neko
/
SpywareWatchdog
mirror of https://codeberg.org/shadow/SpywareWatchdog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
SpywareWatchdog/articles/discord.html

484 lines
20 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta
http-equiv="Content-type"
content="application/xhtml+xml;charset=utf-8"
/>
<title>Discord — Spyware Watchdog</title>
<link rel="stylesheet" href="../style.css" />
</head>
<body>
<div class="case">
<div class="nav"><a href="index.html">&larr; Catalog</a></div>
<div class="main">
<img src="../images/discord_logo.png" alt="Discord Logo" />
<h1>Discord</h1>
<center>
<a href="../articles/discord_es.html">[Español]</a><br><br>
</center>
<p>
Discord is an instant messaging application for macOS, Windows, GNU/Linux,
Android, and iOS. Discord is used to communicate via voice chat and
text chat, and has image-sharing and file-sharing capabilities.
</p>
<h2>Spyware Level: <span class="red">EXTREMELY HIGH</span></h2>
<p>
<font color="lightgreen">
Thanks to Richard Stallman for linking to our article
<a href="https://stallman.org/discord.html"> here</a>!
The spotlight is very much appreciated.
</font>
<br />
</p>
<a href="../articles/discord.html"
><img
class="icon"
src="../images/discord-no-way-2.gif"
alt="Discord? No Way!"
/></a>
<p>
Discord is spyware because it collects all information that passes
through its communication platform. As Discord is a centralized
communication platform, all communications have to go through
Discord's official servers, where all of that information can
potentially be recorded. The vast majority of said information has
been confirmed to be recorded, such as all communications between
users. Discord has also been confirmed to use other spyware features
such as various forms of telemetry. Discord's main source of income is
from investment, from which it has received over $279.3 million
dollars<sup><a href="#s4">[4]</a></sup
>. Discord cannot be built from source and the source code for Discord
is unavailable.
</p>
<h3>Discord does not make its source code available</h3>
<p>
It is impossible to download and examine Discord's source code, which
means that it is impossible to prove that Discord is not spyware. Any
program which does not make its source code available is potential
spyware.
</p>
<h3>
Discord confirms that it collects large amounts of sensitive user data
</h3>
<p>
Discord explicitly confirms in its privacy policy<sup
><a href="#s1">[1]</a></sup
>
that it collects the following information:
</p>
<ul>
<li>IP Address</li>
<li>Device UUID</li>
<li>User's e-mail address</li>
<li>All text messages</li>
<li>All images</li>
<li>All VOIP data (voice chat)</li>
<li>Open rates for e-mail sent by Discord</li>
</ul>
<p>
Discord does not explicitly confirm that it collects this information,
but still collects it by default:
</p>
<ul>
<li>
Logs of all of the other programs that are open on your computer
</li>
</ul>
<p>
The implications of this information can be broken down like this: By
recording your IP address, Discord can track your general location
(about as precise as which county you are in). Discord can also tell
which devices you use, as it uniquely identifies each device, and how
much you use those devices, as it can record your device usage habits
(since Discord is usually open in the background so that it can
receive messages). Discord also records every single interaction you
have with other users through its service. This means that Discord is
confirmed to log every conversation that you have through Discord, and
record everything that you say on Discord, and view all images that
you send through Discord. Therefore, none of your interactions on
Discord are private. Discord's privacy policy also contains several
occurrences of phrases such as "including but not limited to," which
is an explicit confirmation that Discord contains more spyware
features that are not disclosed to the user.
</p>
<h3>
Discord contains features which allow integration with other spyware
platforms
</h3>
<p>
Discord contains the opt-in spyware feature known as "social media
integration." This allows you to sync your persistent user identity on
Discord with your persistent user identity on other spyware platforms,
such as Facebook and Twitter. In its privacy policy<sup
><a href="#s1">[1]</a></sup
>, Discord has confirmed that if you opt in to this spyware feature,
Discord will obtain an undisclosed amount of access to information
obtained about you by the spyware platforms that you choose to sync
with.
</p>
<h3>Discord contains a process logger</h3>
<p>
Discord has been confirmed to monitor the open processes on your
operating system. This is a spyware feature known as a "process
logger" that is generally used to record your program usage habits.
This was confirmed by the CTO of Discord in a Reddit thread.<sup
><a href="#s2">[2]</a></sup
>
In the same thread, the CTO also elaborates that this spyware feature
(the monitoring of processes) is mandatory for several features of the
platform. The CTO and a Discord engineer go on to claim that Discord
does not use the process logger to send records of the open processes
on the user's computer.
</p>
<p>
The test to prove that Discord logs processes was done again by the
writer with procmon on 4/11/2019 with the features: "Use data to
customize my Discord Experience" and "Display currently running game
as a status message" turned off. Discord did
<font color="lime"><b>NOT</b></font> log all of the processes open
this way. However, when setting the "Display currently running game as
a status message" turned on, the behavior described in<sup
><a href="#s2">[2]</a></sup
>
was replicated. You can see that behavior here:
</p>
<img
class="screenshot"
src="../images/discord_process_logging.png"
alt="Discord process logging as described in [2] confirmed with procmon"
/>
<p>
Discord claims this feature can be disabled through the UI.
