Hacker News new | past | comments | ask | show | jobs | submit login
Discord is not an acceptable choice for free software projects (sneak.berlin)
532 points by rauhl on Feb 21, 2020 | hide | past | favorite | 357 comments



I help maintain a pretty popular open source game mod. One of the features the mod provides server owners is anticheat, and one of the consequences of that is needing cheats in order to make sure the anticheat system works, to test exploits, and to make the game safer. Discord permanently banned the server and my account because we were breaking terms of service violations, even though we had blessing from the game developer themselves.

They later reversed the ban on my account, but kept the server deleted because they maintained that we advocated cheating. Again, we develop anti-cheat moderation software.

In my last contact with them, I was told that that it was up to us to moderate the server better too. If any user posted cheating related material, they would of course ban the server for terms of service violations anyway (this essentially inverts the typical idea of "safe harbor" protection that traditional websites have).

The problem with not using Discord is that they successfully captured the gamer and game market. As a game related tool, all of our users are on Discord. It's a shame that one company was able to do this.


The company was only really able to do this because it was a significantly better platform than what was there before. It was amazing to be able to open Discord for the first time and everything just worked! After struggling with voice chat in Skype, ventrilo, teamspeak, and mumble for years prior, that was a huge breath of fresh air. And the easy way it handled invites and text chat was the cherry on top.

It's easy to hate on Discord's practices but it's worth remembering that they're on top because their project is legitimately good.


You struggle with audio settings in discord just like you do in Skype, ventrilo, and teamspeak. Most of the struggles with audio are not with individual programs, but rather your audio hardware, the OS, and its settings. (Windows updates love to screw those up.)

When discord released it didn't even have a Ctrl+f function for a long time. It still doesn't have chat logs on the user end, the permissions system is bad and audio quality is mediocre. On top of all of that, because they don't allow self-hosting it means that discord ultimately controls your conversations.

It caught on because it went viral. The service they offer is good, but the lack of privacy and no self-hosting make it disappointing.


From experience I can say Vent was (is?) pretty horrible. You had to run your own or pay for a server too, which was a huge deterrent to adoption. Skype is fine, but not focused around rooms / channels.

Basically it was a ripe market with extremely bad products. I don't think Discord is anything amazing (seems fine for the most part), but they're clearly significantly better than what existed when they launched.


And their stability is questionable. While it's not that bad, I experienced their server crash more than once. Never had server crash on my own hosted ventrillo server, not once in a 5 years.


I use Discord every day. I would say that there are issues about once a week or few weeks where text messages are delayed by 10-30 seconds. Some of them don't arrive either. Using it for text communication at those times is challenging. I'm unsure what happens to voice chat at those times, but the text part is infuriating.


I disagree on the ease of use of the other tools. I ran a mumble server for a guild for almost 10 years and it was quit easy and awesome to use... for voice. Then due to reasons I turned it off for a while and by the time I came back everyone was on discord...

The main thing that discord did was combine voice with the chat side of things, and with per user chats and history. A lot of people don't know that mumble has a pretty decent html capable chat, but it's the history searching, dynamic rooms etc that set discord apart. Mumble still has the superior voice capabilities (simultaneous multiroom, easy permission, hierarchical, etc)

I have put most of my hope in mattermost to do murmur integration to solve this problem.

In the meantime I find myself considering trying to get everyone back on irc+mumble.

edit: Also, just have to say I bet the gov loves having a single place to send all those NSL's... cough hint cough


Nobody's going to embrace IRC again until multi-device gets solved.

But the default answer to the question "how do I have seamless transition between my desktop and my phone" for IRC remains "pay for a shell/bnc, run irssi in screen, etc" which is of course a UX nightmare.

Discord has a buttery smooth onboarding process.


Maybe The Lounge (https://thelounge.chat/) could help ?


That still means running your own server, and having a machine running 24/7 to host that server. For many, many people nowadays a laptop is their primary and often only machine.


Why not have a little box plugged into your router with an app for your phone or web interface on your desktop with an app store like interface where you pick out the services that you want to run instead of paying $5 a month.


Because iPhones only deliver notifications through Apple's Notification Services which costs money. (Good for battery life though.)

Similarly for Android, the most reliable notification method is using the Google Play Services servers.


Make a Kickstarter for it?

Saying is easy. But for some reason, it still doesn't exist.


Because I don't have static ip.


Most people keep the same IP address for months. Your machine can update the address a public domain or subdomain points to on the rare occasion it reboots. If content is cached by hosts that have previously viewed it then this wont even cause an interruption.

With IPv6 one would suppose that it would be easy to keep the same address given that there is virtually no chance that anyone could accidentally be assigned it.


What I'm describing can't be achieved without server-side changes. The lounge is great but from what I can see it relies on having a persistent connection from the user's desktop.

Doesn't really solve the problem.


> But the default answer to the question "how do I have seamless transition between my desktop and my phone"

The "modern" answer is "don't do that". There is a time to play social games, there is a time to do what you are doing, and you should spend some time talking to yourself too.


Answering a valid usability question with unsolicited suggestions on how someone should structure their social life isn't very helpful.


"The grapes are sour anyway" is the standard open source answer for decades..


Just because it is not the answer you were expecting doesn't mean it is useless. People that give you what you ask for are not always your best friends.


Not fulfilling user requirements however, just means that your product is bad.

Thus the success of discord.


Actually, the modern answer is "use something other than IRC", which is partly why Discord became so popular with gamers.

The answers to changing user tastes is not to proclaim their tastes are wrong. That's the attitude displayed by a lot of IRC server operators and prolific IRC users, and it's that refusal to adapt that's driving IRC into obsolescence.

Maybe those people are ok with an ever-dwindling userbase, and if so that's great. But I'd like to see a Renaissance of IRC to the detriment of proprietary walled gardens like slack and Discord.


I agree with the sentiment of this answer.

While I think it could have been said better, we all need to quit feeling the need to have everything so perfectly connected all the time and feeling frustration when our tech gets in the way.


What made it good was free server creation that didn't require a client download. Just send people a link, and they can join your raid even if they dont have the client. Any actual quality of the provided audio link past that point doesn't matter.


> It's easy to hate on Discord's practices but it's worth remembering that they're on top because their project is legitimately good.

You mean it's easy to forget about Discord's practices because their product is good.

Seriously, you're arguing that they get to do whatever because "their product is good"??

Do I have to spell out how egotistical this attitude is?


Yes. Because that's what matters if you actually want to win. There are a thousand Foss software packages or there that are philosophically superior and have better practices than their commercial brethren. But they lost, and in the end that's what matters.


But only because there are a hundred times more "commercial brethren", some of whom "won" and apparently get to do whatever. It's still a choice that people make, except it's a "tragedy of the commons" situation. Which is what I wanted to point out in my probably somewhat too harshly worded comment.


That's not what I said, but don't let that get in the way of a good rant.


[deleted]


> Discord audio settings can be as annoying as the others apps.

Discord has been by far the best of any app I've ever used, because I give someone a link, they click on it, they immediately join the channel, and it immediately works. They're now in the voice chat. They have great defaults.

I don't care how annoying the individual settings are, or if other apps do that better. What they have are defaults that work out-of-the-box better than everyone else.


I never had an issue with TeamSpeak's audio settings...

I have had more issues with Discord than any other VOIP.


Two things: 1) paragraphs help organize ideas without looking like a giant wall of text, 2) don't joke about rape


> don't joke about rape

Where do you draw the line? Are jokes involving death also out of the question?

I’m not a big fan of rape jokes, but is there some specific list of things which are unacceptable to joke about in 2020?


I think "don't be an asshole" is a pretty good rule of thumb.


It’s a tough world where “ear rape” strictly falls into the “being an asshole” category.


Given that there are 470,000 words in the Webster's English dictionary, there are plenty of alternatives to show magnitude without using a word that invokes trauma in many. The 'git gud' is learning to be funny without relying on this sort of shock value. It's an asshole thing to say so, like, don't.


I really doubt that there exist many people whose traumas are invoked by “ear rape”.

I don’t doubt that there are heaps of virtue signalers who’ll pretend to be utterly shocked though, fuck those people.

It’s okay to joke about death, even if the world is full of people who have had traumatic experiences with death. It’s okay to joke about traumatic experiences, that’s just a perfectly normal coping mechanism. (Although I have a hard time reading “ear rape” as a joke about rape)


Your perspective and analogies are all wrong (which is why you have downvotes). You must not be close enough to many women who have shared the reasons why rape and rape culture are a non-joking manner. Just don't say the word "rape" unless it's serious or medical.


What’s so special about women here? I’ve spent a decent amount of time in prison where men raping men is very much a thing, rape jokes were common even among those who found it absolutely awful. (Actual rape jokes, not expressions like “ear rape”)

Is there a reason why you think that women would be especially susceptible to this besides some bizarre sexist fantasies of yours?

What you’re suggesting here is far more offensive than any rape jokes could ever be.


This is a greater problem to solve than Discord. How do a group of people publicly and responsibly disseminate blackhat information to whitehats?


It's a good question, though I think the "publicly" and "responsibly" aspects may be inherently at odds.


Even only hearing your side of this, I think Discord is being reasonable. It sounds like anyone could grab a cheat from your server and go wreak havoc on an unmodded server for this game... surely your mod isn't universally used?


What does that have to do with Discord? What makes them the cheat police?


Trying to maintain cozy relations with game devs.


Then Discord were not being reasonable, since (according to the story that the rest of these details are from) the channel had the blessing of the game's developer.


I think the question for discord is rather if it allows that precedent on one platform it becomes much easier for cheat distribution communities to use this sort of rhetoric as a disguise to avoid being banned.

I think not allowing the distribution of cheat software even for benevolent purposes on a platform so widely used by a general audience is probably a reasonable choice.


No, that's a bogus argument. People always try to justify misbehavior by saying that acting appropriately would create precedent, and applying that precedent to a totally different situation would lead bad results. This argument is bogus because you can just...not do the second part.

The actual slippery slope is that making excuses for companies that act inhuman just allows companies to act more and more inhuman.


Discord is a private company. I know it has been pointed out repeatedly, but there is no slippery slope here because discord is not obligated to host any content it deems bad for its business. This isn't inhuman, nobody is entitled to use anyone else's private platform.

Precedent matters when it comes to what you host because it does put a significant burden on discord to distinguish what content is malicious and what isn't once they allow malware to be distributed on their service. If the platform becomes infested with people spreading malware for games users or other game developers will avoid it, harming discord's business.

If you want to have a community of people that shares content that violates the terms of service of a lot of existing software then you'd probably be wise to host that platform yourself rather than expecting a game chat company to facilitate the sharing of game-breaking software for you.


> Discord is a private company. I know it has been pointed out repeatedly, but there is no slippery slope here because discord is not obligated to host any content it deems bad for its business. This isn't inhuman, nobody is entitled to use anyone else's private platform.

This seems like kind of a red herring, because it doesn't address the question of what behavior is reasonable. You're throwing out a generic talking point that would make essentially any behavior "reasonable" if we actually accepted it as a justification. This is like getting caught cheating by your spouse and trying to justify it with "It's a free country!" It doesn't matter, because your legal obligations are not the point.

> Precedent matters when it comes to what you host because it does put a significant burden on discord to distinguish what content is malicious and what isn't once they allow malware to be distributed on their service. If the platform becomes infested with people spreading malware for games users or other game developers will avoid it, harming discord's business.

This is not saying Discord's treatment of OP was reasonable, it's just speculating that Discord are unreasonable because it's cheaper to be that way. I agree that's probably true. And I'm saying I think we should carefully consider whether we want to deal with companies that have that particular set of priorities. Maybe the answer is yes for you, but a lot of people and businesses have been burned by similarly inhuman customer service from (for example) Google, so I think it is at least worth recognizing unreasonable behavior.


>Discord is a private company. I know it has been pointed out repeatedly, but there is no slippery slope here because discord is not obligated to host any content it deems bad for its business.

You're right. And this is another reason why Discord should not be used.


Which company do you work for and does it share your values in this question?


I work for a small robotics company in the UK, I haven't worked in social media or communication if that's your question.


No. If the game dev agrees this particular collecting mechanism (a discord server) is worthwhile then they've granted an exception. This overrides the "not suitable" aspect by virtue of that granted exception. Cheating communities can still be shut down even with one community having the exception. "Fairness and equal ability to apply an exception to a rule" is not a valid defence in this circumstance.

It would be like saying that police aren't allowed to speed when they have their lights flashing. No. The exception has been granted. You can't use the police's exception when you speed because you aren't operating with that granted privilege.


If someone came here complaining that the cheats that they were developing and selling got banned from Discord, their comment would have been downvoted and flagged. I'm responding to their justification for why they said they needed to host cheats on Discord in the first place, not Discord's ToS.


Its using discords stuff. Nothing, but I don't see how that's relevant.


Yeah, I'm sure that kind of thing could be shared privately by email between the relevant parties


when was the last time Gmail banned someone for sending controversial e-mails from their platform?


How would anyone know? I keep seeing HN posts of people losing their Google accounts for some unspecified ToS violation (that is, if they can get any information about their ban from Google at all).


No one ever reported that by the way. With their massive user base it would have already happened at least once especially in the light of all of these scandals of lack of platform neutrality.

Twitter, Facebook, YouTube but never Gmail.


What are you talking about? People constantly report their Google accounts being banned, very often for things they did in their emails. It seems impossible to me that you've never heard of someone being banned by Google because of something they sent with their Gmail account. Usually Google reports it as an unspecified ToS violation, but that doesn't mean it wasn't related to things they did in "private" correspondence via email.


> very often for things they did in their emails.

Do you have an example? I don’t recall ever seeing that. I’ve seen mostly for other services.


I believe it has been many years since any Google employee has looked into a Gmail accounts message contents without prior permission from the account holder.


"Privately" and "by email" are directly in conflict with each other as well.


If you're referring to the fact email is usually not encrypted / verified, that is clearly not what OP was referring to by "privately". Email is in general a "private" (as opposed to "public") means of communication.


Why cant cheaters just use a web site and irc to do this? Having a policy of kicking cheaters as found ought to be enough.


We need (a) Linus Torvalds to scratch this itch. We need someone to write a serious open-source alternative, like happened with Linux and git. Only, it's going to be very difficult for software that needs critical mass to succeed, like chat or social networks. I haven't heard of interoperable social networks, instant messengers, or chat systems. Pidgin works as a wrapper around several IM accounts.


It sounds like you would be interested in Matrix. [0]

[0] https://en.wikipedia.org/wiki/Matrix_(protocol)


This has been done with Mumble, it just needs some refinement. Mumble (the client) and Murmur (the server) [1] [2] can handle many people on a small server. I have run a murmur server for a long time and it is very stable. The voice quality is superior to anything else I have used. The client does need a little bit of refinement to be as happy-clicky easy as Discord. If anyone has not tried version 1.3 [3], give it a go. There are public servers if you want to try the client without hosting your own server. Their code is all on Github and I am sure they could offer suggestions if you were using their libraries in your application.

[1] - https://www.mumble.info/

[2] - https://github.com/mumble-voip/

[3] - https://www.mumble.info/blog/mumble-1.3.0-release-announceme...


One thing I'd really like is for Mumble to stop pushing certificate-based authentication so hard.

You can make whatever security arguments you want, but it's going to drive away users. And then they'll still be using passwords anyway, on whatever chat service they use instead of Mumble.


Like git, even an open protocol will come to be dominated by one supplier.


Github is very popular in the hobby/open-source world, but their offering still seems very "light" to me. In the "enterprise" world, products like Gerrit and Jira are probably beating github by a large margin.


I can't see how Jira is similar to Github. Do you mean Gitlab or Stash?


He probably means Bitbucket.


He probably meant what he wrote. Github has an issue tracker after all.


Just like https is dominated!!


People have moved through different messaging apps so many times over the years that this in not a secure position for Discord.


This is what E2E encryption is for. Disseminating code that violates a platform's TOS would surely lead to banning. And cheating in games puts people at an unfair advantage so they'd want to mention it in their TOS.

The question then becomes how to motivate the average gamer to jump onto a different messaging platform.


Secure E2E encryption of multicast/broadcast traffic is hard and borderline intractable problem.


> You should not use services that can rat on you and your friends to the cops.

>Regardless of whether or not you are the kind of person who mocks or ridicules people—you should be able to use your communications tools to mock and ridicule people, if you so wish. These are normal, acceptable things to do in society. Fuck censorship.

I would guess that for the vast majority of Free Software projects, not having illegal topics discussed on the chat and not having people who mock and ridicule people are features not bugs.


Discord is a bad decision for security reasons, for privacy reasons, reliability, and for ethical reasons.

it's not just illegal things that are kicked off. If you violate a third party company's terms of service, say making bots for Team Fortress 2 (a valve video game) then you'll be banned suddenly as well. And Discord is no stranger to banning things that are not illegal but just controversial like, https://www.reddit.com/r/guns/comments/cvv5da/meta_rguns_dis...

In terms of privacy: they send a tracking request for every single thing you do in their client. Clicked on someone's profile, clicked on a channel, clicked on a server, etc. The URL was named /track before but they renamed it to "/events" recently (but it's still a POST with no response).

Their desktop client is literally a remote administration toolkit, it has full access to FS (electron app) and it loads every script from their servers. They can just add something like require('fs').readFileSync(process.env.HOME + '/.ssh/id_rsa').toString() and send this to their servers, and you won't even notice that (since it doesn't require an update on client because the client is just a browser with full permissions that loads obfuscated code from their servers every time you launch it).


Most programs can download new code and open whatever files they want as long as their process has the permissions. You can certainly argue that that shouldn't be the case, but calling Discord a RAT because of it is pretty silly.

(Not defending it on the other counts, though. If I wanted a platform for anything controversial or privacy-sensitive, I wouldn't trust Discord or any other centralized, unencrypted service.)


>Most programs can download new code and open whatever files they want as long as their process has the permissions. You can certainly argue that that shouldn't be the case, but calling Discord a RAT because of it is pretty silly.

I think it's reasonable to call it a RAT because it executes arbitrary remote code AND has those permissions.


Google Chrome and Firefox (on windows) do the same, via auto update mechanism. Would you call it a RAT?


I feel as if there is a meaningful distinction to be made between a program that occasionally downloads binary patches to itself (and will run fine without it), and a program that gratuitously downloads scripts every time it is run, runs them directly from ram so that they can't be audited, and refuses to run if it is not allowed to do this.


So if you're running Chrome/Firefox dev-channel then they're a RAT? Or is twice a week not enough to trigger your threshold? What about the canaries that are updated daily? What about betas that are updated every week?

I'm not sure how you come up with a good distinction.


>So if you're running Chrome/Firefox dev-channel then they're a RAT?

No, because it's opt-in and it's explicitly needed for the purposes of a dev/nightly build. This is as opposed to a voip client which needs unrestricted access because... they want to be able to run A/B tests on uninformed subjects?


One other distinction to make is that auto-update typically runs the same code on a lot of computers, rather than a RAT which is good at running code on a specific computer.

There's still room for problems... the auto-update could deliver a special version for special people or deliver a version that has special code targeted at run-time, but it's not as easy. And I'd love to see work on minimizing problematic updates as well.


> Most programs can download new code and open whatever files they want as long as their process has the permissions

We should avoid and shame the programs that do that. This is literally a backdoor.


You would have to add every program with an auto-updater onto that list, because that's what they literally do; take files streamed online and slap them into its install directory

Like shit, I have 3rd party mod managers for video games that are exclusively built to do such that


Most programs I use (on Linux) do not come with an auto updater. Instead, I get updates through my distro's package manager.

I have Discord installed, because unfortunately that's where my friends are. However, it cannot access arbitrary parts of the file system because it is installed via flatpak; it only has access to ~/Downloads and ~/Pictures.


This is one benefit of Linux distro package managementany people forget - apps can't just update themeselves (possibly after their updater being compromised) but go via package maintainers and are built from source on trusted distro infrastructure.


Not most programs that I run (ie, hexchat for IRC which is better than discord in all ways). And those that do don't do it silently every time they start, and not just after they start, but any time they're running with no notification to the user.

No, a program with an 'update' feature built in is much less offensive than a program who's entire code is remote and new every time but still has local privs.


I don't care if discord knows my friends list or who I've clicked on.

There are no alternatives. Bandwidth costs money, and P2P is deadly. That's why discord exists in the first place.


Which is why discord gets run in a browser tab for me.


Other software could do that too without you having any idea, surely that's an argument for being careful with permissions and how your software runs rather than against Discord in particular?


> before but they renamed it to "/events" recently

Pretty sure it has been /science for at least 2 years.


> They can just add something like require('fs').readFileSync(process.env.HOME + '/.ssh/id_rsa').toString()

And that is why you encrypt your SSH keys with a passphrase, use a Keychain, etc. Discord isn’t unique in its ability to read file on the FS. Pretty much anything can do that.


> Pretty much anything can do that.

Nah, pretty much anything except proprietary software has a higher chance of being written by people I trust and packaged by people I trust and probably audited by me and other people, and is not capable of loading executable code from any server after installation.


Does that really help much? It still has access to .bash_profile


What secrets are you putting in your bash profile? I used to be guilty of putting AWS keys in there, I guess, but nowadays we have aws-vault.


For example it could register a fake ssh-agent that just grabs your password first time you type it


The FOSS project I work on uses IRC, but we have an IRC logger all the time, so nobody even has to ask anyone to "rat you out to the cops", it's on a public web URL.

And a lot of projects have codes of conduct explicitly to prohibit participants from mocking and ridiculing others, in fact.

(As a note, I refuse to install the actual Discord client on my PC, because it's default behavior includes "detecting" accounts you can link on other software on your PC. Aka, it, by default, noses around in other apps on your PC for data.)


Regarding what you mention about Discord nosing around - is there any easy way of launching an app in a sandboxed environment on Windows to stop this sort of thing?

For software that works under wine, I guess it wouldn't be too hard to simply set a wineprefix and do it like that, but that is a bit of a hack, and wouldn't work with a lot of software.


There's actually a new feature for this! https://www.windowscentral.com/how-use-windows-sandbox-windo...

However, I use Virtualbox and/or VMware Player a lot, and Hyper-V doesn't play well with others, so I can't use any features of Windows that depend on Hyper-V virtualization.

I personally use a UWP app that embeds Discord's web interface. It's surprisingly serviceable.


Sandboxie is a free option that usually works:

https://www.sandboxie.com/


Well, Discord specifically works in a regular web browser too, which will sandbox it from the rest of your system. There's a couple minor features that will be missing, like the ability to show your friends what game you're playing, but those features tend to be the ones any other sandboxing solution will block too.


Browser. Virtual Machine. Literally called Windows Sandbox. https://www.windowscentral.com/how-use-windows-sandbox-windo...


> The FOSS project I work on uses IRC, but we have an IRC logger all the time, so nobody even has to ask anyone to "rat you out to the cops", it's on a public web URL.

You can use it via tor, so it can’t access a persistent record of your location history, as Discord can. The public logget doesn’t log DMs. Likely, anyone can join without being forced to give up PII.

As for the CoCs, that’s a good thing! That’s the right way to do it. Demanding that your users enter into an absurd legal agreement with a third party to be able to participate is not.


Yeah, this whole posts reads as paranoid rantings. We're not talking about communications between journalists and sources, we're talking about projects whose express purpose is to be open and public. The only actual connection between FOSS projects and the use of secret communication channels is the author's general ethos of distrust.


Being concerned with or principled about privacy is not "being paranoid." Frankly, it's kind of creepy that someone would equate the two.


While I think the above poster was wrong in equating the two, the article does sound really paranoid in a rather entitled way, and as a result makes a great point come off poor, despite the core idea ("Discord is bad") being true.

"Phone numbers are bad and shouldn't be used but also you should use Signal!"

"The only thing I used my account for was DMing a link to a bunch of people and they banned me in a way I could contest because it looks like spamming!"

"For notifying people about stuff you should use electronic mail but don't notify them more than once every two months!"


Seeing a sentence like:

> You should not use services that can rat on you and your friends to the cops.

in a post about [checks notes] FOSS software development, puts things in a certain light.

FWIW I'm privacy-conscious myself. If the author had just made a general effort to point out the privacy implications of using Discord, that would be one thing. Instead he made a contrived effort to connect it to FOSS development - arguably one of the least-private activities one might be doing online - and then went on to call Discord altogether "unacceptable", instead of just saying "don't assume that what you say on Discord is private".


Agreed, and that part (regarding ratting on the cops) is a bad argument. In any public chat, anyone can log. People log in IRC as well. As can servers. E2E encryption makes little sense there. If you do FOSS development, you might actually prefer to know the realnames of the people you develop with. You might want to (temporary) log chats between developers, to read them later. Surely, Mattermost and Discourse allow this as well. Also, Slack is barely mentioned in the article, while I'd say the same argument counts for Slack (but perhaps worse). The alternatives (Discourse, Mattermost, and Mumble), are three, which all 3 would replace Discord. But not on their own...


Correct me if I'm wrong, but if the server is hosted by a trusted source all the normal users can log is messages and nicknames. You can join anonymously. That does not identify you for the purpose of law enforcement.


What light does that sentence put things in? It's not been 30 years since the US tried to prosecute the author of PGP for the crime of FOSS development.


> the US tried to prosecute the author of PGP for the crime of FOSS development

If you're referring to what I think you are, then no, his "crime" was publishing a product that was not allowed to be exported to the public (effectively exporting it). You're statement is equivalent to serving poisoned food and saying you were prosecuted for the crime of owning a restaurant.

No matter if you agree with the export ban or not, it was a law and Zimmerman broke it. That's what he was prosecuted for.


How does this disagree with my point, which was that creating FOSS can get you in trouble with the law (particularly given all the random jurisdictions your contributors might be in), and thus "You should not use services that can rat on you and your friends to the cops" seems like a fair value to hold in the context of FOSS development?


Creating FOSS does not get you in trouble with the law. Creating things that are against the law gets you in trouble with the law - FOSS or otherwise (in Zimmerman's case, even if PGP were proprietary, publishing it internationally was illegal). I have a hard time seeing why a FOSS project* would care about discord ratting them out in case of illegal activity if they weren't doing any. Unless the idea of FOSS is illegal, as your comment suggested, but that is plain false (in your example and in all jurisdictions I am even remotely familiar with).

* - except for things like Signal, Tor..., which are illegal some places, but they probably wouldn't even consider Discord in the first place


> How does this disagree with my point, which was that creating FOSS can get you in trouble with the law...

Creating (or in this case distributing) anything that's against the law could get you in trouble with the law -- kind of how it works.


The only actual connection between FOSS projects and the use of secret communication channels is the author's general ethos of distrust.

Taking your use of "secret" to mean "private," because no one was discussing "secret communication channels":

This isn't actually true; a lot of Free Software projects have private mailing lists.


I don't think you understand at all. The author is saying the platform (discord) should not be censoring communication. Different open source projects have different community standards. Discord doesn't and shouldn't write them for us. If a specific open source project wants to moderate their communication systems, all the alternatives promoted in the article allow this.


Discord, a private company that does not enjoy any sort of common carrier status, may not have any obligation to make up its own rules, but it also doesn't have any obligation not to make up its own rules.


It is under no legal obligation. The authorvis arguing that it has a moral obligation not to censor. Everything you say about 'common carrier' and 'private company' is only relevant to legal, not moral arguments. The author of the paper is arguing that open source projects SHOULD use something other than Discord because Discord is censoring when they SHOULD not. The author brings up no legal arguments.


And I'm saying it has no moral obligation not to censor, either. As a private organization, by default, they get the right to set their own standards of conduct. In the USA, at least, the law adds some restrictions in how this can be done, but only in limited ways.

I honestly have a hard time seeing eye to eye with the idea that private organizations have to let users of their platforms do whatever they want. It strikes me as representing a rather solipsistic concept of freedom. One could argue that the specific restrictions Discord is making are shitty. It certainly sounds to me like they are, and one could then mount an argument that people should steer clear of them because they are acting shitty. But doing shitty things is not necessarily the same thing as violating a moral obligation.


My main gripe here is that communication has become extremely centralised under the control of a few private organizations. A society whose Overton window is defined not by the community itself, but from a few network effect entrenched overlords does not sound like one that's conducive to free expression, alongside other things I value.


I'm inclined to agree, but it's also true that the key distinction between open source and Free Software is ideological. And identifying strongly with Free Software over open source tends to go along with an ideological distrust of governments, corporations, or both. For reasons that are reasonable, if not universally agreed upon.

IOW, it's not necessarily because I think Discord is actually going to tell Joseph McCarthy how often I pick my nose. (You'd be amazed how rarely I manage to work that into group chat conversations about code style, anyway.) It's more the principle of the thing.


Any chat tool that has DMs and has people who are friends using it will have discussion of illegal activity eventually. It is estimated that the average American commits about 3 federal felonies a day. Nobody is immune from this. Simply talking about your day with a friend in DMs that are logged/unencrypted is dangerous.

The part about ridicule/mocking is an example of why Discord’s legal agreement is unreasonable, not advocating for the ability to mock or ridicule people.

The tools should not enforce censorship.


`It is estimated that the average American commits about 3 federal felonies a day.` [citation needed]


It's from a semi-popular book [1]. The author admits it's not a precise studied value; for some people it's likely much higher [2].

[1] https://www.amazon.com/Three-Felonies-Day-Target-Innocent-eb... [2] http://ulrichboser.com/how-many-felonies-did-you-commit-toda...


It comes from this book about prosecutorial overreach:

https://www.amazon.com/Three-Felonies-Day-Target-Innocent/dp...

It's not without its criticisms:

https://skeptics.stackexchange.com/questions/22530/does-the-...


>It is estimated that the average American commits about 3 federal felonies a day.

It has also been estimated that the above statement is poppycock (just now.)


That's sorta how I felt. The article has plenty of valid reasons not to use discord, but it's somewhat of a ridiculous idea that we should not just expect but protect people who practice illegal and toxic behaviors in our chats.

I just feel like saying this here: I don't find that censorship itself is a problem. Self-censorship, for example, is generally not problematic, and everyone does it. A great example of voluntary self-censorship is with swearing -- it's not illegal to swear in public, but most people choose not to do it. That's not to say self-censorship is always problematic, but simply that it is not inherently oppressive. Sometimes, it's the right thing to do.

However, in larger group contexts, censorship earns legitimacy when it is agreed upon by those who are participating in that group. If a group of people agree to not swear in the context of their organization, then by all means it is fair for them to censor. In broader forms of censorship, such as the example of FOSS projects censoring toxic and illegal behaviors, as long as it is decided democratically, then it's absolutely a feature and not a bug.


I suppose the project can do this censorship if they want to (although I should think usually it should be avoided), but then that project should do it themself, rather than Discord or someone else.


Absolutely agreed, although technically a project group could democratically decide they are willing to accept discord's censorship standards. I don't think this decision should be made lightly, but it's okay if the group decides it.


I tend to agree, but I also think this borders on a "think of the children!" type argument that's led to our current privacy ecosystem (the patriot act, snowden, etc.). No I'm not suggesting some silly video game chat app clamping down on trolls is some sort of dramatic slippery slope into an authoritarian state, but I do think it's interesting that the "I don't care about privacy because I have nothing to hide" attitude has even become popular on HN.


[flagged]


anti-social behaviour can be anything. A few years back it was homosexual sex. Anti-social behaviour simply means "things that most people disprove" - which includes all kinds of victimless crimes. Even worse, this specific case is not based on "things that most people disprove" but more like "things that this company does not want you to say".

Do you think that a 3rd party should be able to judge and ban you at will for something that you say in a group chat when everyone else in said group chat is fine with it? I presume that the author of the article is not fine with it, which is why they suggest to avoid discord. What would you do in their place?


> Do you think that a 3rd party should be able to judge and ban you at will for something that you say in a group chat when everyone else in said group chat is fine with it?

Yes. If I were running Discord and learned that there was some Klan group advocating hate against black people, I'd shut it down – even if everyone in that chat was fine with the discussion.

It wouldn't be beneficial to me to have my platform be a host for that content, and it's not beneficial to society for me to facilitate hateful people easily connecting with each other.


The problem is that what's beneficial to society is not always clear-cut.


Of course, but I'm feeling bold enough to state that the hypothetical Klan-member Discord server would not be beneficial to society.


And back then, hypothetical ancient discord would have said the same about homosexuality.


It's very simple: unless you're using an E2E encrypted channel with a trusted person, don't say anything in a social platform that you wouldn't say in person to your friends, family and coworkers.

The internet is not private by default; it's public by default.


If we have the tools to do better, why shouldn't we do things a better way? One-way surveillance is never a good thing, so why settle for it?


Entirely false. I have been blocked from participating in these groups not by humans, but by machines, before I had the opportunity to engage in any behavior.

I haven’t even had the ability to participate whilst maintaining my location privacy.

In retrospect, I should not have included that portion of the essay. It was used as an example of why demanding users agree to an unreasonable legal agreement that demands they give up basic rights is not a good hoop to make them jump through, not a defense of that sort of behavior. I thought that part was clear but I guess it wasn’t.


Surveillance is always, ultimately, about extortion. People are forced to do what they would not for many reasons besides risk of criminal prosecution.


And for many not being dictated too about what is acceptable might be another feature.

I wish the folks saying things were not acceptable would work on options that had the benefits they wanted.

Steve jobs didn't say - locked down phones with no access to the web in unacceptable, he built a better phone (and was rewarded very well).

He didn't say the way digital music is sold is stupid - he built a better music buying experience that let you authorize multiple devices to play your music etc.


This last came up for OSS and Slack (e.g., "Please don't use Slack for FOSS")[1][2].

I took some time to reflect on why OSS wasn't the default for these messaging tools, rather than proprietary alternatives — and what it would take to make more users use OSS alternatives:

> As Slack has continued to grow, open source developers have had lengthy debates about using it rather than IRC. For some, the fact that Slack is closed source and a walled garden makes it unsuitable when building projects that are open.

> I’ll take a different approach: in the age of software, why is open software not more competitive for many products used by non-engineers and what can be done?

What Open Source Can Learn From Slack

https://www.nemil.com/musings/oss-and-slack.html

-------

[1] https://news.ycombinator.com/item?id=10486541

[2] https://news.ycombinator.com/item?id=11013136


There are other choices besides Slack and IRC.

Setting up Mattermost on a VPS isn't hard.

https://mattermost.org/licensing/


Also not free, has banking ramifications, etc.


TFA mentions that Mattermost's source is AGPL and the binaries are MIT. It's absolutely free software.

It's also $0 software, in that it being free software and open source, you can simply and legally patch out their license checks and recompile, if you so wish.


I was referring to the VPS hosting, not the software.

Ease of hosting is one of the very biggest advantages to something like Slack or Discord.


Or just Matrix.


Still harder than Slack, right?


How is slack any better than discord? Both roll out stupid (and forced) updates, and slack doesn't even let me browse kinda old history if the owner doesn't pay for it. [*4] Not to mention the search is relatively terrible anyway.

The main thing that worries me about is discord is their revenue model... I just don't see how they're making money, and they keep on raising money.

There are a few good alternatives like zulip [0], matrix [1], discourse [2], Rocket Chat [3], or just plain old irc.

Although discourse isn't really a chat application but more of a open source forum software.

[0]: https://github.com/zulip

[1]: https://www.matrix.org/

[2]: https://github.com/discourse/discourse

[3]: https://rocket.chat/

[4]: You can get around this by messaging relevant information to yourself. Or just saving things locally, like a weirdo.


If you check the parent I was replying to, it was about Mattermost being harder to set up than Slack.

I never said anything about Slack or Discord being better/worse than each other.


Check out https://www.airsend.io. We are getting started and it works well in our private testing with couple of thousand users. Currently we have apps for ios and android.


And RocketChat no?


Ah, right. I should amend the parent as there are a few other open source alternatives. That said, matrix (from what I can tell) is much more widely used.


I'm surprised people don't bring up GitHub in these conversations more - the most critical piece of modern OSS infrastructure is itself closed-source.

Of course git itself is an open tool, so the repos are totally interoperable, but the OSS community's dependence on GitHub for issue tracking, PRs, etc. has always made me uncomfortable.


Most of the arguments against Discord also apply to Microsoft GitHub. It's unethical to ask people to use Microsoft GitHub. I'm contributing to a few projects on Microsoft GitHub, but I always feel slightly sick doing it, knowing that how using gives Microsoft and unfair advantage in data about developers and ultimate control over their projects.


All the ideology and social problems aside slack is still an awful chat tool. Even if there wasn’t a philosophical problem with it I don’t know why you would use it.

It’s popularity is due to marketing and abusing some social phenomena, not merit.


"Ideology and social problems"?


Not your project, not your choice.

“Free” refers to the software license of the source code. That is it.

The maintainers of a free software project don’t even have to accept contributions outside of their organization or club.

Private companies that use all kinds of proprietary communication tools regularly contribute to free software. Are all of Red Hat’s internal conversations about Fedora guaranteed to make it into the public?

People are also perfectly capable of having private conversations about contributions to free software projects. These conversations don’t ever have to be made public. Again, only the code license is what makes a piece of software free.

So if you don’t like a project’s method of communication, my advice would be to not contribute to it. It’s the project’s own risk of deterring potential contributors, not yours.

I find it hilarious that someone would find themselves feeling entitled enough to tell a bunch of unpaid open source developers how to communicate with one another as if that someone were their boss at a company. The only place where I’m told what communication tools to use is at work, where I’m paid to comply.


>Not your project, not your choice.

I feel like this should be obvious to anyone who has ever read a blogpost or editorial, but the author isn't literally commanding all free software projects to stop using discord as if he has that kind of authority, he's making a recommendation and then goes into detail about why he thinks this way, ending with some alternatives. It's bizarre seeing someone react to an article like this with offense not because of any of the content or points, but for... not showing enough deference in their title?


If you're working on a project and just happen to choose a free software license, then fair enough. (perhaps you'd call yourself more of an "open source" contributor). If however you are acting due to the free software ethos, I think it's fair for others who share the ethos to chime in with their opinion on how well you're doing it. It doesn't have to be a witch hunt, but these things matter more than a zero amount.


What’s the difference between “just happening” to choose a free license and “acting due to the free software ethos?”

Hopefully the free software ethos police doesn’t come knocking on my door because I used GPL 3.0 without having the right mindset.


If you as the maintainer said "hey, I don't really care about Free Software, I just think this is a fun/useful project and the GPL 3.0 meets my needs." and people still bugged you about Discord, I agree you should probably just tell them to fuck off. They might still try to get you on board with Free Software in the first place, but it wouldn't make sense to bother you about details like a chat program if/while you don't care about the cause.

However if you said "I'm creating this project because I care about user freedom" someone might point out "Great. Well, since we're on the same page as far as user freedom, let's take a look at the tools we're using..."


All of that is correct, but, it does not mean that suggestions cannot be made. So, the article linked here mentions their suggestions, I mention my suggestion, etc.

Yes, private conversions about contributions to free software projects are possible and are sometimes desirable. But, messages on the official channels for communications should normally be public; people can (and should) of course still use their own private communication as needed, too, but does not mean you cannot have a public one too.


Suggestions? Seems more like demands in the linked blog post.


There's no coercive power behind them. You're free to do what they say or not.


> I find it hilarious that someone would find themselves feeling entitled enough to tell a bunch of unpaid open source developers how to communicate with one another as if that someone were their boss at a company. The only place where I’m told what communication tools to use is at work, where I’m paid to comply.

They are making a moral argument against discord. If they said it was not acceptable for free software projects to go around hitting people on the head with clubs would that be entitled?


I didn’t find the moral arguments against Discord convincing.

Tin foil hat paranoia isn’t enough for me. The author is assuming their door is gonna get busted down and they’re going to get arrested over their discussions about a bug fix for an open source widget.


I’m not telling anyone to do anything.

I’m telling people what they should not do: that is, don’t discriminate against people who insist on privacy.

Choosing to use Discord does that, so people who don’t want to discriminate should not choose to use Discord.

I’m also offering them alternatives that don’t discriminate against those people, so that they can make better choices if they decide that they don’t want to be the kinds of projects that discriminate against segments of their userbase.


I think if you humbly said you’d prefer people to not use Discord you’d not get this backlash. But you’re making a demand - it’s rude and will instantly turn people against you before they really consider your arguments.


This is literally tone policing, though. Knock it off.


The argument against tone policing in a social justice sense is that people who are being wronged by society are allowed to be angry.

This person isn't being wronged. They just don't like the software other people chose to use in their projects which have nothing to do with the author of the blog post!

If someone tells you they're suffering racism you should listen no matter how it sounds to you. If someone tells you they don't like that you're using Slack and that you should not use it, you're right to tell them to sod off until they can be polite.


Criticizing someone for making demands, or pointing out that not making demands is more likely to actually accomplish what they want, is not tone policing.


You are more than welcome to not participate in any group that uses Discord, that is your choice not something that someone else is making you do. It isn't discrimination for a project to be using a tool that you don't want to use.


I am a member of a public, nonprofit organization that uses a tool that explicitly bans me, automatically, when I am trying to use it in a way that protects my privacy.


That sounds like a reason to complain to the management of that organization and see if they can work something out or pick a different tool, not write a blog post ranting about how much you dislike this company.


This blog post is precisely that complaint. Discord banned me and deleted my account when I sent them the link.


> I’m not telling anyone to do anything.

> I’m telling people what they should not do

Those two things are the same.


> “Free” refers to the software license of the source code. That is it.

You might want to read this: https://www.gnu.org/philosophy/open-source-misses-the-point....


That's one person's idea about what "free" means. GNU and Stallman don't own the concept of "free", nor do they claim it


This particular paragraph is strangely under-informed in an otherwise-good article.

""" Many people in the free software movement find censorship in general to be abhorrent. (That’s one very good reason, for example, why emails you receive that might be spam go into a special folder, instead of being silently deleted without you having a option to choose to see them if you wish. Your email server could just delete them! The fact that it doesn’t was a deliberate design choice to avoid censorship.) """

Lots of people's email servers do, in fact, silently delete quite a bit of email, because the signal-noise ratio in the world of email spam is so bad it swamped the attention budget of users (and in some cases the storage budget of service providers) ages ago, even with a spam folder attached.

https://en.wikipedia.org/wiki/Backscatter_(email)

https://answers.microsoft.com/en-us/outlook_com/forum/all/ho...

https://blog.paranoidpenguin.net/2015/01/outlook-com-is-sile...

http://www.enterprisenetworkingplanet.com/netsp/article.php/...


Yeah I don't understand that argument -- how could silently deleting emails enable censorship? I guess the email server could censor emails by silently deleting them? If so the fact that it's not in the protocol certainly wouldn't stop the censor...


If there's no way for people to access those emails (as they were silently deleted), it's basically censorship, or am I wrong?


Correct. Censorship is a tool, it is not inherently good or bad.

You want your email server to censor all entirely-obviously-over-the-top spam messages, for example (e.g. SA score >20). Most people want Facebook and Discord et al to censor spam postings.

However, when censorship veers from basic utility into editorializing (e.g. Facebook and Instagram's algorithmic prioritization/deprioritization in user feeds, Discord banning the legal and regulation-compliant /r/guns subreddit's Discord, or Facebook banning posts with male nipples, or Youtube banning instructional/educational videos about computer security, or Apple and the Taiwanese flag, or Gmail spam-foldering emails from smaller email providers not part of the deliverability cartel, or a million other examples), then it becomes a social issue and a potential problem that we need to address.

Email that is not 100% not-a-false-positive should never be silently trashed.


It doesn't matter because that's NOT the reason why spam is commonly not autodeleted. The reason is because of false positives. If you could be 100% certain of never falsely flagging an email as spam, you would be totally OK with autodeleting them unless you're either just curious or specifically doing something with spam messages.


So there was a software project that I wanted to ask some questions about on their IRC.

So I clicked a link on their GitHub page for some online IRC client.

I had a conversation it was great. Except for the part where I wanted to paste some code and it didn't format. And then I was recommended to use pastebin and paste a link.

Then I went away for a bit. Came back later and my computer had rebooted while in standby. (It's an old laptop and is a bit flaky with resume from standby)

I returned and click the link for the IRC chat. And I couldn't see the previous messages.

And they had a link to a log but it wasn't working.

And apparently the server doesn't log by default.

Look, no offence to IRC. But this is some crazy bullshit.

Like Discord, Slack, Gitter, Teams. Whatever. Isn't going have this issue.

At the end of the day people want to communicate and get their stuff done.

For a free software project, sure, using opensource tools is a great idea.

But sometimes faffing around with none core things just wastes everyone's time. Especially with they could instead be working on features and bug fixes.


Matrix is a more modern, open source alternative that doesn't hand over your data to a company to be monetized.

Matrix channels can even be bridged with IRC using bots, allowing people to use their tool of preference.


> that doesn't hand over your data to a company to be monetized

Slack, Discord & Gitter don't monetize data either, so that's a pretty weak argument.


If you use a non-browser IRC client, you wouldn't have faced this issue.

If you had used a persistent IRC system (like quassel) then you'd even be "online" permanently, whether or not you reader-client was running.

IRC has different semantics and goals than "modern" chat/msg systems. Even though they overlap quite a lot, it's a mistake to think that one is a substitute for the other.


This is still friction. If it need to be explained, than you UX is not that good.


Yeah, bare IRC is like sliced bread without butter but everyone has an oven and some butter in their kitchen, whereas Discord is a glazed donut.

Surely a donut tastes better bare. Not good for your heart as well. Now that most people don’t have a kitchen it seems like a problem to me as well.


This is such a tediously computer-centric vision. There are hundreds of tools in the world that are used every day that have "friction" and need to be "explained". Nobody complains that their UX is not that good, because they understand that certain tasks require some level (possibly mastery, possibly just a basic understanding) of the tools and processes.

As noted by another commenter, the fact that you know how "most modern chat/msg apps work" doesn't mean that they all have good UX - it means that they all have the same UX, and you've already learned it.


You convinced me of the opposite the moment you suggested the user leave the browser to get sane defaults from an IRC-client.

Not-installing-nor-configuring-anything is such a vastly superior UX that we need not unlock any more levels of discussion. Discord's web app saves easily accessible history remotely[1] and has sane code-formatting defaults. Correct me if I'm wrong, but I haven't seen that for the default configuration of an IRC client on any distro. For OP's use case of "just let me communicate with the devs for a bit, please" that's the ball game as far as UX is concerned.

[1] You can apparently use Discord without saving the history. But the user has to explicitly go off the path that the interface provides in order to do that.


>Not-installing-nor-configuring-anything is such a vastly superior UX that we need not unlock any more levels of discussion.

No doubt this is why Slack makes desktop and mobile app versions of its service, rather than rely on the browser. I'll give them credit - the browser is an option at least.

Yes, IRC has no code-formatting defaults because the culture of IRC is that you do not post code to a public channel. Would it be useful to sometimes paste directly into a private channel and not lose formatting? Sure, but compared to the formatting and highlighting options of pastebin and the like, it's not really a hardship and may even be a benefit.

I use Discord, but I live and work inside IRC. Discord feels like a candy-filled store compared to IRC. They both have their uses, but I am fairly certain that our IRC channel (both the public and private ones) would be less useful and accessible if we moved them to Discord.


> This is such a tediously computer-centric vision. There are hundreds of tools in the world that are used every day that have "friction" and need to be "explained".

I would be very interested to hear of some such tools?


routers. chainsaws. pipe benders. lathes. plaster hawks. thread tappers.

shall I go on?


Friction is very subjective. For many, joining a channel on freenode is a matter of seconds, whereas registering to a new Slack workspace is like accessing a news article behind a paywall — you won't do it unless you absolutely have to.


Is knowledge that a low res picture of a floppy disk means "save" inborn a priori? All software needs some degree of explanation. Discord only needs less explanation because it's more similar to other popular software so your metric is less a measure of UX but one of conformity.


IRC is just a relay. it's not storage and never will be.


A IRC server can log. I have once programmed a IRC server to do this for a predefined set of channels, and the MOTD mentions where to find the logs. (This way, everyone is aware of the logs.) Whether or not it logs has nothing to do with the protocol; it can be a feature of the implementation.


and most channels have a valid and longstanding rule against public logs.

because if you were raised as i was in the internet of the mid-90s, logs and real names are weapons, and we don’t do that to our friends.


Anyone reading can "log" the messages. If anything, a server that always logs just forces you to understand that your messages were never protected.


Yes, of course, and i maintain private logs for my reference.

Public logs are another matter.


Anyone who has private logs can leak them, and nobody will know who did the leak if care is taken.


But anyone can log the messages and at any point they can come out for a number of reasons. None of them have to be negative or evil. Stuff happens.

I find in many ways it’s worse to hand wave and say there’s a policy against something where no one can actually control that policy.

Also, many people don’t understand that things can still be logged or tracked. So the policy example given can give many people false thoughts.

An example is Zoom video chats. It has a record feature. The record feature once on turns on shows a blinking recording icon. In one instance people got a bit upset about it. They were even more surprised and couldn’t completely grok that any one at any time can screen record their own desktops without any one ever being notified or knowing. So Zoom letting you know is actually better.


And since IRC was made, storing message history has become an expected feature for chat applications.


That's an expected feature that only makes sense if you're part of a community that expects to share all communication.

On the Ardour's project's main IRC channel, it makes absolutely zero sense for the vast majority of people in the channel to be able to drop off the channel for 2 days, and come back and read everything they missed. The social expectations and norms there don't make this a sensible or reasonable expectation.

Contrast with "modern chat systems" ... in most of their uses, this is an entirely reasonable expectation because you are a _member_ of the group, and simply being offline isn't a reason for you to miss messages.

In our case (Ardour), we have private IRC channels where this sort of expectation is more reasonable, and we run a Quassel server to provide "always-on" messaging for people who are "members" (i.e. people for whom it's sensible to expect that they never miss messages).


There's no technical reason a browser-based IRC client couldn't keep rotating logs.


where would they be kept? it wouldn't be the browser-based client that wrote and managed the log, surely, but (as with quassel), some server (e.g. the thing the browser talks to). and sure, someone could write a quassel-based in-browser IRC client. I don't believe it has been done thus far. That fact in and of itself points in the direction that others have mentioned: public logs of IRC channels are not part of the culture of IRC.


A browser-based client could persist the log in localStorage for basic history. It wouldn't capture conversation when you're offline, and it wouldn't store years of history or anything, but (1) it would solve the problem where the user refreshes the page and loses all their channel history and (2) nobody who is using such a web IRC client has a bouncer anyway.


I know. I've used mIRC lots 10+ years ago.

But the expectations for chat today has changed a lot


I agree that Discord is not a good choice, perhaps not even an acceptable choice.

But.

Discord (not to mention Slack) will simply continue to be the lowest friction choice until a FOSS alternative comes along that is free to use, comes with rich moderation tools, supports fine-grained notification settings, supports offline history without additional effort, supports rich bots, has a mobile client that shares state with the desktop clients, and already exists on most people's desktops.

So to impact the open source communication landscape, the standard that needs to be exceeded is Slack and Discord, not IRC.


There is Mattermost, Rocketchat and Zulip.


No mention of Riot/Matrix?


Does the matrix spec offer moderation tools? I don't see anything off the top of my head.

It's also a bit of a chore to even identify how to get a server. Matrix.org points you towards other implementers, Riot.im pushes you back to matrix.org for a login, and to "Modular" for a server.

This is kind of the opposite of low friction and ease of use.

It seems pretty slick from a technological point of view, but a bit of a mess from an implementation point of view.



With no or terrible voice support.


all of which are high friction yes?



I wouldn't say high friction, but clearly not as convenient/low-friction as signing up for slack/discord.


Respectfully, I've only heard of one of those before, and none of them are installed on any of my devices.

Now, I looked up each of them, and found that they all rely on hosting your own server, or some kind of strictly limited "community" plan. The managed (and for Mattermost even self-hosted) servers all hide features (such as message history, rich moderation tools, or support tickets) behind a paywall.

These are solutions aimed at enterprises, and they use open source (or open core) licenses as the foot in the door. It's commendable that they offer to let you host the server yourself, but I would not call it "simple" to do so.

I believe that this high friction and low install base will make them effective non-starters in the open source development space.


> they all rely on hosting your own server, or some kind of strictly limited "community" plan

Happily this is not true of Zulip! Open-source projects get free hosting on zulipchat.com, with the exact same features as our corporate customers. Quoting from https://zulipchat.com/for/open-source/ :

> The hosting is supported by (and is identical to) zulipchat.com's commercial offerings. This offer extends to any community involved in supporting free and open source software: development projects, foundations, meetups, hackathons, conference committees, and more.

(I work on Zulip.)


> The managed (and for Mattermost even self-hosted) servers all hide features (such as message history, rich moderation tools, or support tickets) behind a paywall.

I know nothing about the other systems but this isn't true for Mattermost. We run Mattermost ourselves and it does indeed offer message history and moderation tools, they're part of the open source Mattermost version. I can't think of any feature that I miss from it, to be honest.


Its extremely high friction for the many developers who are not willing to sacrifice their freedom in order to contribute.


And (unfortunately, in my opinion) those developers are in the vast minority. They may be a vocal minority, but they are still a minority.

How can I assert this? If they were not a minority, they would have sufficient clout behind them to push the project onto a FOSS chat solution.


You also have the issue that the most vocal users are also the ones who produce the least code.

At least that's my experience.


You forget that it’s not a meritocracy nor a democracy. The project owner(s) get to set the official links to bug trackers, chat locations, etc and that’s it.


Then pick a project to contribute to that doesn’t use discord. But don’t try to change the world to suit your needs.


If anyone is trying to change the world to suit their needs, it's Discord Inc, who ban any attempt at trying to integrate a client with their platform in a freedom-respecting way. It's a classic walled garden: https://news.ycombinator.com/item?id=17462138


Then don’t use discord.


I already don't use discord. My point is that it seems hypocritical to wall yourself off in a platform that bans third party software and tries to pressure everyone into using their client, while complaining that someone else is trying to change you to suit their needs.


Umm how does that make sense?

The project owner(s) picked a platform for their communication and presumably all current contributors are fine with the choice, and then some third party is coming along and demanding that the entire project change their entire communication system to accommodate this one person? How in the world is it hypocritical to tell said person to take a hike?


Because the "third party" doesn't have any other choice, they have been forced into that situation by the walled garden platform vendor. The demand does not come from them, it comes from Discord Inc, who refuse to let anyone access the service on any other terms. They are the ones who are telling everyone to take a hike, and when you relay that message I really doubt you're speaking for yourself. All you're doing is reinforcing their decisions. This isn't just some chat room you spun up, it's an active business with a plainly evident market strategy. To put it another way, if we got down to it you (or any of these other projects) don't seem like you'd be personally against an open source Discord client. But when you tell people to take a hike, that's effectively the stance you're taking, and it's only because that is the company's stance.

Don't get me wrong, I would love to have made an open source discord client years ago when discord was new and I was being asked to use it regularly, and if that panned out then this blog post wouldn't have even existed. But the company has always been hostile to the idea.


I really don't think anyone is holding a gun to the project owner's heads and forcing them to use Discord. So they aren't forced into that position.

I personally don't like Discord for lots of reasons, but the original blog post and other comments supporting it are basically arguing that project owners have to change things in order to accommodate some people who have an issue with Discord. My point is that no project owner has any obligation to change things for any random potential contributor who is making demands.

Sure, Discord being less slimy and/or having other client options would be great! I personally use IRC a lot partially for these reasons, but I object to someone telling other people how to run their projects.


>I really don't think anyone is holding a gun to the project owner's heads and forcing them to use Discord.

This is not related to what I said at all. No one is being forced to use Discord. But Discord absolutely is forcing the project owners to get all the other contributors to accept the discord terms if they want to use it. That is the entire reason they make users accept the terms before they even sign up. Some users don't care about being forced to do this. Some users do, and if the project owners want to accommodate those people then yes, they need to change things. None of this is really up for debate and you seem to understand it well, so it's unclear to me what your point is. It also is very strange to me that you're now blanket objecting to these type of requests when you mentioned before that it's easy for the project owners to just say no thanks.


the standard we need is IRC. just with encryption, ability to store messages, and notifications. we should stop reinventing things that work


IRC is a protocol, Discord and Slack are complete ecosystems. This isn't just a protocol problem; there has to be user friendliness in the full experience.

IRC can be part of a solution but it's not a solution on its own.


We need IRC with a few tweaks. There’s quite a few holes in IRC’s spec including lack of a scrollback support. But yes, there is no need to be making everything its own proprietary system.


The old school solution to lack of scrollback support in IRC, and similar, is to run a persistent irc client (bitchx or irssi) inside screen or similar software, on a linux or bsd shell system, which has 24x7x365 uptime and network connectivity. And then to connect and disconnect to the screen session as needed.

Properly implemented, I've had much better availability with this sort of solution than with Slack. I've seen multiple hour outages of Slack services just within the past 6 months, it's well below four or five nines reliability.


The problem is, that only fixes IRC for you, not the other 99.9% of users who you are presumably there to communicate with.

Slack/Discord/etc. fix the problem for everyone.

Trying to community-build on IRC just seems like an exercise in masochism. I think most projects and their users deserve better than that, and it's hard to do worse than IRC.


I absolutely agree that a semi-public or public community built on irc would not be the way to go in 2020. In my use case it's for much smaller groups of individuals who all know and work with each other, within private companies and small work groups.


Fortunately, "IRC with a few tweaks" is being actively developed under the name IRCv3 and it seems that scrollback support is defined by a combination of these specifications:

https://ircv3.net/specs/extensions/batch/chathistory-3.3

https://github.com/ircv3/ircv3-specifications/pull/393/files


Sounds a bit like what you'd get with an IRC BNC, plus the encryption.


It's a bit sad to read so many "I don't discuss anything illegal, so this doesn't affect me" arguments here.

That's not really how it works, and if we take history as an example, most of what you say can be used for profiling and targeting potentially. So no, the above argument misses the point, completely.

We can do better as educated folks. A good starting point to learn bout privacy would be to read -at least a bit- of Daniel J. Solove's "The Digital Person: Technology and Privacy in the Information Age". Also, learning more about history and what happened with PII (personable identifiable information) in WW2 is important.


>We can do better as educated folks.

There's nothing uneducated about having a differentiated view on privacy, which this blog post has not, it's mostly just an incoherent rant.

There's nothing wrong with not having any expectation of privacy for discourse that is supposed to be public. I don't care if my open source development discussions are public because they're intended for a public audience. Same goes for any discussion I have on a discord.

People with an educated mindset are able to discern what information deserves what level of privacy, rather than larping as privacy advocates to stick it to the man or whatever the motivation is.


I'm not seeing those arguments. Whose argument are you referring to?

Despite being a strong privacy advocate, I didn't find the post particularly compelling. For the vast majority of open source projects, discussion of anything illegal would be considered off topic, and there is no expectation of privacy since all discussion is public record. Having those discussions being public and searchable is a valuable feature.

Does that mean I am against good tools that enable private discourse (like Signal)? Of course not! Some open source projects probably have a need for private discussion channels. I'm all for them using them. But to then extrapolate from that: "don't use Discord to discuss your open source JS widget library" doesn't make sense to me.


I was just reading the discussion happening around the post and where people are going with this. I agree with you Jared, and I didn't find the post particularly compelling as well.

I should have been more clear. I just read through the comments here in HN and tried to make an observation about the level of the conversation that the HN community (is it a community?) seems to be having. Mainly wanted to express that I hoped that we could all learn more about privacy in this day and age, given that it's (or should be) a fundamental matter that relates to most of what we work on these days (at least as people working in tech).


"You can self-host Mattermost in a very straightforward fashion."

There's a very long chasm between "You can get the software running, and have it respond on a port to requests" and "Providing a mission critical service that your project relies on".

The key word here is service. It is often drastically underestimated how much effort is required to have a service available, especially at any sort of scale.

Free/Open Source software is irrelevant as soon as you are providing a service, because by design, the only people who have control over the service, are the service operators, and the only people who really know whats running in production are the people who deployed the code.

Given that, the only choice a user has is whether or not to trust whomever is providing the service, regardless of whether or not the software they are running is free/open source, or proprietary/in house software.


I would have certainly taken this guy more seriously if I hadn't got a "won't you subscribe to my newsletter" popup in the middle of the article...


Agree. I don't buy the author's explanation. This is user-hostile behavior, straight and simple. No one is going to use uBlock to fix your website - they're just going to close the tab. Which is what I did.

I think he would get good results by putting an obvious signup form on his sidebar, underneath his contact details. Make it easy to notice, but don't make it an interruption.


The author's previous discussion on this matter: https://news.ycombinator.com/item?id=22314168

That said: totally agree, I hate modals like this.


The reasoning rings so very hollow to me.

This idea that the primary way to get people to come read what you have to say is to push it to them, and that this is such an important goal that it justifies nagging them for permission to be allowed to blast communiqués in their general direction, and that you can excuse yourself for annoying behavior like this by claiming that it's for the benefit of people who want the email but wouldn't be able to find a sign-up field in a sidebar - presumably a small minority of a small minority of total visitors - strikes me as being so very entitled. But then, I suppose that the basic idea of the attention economy is that you're supposed to be clawing at every scrap of Whuffie you can get.

Granted, it's the author's website, and they get to do what they want with it. And we have apparently collectively decided that it's OK for any webpage, even one that contains only static content, to require JavaScript in order to function properly. A corollary to that would be that simply using the web is tacit consent to be pestered, since it's not really possible to have JavaScript enabled while also avoiding modern-day incarnations of the blink tag. So there's that.

But still. . . I'd love to see RSS make a comeback, just to at least take away the "but RSS is dying" excuse.


My blog has a feed. If you’d like to see RSS make a comeback, perhaps you can subscribe to signal your support for decentralized tools.

There is no javascript in the feed. :)


Hi sneak.

Your reply on the Quora post basically says "if you browse the web like I do, you won't see the popup".

If you reflect on that for a little bit, you'll realize you're doing something to your readers that you, yourself, won't tolerate.

I'd encourage you not to. It detracts from your message.


I despise email subscriptions, they add unnecessary noise in my mailbox. I believe RSS feeds are better suited for that kind of stuff, but I guess not everyone want or have an RSS reader.


To those defending the newsletter popup... the main problem is it ruins the credibility of the article. Does he write like this because he has a strong opinion, or does he write like this because clickbait brings him subscribers?

The ultra mega hyperbolized text and the needless association with open source (what, people not working on open source don't deserve privacy?) don't help either.


It's a poorly implemented popup too. They're much less (but still) annoying if I can click anywhere outside it to dismiss instead of requiring the 'x' to be clicked.


The goal is to make you signup, not dismiss it. It was implemented as desired.


...doesn't seem to be the case with the comments here. A good implementation wouldn't annoy your users enough to not read your content, like this one did.


Apparently ublock origin blocks this.


Why? So this author wants to promote a newsletter. Is it so onerous to click an "X" that you would discredit the information in this article?


Yes. If you want me to read your content, stop blocking me from reading your content while I am in the middle of reading your content.


Even if you subscribe, what's the odds that this pops up again every time you open an article from the newsletter?


Onerous? Meh. An annoying interruption and a dark pattern? Absolutely.


Sometimes when I'm reading I'm just interested enough to keep reading. Then one of these pieces of garbage pop up and I immediate close the tab.


No kidding - it's the sign too that you are kickbait junk usually!


You get free content and all it costs is clicking an "X"? Does no one realize how absurd it sounds, that we're whining over the cost of content being less than 1 second of our time.


They owe us nothing but likewise we owe them nothing.


It shows that the author is incentivized by drawing traffic, which increases the likelihood of hyperbolized articles.


> author is incentivized by drawing traffic

Of course he is, that's the whole point of writing.


No, that’s the whole point of advertising. Writing is about communicating ideas in good faith, otherwise I’m not interested.


> Writing is about communicating ideas in good faith

Writing is a tool for whatever purpose the writer wants to use it for. To some that's advertising, for others it's writing online content and hoping to grow a newsletter list.


Everyone has different priorities and motivations, for sure. I'm just saying that, if someone's priorities are growing a newsletter list first, and communicating ideas in good faith second, that's so much less interesting, and there's so much competition.


I was about to mention Keybase, but since there is no self-hosting option, I'm afraid I can't recommend them as a communication tool for free software projects. IRC is still suitable and used by some but it is viewed as an prehistoric option. So are there any modern alternatives?

Sort of, there's Jami [0] (formely GNU/Ring) which is actually free software and looks nice, but I haven't tried it yet. Another option is the Matrix protocol [1] and some of its clients like Riot.im [2] fit this free software criteria.

[0] https://jami.net/

[1] https://matrix.org/

[2] https://about.riot.im/


Zulip is open source, can be self-hosted, and offers free hosting on their servers to any open-source projects.


The threading model is also just generally better for async communication than slack/discord style channels.


Mattermost is high-quality, privacy-respecting software that is easy to self host.


How is their mobile app?


Pretty nice, but only supports one server.


I'm on five different Discord servers that deal with open source projects, and I'm not really that active.


This is annoying especially if you want a setup where you have an internal company server and an external open source community. But Mattermost is aware of it and working on fixing it, apparently.

If it's really important to you, as a stopgap measure, you could sideload a second copy onto your phone.


That seems like a pretty significant limitation.


I agree that Discord and Slack has some bad sides, but for kinda opposite reasons than the author.

There are so many discussions, QAs, tips&tricks etc. shared on these chat rooms, that are impossible to find for those not a part of it. If it was discussed in a public forum somewhere, it would pop up in a search engine. I may have a problem with tool X and google for a solution, but since the discussion happened in some closed Discord server I will never find the solution someone else there has posted.

So kinda the opposite of the author's point about privacy: I prefer everything to be open and accessible. Hiding this stuff hampers the adoption without people realizing. I don't join a discord for everything I use, and often I'm not even aware that it exists.

An example I had a few weeks ago: Elm package repo died so I got some weird errors when building my project. Apparently lots of people were aware and knew about the problem and the status. But it was discussed in some Elm slack (I think), so for me not a member there I had no idea what was going on and couldn't find anything about it.


Private things, like DMs and user IP/location, should remain private.

Teams using Discord force their team participants to share this information with Discord to participate, who can then share it with whomever they want, with no legal recourse if they harm you as a result.

Public things, like discussion and documentation, should be open and available.

Teams using Discord have outsourced to Discord the decision of who is allowed to even read information that should be public. People who don’t ID themselves to Discord and agree to not sue them are prohibited from reading.

It fails on both counts.


While I think this is extremely hyperbolic, yeah the author isn't wrong.

Discord is, for all intents and purposes, a privately owned public space. What you say and do there is public, is publically viewable effectively, and that extends to DMs.

Likewise, Discord wants to maintain their public space with their rules. I disagree with these rules, but Discord is free to moderate their space as they see fit.

Just like the owner of a private campground can kick you out for cursing, despite using curse words not being a crime, so can Discord ban you for posting nipples or cheat software.

I think the only malfeasance here is that Discord looks and feels like a private space. It feels like a space where you can talk privately or share things privately, and so people are upset when that expectation turns out to be wrong.

For some FOSS projects, I think Discord is a fine choice. It's low friction and it works well. I use it for my social groups. For many projects that might touch on software or topics that Discord dislikes, or that strongly disagree with Discords moderation, they should use an alternative (whether that's still public like IRC or potentially private like Riot)


I support the conclusion, but I feel many of the arguments author makes are highly debatable.


It's weird that the author is surprised that the system kicked them off for signing up for a new Discord account and immediately sending the same message to three people via DM.

That's the base vanilla behavior template for a pornbot.


Yeah, which indicates what a terrible false-positive this is. It's like their spam detection is just pattern/behavior based, and entirely unintelligent, censoring even authorized users doing normal things in projects they participate in.


I wouldn't call it a terrible false-positive. The Bayesian estimate on this behavior is that it's far more likely to come from a porn-bot than a legitimate use case.

(Arguably, the use-case in question isn't even what the service would consider "legitimate;" user was trying to tickle the tiger's tail on purpose. If one doesn't want to get kicked off like a porn-bot, it's not hard to avoid acting like a porn-bot).


Not making a judgement call on Discord, but I'd argue that all communication for free software projects should be public and unencrypted.


Encryption is kind of moot. Every IRC server has been behind SSL/TLS for a very long time and it doesn't prevent usage nor archives.


I agree that IRC encryption is kind of moot, the issue with IRC is that most channels usually don't enforce SSL-only clients, meaning that you have both encrypted and unencrypted traffic going through, effectively making it unencrypted altogether as all it takes is snooping on a single unencrypted client. It's a shame too, honestly with Let's Encrypt being a thing nowadays I feel like IRC networks should be SSL only.


The core argument in the article is that such systems aren't E2E encrypted.


So the same as IRC.


What about security bugs? Don't you need at least a secure way to discuss them?


I would argue that even then it should be public. Forks exist and everyone can have one (even if it is for private use). For all we know the maintainer of the "original" could be a hostile actor.


Expecially security bugs. Communication can be hidden during the remediation period, but there's no reason for them to not be made public immediately after.


So then there is a reason to have communication be private, as you said.


> I’m not going to tell you to go use IRC like some cranky old Thinkpad-toting unixbeard

good, we get crankier when young punks repeat our advice without understanding why it was given.

"There’s no single free/self-hostable alternative that has all of the features of Discord,"

... so, just maybe, someone who's got a project to do might want to keep with discord, despite its flaws, instead of fucking around with recreating the same thing only more philosophically pure?


Reading this article makes we want to adopt Discord to make sure the author won't be part of the community.


Author misses two important points:

1. I'm not going to self-host any of that stuff for my own projects, nor am I willing to pay for an alternative SaaS that a privacy-extremist finds less objectionable.

2. Few projects are important enough to me to sign up to use their weird self-hosted or non-mainstream-SaaS solutions.

Discord wins for the same reasons that GitHub wins, that Sourceforge used to win, and for the same reasons that no upstart projects are standing up their own Trac or Bugzilla servers any more.

Insert "Old Man Yelling at Clouds" meme.


It took so long for the CSS to load I thought, "Wow, what a beautiful minimalist site!" and then came...everything else.

I agree with part of one of 'sneak's points, though, if not the way it's presented and some of the way it's worded. Discord isn't a good choice for Free Software.


Viewed with Brave, I see a rather minimalist version which loaded quickly. Also, no annoying pop-up.


It looks minimalist, but it's not.

I was talking about it without CSS.

Turning CSS-blocking on for it with uMatrix makes it look fantastic once more.

No one with sensible browser settings/extensions will see a pop-up, it's certainly not exclusive to Brave.


I agree, and the point of my previous comment was to agree with you, while also implying one of the benefits of increasing the usage of Brave among non-technophiles.

Blocking these anti-features comes automatically with Brave, no effort or setup. As more of us block this nonsense, whether with extensions or with Brave, the less incentive to write excessive CSS and annoying pop-ups.


Last time I tried to use discord my account was automatically flagged as suspicious and it forced me to enter a mobile phone - even though I did solve a captcha.

It also insisted that my firefox was outdated even though it was not. It kept being laggy and glitchy, lacks e2ee/e2ea, bans 3rd party clients, is not accessible to people with disabilities, etc.

So yeah, Discord is one of the worst choices, and not only for free software projects.


I couldn’t agree more. I also really want to emphasize a less mentioned issue with Discord, which is its accessibility (or lack thereof).

It’s effectively impossible for anyone with visual impairment that use a screen-reader to use Discord. I could go into (/very/) great length into this, but that’s the gist. What makes this even better is that there’s no getting around this limitation: third-party clients or client modifications are disallowed in the TOS and will cause your account to be banned.


I use virtual numbers for all of these services. They don't need to or have a right to my mobile phone number.


"Their spying extends to every single message sent and received by anyone, including direct messages betweeen users."

It's not spying if it is in their Terms of Service. Full of hyperbole. Yes, common sense SHOULD tell you: If you are using a free service such as this that is not free to operate, then YOU are the product. And you will be marketed to and you will not have privacy. Get over it.


Value Discord had over Slack was single account rather than per-instance in Slack(you register a new account over and over for each project admin you work with with Slack), and one fact people be skeptical of competitor is "friction" as discussed here of account creation. Identity is also a problem for lots of Twitter users who rely online identities to it because Twitter the company loves to destructively refresh userbases.

So for civil rights perspective there should be single account database, THE Civil Registry of Internet that let you tie, link-unlink, manage accounts. A face-book in modern term but not necessarily in your real name or for always fully disclosing your genitals. What OAuth realized for a brief moment.

One of the oldest core function of a nation, and we need it. Well that used to be my billionaire dream idea for this quarter and there it goes...


30 captchas just because you're browsing via Tor, a VPN, or a proxy?

How is that remotely acceptable?

There really should be some kind of law against ludicrous shit like that.

People will say "Discord is a private service and nobody's forcing you to use it" but reality is not as black and white as that.

For example, what if your employer invites you to a meeting using a privacy-abusing service like Discord or Google Hangouts? Are you going to risk telling your employer that you're not joining an important meeting because you don't want to use a service without your VPN? What if some important club/charity/etc. has its members in a Discord group?

These services blur the lines between private enterprise and social utility. Like Facebook, services offering "mass interaction" or whatever should be subject to much stronger privacy laws.

The current state of things can't continue.


I hate to break it to you: You don't have privacy on the internet. If Discord was chosen by your employer, running on employer-provided laptops, yes, you need to use it. You can certainly call out their questionable ToS to your IT department.

It's not a public "social utility". It is a service run by a private company with their specific ToS. I'm getting so frustrated about people not understanding that YOU ARE THE PRODUCT - in many cases like Discord. You will be monitored, your clicks will be recorded, heck you have NO guarantee that the Open Source version they might have is the code RUNNING on their servers. Even if a company claims they can't read your messages or never will: You can't trust it. Ever.

Someone's gotta pay the Ramen.


> Are you going to risk telling your employer that you're not joining an important meeting because you don't want to use a service without your VPN? What if some important club/charity/etc. has its members in a Discord group?

I'm not going to risk losing my employment, but I'm going to tell them I have a problem using the service without a VPN. If they are willing to fire you for raising privacy concerns then you should have concerns over the culture. Plus most companies I've worked for always want the VPN connected when you are off their network.


I'm not even sure its suitable for gaming based on the criteria from the article. We've set the bar lower each year for what is acceptable service operator behavior. Why should gaming throw away privacy and other basics? Is it impossible to respect simple privacy while providing gaming communications? I don't think so.

Why is discord so delighting in logging everything? Who knows? One low effort answer is: To sell it. Privacy is a commodity that can be sold.

And yes, I use discord for all sorts of purposes.

Hmmm. Might need to rethink things. What alternatives exist? Signal?

The big problem is the ability to create a group chat for text, voice, multimedia sharing, eg images, as part of that chat.


>you are choosing to hard-exclude all of these types of people from your group, whether you realize it or not.

I agree with the article. That said, both being a ruthless bastard and to play devil's advocate, those people also tend to be drama lightning rods and I would happily exclude them given the option.


"Replacement for Threaded, Asynchronous Discussion: Discourse" I suggest NNTP instead, please.


We need an improved IRC protocol and modern open-source clients, now more than ever.

Just make a cute, free client and people won't care about the underlying tech.

Most of the better IRC clients throughout history have been paid, but when Microsoft Comic Chat was bundled with Windows, IRC got an influx of tons of new users, in an era with generally fewer computer-literate people than today.

That kind of resurgence can be repeated today if somebody can make a free IRC client on par with Discord's functionality.

[0] https://en.wikipedia.org/wiki/Microsoft_Comic_Chat


>There are some great alternatives. I’m not going to tell you to go use IRC like some cranky old Thinkpad-toting unixbeard who doesn’t recognize that mobile apps are a hard requirement for meaningful social collaboration these days. IRC is a total nonstarter for this use case for many reasons which have been written about before.

I'm not really a heavy IRC user, but is it really that hard for somebody to make a slick IRC frontend with a mobile app as well? I would think that IRC already existing takes away the hardest part for making a chat system like this.


IRC's protocol actually makes that challenging; it's chatty and wants a persistent network connection. Mobile devices minimize battery life by minimizing messages per second and only keeping network connections live when necessary.


Riot[1] can communicate with Freenode IRC channels and has a decent mobile app.

[1]: https://riot.im


I'm amazed that nobody's recommended Aether[1] as an alternative yet. It's fully distributed, privacy-centric and FOSS, with no infrastructure hosting required. The downside is a heavy client, with slower posts (think 1-5 minutes before you see a reply), as posts are distributed on a DHT (like bittorrent).

It won't replace Discord for gamer chat, but for FOSS projects with small communities and privacy-minded proponents, it should fit needs nicely.

[1] https://getaether.net/


"with no infrastructure hosting required." " as posts are distributed on a DHT (like bittorrent)."

Someone's gotta run the trackers.


Nope, DHT functions as a distributed tracker here


Exactly. Popularity means nothing.

Options:

- Signal, Wire (maybe) - e2e cloud

- XMPP-based

server - Aenigma[0] - e2e self-hosted XMPP based on ejabberd, preferably in Iceland, Greenland or someplace out-of-reach of regimes unfriendly to human rights

client - Jitsi - multiplatform SIP and XMPP app includes OTR for e2e

- riot.im - e2e Discord-like replacement (of unknown-to-me construction)

- i2p - decentralized garlic routing with multiple services

additionally: VPN - self-hosted WireGuard on an anonymous cryptoc-paid VPS

[0] https://github.com/openspace42/aenigma


This article was excellent. Best quote:

"John Gilmore, one of the founders of the EFF, once famously wrote, “The ‘net interprets censorship as damage and routes around it.”"

HN should take that to heart.


>HN should take that to heart.

Why? It's nonsense. If the `net really worked that way, no one would even be concerned about censorship on social media or Discord, because it wouldn't exist.


This is somewhat like saying that, if the Net interpreted damage as damage and routed around it, there would never be service outages when undersea cables are accidentally cut.

There's a lot of malicious damage out there, and the Internet has been steadily centralizing, de facto, for a couple decades now.

It's an arms race, basically. I support the defensive side here, but victory is by no means assured.


I tried to tell them that, but they didn't believe me. (I also tried to tell them that NNTP should be better than using a web forum. They did believe me about that, but nevertheless failed to set it up.)

I think IRC is better. (I think you can also bridge Matrix with IRC, in case you want to have both. Or maybe you can also bridge IRC with Mattermost; I don't know. But they recommend Mattermost, so if you can bridge it in this way, then it can be helpful.)


Really wish Slack did not require a backend service just to auto-invite people. Makes it more difficult to allow anyone to communicate with you on your project.


What's the recommended alternative?

Don't IRC servers face the same issues of someone being able to read whatever you put through the service?


Matrix offers the best of both world: federated self-hostable servers, decent UX and the option to E2E-encrypt entire channels.


Notably, Mozilla has switched from IRC to Matrix.


The author of the article explicitly waves off IRC and offers some good suggestions at the bottom of the article.

(More than privacy concerns, a major concern for IRC in this era of mobile devices is protocol chattiness. Phones save battery power by minimizing messages per second required, and IRC's protocol isn't designed to work well with that architecture).


Yes, that is true. (However, for private messages, if you and the other person share a key, you could encrypt the messages before sending them. For public messages, the intention is that someone can read it, so someone being able to read whatever you put through the service is an intentional and desirable feature.)

But since this communication is public, anyone should read it if they want to do, so IRC is good.


Telegram?


Proprietary & closed source


Not end-to-end. Telegram servers see (and log, this is in Russia!) plaintext.


1) In the context of a public discussion channel, end-to-end encryption and plaintext logging are features. Their presence means that a person is able to join and see context. This is good.

2) Telegram is not based in Russia. In fact, it's been intermittently blocked in the country.


I am corrected.


It amazes me that there's not a single word about Matrix/Riot.im in this submission or the blog post itself. If you want to resist control over your communications medium, a federated system seems like a no-brainier. And yes, the E2EE is there if/when you need it.


I very much appreciate the author's intellectual honesty at the end of the article, where they note that one won't be able to find a drop-in replacement for Discord (but they do note one can build a solution from several not-quite-there alternatives).


https://sneak.berlin/s/2020/20200218.discord/tracking.png

Remembered me the Win10 installer settings :)


The author mentions 4 times that privacy is a basic human right, I guess to guilt us into agreeing with them.

But the article's actual argument is that contributing to a specific FOSS project is a basic human right, which it is not.


By this standard, no free software project should use the Internet at all. Unless you jump through the kind of hoops that even smart, tech-savvy, security-minded people don't, someone is tracking most of what you do. Your ISP can track your DNS requests unless you use DNS-over-TLS (no on does); they can track every IP you connect to unless you use a VPN (in which case your VPN or upstream provider can); in most cases your email isn't secure (no one encrypts email, and eventually it's unencrypted somewhere); communication via alternate mechanisms suffers from the same problems as Discord (IRC, Slack, and other services can also be monitored); every search engine can track you. I could go on.

The bottom line is that Discord doesn't stand out as a particular offender here, and the steps required to alleviate the author's concerns are inconvenient. Most projects have more important things to worry about with their limited resources.

Communication secrecy simply isn't a priority for most open source projects. In fact it's antithetical to the majority of open source goals. Someone pointed out that users might want to discuss security issues privately, and while there's a little bit of merit to that, it's a contrived example. It's not one of the author's concerns, and it's not an issue that arises with most projects. Open source development benefits from being done openly, and secure communication isn't a priority.

I'm in favor of using open source, private, self-hosted tools whenever and wherever practical. I'm not defending Discord specifically, nor encouraging its use. This author is just hung up on something that most people don't care about, especially in the context of software that's meant to be open and public.

There's something about this sort of obsessive fixation on a non-issue that makes people roll their eyes and not want to work with you. People who are using their limited free time to work on some random small project don't want to be lectured at over principles they don't share.


your argument here seems really defeatist, people don’t use dns over tls because its easier to just grab a vpn, throwing encrypted traffic through a vpn and acting like because the vpns isp can resolve domain names is just as identifying or non free as isp resolving somains straight from your network is just nonsense


This repeats a lot of what Stallman has already written is "bad about" Discord:

https://stallman.org/discord.html


Asking for a non-voip phone number is a great way to (numerically) reduce spam a lot.

E2E does have a legitimate downside of letting low-quality content run wild.


Use a protocol, not a service


Protocols tend to be a good first step, but they're extremely vulnerable to abuse without something larger working atop them.

Email is a protocol. Implementation is a practical nightmare because of bad actors. Something to control bad actors is vital to any communications system, regardless of whether you classify it as "service" or "protocol."


Another toxic part of the FOSS movement. Ill use whatever I want, thank you very much.


[flagged]


Well, the article they seem they don't like Usenet either, even though I do like Usenet (and NNTP in general).

(Still, you have the right to your opinion either way, please.)


> Discord is spyware, silently logging and tracking every action performed within their app, without once asking the user if they consent or not

You have to read and agree to their Terms of Service and Privacy Policy to use their services.

https://discordapp.com/terms https://discordapp.com/privacy


And? It's still spyware. I'm not sure what some legal stuff has to do with that.


They explicitly ask the user to consent to the TOS during the signup flow.

Yes, we all know nobody reads the TOS. It's still extremely inaccurate to claim Discord has these behaviors without asking consent, when they ask for exactly that.


That doesn't mean anything. You have not consented to anything by clicking accept without reading it. Sure, everyone will act like they have it.

It can still be spyware, even with "consent". The original statement still stands, "silently logging, tracking every action performed". They could just add some text that will be shown when something is recorded.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: