssh/id_rsa').toString()

And that is why you encrypt your SSH keys with a passphrase, use a Keychain, etc. Discord isn’t unique in its ability to read file on the FS. Pretty much anything can do that.

> Pretty much anything can do that.

Nah, pretty much anything except proprietary software has a higher chance of being written by people I trust and packaged by people I trust and probably audited by me and other people, and is not capable of loading executable code from any server after installation.

Does that really help much? It still has access to .bash_profile

What secrets are you putting in your bash profile? I used to be guilty of putting AWS keys in there, I guess, but nowadays we have aws-vault.

For example it could register a fake ssh-agent that just grabs your password first time you type it

The FOSS project I work on uses IRC, but we have an IRC logger all the time, so nobody even has to ask anyone to "rat you out to the cops", it's on a public web URL.

And a lot of projects have codes of conduct explicitly to prohibit participants from mocking and ridiculing others, in fact.

(As a note, I refuse to install the actual Discord client on my PC, because it's default behavior includes "detecting" accounts you can link on other software on your PC. Aka, it, by default, noses around in other apps on your PC for data.)

Regarding what you mention about Discord nosing around - is there any easy way of launching an app in a sandboxed environment on Windows to stop this sort of thing?

For software that works under wine, I guess it wouldn't be too hard to simply set a wineprefix and do it like that, but that is a bit of a hack, and wouldn't work with a lot of software.

There's actually a new feature for this! https://www.windowscentral.com/how-use-windows-sandbox-windo...

However, I use Virtualbox and/or VMware Player a lot, and Hyper-V doesn't play well with others, so I can't use any features of Windows that depend on Hyper-V virtualization.

I personally use a UWP app that embeds Discord's web interface. It's surprisingly serviceable.

Sandboxie is a free option that usually works:


Well, Discord specifically works in a regular web browser too, which will sandbox it from the rest of your system. There's a couple minor features that will be missing, like the ability to show your friends what game you're playing, but those features tend to be the ones any other sandboxing solution will block too.

Browser. Virtual Machine. Literally called Windows Sandbox. https://www.windowscentral.com/how-use-windows-sandbox-windo...

> The FOSS project I work on uses IRC, but we have an IRC logger all the time, so nobody even has to ask anyone to "rat you out to the cops", it's on a public web URL.

You can use it via tor, so it can’t access a persistent record of your location history, as Discord can. The public logget doesn’t log DMs. Likely, anyone can join without being forced to give up PII.

As for the CoCs, that’s a good thing! That’s the right way to do it. Demanding that your users enter into an absurd legal agreement with a third party to be able to participate is not.

Yeah, this whole posts reads as paranoid rantings. We're not talking about communications between journalists and sources, we're talking about projects whose express purpose is to be open and public. The only actual connection between FOSS projects and the use of secret communication channels is the author's general ethos of distrust.

Being concerned with or principled about privacy is not "being paranoid." Frankly, it's kind of creepy that someone would equate the two.

While I think the above poster was wrong in equating the two, the article does sound really paranoid in a rather entitled way, and as a result makes a great point come off poor, despite the core idea ("Discord is bad") being true.

"Phone numbers are bad and shouldn't be used but also you should use Signal!"

"The only thing I used my account for was DMing a link to a bunch of people and they banned me in a way I could contest because it looks like spamming!"

"For notifying people about stuff you should use electronic mail but don't notify them more than once every two months!"

Seeing a sentence like:

> You should not use services that can rat on you and your friends to the cops.

in a post about [checks notes] FOSS software development, puts things in a certain light.

FWIW I'm privacy-conscious myself. If the author had just made a general effort to point out the privacy implications of using Discord, that would be one thing. Instead he made a contrived effort to connect it to FOSS development - arguably one of the least-private activities one might be doing online - and then went on to call Discord altogether "unacceptable", instead of just saying "don't assume that what you say on Discord is private".

Agreed, and that part (regarding ratting on the cops) is a bad argument. In any public chat, anyone can log. People log in IRC as well. As can servers. E2E encryption makes little sense there. If you do FOSS development, you might actually prefer to know the realnames of the people you develop with. You might want to (temporary) log chats between developers, to read them later. Surely, Mattermost and Discourse allow this as well. Also, Slack is barely mentioned in the article, while I'd say the same argument counts for Slack (but perhaps worse). The alternatives (Discourse, Mattermost, and Mumble), are three, which all 3 would replace Discord. But not on their own...

Correct me if I'm wrong, but if the server is hosted by a trusted source all the normal users can log is messages and nicknames. You can join anonymously. That does not identify you for the purpose of law enforcement.

What light does that sentence put things in? It's not been 30 years since the US tried to prosecute the author of PGP for the crime of FOSS development.

> the US tried to prosecute the author of PGP for the crime of FOSS development

If you're referring to what I think you are, then no, his "crime" was publishing a product that was not allowed to be exported to the public (effectively exporting it). You're statement is equivalent to serving poisoned food and saying you were prosecuted for the crime of owning a restaurant.

No matter if you agree with the export ban or not, it was a law and Zimmerman broke it. That's what he was prosecuted for.

How does this disagree with my point, which was that creating FOSS can get you in trouble with the law (particularly given all the random jurisdictions your contributors might be in), and thus "You should not use services that can rat on you and your friends to the cops" seems like a fair value to hold in the context of FOSS development?

Creating FOSS does not get you in trouble with the law. Creating things that are against the law gets you in trouble with the law - FOSS or otherwise (in Zimmerman's case, even if PGP were proprietary, publishing it internationally was illegal). I have a hard time seeing why a FOSS project* would care about discord ratting them out in case of illegal activity if they weren't doing any. Unless the idea of FOSS is illegal, as your comment suggested, but that is plain false (in your example and in all jurisdictions I am even remotely familiar with).

* - except for things like Signal, Tor..., which are illegal some places, but they probably wouldn't even consider Discord in the first place

> How does this disagree with my point, which was that creating FOSS can get you in trouble with the law...

Creating (or in this case distributing) anything that's against the law could get you in trouble with the law -- kind of how it works.

The only actual connection between FOSS projects and the use of secret communication channels is the author's general ethos of distrust.

Taking your use of "secret" to mean "private," because no one was discussing "secret communication channels":

This isn't actually true; a lot of Free Software projects have private mailing lists.

I don't think you understand at all. The author is saying the platform (discord) should not be censoring communication. Different open source projects have different community standards. Discord doesn't and shouldn't write them for us. If a specific open source project wants to moderate their communication systems, all the alternatives promoted in the article allow this.

Discord, a private company that does not enjoy any sort of common carrier status, may not have any obligation to make up its own rules, but it also doesn't have any obligation not to make up its own rules.

It is under no legal obligation. The authorvis arguing that it has a moral obligation not to censor. Everything you say about 'common carrier' and 'private company' is only relevant to legal, not moral arguments. The author of the paper is arguing that open source projects SHOULD use something other than Discord because Discord is censoring when they SHOULD not. The author brings up no legal arguments.

And I'm saying it has no moral obligation not to censor, either. As a private organization, by default, they get the right to set their own standards of conduct. In the USA, at least, the law adds some restrictions in how this can be done, but only in limited ways.

I honestly have a hard time seeing eye to eye with the idea that private organizations have to let users of their platforms do whatever they want. It strikes me as representing a rather solipsistic concept of freedom. One could argue that the specific restrictions Discord is making are shitty. It certainly sounds to me like they are, and one could then mount an argument that people should steer clear of them because they are acting shitty. But doing shitty things is not necessarily the same thing as violating a moral obligation.

My main gripe here is that communication has become extremely centralised under the control of a few private organizations. A society whose Overton window is defined not by the community itself, but from a few network effect entrenched overlords does not sound like one that's conducive to free expression, alongside other things I value.

I'm inclined to agree, but it's also true that the key distinction between open source and Free Software is ideological. And identifying strongly with Free Software over open source tends to go along with an ideological distrust of governments, corporations, or both. For reasons that are reasonable, if not universally agreed upon.

IOW, it's not necessarily because I think Discord is actually going to tell Joseph McCarthy how often I pick my nose. (You'd be amazed how rarely I manage to work that into group chat conversations about code style, anyway.) It's more the principle of the thing.

Any chat tool that has DMs and has people who are friends using it will have discussion of illegal activity eventually. It is estimated that the average American commits about 3 federal felonies a day. Nobody is immune from this. Simply talking about your day with a friend in DMs that are logged/unencrypted is dangerous.

The part about ridicule/mocking is an example of why Discord’s legal agreement is unreasonable, not advocating for the ability to mock or ridicule people.

The tools should not enforce censorship.

`It is estimated that the average American commits about 3 federal felonies a day.` [citation needed]

It's from a semi-popular book [1]. The author admits it's not a precise studied value; for some people it's likely much higher [2].

[1] https://www.amazon.com/Three-Felonies-Day-Target-Innocent-eb... [2] http://ulrichboser.com/how-many-felonies-did-you-commit-toda...

It comes from this book about prosecutorial overreach:


It's not without its criticisms:


>It is estimated that the average American commits about 3 federal felonies a day.

It has also been estimated that the above statement is poppycock (just now.)

That's sorta how I felt. The article has plenty of valid reasons not to use discord, but it's somewhat of a ridiculous idea that we should not just expect but protect people who practice illegal and toxic behaviors in our chats.