This is sadly <a href="https://github.com/snapcrafters/discord/issues/23">false</a>.
Because of the nature of closed-source software it isn't possible for
either this article or the Discord developers to prove how much
information is being sent to Discord's servers when the process logger
is turned on. But it's at least possible to turn it off.
</p>
<h3>Discord uses its process logging for advertising</h3>
<p>
Discord shows this in its privacy option here:
</p>
<img
class="screenshot"
src="../images/discord_data.png"
alt="Discord process logging usefulness"
/>
<p>
That the process logging features of Discord are now being recorded on
Discord's servers as a form of telemetry (spyware), and removes
speculation about why this feature exists. It is clarified by Discord
that this spyware feature is used for advertising to its users.<sup
><a href="#s8">[8]</a></sup
>
This means that Discord is
<font color="red"
><b
>recording the programs you have open to build a statistical model
of what programs you might buy/license in the future.</b
></font
>
</p>
<img
class="screenshot"
src="../images/discord_2.png"
alt="Discord confirms process logging is used for advertising"
/>
<h3>
Discord tries to force some users to give their Telephone numbers
</h3>
<p>
Discord will lock users out of its service and will not allow them to
continue using it without giving their phone number or contacting
Discord support. This is especially true for TOR users.
This kind of feature is designed to extract very
personal information out of its users (phone numbers). The criteria
for locking out users isn't known.
<!--
You can be locked out of your account for spamming
multiple users in dm's a short ammount of time,
This is due to the spam protection
-->
</p>
<img
class="screenshot"
src="../images/discord_verify.png"
alt="discord phone verification"
/>
<h3>Discord receives government requests for your information</h3>
<p>
Discord has confirmed in an email correspondence<sup
><a href="#s6">[6]</a></sup
>
that it does receive government requests for information. So, we know
that the government potentially has access to all of the information
that Discord collects about you. You can read a copy of the email
image posted in the source
<a
href="https://spyware.neocities.org/images/discord%20government%20requests.png"
>here</a
>
in case the link there dies.
</p>
<hr />
<h2>Speculation on Discord's future</h2>
<p>
It's unknown whether Discord currently is or isn't selling user
information. Currently, Discord has been able to consistently raise new
investment capital, which is at a level where it could reasonably be
covering all of its operating costs. However, Discord, like any other
company, is not going to exist in a constant state of investment.
Discord is going to have to transition away from an
investment-financed business model to a revenue model that exclusively
relies on generating revenue from the users of the platform.
</p>
<p>
Discord has several ways of making money. It can license emoji's and
other features of the program with Discord Nitro<sup
><a href="#s5">[5]</a></sup
>, or it can make money licensing video games through its new online
store, as a competitor to <a href="../articles/steam.html">Steam</a>.
However, both of these revenue sources may not be enough. Discord has
raised $279.3 million dollars<sup><a href="#s4">[4]</a></sup>
and it has to return on this investment. (which is more than 279.3
million dollars that has to be paid back)
</p>
<p>
If Discord is not able to satisfy its obligation to its investors,
it has a third option- selling user information to advertisers.
Discord is already datamining its users to produce its
recommendation system,<sup><a href="#s8">[8]</a></sup> which means
that it is already turning its userbase into extremely valuable,
sellable, advertising data. Discord has 130 million users<sup
><a href="#s7">[7]</a></sup
>, and it can produce a statistical model of what games each user (who
does not opt-out of advertising) owns, plays, and wants to buy. This
is incredibly valuable information that Discord can sell if it cannot
reach its profit obligations with its current revenue model. If Discord
was a successful games store, then it would not need to do this. But
if Discord gets in financial trouble, it probably will be forced to
liquidate this asset.
</p>
</div>
<hr />
<div class="footer">
<div class="futher">
<h4>Further Reading:</h4>
<ol>
<a
href="https://old.reddit.com/r/privacy/comments/8lkb5s/friends_don't_let_friends_use_discord_the/"
>Friends Don't Let Friends Use Discord</a
>
<a href="https://removeddit.com/r/privacy/comments/8lkb5s/friends_dont_let_friends_use_discord_the/">[removeddit.com]</a
>
<a href="https://archive.is/Q4N9J">[archive.is]</a
>
<a
href="https://ghostarchive.org/"
>[ghostarchive.org]</a
>
<br />
<a
href="https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html"
>Help Me, Tom's Guide: Is Discord Tracking Me?</a
>
<a
href="http://archive.is/20180418204656/https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html"
>[archive.is]</a
>
<a
href="https://ghostarchive.org/archive/8dKmc?kreymer=false"
>[ghostarchive.org]</a
>
<br />
<a
href="https://scribe.rip/tenable-techblog/lets-reverse-engineer-discord-1976773f4626"
>Lets Reverse Engineer Discord</a
>
<a
href="https://archive.ph/Qgny4"
>[archive.ph]</a
>
<a
href="https://ghostarchive.org/archive/dd4UU"
>[ghostarchive.org]</a
>
<br />
<a href="https://www.youtube.com/watch?v=cn4CENr5NV0"
>Why Discord is Trash</a
><br />
<a href="https://www.youtube.com/watch?v=QN_6AZT92pU"
>Why You Shouldn't Use Discord</a
><br />
<a href="http://subvert.pw/res/discord.pdf"
>THE DISCORD SITUATION</a
>
<a
href="https://web.archive.org/web/20180528205030/http://subvert.pw/res/discord.pdf"
>[web.archive.org]</a
>
</ol>
</div>
<hr />
<div class="sources">
<h4>Sources:</h4>
<ol>
<li id="s1">
<a href="https://discordapp.com/privacy"
>Discord Privacy Policy</a
>
<a
href="https://web.archive.org/web/20180528052213/https://discordapp.com/privacy"
>[web.archive.org]</a
>
<a
href="http://archive.is/20180515102020/https://discordapp.com/privacy"
>[archive.is]</a
>
<a
href="https://ghostarchive.org/archive/22yke"
>[ghostarchive.org]</a
>
</li>
<li id="s2">
<a
href="https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/"
>Why is Discord recording our open programs and uploading
them?</a
>
<a
href="https://www.removeddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/"
>[removeddit.com]</a
>
<a
href="https://web.archive.org/web/20180410043931/https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/"
>[web.archive.org]</a
>
<a href="https://archive.li/qFcQA">[archive.is]</a>
<a href="https://ghostarchive.org/archive/MQBEv?kreymer=true">[ghostarchive.org]</a>
</li>
<li id="s3">
<a href="https://discordapp.com/company">Discord</a>
<a
href="http://wayback.archive-it.org/all/20171226205723/https://discordapp.com/company"
>[wayback.archive-it.org]</a
>
<a
href="http://archive.is/20170724163442/https://discordapp.com/company"
>[archive.is]</a
>
<a
href="https://ghostarchive.org/archive/30TU8"
>[ghostarchive.org]</a
>
</li>
<li id="s4">
<a href="https://www.crunchbase.com/organization/discord"
>Crunchbase</a
>
<a
href="https://web.archive.org/web/20180423015034/https://www.crunchbase.com/organization/discord"
>[web.archive.org]</a
>
<!-- archive.is page was a dud
<a
href="https://archive.is/KvEdW"
>[archive.is]</a
>
-->
<a
href="http://archive.is/20170724163442/https://discordapp.com/company"
>[ghostarchive.org]</a
>
</li>
<li id="s5">
<a href="https://discordapp.com/nitro">Discord Nitro</a>
<a
href="http://archive.is/20170724163442/https://discordapp.com/company"
>[archive.is]</a
>
<a
href="https://ghostarchive.org/archive/xbj7M?kreymer=true"
>[ghostarchive.org]</a
>
</li>
<li id="s6">
<a
href="https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/"
>Discord receives government requests. No plans on adding E2E
Encryption any time soon.</a
>
<a href="https://archive.is/JrdJ9">[archive.is]</a>
<a href="https://removeddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">[removeddit.com]</a>
<a
href="http://web.archive.org/web/20180228033615/https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/"
>[web.archive.org]</a
>
<a
href="https://ghostarchive.org/archive/trU1V"
>[ghostarchive.org]</a
>
</li>
<li id="s7">
<a
href="https://www.statista.com/statistics/746215/discord-user-number/"
>Number of registered Discord users</a
>
<a
href="http://web.archive.org/web/20181119040747/https://www.statista.com/statistics/746215/discord-user-number/"
>[web.archive.org]</a
>
<a
href="https://ghostarchive.org/archive/bK9Ai"
>[ghostarchive.org]</a
>
</li>
<li id="s8">
<a
href="https://support.discordapp.com/hc/en-us/articles/360004109911"
>Data Privacy Controls</a
>
<a
href="http://web.archive.org/web/20181201004455/https://support.discordapp.com/hc/en-us/articles/360004109911"
>[web.archive.org]</a
>
<a
href="https://ghostarchive.org/archive/vx3aY"
>[ghostarchive.org]</a
>
</li>
</ol>
</div>
<hr />
<b>This article was created on 11/23/17</b><br />
<b>This article was last edited on 8/17/2021</b>
<!--Dont change-->
<p>
If you want to edit this article, or contribute your own article(s), visit us
at the git repo on
<a href="https://codeberg.org/shadow/SpywareWatchdog">Codeberg</a>.
</p>
<p>
All contributions must be licensed under the CC0 license to be
accepted.
</p>
<a href="../LICENSE.txt">
<img class="icon" src="../images/cc0.png" alt="CC0 License" />
</a>
<!--Dont change-->
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink