SpywareWatchdog/articles/discord.html

245 lines
14 KiB
HTML

<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="../style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Discord</h1>
<p><a href="../articles/index.html">Back to catalog</a><br>
<a href="../articles/discord_es.html">Spanish Translation</a>
<a href="https://qorg.xyz/spyware/discord.cgi">[qorg.xyz]</a>
<a href="https://qorglaofrwqdj4is.onion/spyware/discord.cgi">[qorglaofrwqdj4is.onion]</a>
<a href="http://web.archive.org/web/20181118194244/https://qorg.xyz/spyware/discord.cgi">[web.archive.org]</a>
<a href="http://archive.is/7T29F">[archive.is]</a></p>
<img src="../images/discord_logo.png" alt="Discord-Logo">
<p>
Discord is an instant messaging application for MacOS, Windows, Linux,
Android, and iOS. Discord is used to communicate via voice chat and
text chat, and has image-sharing and file-sharing capabilities.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
<font color="lightgreen">
Thanks to Richard Stallman for linking to our article <a href="https://stallman.org/discord.html"> here</a>! The spotlight is very much appreciated.
</font><br>
</p>
<a href="https://spyware.neocities.o../articles/discord.html"><img src="../images/discord-no-way-2.gif" alt="Discord? No Way!"></a>
<p>
Discord is spyware because it collects all information that passes
through its communication platform. As Discord is a centralized
communication platform, all communications have to go through Discord's
official servers, where all of that information can potentially be
recorded. The vast majority of said information has been confirmed
to be recorded, such as all communications between users. Discord has
also been confirmed to use other spyware features such as various forms
of telemetry. Discord's main source of income is from investment, from which
it has received over $279.3 million dollars<sup><a href="#4">[4]</a></sup>. Discord cannot be built from
source and the source code for Discord is unavailable.
</p>
<h3>Discord does not make its source code available</h3>
<p>
It is impossible to download and examine Discord's source code,
which means that it is impossible to prove that Discord is not
spyware. Any program which does not make its source code available is
potential spyware.
</p>
<h3>Discord confirms that it collects large amounts of sensitive user data</h3>
<p>
Discord explicitly confirms in its privacy policy<sup><a href="#1">[1]</a></sup> that it collects the following information:
</p>
<ul>
<li>IP Address</li>
<li>Device UUID</li>
<li>User's e-mail address</li>
<li>All text messages</li>
<li>All images</li>
<li>All VOIP data (voice chat)</li>
<li>Open rates for e-mail sent by Discord</li>
</ul>
<p>
Discord does not explictly confirm that it collects this information, but still collects it by default:
</p>
<ul>
<li>Logs of all of the other programs that are open on your computer</li>
</ul>
<p>
The implications of this information can be broken down like this: By
recording your IP address, Discord can track your general location
(about as precise as which county you are in). Discord can also tell
which devices you use, as it uniquely identifies each device, and how
much you use those devices, as it can record your device usage habits
(since Discord is usually open in the background so that it can receive
messages). Discord also records every single interaction you have with
other users through its service. This means that Discord is confirmed
to log every conversation that you have through Discord, and record
everything that you say on Discord, and view all images that you send
through Discord. Therefore, none of your interactions on Discord are
private. Discord's privacy policy also contains several occurrences of
phrases such as "including but not limited to," which is an explicit
confirmation that Discord contains more spyware features that are not
disclosed to the user.
</p>
<h3>Discord contains features which allow integration with other spyware platforms</h3>
<p>
Discord contains the opt-in spyware feature known as "social media
integration." This allows you to sync your persistent user identity
on Discord with your persistent user identity on other spyware
platforms, such as Facebook and Twitter. In its privacy policy<sup><a href="#1">[1]</a></sup>,
Discord has confirmed that if you opt in to this spyware feature,
Discord will obtain an undisclosed amount of access to information
obtained about you by the spyware platforms that you choose to sync
with.
</p>
<h3>Discord contains a process logger</h3>
<p>
Discord has been confirmed to monitor the open processes on your
operating system. This is a spyware feature known as a "process logger"
that is generally used to record your program usage habits. This was
confirmed by the CTO of Discord in a Reddit thread.<sup><a href="#2">[2]</a></sup>
In the same thread, the CTO also elaborates that this spyware feature (the monitoring of processes) is
mandatory for several features of the platform. The CTO and a Discord engineer go on
to claim that Discord does not use the process logger to send records
of the open processes on the user's computer.
</p>
<p>
The test to prove that Discord logs processes was done again by the writer with procmon on 4/11/2019 with
the features: "Use data to customize my Discord Experience" and "Display currently running game as a status message"
turned off. Discord did <font color=lime><b>NOT</b></font> log all of the processes open this way.
However when setting the "Display currently running game as a status message" turned on, the behavior
described in<sup><a href="#2">[2]</a></sup> was replecated. You can see that behavior here:
</p>
<img src="../images/discord_process_logging.png" alt="Discord process logging as described in [2] confirmed with procmon">
<p>
It turns out that this feature <font color=lime><b>can be disabled through the UI.</b></font> Because of the nature of closed-source
software it isn't possible for either this article or the Discord developers to prove how much information is being sent to
Discord's servers when the process logger is turned on. But it's at least possible to turn it off.
</p>
<h3>Discord uses it's process logging for advertising</h3>
<p>
Discord shows this in it's privacy option here:
</p>
<img src="../images/discord_data.png" alt="Discord process logging usefulness">
<p>
That the process logging features of Discord are now being recorded on Discord's servers as a form of telemetry (spyware),
and removes speculation about why this feature exists. It is clarified by Discord that this spyware feature is used for advertising
to it's users.<sup><a href="#8">[8]</a></sup> This means that Discord is <font color=red><b>recording the programs you have open to build
a statistical model of what programs you might buy/lisence in the future.</b></font>
</p>
<img src="../images/discord_2.png" alt="Discord confirms process logging is used for advertising">
<h3>Discord tries to force some users to give their Telephone numbers</h3>
<p>
Discord will lock users out of it's service and will not allow them to continue using it without giving their phone number or contacting Discord
support. This kind of feature is designed to extract very personal information out of it's users (phone numbers). The criteria for locking out
users isn't known.
</p>
<img src="../images/discord_verify.png" alt="discord phone verification">
<h3>Discord receives government requests for your information</h3>
<p>
Discord has confirmed in an email correspondence<sup><a href="#6">[6]</a></sup>
that it does receive government requests for information. So, we know
that the government potentially has access to all of the information
that Discord collects about you. You can read a copy of the email image
posted in the source <a href="https://spyware.neocities.o../images/discord%20government%20requests.png">here</a> in case the link there dies.
</p>
<hr>
<h2>Speculation on Discord's future</h2>
<p>
It's unknown whether Discord currently is or isn't selling user information. Currently Discord has been able
to consistently raise new invesment capital, which is at a level where it could reasonably be covering
all of its operating costs. However, Discord, like any other company, is not going to exist in a
constant state of investment. Discord is going to have to transition away from an investment-financed
business model to a revenue model that exclusively relies on generating revenue from the users of the
platform.
</p>
<p>
Discord has several ways of making money. It can lisence emoji's and other features of the program with
Discord Nitro<sup><a href="#5">[5]</a></sup>, or it can make money lisencing video games through it's
new online store, as a competitor to <a href="../articles/steam.html">Steam</a>. However both of these revenue
sources may not be enough. Discord has raised $279.3 million dollars<sup><a href="#4">[4]</a></sup>
and it has to return on this investment. (which is more than 279.3 million dollars that has to be paid back)
</p>
<p>
If Discord is not able to satisfy it's obligation to it's investors, it has a third option- selling user information
to advertisers. Discord is already datamining it's users to produce it's recommendation system,<sup><a href="#8">[8]</a></sup> which means that it
is already turning it's userbase into extremely valueble, sellable, advertising data. Discord has 130 million users<sup><a href="#7">[7]</a></sup>,
and it can produce a statistical model of what games each user (who does not opt-out of advertising) owns, plays, and wants to buy.
This is incredibly valueble information that Discord can sell if it cannot reach it's profit obligations with it's current
revenue model. If Discord is a successful games store, then it wont need to do this. But if Discord gets in financial trouble,
it probably will be forced to liquiate this asset.
</p>
<hr>
<h2>Further Reading</h2>
<a href="https://old.reddit.com/r/privacy/comments/8lkb5s/friends_dont_let_friends_use_discord_the/">Friends Don't Let Friends Use Discord</a>
<a href="https://archive.is/Q4N9J">[archive.is]</a><br>
<a href="https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">Help Me, Tom's Guide: Is Discord Tracking Me?</a>
<a href="http://archive.is/20180418204656/https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">[archive.is]</a><br>
<a href="https://www.hooktube.com/watch?v=cn4CENr5NV0">Why Discord is Trash</a><br>
<a href="https://www.hooktube.com/watch?v=QN_6AZT92pU">Why You Shouldn't Use Discord</a><br>
<a href="http://subvert.pw/res/discord.pdf">THE DISCORD SITUATION</a>
<a href="https://web.archive.org/web/20180528205030/http://subvert.pw/res/discord.pdf">[web.archive.org]</a><br>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://discordapp.com/privacy">Discord Privacy Policy</a>
<a href="https://web.archive.org/web/20180528052213/https://discordapp.com/privacy">[web.archive.org]</a>
<a href="http://archive.is/20180515102020/https://discordapp.com/privacy">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">Why is Discord recording our open programs and uploading them?</a>
<a href="https://web.archive.org/web/20180410043931/https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">[web.archive.org]</a>
<a href="https://archive.li/qFcQA">[archive.is]</a><br>
<a name="3">3.</a>
<a href="https://discordapp.com/company">Discord</a>
<a href="http://wayback.archive-it.org/all/20171226205723/https://discordapp.com/company">[wayback.archive-it.org]</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="4">4.</a>
<a href="https://www.crunchbase.com/organization/discord">Crunchbase</a>
<a href="https://web.archive.org/web/20180423015034/https://www.crunchbase.com/organization/discord">[web.archive.org]</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="5">5.</a>
<a href="https://discordapp.com/nitro">Discord Nitro</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="6">6.</a>
<a href="https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">Discord receives government requests. No plans on adding E2E Encryption any time soon.</a>
<a href="https://archive.is/JrdJ9">[archive.is]</a>
<a href="http://web.archive.org/web/20180228033615/https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">[web.archive.org]</a><br>
<a name="7">7.</a>
<a href=" https://www.statista.com/statistics/746215/discord-user-number/">Number of registered Discord users</a>
<a href="http://web.archive.org/web/20181119040747/https://www.statista.com/statistics/746215/discord-user-number/">[web.archive.org]</a><br>
<a name="8">8.</a>
<a href="https://support.discordapp.com/hc/en-us/articles/360004109911">Data Privacy Controls</a>
<a href="http://web.archive.org/web/20181201004455/https://support.discordapp.com/hc/en-us/articles/360004109911">[web.archive.org]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 4/11/2019
</b></p>
<p><b>
This article was created on 11/23/17
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="../images/cc0.png" alt="CC0 Liscence"></a>
</body></html>