I just feel like saying this here: I don't find that censorship itself is a problem. Self-censorship, for example, is generally not problematic, and everyone does it. A great example of voluntary self-censorship is with swearing -- it's not illegal to swear in public, but most people choose not to do it. That's not to say self-censorship is always problematic, but simply that it is not inherently oppressive. Sometimes, it's the right thing to do.

However, in larger group contexts, censorship earns legitimacy when it is agreed upon by those who are participating in that group. If a group of people agree to not swear in the context of their organization, then by all means it is fair for them to censor. In broader forms of censorship, such as the example of FOSS projects censoring toxic and illegal behaviors, as long as it is decided democratically, then it's absolutely a feature and not a bug.

I suppose the project can do this censorship if they want to (although I should think usually it should be avoided), but then that project should do it themself, rather than Discord or someone else.

Absolutely agreed, although technically a project group could democratically decide they are willing to accept discord's censorship standards. I don't think this decision should be made lightly, but it's okay if the group decides it.

I tend to agree, but I also think this borders on a "think of the children!" type argument that's led to our current privacy ecosystem (the patriot act, snowden, etc.). No I'm not suggesting some silly video game chat app clamping down on trolls is some sort of dramatic slippery slope into an authoritarian state, but I do think it's interesting that the "I don't care about privacy because I have nothing to hide" attitude has even become popular on HN.

Surveillance is always, ultimately, about extortion. People are forced to do what they would not for many reasons besides risk of criminal prosecution.

And for many not being dictated too about what is acceptable might be another feature.

I wish the folks saying things were not acceptable would work on options that had the benefits they wanted.

Steve jobs didn't say - locked down phones with no access to the web in unacceptable, he built a better phone (and was rewarded very well).

He didn't say the way digital music is sold is stupid - he built a better music buying experience that let you authorize multiple devices to play your music etc.

This last came up for OSS and Slack (e.g., "Please don't use Slack for FOSS")[1][2].

I took some time to reflect on why OSS wasn't the default for these messaging tools, rather than proprietary alternatives — and what it would take to make more users use OSS alternatives:

> As Slack has continued to grow, open source developers have had lengthy debates about using it rather than IRC. For some, the fact that Slack is closed source and a walled garden makes it unsuitable when building projects that are open.

> I’ll take a different approach: in the age of software, why is open software not more competitive for many products used by non-engineers and what can be done?

What Open Source Can Learn From Slack



[1] https://news.ycombinator.com/item?id=10486541

[2] https://news.ycombinator.com/item?id=11013136

There are other choices besides Slack and IRC.

Setting up Mattermost on a VPS isn't hard.


Also not free, has banking ramifications, etc.

TFA mentions that Mattermost's source is AGPL and the binaries are MIT. It's absolutely free software.

It's also $0 software, in that it being free software and open source, you can simply and legally patch out their license checks and recompile, if you so wish.

I was referring to the VPS hosting, not the software.

Ease of hosting is one of the very biggest advantages to something like Slack or Discord.

Or just Matrix.

Still harder than Slack, right?

How is slack any better than discord? Both roll out stupid (and forced) updates, and slack doesn't even let me browse kinda old history if the owner doesn't pay for it. [*4] Not to mention the search is relatively terrible anyway.

The main thing that worries me about is discord is their revenue model... I just don't see how they're making money, and they keep on raising money.

There are a few good alternatives like zulip [0], matrix [1], discourse [2], Rocket Chat [3], or just plain old irc.

Although discourse isn't really a chat application but more of a open source forum software.

[0]: https://github.com/zulip

[1]: https://www.matrix.org/

[2]: https://github.com/discourse/discourse

[3]: https://rocket.chat/

[4]: You can get around this by messaging relevant information to yourself. Or just saving things locally, like a weirdo.

If you check the parent I was replying to, it was about Mattermost being harder to set up than Slack.

I never said anything about Slack or Discord being better/worse than each other.

Check out https://www.airsend.io. We are getting started and it works well in our private testing with couple of thousand users. Currently we have apps for ios and android.

And RocketChat no?

Ah, right. I should amend the parent as there are a few other open source alternatives. That said, matrix (from what I can tell) is much more widely used.

I'm surprised people don't bring up GitHub in these conversations more - the most critical piece of modern OSS infrastructure is itself closed-source.

Of course git itself is an open tool, so the repos are totally interoperable, but the OSS community's dependence on GitHub for issue tracking, PRs, etc. has always made me uncomfortable.

Most of the arguments against Discord also apply to Microsoft GitHub. It's unethical to ask people to use Microsoft GitHub. I'm contributing to a few projects on Microsoft GitHub, but I always feel slightly sick doing it, knowing that how using gives Microsoft and unfair advantage in data about developers and ultimate control over their projects.

All the ideology and social problems aside slack is still an awful chat tool. Even if there wasn’t a philosophical problem with it I don’t know why you would use it.

It’s popularity is due to marketing and abusing some social phenomena, not merit.

"Ideology and social problems"?

Not your project, not your choice.

“Free” refers to the software license of the source code. That is it.

The maintainers of a free software project don’t even have to accept contributions outside of their organization or club.

Private companies that use all kinds of proprietary communication tools regularly contribute to free software. Are all of Red Hat’s internal conversations about Fedora guaranteed to make it into the public?

People are also perfectly capable of having private conversations about contributions to free software projects. These conversations don’t ever have to be made public. Again, only the code license is what makes a piece of software free.

So if you don’t like a project’s method of communication, my advice would be to not contribute to it. It’s the project’s own risk of deterring potential contributors, not yours.

I find it hilarious that someone would find themselves feeling entitled enough to tell a bunch of unpaid open source developers how to communicate with one another as if that someone were their boss at a company. The only place where I’m told what communication tools to use is at work, where I’m paid to comply.

>Not your project, not your choice.

I feel like this should be obvious to anyone who has ever read a blogpost or editorial, but the author isn't literally commanding all free software projects to stop using discord as if he has that kind of authority, he's making a recommendation and then goes into detail about why he thinks this way, ending with some alternatives. It's bizarre seeing someone react to an article like this with offense not because of any of the content or points, but for... not showing enough deference in their title?

If you're working on a project and just happen to choose a free software license, then fair enough. (perhaps you'd call yourself more of an "open source" contributor). If however you are acting due to the free software ethos, I think it's fair for others who share the ethos to chime in with their opinion on how well you're doing it. It doesn't have to be a witch hunt, but these things matter more than a zero amount.

What’s the difference between “just happening” to choose a free license and “acting due to the free software ethos?”

Hopefully the free software ethos police doesn’t come knocking on my door because I used GPL 3.0 without having the right mindset.

If you as the maintainer said "hey, I don't really care about Free Software, I just think this is a fun/useful project and the GPL 3.0 meets my needs." and people still bugged you about Discord, I agree you should probably just tell them to fuck off. They might still try to get you on board with Free Software in the first place, but it wouldn't make sense to bother you about details like a chat program if/while you don't care about the cause.

However if you said "I'm creating this project because I care about user freedom" someone might point out "Great. Well, since we're on the same page as far as user freedom, let's take a look at the tools we're using..."

All of that is correct, but, it does not mean that suggestions cannot be made. So, the article linked here mentions their suggestions, I mention my suggestion, etc.

Yes, private conversions about contributions to free software projects are possible and are sometimes desirable. But, messages on the official channels for communications should normally be public; people can (and should) of course still use their own private communication as needed, too, but does not mean you cannot have a public one too.

Suggestions? Seems more like demands in the linked blog post.

There's no coercive power behind them. You're free to do what they say or not.

> I find it hilarious that someone would find themselves feeling entitled enough to tell a bunch of unpaid open source developers how to communicate with one another as if that someone were their boss at a company. The only place where I’m told what communication tools to use is at work, where I’m paid to comply.

They are making a moral argument against discord. If they said it was not acceptable for free software projects to go around hitting people on the head with clubs would that be entitled?

I didn’t find the moral arguments against Discord convincing.

Tin foil hat paranoia isn’t enough for me. The author is assuming their door is gonna get busted down and they’re going to get arrested over their discussions about a bug fix for an open source widget.

I’m not telling anyone to do anything.

I’m telling people what they should not do: that is, don’t discriminate against people who insist on privacy.

Choosing to use Discord does that, so people who don’t want to discriminate should not choose to use Discord.

I’m also offering them alternatives that don’t discriminate against those people, so that they can make better choices if they decide that they don’t want to be the kinds of projects that discriminate against segments of their userbase.

I think if you humbly said you’d prefer people to not use Discord you’d not get this backlash. But you’re making a demand - it’s rude and will instantly turn people against you before they really consider your arguments.

This is literally tone policing, though. Knock it off.

The argument against tone policing in a social justice sense is that people who are being wronged by society are allowed to be angry.

This person isn't being wronged. They just don't like the software other people chose to use in their projects which have nothing to do with the author of the blog post!

If someone tells you they're suffering racism you should listen no matter how it sounds to you. If someone tells you they don't like that you're using Slack and that you should not use it, you're right to tell them to sod off until they can be polite.

Criticizing someone for making demands, or pointing out that not making demands is more likely to actually accomplish what they want, is not tone policing.

You are more than welcome to not participate in any group that uses Discord, that is your choice not something that someone else is making you do. It isn't discrimination for a project to be using a tool that you don't want to use.

I am a member of a public, nonprofit organization that uses a tool that explicitly bans me, automatically, when I am trying to use it in a way that protects my privacy.

That sounds like a reason to complain to the management of that organization and see if they can work something out or pick a different tool, not write a blog post ranting about how much you dislike this company.

This blog post is precisely that complaint. Discord banned me and deleted my account when I sent them the link.

> I’m not telling anyone to do anything.

> I’m telling people what they should not do

Those two things are the same.

> “Free” refers to the software license of the source code. That is it.

You might want to read this: https://www.gnu.org/philosophy/open-source-misses-the-point....

That's one person's idea about what "free" means. GNU and Stallman don't own the concept of "free", nor do they claim it

This particular paragraph is strangely under-informed in an otherwise-good article.

""" Many people in the free software movement find censorship in general to be abhorrent. (That’s one very good reason, for example, why emails you receive that might be spam go into a special folder, instead of being silently deleted without you having a option to choose to see them if you wish. Your email server could just delete them! The fact that it doesn’t was a deliberate design choice to avoid censorship.) """

Lots of people's email servers do, in fact, silently delete quite a bit of email, because the signal-noise ratio in the world of email spam is so bad it swamped the attention budget of users (and in some cases the storage budget of service providers) ages ago, even with a spam folder attached.





Yeah I don't understand that argument -- how could silently deleting emails enable censorship? I guess the email server could censor emails by silently deleting them? If so the fact that it's not in the protocol certainly wouldn't stop the censor...

If there's no way for people to access those emails (as they were silently deleted), it's basically censorship, or am I wrong?

Correct. Censorship is a tool, it is not inherently good or bad.

You want your email server to censor all entirely-obviously-over-the-top spam messages, for example (e.g. SA score >20). Most people want Facebook and Discord et al to censor spam postings.

However, when censorship veers from basic utility into editorializing (e.g. Facebook and Instagram's algorithmic prioritization/deprioritization in user feeds, Discord banning the legal and regulation-compliant /r/guns subreddit's Discord, or Facebook banning posts with male nipples, or Youtube banning instructional/educational videos about computer security, or Apple and the Taiwanese flag, or Gmail spam-foldering emails from smaller email providers not part of the deliverability cartel, or a million other examples), then it becomes a social issue and a potential problem that we need to address.

Email that is not 100% not-a-false-positive should never be silently trashed.

It doesn't matter because that's NOT the reason why spam is commonly not autodeleted. The reason is because of false positives. If you could be 100% certain of never falsely flagging an email as spam, you would be totally OK with autodeleting them unless you're either just curious or specifically doing something with spam messages.

So there was a software project that I wanted to ask some questions about on their IRC.

So I clicked a link on their GitHub page for some online IRC client.

I had a conversation it was great. Except for the part where I wanted to paste some code and it didn't format. And then I was recommended to use pastebin and paste a link.

Then I went away for a bit. Came back later and my computer had rebooted while in standby. (It's an old laptop and is a bit flaky with resume from standby)

I returned and click the link for the IRC chat. And I couldn't see the previous messages.

And they had a link to a log but it wasn't working.

And apparently the server doesn't log by default.

Look, no offence to IRC. But this is some crazy bullshit.

Like Discord, Slack, Gitter, Teams. Whatever. Isn't going have this issue.

At the end of the day people want to communicate and get their stuff done.

For a free software project, sure, using opensource tools is a great idea.

But sometimes faffing around with none core things just wastes everyone's time. Especially with they could instead be working on features and bug fixes.

Matrix is a more modern, open source alternative that doesn't hand over your data to a company to be monetized.

Matrix channels can even be bridged with IRC using bots, allowing people to use their tool of preference.

> that doesn't hand over your data to a company to be monetized

Slack, Discord & Gitter don't monetize data either, so that's a pretty weak argument.

If you use a non-browser IRC client, you wouldn't have faced this issue.

If you had used a persistent IRC system (like quassel) then you'd even be "online" permanently, whether or not you reader-client was running.

IRC has different semantics and goals than "modern" chat/msg systems. Even though they overlap quite a lot, it's a mistake to think that one is a substitute for the other.

This is still friction. If it need to be explained, than you UX is not that good.

Yeah, bare IRC is like sliced bread without butter but everyone has an oven and some butter in their kitchen, whereas Discord is a glazed donut.

Surely a donut tastes better bare. Not good for your heart as well. Now that most people don’t have a kitchen it seems like a problem to me as well.

This is such a tediously computer-centric vision. There are hundreds of tools in the world that are used every day that have "friction" and need to be "explained". Nobody complains that their UX is not that good, because they understand that certain tasks require some level (possibly mastery, possibly just a basic understanding) of the tools and processes.

As noted by another commenter, the fact that you know how "most modern chat/msg apps work" doesn't mean that they all have good UX - it means that they all have the same UX, and you've already learned it.

You convinced me of the opposite the moment you suggested the user leave the browser to get sane defaults from an IRC-client.

Not-installing-nor-configuring-anything is such a vastly superior UX that we need not unlock any more levels of discussion. Discord's web app saves easily accessible history remotely[1] and has sane code-formatting defaults. Correct me if I'm wrong, but I haven't seen that for the default configuration of an IRC client on any distro. For OP's use case of "just let me communicate with the devs for a bit, please" that's the ball game as far as UX is concerned.

[1] You can apparently use Discord without saving the history. But the user has to explicitly go off the path that the interface provides in order to do that.

>Not-installing-nor-configuring-anything is such a vastly superior UX that we need not unlock any more levels of discussion.

No doubt this is why Slack makes desktop and mobile app versions of its service, rather than rely on the browser. I'll give them credit - the browser is an option at least.

Yes, IRC has no code-formatting defaults because the culture of IRC is that you do not post code to a public channel. Would it be useful to sometimes paste directly into a private channel and not lose formatting? Sure, but compared to the formatting and highlighting options of pastebin and the like, it's not really a hardship and may even be a benefit.

I use Discord, but I live and work inside IRC. Discord feels like a candy-filled store compared to IRC. They both have their uses, but I am fairly certain that our IRC channel (both the public and private ones) would be less useful and accessible if we moved them to Discord.

> This is such a tediously computer-centric vision. There are hundreds of tools in the world that are used every day that have "friction" and need to be "explained".

I would be very interested to hear of some such tools?

routers. chainsaws. pipe benders. lathes. plaster hawks. thread tappers.

shall I go on?

Friction is very subjective. For many, joining a channel on freenode is a matter of seconds, whereas registering to a new Slack workspace is like accessing a news article behind a paywall — you won't do it unless you absolutely have to.

Is knowledge that a low res picture of a floppy disk means "save" inborn a priori? All software needs some degree of explanation. Discord only needs less explanation because it's more similar to other popular software so your metric is less a measure of UX but one of conformity.

IRC is just a relay. it's not storage and never will be.

A IRC server can log. I have once programmed a IRC server to do this for a predefined set of channels, and the MOTD mentions where to find the logs. (This way, everyone is aware of the logs.) Whether or not it logs has nothing to do with the protocol; it can be a feature of the implementation.

and most channels have a valid and longstanding rule against public logs.

because if you were raised as i was in the internet of the mid-90s, logs and real names are weapons, and we don’t do that to our friends.

Anyone reading can "log" the messages. If anything, a server that always logs just forces you to understand that your messages were never protected.

Yes, of course, and i maintain private logs for my reference.

Public logs are another matter.

Anyone who has private logs can leak them, and nobody will know who did the leak if care is taken.

But anyone can log the messages and at any point they can come out for a number of reasons. None of them have to be negative or evil. Stuff happens.

I find in many ways it’s worse to hand wave and say there’s a policy against something where no one can actually control that policy.

Also, many people don’t understand that things can still be logged or tracked. So the policy example given can give many people false thoughts.

An example is Zoom video chats. It has a record feature. The record feature once on turns on shows a blinking recording icon. In one instance people got a bit upset about it. They were even more surprised and couldn’t completely grok that any one at any time can screen record their own desktops without any one ever being notified or knowing. So Zoom letting you know is actually better.

And since IRC was made, storing message history has become an expected feature for chat applications.

That's an expected feature that only makes sense if you're part of a community that expects to share all communication.

On the Ardour's project's main IRC channel, it makes absolutely zero sense for the vast majority of people in the channel to be able to drop off the channel for 2 days, and come back and read everything they missed. The social expectations and norms there don't make this a sensible or reasonable expectation.

Contrast with "modern chat systems" ... in most of their uses, this is an entirely reasonable expectation because you are a _member_ of the group, and simply being offline isn't a reason for you to miss messages.

In our case (Ardour), we have private IRC channels where this sort of expectation is more reasonable, and we run a Quassel server to provide "always-on" messaging for people who are "members" (i.e. people for whom it's sensible to expect that they never miss messages).

There's no technical reason a browser-based IRC client couldn't keep rotating logs.

where would they be kept? it wouldn't be the browser-based client that wrote and managed the log, surely, but (as with quassel), some server (e.g. the thing the browser talks to). and sure, someone could write a quassel-based in-browser IRC client. I don't believe it has been done thus far. That fact in and of itself points in the direction that others have mentioned: public logs of IRC channels are not part of the culture of IRC.

A browser-based client could persist the log in localStorage for basic history. It wouldn't capture conversation when you're offline, and it wouldn't store years of history or anything, but (1) it would solve the problem where the user refreshes the page and loses all their channel history and (2) nobody who is using such a web IRC client has a bouncer anyway.

I know. I've used mIRC lots 10+ years ago.

But the expectations for chat today has changed a lot

I agree that Discord is not a good choice, perhaps not even an acceptable choice.


Discord (not to mention Slack) will simply continue to be the lowest friction choice until a FOSS alternative comes along that is free to use, comes with rich moderation tools, supports fine-grained notification settings, supports offline history without additional effort, supports rich bots, has a mobile client that shares state with the desktop clients, and already exists on most people's desktops.

So to impact the open source communication landscape, the standard that needs to be exceeded is Slack and Discord, not IRC.

There is Mattermost, Rocketchat and Zulip.

No mention of Riot/Matrix?

Does the matrix spec offer moderation tools? I don't see anything off the top of my head.

It's also a bit of a chore to even identify how to get a server. Matrix.org points you towards other implementers, Riot.im pushes you back to matrix.org for a login, and to "Modular" for a server.

This is kind of the opposite of low friction and ease of use.

It seems pretty slick from a technological point of view, but a bit of a mess from an implementation point of view.

With no or terrible voice support.

all of which are high friction yes?

I wouldn't say high friction, but clearly not as convenient/low-friction as signing up for slack/discord.

Respectfully, I've only heard of one of those before, and none of them are installed on any of my devices.

Now, I looked up each of them, and found that they all rely on hosting your own server, or some kind of strictly limited "community" plan. The managed (and for Mattermost even self-hosted) servers all hide features (such as message history, rich moderation tools, or support tickets) behind a paywall.

These are solutions aimed at enterprises, and they use open source (or open core) licenses as the foot in the door. It's commendable that they offer to let you host the server yourself, but I would not call it "simple" to do so.

I believe that this high friction and low install base will make them effective non-starters in the open source development space.

> they all rely on hosting your own server, or some kind of strictly limited "community" plan

Happily this is not true of Zulip! Open-source projects get free hosting on zulipchat.com, with the exact same features as our corporate customers. Quoting from https://zulipchat.com/for/open-source/ :

> The hosting is supported by (and is identical to) zulipchat.com's commercial offerings. This offer extends to any community involved in supporting free and open source software: development projects, foundations, meetups, hackathons, conference committees, and more.

(I work on Zulip.)

> The managed (and for Mattermost even self-hosted) servers all hide features (such as message history, rich moderation tools, or support tickets) behind a paywall.

I know nothing about the other systems but this isn't true for Mattermost. We run Mattermost ourselves and it does indeed offer message history and moderation tools, they're part of the open source Mattermost version. I can't think of any feature that I miss from it, to be honest.

Its extremely high friction for the many developers who are not willing to sacrifice their freedom in order to contribute.

And (unfortunately, in my opinion) those developers are in the vast minority. They may be a vocal minority, but they are still a minority.

How can I assert this? If they were not a minority, they would have sufficient clout behind them to push the project onto a FOSS chat solution.

You also have the issue that the most vocal users are also the ones who produce the least code.

At least that's my experience.

You forget that it’s not a meritocracy nor a democracy. The project owner(s) get to set the official links to bug trackers, chat locations, etc and that’s it.

Then pick a project to contribute to that doesn’t use discord. But don’t try to change the world to suit your needs.

If anyone is trying to change the world to suit their needs, it's Discord Inc, who ban any attempt at trying to integrate a client with their platform in a freedom-respecting way. It's a classic walled garden: https://news.ycombinator.com/item?id=17462138

Then don’t use discord.

I already don't use discord. My point is that it seems hypocritical to wall yourself off in a platform that bans third party software and tries to pressure everyone into using their client, while complaining that someone else is trying to change you to suit their needs.

Umm how does that make sense?

The project owner(s) picked a platform for their communication and presumably all current contributors are fine with the choice, and then some third party is coming along and demanding that the entire project change their entire communication system to accommodate this one person? How in the world is it hypocritical to tell said person to take a hike?

Because the "third party" doesn't have any other choice, they have been forced into that situation by the walled garden platform vendor. The demand does not come from them, it comes from Discord Inc, who refuse to let anyone access the service on any other terms. They are the ones who are telling everyone to take a hike, and when you relay that message I really doubt you're speaking for yourself. All you're doing is reinforcing their decisions. This isn't just some chat room you spun up, it's an active business with a plainly evident market strategy. To put it another way, if we got down to it you (or any of these other projects) don't seem like you'd be personally against an open source Discord client. But when you tell people to take a hike, that's effectively the stance you're taking, and it's only because that is the company's stance.

Don't get me wrong, I would love to have made an open source discord client years ago when discord was new and I was being asked to use it regularly, and if that panned out then this blog post wouldn't have even existed. But the company has always been hostile to the idea.

I really don't think anyone is holding a gun to the project owner's heads and forcing them to use Discord. So they aren't forced into that position.

I personally don't like Discord for lots of reasons, but the original blog post and other comments supporting it are basically arguing that project owners have to change things in order to accommodate some people who have an issue with Discord. My point is that no project owner has any obligation to change things for any random potential contributor who is making demands.

Sure, Discord being less slimy and/or having other client options would be great! I personally use IRC a lot partially for these reasons, but I object to someone telling other people how to run their projects.

>I really don't think anyone is holding a gun to the project owner's heads and forcing them to use Discord.

This is not related to what I said at all. No one is being forced to use Discord. But Discord absolutely is forcing the project owners to get all the other contributors to accept the discord terms if they want to use it. That is the entire reason they make users accept the terms before they even sign up. Some users don't care about being forced to do this. Some users do, and if the project owners want to accommodate those people then yes, they need to change things. None of this is really up for debate and you seem to understand it well, so it's unclear to me what your point is. It also is very strange to me that you're now blanket objecting to these type of requests when you mentioned before that it's easy for the project owners to just say no thanks.

the standard we need is IRC. just with encryption, ability to store messages, and notifications. we should stop reinventing things that work

IRC is a protocol, Discord and Slack are complete ecosystems. This isn't just a protocol problem; there has to be user friendliness in the full experience.

IRC can be part of a solution but it's not a solution on its own.

We need IRC with a few tweaks. There’s quite a few holes in IRC’s spec including lack of a scrollback support. But yes, there is no need to be making everything its own proprietary system.

The old school solution to lack of scrollback support in IRC, and similar, is to run a persistent irc client (bitchx or irssi) inside screen or similar software, on a linux or bsd shell system, which has 24x7x365 uptime and network connectivity. And then to connect and disconnect to the screen session as needed.

Properly implemented, I've had much better availability with this sort of solution than with Slack. I've seen multiple hour outages of Slack services just within the past 6 months, it's well below four or five nines reliability.

The problem is, that only fixes IRC for you, not the other 99.9% of users who you are presumably there to communicate with.

Slack/Discord/etc. fix the problem for everyone.

Trying to community-build on IRC just seems like an exercise in masochism. I think most projects and their users deserve better than that, and it's hard to do worse than IRC.

I absolutely agree that a semi-public or public community built on irc would not be the way to go in 2020. In my use case it's for much smaller groups of individuals who all know and work with each other, within private companies and small work groups.

Fortunately, "IRC with a few tweaks" is being actively developed under the name IRCv3 and it seems that scrollback support is defined by a combination of these specifications:



Sounds a bit like what you'd get with an IRC BNC, plus the encryption.

It's a bit sad to read so many "I don't discuss anything illegal, so this doesn't affect me" arguments here.

That's not really how it works, and if we take history as an example, most of what you say can be used for profiling and targeting potentially. So no, the above argument misses the point, completely.

We can do better as educated folks. A good starting point to learn bout privacy would be to read -at least a bit- of Daniel J. Solove's "The Digital Person: Technology and Privacy in the Information Age". Also, learning more about history and what happened with PII (personable identifiable information) in WW2 is important.

>We can do better as educated folks.

There's nothing uneducated about having a differentiated view on privacy, which this blog post has not, it's mostly just an incoherent rant.

There's nothing wrong with not having any expectation of privacy for discourse that is supposed to be public. I don't care if my open source development discussions are public because they're intended for a public audience. Same goes for any discussion I have on a discord.

People with an educated mindset are able to discern what information deserves what level of privacy, rather than larping as privacy advocates to stick it to the man or whatever the motivation is.

I'm not seeing those arguments. Whose argument are you referring to?

Despite being a strong privacy advocate, I didn't find the post particularly compelling. For the vast majority of open source projects, discussion of anything illegal would be considered off topic, and there is no expectation of privacy since all discussion is public record. Having those discussions being public and searchable is a valuable feature.

Does that mean I am against good tools that enable private discourse (like Signal)? Of course not! Some open source projects probably have a need for private discussion channels. I'm all for them using them. But to then extrapolate from that: "don't use Discord to discuss your open source JS widget library" doesn't make sense to me.

I was just reading the discussion happening around the post and where people are going with this. I agree with you Jared, and I didn't find the post particularly compelling as well.

I should have been more clear. I just read through the comments here in HN and tried to make an observation about the level of the conversation that the HN community (is it a community?) seems to be having. Mainly wanted to express that I hoped that we could all learn more about privacy in this day and age, given that it's (or should be) a fundamental matter that relates to most of what we work on these days (at least as people working in tech).

"You can self-host Mattermost in a very straightforward fashion."

There's a very long chasm between "You can get the software running, and have it respond on a port to requests" and "Providing a mission critical service that your project relies on".

The key word here is service. It is often drastically underestimated how much effort is required to have a service available, especially at any sort of scale.

Free/Open Source software is irrelevant as soon as you are providing a service, because by design, the only people who have control over the service, are the service operators, and the only people who really know whats running in production are the people who deployed the code.

Given that, the only choice a user has is whether or not to trust whomever is providing the service, regardless of whether or not the software they are running is free/open source, or proprietary/in house software.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact