417 lines
18 KiB
HTML
417 lines
18 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
|
<head>
|
|
<meta
|
|
http-equiv="Content-type"
|
|
content="application/xhtml+xml;charset=utf-8"
|
|
/>
|
|
<title>Discord — Spyware Watchdog</title>
|
|
<link rel="stylesheet" href="../style.css" />
|
|
</head>
|
|
|
|
<body>
|
|
<div class="case">
|
|
<div class="nav"><a href="index.html">← Catalog</a></div>
|
|
<div class="main">
|
|
<img src="../images/discord_logo.png" alt="Discord Logo" />
|
|
<h1>Discord</h1>
|
|
<center>
|
|
<a href="../articles/discord_es.html">[Español]</a><br><br>
|
|
</center>
|
|
<p>
|
|
Discord is an instant messaging application for macOS, Windows, Linux,
|
|
Android, and iOS. Discord is used to communicate via voice chat and
|
|
text chat, and has image-sharing and file-sharing capabilities.
|
|
</p>
|
|
<h2>Spyware Level: <span class="red">EXTREMELY HIGH</span></h2>
|
|
<p>
|
|
<font color="lightgreen">
|
|
Thanks to Richard Stallman for linking to our article
|
|
<a href="https://stallman.org/discord.html"> here</a>!
|
|
The spotlight is very much appreciated.
|
|
</font>
|
|
<br />
|
|
</p>
|
|
<a href="../articles/discord.html"
|
|
><img
|
|
class="icon"
|
|
src="../images/discord-no-way-2.gif"
|
|
alt="Discord? No Way!"
|
|
/></a>
|
|
<p>
|
|
Discord is spyware because it collects all information that passes
|
|
through its communication platform. As Discord is a centralized
|
|
communication platform, all communications have to go through
|
|
Discord's official servers, where all of that information can
|
|
potentially be recorded. The vast majority of said information has
|
|
been confirmed to be recorded, such as all communications between
|
|
users. Discord has also been confirmed to use other spyware features
|
|
such as various forms of telemetry. Discord's main source of income is
|
|
from investment, from which it has received over $279.3 million
|
|
dollars<sup><a href="#s4">[4]</a></sup
|
|
>. Discord cannot be built from source and the source code for Discord
|
|
is unavailable.
|
|
</p>
|
|
<h3>Discord does not make its source code available</h3>
|
|
<p>
|
|
It is impossible to download and examine Discord's source code, which
|
|
means that it is impossible to prove that Discord is not spyware. Any
|
|
program which does not make its source code available is potential
|
|
spyware.
|
|
</p>
|
|
<h3>
|
|
Discord confirms that it collects large amounts of sensitive user data
|
|
</h3>
|
|
<p>
|
|
Discord explicitly confirms in its privacy policy<sup
|
|
><a href="#s1">[1]</a></sup
|
|
>
|
|
that it collects the following information:
|
|
</p>
|
|
<ul>
|
|
<li>IP Address</li>
|
|
<li>Device UUID</li>
|
|
<li>User's e-mail address</li>
|
|
<li>All text messages</li>
|
|
<li>All images</li>
|
|
<li>All VOIP data (voice chat)</li>
|
|
<li>Open rates for e-mail sent by Discord</li>
|
|
</ul>
|
|
<p>
|
|
Discord does not explicitly confirm that it collects this information,
|
|
but still collects it by default:
|
|
</p>
|
|
<ul>
|
|
<li>
|
|
Logs of all of the other programs that are open on your computer
|
|
</li>
|
|
</ul>
|
|
<p>
|
|
The implications of this information can be broken down like this: By
|
|
recording your IP address, Discord can track your general location
|
|
(about as precise as which county you are in). Discord can also tell
|
|
which devices you use, as it uniquely identifies each device, and how
|
|
much you use those devices, as it can record your device usage habits
|
|
(since Discord is usually open in the background so that it can
|
|
receive messages). Discord also records every single interaction you
|
|
have with other users through its service. This means that Discord is
|
|
confirmed to log every conversation that you have through Discord, and
|
|
record everything that you say on Discord, and view all images that
|
|
you send through Discord. Therefore, none of your interactions on
|
|
Discord are private. Discord's privacy policy also contains several
|
|
occurrences of phrases such as "including but not limited to," which
|
|
is an explicit confirmation that Discord contains more spyware
|
|
features that are not disclosed to the user.
|
|
</p>
|
|
<h3>
|
|
Discord contains features which allow integration with other spyware
|
|
platforms
|
|
</h3>
|
|
<p>
|
|
Discord contains the opt-in spyware feature known as "social media
|
|
integration." This allows you to sync your persistent user identity on
|
|
Discord with your persistent user identity on other spyware platforms,
|
|
such as Facebook and Twitter. In its privacy policy<sup
|
|
><a href="#s1">[1]</a></sup
|
|
>, Discord has confirmed that if you opt in to this spyware feature,
|
|
Discord will obtain an undisclosed amount of access to information
|
|
obtained about you by the spyware platforms that you choose to sync
|
|
with.
|
|
</p>
|
|
<h3>Discord contains a process logger</h3>
|
|
<p>
|
|
Discord has been confirmed to monitor the open processes on your
|
|
operating system. This is a spyware feature known as a "process
|
|
logger" that is generally used to record your program usage habits.
|
|
This was confirmed by the CTO of Discord in a Reddit thread.<sup
|
|
><a href="#s2">[2]</a></sup
|
|
>
|
|
In the same thread, the CTO also elaborates that this spyware feature
|
|
(the monitoring of processes) is mandatory for several features of the
|
|
platform. The CTO and a Discord engineer go on to claim that Discord
|
|
does not use the process logger to send records of the open processes
|
|
on the user's computer.
|
|
</p>
|
|
<p>
|
|
The test to prove that Discord logs processes was done again by the
|
|
writer with procmon on 4/11/2019 with the features: "Use data to
|
|
customize my Discord Experience" and "Display currently running game
|
|
as a status message" turned off. Discord did
|
|
<font color="lime"><b>NOT</b></font> log all of the processes open
|
|
this way. However, when setting the "Display currently running game as
|
|
a status message" turned on, the behavior described in<sup
|
|
><a href="#s2">[2]</a></sup
|
|
>
|
|
was replicated. You can see that behavior here:
|
|
</p>
|
|
<img
|
|
class="screenshot"
|
|
src="../images/discord_process_logging.png"
|
|
alt="Discord process logging as described in [2] confirmed with procmon"
|
|
/>
|
|
<p>
|
|
Discord claims this feature can be disabled through the UI.
|
|
This is sadly <a href="https://github.com/snapcrafters/discord/issues/23">false</a>.
|
|
Because of the nature of closed-source software it isn't possible for
|
|
either this article or the Discord developers to prove how much
|
|
information is being sent to Discord's servers when the process logger
|
|
is turned on. But it's at least possible to turn it off.
|
|
</p>
|
|
<h3>Discord uses its process logging for advertising</h3>
|
|
<p>
|
|
Discord shows this in its privacy option here:
|
|
</p>
|
|
<img
|
|
class="screenshot"
|
|
src="../images/discord_data.png"
|
|
alt="Discord process logging usefulness"
|
|
/>
|
|
<p>
|
|
That the process logging features of Discord are now being recorded on
|
|
Discord's servers as a form of telemetry (spyware), and removes
|
|
speculation about why this feature exists. It is clarified by Discord
|
|
that this spyware feature is used for advertising to its users.<sup
|
|
><a href="#s8">[8]</a></sup
|
|
>
|
|
This means that Discord is
|
|
<font color="red"
|
|
><b
|
|
>recording the programs you have open to build a statistical model
|
|
of what programs you might buy/license in the future.</b
|
|
></font
|
|
>
|
|
</p>
|
|
<img
|
|
class="screenshot"
|
|
src="../images/discord_2.png"
|
|
alt="Discord confirms process logging is used for advertising"
|
|
/>
|
|
|
|
<h3>
|
|
Discord tries to force some users to give their Telephone numbers
|
|
</h3>
|
|
<p>
|
|
Discord will lock users out of its service and will not allow them to
|
|
continue using it without giving their phone number or contacting
|
|
Discord support. This kind of feature is designed to extract very
|
|
personal information out of its users (phone numbers). The criteria
|
|
for locking out users isn't known.
