this post was submitted on 14 Sep 2021
57 points (96.7% liked)

Open Source

31173 readers
426 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] peppermint@lemmy.ml 2 points 3 years ago (2 children)

It's meant to be for large groups, isn't it? Why would the threat model of discord users require each of 120 users to keep their chats secret from the server?

[–] AceKat@lemmy.ml 8 points 3 years ago* (last edited 3 years ago) (2 children)

For the same reason facebook is one of the biggest companies in the world. Having access to thousands of users' chat history is very useful for ad personalization and could be worth a lot of money. To fight this decentalization and encryption are crucial, you can't trust that they will never use that data for advertisement purposes, maybe introduced in a privacy police change. Solid encryption algorithms are feasable for smaller groups, but as I said, at least DMs could be encrypted

[–] peppermint@lemmy.ml 2 points 3 years ago

I suppose it would prevent automation on some level indeed, but ironically I feel like this is nothing to do with the threat model.

[–] dreeg_ocedam@lemmy.ml 1 points 3 years ago* (last edited 3 years ago) (1 children)

There is absolutely no reason to believe that chats in discord are used for ad targeting. There privacy policy is actually not that bad. The only issue is that it's not open source so they might get bought in the future by someone that changes that. Their app also uses facebook's SDK, so it does collect some data, but not the chat history.

Also, if you use it to talk to random people and have no way of checking identities/keys, E2EE doesn't serve any purpose...

[–] adrianmalacoda@lemmy.ml 7 points 3 years ago* (last edited 3 years ago) (1 children)

The only issue is that it’s not open source so they might get bought in the future by someone that changes that.

A proprietary centralized chat service is a bad thing, regardless of privacy policy. Revolt is already superior to Discord on that front.

[–] dreeg_ocedam@lemmy.ml 3 points 3 years ago (1 children)

I said in my comment that the fact that they're not FLOSS is an issue.

Not everything that isn't FLOSS is a conspiracy to get your data, similarly not everything that is FLOSS takes proper care of your data. FLOSS is a good thing, but it's not the only thing that can protect you. There are laws, and they can't put anything in their privacy policy and not respect it.

We can convince people to use the better FLOSS alternative without having to make unfounded claims, this kind of thing only makes us look like tinfoil hat nutjobs. That's not who we are (or at least, who I am), and I'm not going to support claims without a shred of evidence.

[–] adrianmalacoda@lemmy.ml 3 points 3 years ago* (last edited 3 years ago) (1 children)

I said in my comment that the fact that they’re not FLOSS is an issue.

I think we may be on the same page, then.

Not everything that isn’t FLOSS is a conspiracy to get your data

This is why I think framing free software as a privacy issue is inherently flawed. Free software is a good thing because it gives you control over your technology. The fact that free software is generally more privacy respecting is probably a side effect of that, but some proprietary software companies at least nominally claim to respect privacy too. Discord can have the best privacy policy in the world, and actually stand by it, and I would still denounce it because it is a locked-down proprietary silo platform.

similarly not everything that is FLOSS takes proper care of your data

This is technically true, in that a free software license is not a magical ward against bugs or spyware, but in cases where a free software project becomes spyware - such as Audacity - a spyware-free fork often pops up soon after. This is why I value the four freedoms of the free software movement.

[–] dreeg_ocedam@lemmy.ml 3 points 3 years ago* (last edited 3 years ago) (1 children)

Discord can have the best privacy policy in the world, and actually stand by it, and I would still denounce it because it is a locked-down proprietary silo platform.

I agree, but claiming that it uses it's users chat history for selling advertisement is absolutely unfounded and is not valid criticism.

[–] AceKat@lemmy.ml 4 points 3 years ago* (last edited 3 years ago) (1 children)

I agree with you that FLOSS doesn't mean automatically better and there is no reason to wear a tinfoil hat. You ultimately have to trust someone if you don't inspect the source code yourself. I was just saying that being revolt centralized and having access to every information isn't the best design for a discord privacy-respecting alternative, but they do have a good privacy policy, so if you trust they respect it (atm no reason to doubt that) then it will be surely better than discord. Discord does collect chat history though. On discord privacy policy:

Information You Provide: We collect information from you when you voluntarily provide such information, such as when you register for access to the Services or use certain Services. Information we collect may include but not be limited to username, email address, and any messages, images, transient VOIP data (to enable communication delivery only) or other content you send via the chat feature.

They don't say that they sell said information to advertisers (even if they send some data to third parties) and I don't have seen any report about them getting caught doing that, I'm sorry I assumed. But I admit I get a bit carried away with doubts about companies who offer closed source software to a very large userbase. If there is a chance of making more money, they usually take it.

[–] dreeg_ocedam@lemmy.ml 2 points 3 years ago

We're on the same page. FLOSS and decentralized/standardized is pretty much always better.

I understand that it's easy to make the assumption. Discord is one of the very few software of the kind that doesn't use data for advertisement according to their privacy policy. The data is there though, and the fact that they don't allow users to easily delete it is concerning. But the fact that its used for advertisement is false, which initially surprised me.

Re-reading my comments I realise I might have been unnecessarily aggressive sorry.

[–] bilb@lemmy.ml 3 points 3 years ago

I agree that encrypting a group chat beyond a small group of trusted individuals is pointless. It's nice to have the option, though.