|
|
<!--
|
|
You can be locked out of your account for spamming
|
|
multiple users in dm's a short ammount of time,
|
|
This is due to the spam protection
|
|
-->
|
|
</p>
|
|
<img
|
|
class="screenshot"
|
|
src="../images/discord_verify.png"
|
|
alt="discord phone verification"
|
|
/>
|
|
|
|
<h3>Discord receives government requests for your information</h3>
|
|
<p>
|
|
Discord has confirmed in an email correspondence<sup
|
|
><a href="#s6">[6]</a></sup
|
|
>
|
|
that it does receive government requests for information. So, we know
|
|
that the government potentially has access to all of the information
|
|
that Discord collects about you. You can read a copy of the email
|
|
image posted in the source
|
|
<a
|
|
href="https://spyware.neocities.org/images/discord%20government%20requests.png"
|
|
>here</a
|
|
>
|
|
in case the link there dies.
|
|
</p>
|
|
<hr />
|
|
<h2>Speculation on Discord's future</h2>
|
|
<p>
|
|
It's unknown whether Discord currently is or isn't selling user
|
|
information. Currently, Discord has been able to consistently raise new
|
|
investment capital, which is at a level where it could reasonably be
|
|
covering all of its operating costs. However, Discord, like any other
|
|
company, is not going to exist in a constant state of investment.
|
|
Discord is going to have to transition away from an
|
|
investment-financed business model to a revenue model that exclusively
|
|
relies on generating revenue from the users of the platform.
|
|
</p>
|
|
<p>
|
|
Discord has several ways of making money. It can license emoji's and
|
|
other features of the program with Discord Nitro<sup
|
|
><a href="#s5">[5]</a></sup
|
|
>, or it can make money licensing video games through its new online
|
|
store, as a competitor to <a href="../articles/steam.html">Steam</a>.
|
|
However, both of these revenue sources may not be enough. Discord has
|
|
raised $279.3 million dollars<sup><a href="#s4">[4]</a></sup>
|
|
and it has to return on this investment. (which is more than 279.3
|
|
million dollars that has to be paid back)
|
|
</p>
|
|
<p>
|
|
If Discord is not able to satisfy its obligation to its investors,
|
|
it has a third option- selling user information to advertisers.
|
|
Discord is already datamining its users to produce its
|
|
recommendation system,<sup><a href="#s8">[8]</a></sup> which means
|
|
that it is already turning its userbase into extremely valuable,
|
|
sellable, advertising data. Discord has 130 million users<sup
|
|
><a href="#s7">[7]</a></sup
|
|
>, and it can produce a statistical model of what games each user (who
|
|
does not opt-out of advertising) owns, plays, and wants to buy. This
|
|
is incredibly valuable information that Discord can sell if it cannot
|
|
reach its profit obligations with its current revenue model. If Discord
|
|
was a successful games store, then it would not need to do this. But
|
|
if Discord gets in financial trouble, it probably will be forced to
|
|
liquidate this asset.
|
|
</p>
|
|
</div>
|
|
<hr />
|
|
<div class="footer">
|
|
<div class="futher">
|
|
<h4>Further Reading:</h4>
|
|
<ol>
|
|
<a
|
|
href="https://old.reddit.com/r/privacy/comments/8lkb5s/friends_don't_let_friends_use_discord_the/"
|
|
>Friends Don't Let Friends Use Discord</a
|
|
>
|
|
<a href="https://archive.is/Q4N9J">[archive.is]</a
|
|
><br />
|
|
|
|
<a
|
|
href="https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html"
|
|
>Help Me, Tom's Guide: Is Discord Tracking Me?</a
|
|
>
|
|
<a
|
|
href="http://archive.is/20180418204656/https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html"
|
|
>[archive.is]</a
|
|
><br />
|
|
|
|
<a href="https://www.hooktube.com/watch?v=cn4CENr5NV0"
|
|
>Why Discord is Trash</a
|
|
><br />
|
|
<a href="https://www.hooktube.com/watch?v=QN_6AZT92pU"
|
|
>Why You Shouldn't Use Discord</a
|
|
><br />
|
|
|
|
<a href="http://subvert.pw/res/discord.pdf"
|
|
>THE DISCORD SITUATION</a
|
|
>
|
|
<a
|
|
href="https://web.archive.org/web/20180528205030/http://subvert.pw/res/discord.pdf"
|
|
>[web.archive.org]</a
|
|
>
|
|
</ol>
|
|
</div>
|
|
<hr />
|
|
<div class="sources">
|
|
<h4>Sources:</h4>
|
|
<ol>
|
|
<li id="s1">
|
|
<a href="https://discordapp.com/privacy"
|
|
>Discord Privacy Policy</a
|
|
>
|
|
<a
|
|
href="https://web.archive.org/web/20180528052213/https://discordapp.com/privacy"
|
|
>[web.archive.org]</a
|
|
>
|
|
<a
|
|
href="http://archive.is/20180515102020/https://discordapp.com/privacy"
|
|
>[archive.is]</a
|
|
>
|
|
</li>
|
|
<li id="s2">
|
|
<a
|
|
href="https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/"
|
|
>Why is Discord recording our open programs and uploading
|
|
them?</a
|
|
>
|
|
<a
|
|
href="https://web.archive.org/web/20180410043931/https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/"
|
|
>[web.archive.org]</a
|
|
>
|
|
<a href="https://archive.li/qFcQA">[archive.is]</a>
|
|
</li>
|
|
<li id="s3">
|
|
<a href="https://discordapp.com/company">Discord</a>
|
|
<a
|
|
href="http://wayback.archive-it.org/all/20171226205723/https://discordapp.com/company"
|
|
>[wayback.archive-it.org]</a
|
|
>
|
|
<a
|
|
href="http://archive.is/20170724163442/https://discordapp.com/company"
|
|
>[archive.is]</a
|
|
>
|
|
</li>
|
|
<li id="s4">
|
|
<a href="https://www.crunchbase.com/organization/discord"
|
|
>Crunchbase</a
|
|
>
|
|
<a
|
|
href="https://web.archive.org/web/20180423015034/https://www.crunchbase.com/organization/discord"
|
|
>[web.archive.org]</a
|
|
>
|
|
<a
|
|
href="http://archive.is/20170724163442/https://discordapp.com/company"
|
|
>[archive.is]</a
|
|
>
|
|
</li>
|
|
<li id="s5">
|
|
<a href="https://discordapp.com/nitro">Discord Nitro</a>
|
|
<a
|
|
href="http://archive.is/20170724163442/https://discordapp.com/company"
|
|
>[archive.is]</a
|
|
>
|
|
</li>
|
|
<li id="s6">
|
|
<a
|
|
href="https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/"
|
|
>Discord receives government requests. No plans on adding E2E
|
|
Encryption any time soon.</a
|
|
>
|
|
<a href="https://archive.is/JrdJ9">[archive.is]</a>
|
|
<a
|
|
href="http://web.archive.org/web/20180228033615/https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/"
|
|
>[web.archive.org]</a
|
|
>
|
|
</li>
|
|
<li id="s7">
|
|
<a
|
|
href=" https://www.statista.com/statistics/746215/discord-user-number/"
|
|
>Number of registered Discord users</a
|
|
>
|
|
<a
|
|
href="http://web.archive.org/web/20181119040747/https://www.statista.com/statistics/746215/discord-user-number/"
|
|
>[web.archive.org]</a
|
|
>
|
|
</li>
|
|
<li id="s8">
|
|
<a
|
|
href="https://support.discordapp.com/hc/en-us/articles/360004109911"
|
|
>Data Privacy Controls</a
|
|
>
|
|
<a
|
|
href="http://web.archive.org/web/20181201004455/https://support.discordapp.com/hc/en-us/articles/360004109911"
|
|
>[web.archive.org]</a
|
|
>
|
|
</li>
|
|
</ol>
|
|
</div>
|
|
<hr />
|
|
<b>This article was created on 11/23/17</b><br />
|
|
<b>This article was last edited on 4/24/2021</b>
|
|
<!--Dont change-->
|
|
<p>
|
|
If you want to edit this article, or contribute your own article(s), visit us
|
|
at the git repo on
|
|
<a href="https://codeberg.org/shadow/SpywareWatchdog">Codeberg</a>.
|
|
</p>
|
|
<p>
|
|
All contributions must be licensed under the CC0 license to be
|
|
accepted.
|
|
</p>
|
|
<a href="../LICENSE.txt">
|
|
<img class="icon" src="../images/cc0.png" alt="CC0 License" />
|
|
</a>
|
|
<!--Dont change-->
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |