245 lines
14 KiB
HTML
245 lines
14 KiB
HTML
<!DOCTYPE HTML>
|
|
<html lang=”en-us”>
|
|
<head>
|
|
<link rel="stylesheet" href="../style.css">
|
|
<meta charset="UTF-8">
|
|
<title>Spyware Watchdog</title>
|
|
</head>
|
|
<body>
|
|
<h1>Discord</h1>
|
|
<p><a href="../articles/index.html">Back to catalog</a><br>
|
|
<a href="../articles/discord_es.html">Spanish Translation</a>
|
|
<a href="https://qorg.xyz/spyware/discord.cgi">[qorg.xyz]</a>
|
|
<a href="https://qorglaofrwqdj4is.onion/spyware/discord.cgi">[qorglaofrwqdj4is.onion]</a>
|
|
<a href="http://web.archive.org/web/20181118194244/https://qorg.xyz/spyware/discord.cgi">[web.archive.org]</a>
|
|
<a href="http://archive.is/7T29F">[archive.is]</a></p>
|
|
|
|
<img src="../images/discord_logo.png" alt="Discord-Logo">
|
|
<p>
|
|
Discord is an instant messaging application for MacOS, Windows, Linux,
|
|
Android, and iOS. Discord is used to communicate via voice chat and
|
|
text chat, and has image-sharing and file-sharing capabilities.
|
|
</p>
|
|
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
|
|
<p>
|
|
<font color="lightgreen">
|
|
Thanks to Richard Stallman for linking to our article <a href="https://stallman.org/discord.html"> here</a>! The spotlight is very much appreciated.
|
|
</font><br>
|
|
</p>
|
|
<a href="https://spyware.neocities.o../articles/discord.html"><img src="../images/discord-no-way-2.gif" alt="Discord? No Way!"></a>
|
|
<p>
|
|
Discord is spyware because it collects all information that passes
|
|
through its communication platform. As Discord is a centralized
|
|
communication platform, all communications have to go through Discord's
|
|
official servers, where all of that information can potentially be
|
|
recorded. The vast majority of said information has been confirmed
|
|
to be recorded, such as all communications between users. Discord has
|
|
also been confirmed to use other spyware features such as various forms
|
|
of telemetry. Discord's main source of income is from investment, from which
|
|
it has received over $279.3 million dollars<sup><a href="#4">[4]</a></sup>. Discord cannot be built from
|
|
source and the source code for Discord is unavailable.
|
|
</p>
|
|
<h3>Discord does not make its source code available</h3>
|
|
<p>
|
|
It is impossible to download and examine Discord's source code,
|
|
which means that it is impossible to prove that Discord is not
|
|
spyware. Any program which does not make its source code available is
|
|
potential spyware.
|
|
</p>
|
|
<h3>Discord confirms that it collects large amounts of sensitive user data</h3>
|
|
<p>
|
|
Discord explicitly confirms in its privacy policy<sup><a href="#1">[1]</a></sup> that it collects the following information:
|
|
</p>
|
|
<ul>
|
|
<li>IP Address</li>
|
|
<li>Device UUID</li>
|
|
<li>User's e-mail address</li>
|
|
<li>All text messages</li>
|
|
<li>All images</li>
|
|
<li>All VOIP data (voice chat)</li>
|
|
<li>Open rates for e-mail sent by Discord</li>
|
|
</ul>
|
|
<p>
|
|
Discord does not explictly confirm that it collects this information, but still collects it by default:
|
|
</p>
|
|
<ul>
|
|
<li>Logs of all of the other programs that are open on your computer</li>
|
|
</ul>
|
|
<p>
|
|
The implications of this information can be broken down like this: By
|
|
recording your IP address, Discord can track your general location
|
|
(about as precise as which county you are in). Discord can also tell
|
|
which devices you use, as it uniquely identifies each device, and how
|
|
much you use those devices, as it can record your device usage habits
|
|
(since Discord is usually open in the background so that it can receive
|
|
messages). Discord also records every single interaction you have with
|
|
other users through its service. This means that Discord is confirmed
|
|
to log every conversation that you have through Discord, and record
|
|
everything that you say on Discord, and view all images that you send
|
|
through Discord. Therefore, none of your interactions on Discord are
|
|
private. Discord's privacy policy also contains several occurrences of
|
|
phrases such as "including but not limited to," which is an explicit
|
|
confirmation that Discord contains more spyware features that are not
|
|
disclosed to the user.
|
|
</p>
|
|
<h3>Discord contains features which allow integration with other spyware platforms</h3>
|
|
<p>
|
|
Discord contains the opt-in spyware feature known as "social media
|
|
integration." This allows you to sync your persistent user identity
|
|
on Discord with your persistent user identity on other spyware
|
|
platforms, such as Facebook and Twitter. In its privacy policy<sup><a href="#1">[1]</a></sup>,
|
|
Discord has confirmed that if you opt in to this spyware feature,
|
|
Discord will obtain an undisclosed amount of access to information
|
|
obtained about you by the spyware platforms that you choose to sync
|
|
with.
|
|
</p>
|
|
<h3>Discord contains a process logger</h3>
|
|
<p>
|
|
Discord has been confirmed to monitor the open processes on your
|
|
operating system. This is a spyware feature known as a "process logger"
|
|
that is generally used to record your program usage habits. This was
|
|
confirmed by the CTO of Discord in a Reddit thread.<sup><a href="#2">[2]</a></sup>
|
|
In the same thread, the CTO also elaborates that this spyware feature (the monitoring of processes) is
|
|
mandatory for several features of the platform. The CTO and a Discord engineer go on
|
|
to claim that Discord does not use the process logger to send records
|
|
of the open processes on the user's computer.
|
|
</p>
|
|
<p>
|
|
The test to prove that Discord logs processes was done again by the writer with procmon on 4/11/2019 with
|
|
the features: "Use data to customize my Discord Experience" and "Display currently running game as a status message"
|
|
turned off. Discord did <font color=lime><b>NOT</b></font> log all of the processes open this way.
|
|
However when setting the "Display currently running game as a status message" turned on, the behavior
|
|
described in<sup><a href="#2">[2]</a></sup> was replecated. You can see that behavior here:
|
|
</p>
|
|
<img src="../images/discord_process_logging.png" alt="Discord process logging as described in [2] confirmed with procmon">
|
|
<p>
|
|
It turns out that this feature <font color=lime><b>can be disabled through the UI.</b></font> Because of the nature of closed-source
|
|
software it isn't possible for either this article or the Discord developers to prove how much information is being sent to
|
|
Discord's servers when the process logger is turned on. But it's at least possible to turn it off.
|
|
</p>
|
|
<h3>Discord uses it's process logging for advertising</h3>
|
|
<p>
|
|
Discord shows this in it's privacy option here:
|
|
</p>
|
|
<img src="../images/discord_data.png" alt="Discord process logging usefulness">
|
|
<p>
|
|
That the process logging features of Discord are now being recorded on Discord's servers as a form of telemetry (spyware),
|
|
and removes speculation about why this feature exists. It is clarified by Discord that this spyware feature is used for advertising
|
|
to it's users.<sup><a href="#8">[8]</a></sup> This means that Discord is <font color=red><b>recording the programs you have open to build
|
|
a statistical model of what programs you might buy/lisence in the future.</b></font>
|
|
</p>
|
|
<img src="../images/discord_2.png" alt="Discord confirms process logging is used for advertising">
|
|
|
|
<h3>Discord tries to force some users to give their Telephone numbers</h3>
|
|
<p>
|
|
Discord will lock users out of it's service and will not allow them to continue using it without giving their phone number or contacting Discord
|
|
support. This kind of feature is designed to extract very personal information out of it's users (phone numbers). The criteria for locking out
|
|
users isn't known.
|
|
</p>
|
|
<img src="../images/discord_verify.png" alt="discord phone verification">
|
|
|
|
<h3>Discord receives government requests for your information</h3>
|
|
<p>
|
|
Discord has confirmed in an email correspondence<sup><a href="#6">[6]</a></sup>
|
|
that it does receive government requests for information. So, we know
|
|
that the government potentially has access to all of the information
|
|
that Discord collects about you. You can read a copy of the email image
|
|
posted in the source <a href="https://spyware.neocities.o../images/discord%20government%20requests.png">here</a> in case the link there dies.
|
|
</p>
|
|
<hr>
|
|
<h2>Speculation on Discord's future</h2>
|
|
<p>
|
|
It's unknown whether Discord currently is or isn't selling user information. Currently Discord has been able
|
|
to consistently raise new invesment capital, which is at a level where it could reasonably be covering
|
|
all of its operating costs. However, Discord, like any other company, is not going to exist in a
|
|
constant state of investment. Discord is going to have to transition away from an investment-financed
|
|
business model to a revenue model that exclusively relies on generating revenue from the users of the
|
|
platform.
|
|
</p>
|
|
<p>
|
|
Discord has several ways of making money. It can lisence emoji's and other features of the program with
|
|
Discord Nitro<sup><a href="#5">[5]</a></sup>, or it can make money lisencing video games through it's
|
|
new online store, as a competitor to <a href="../articles/steam.html">Steam</a>. However both of these revenue
|
|
sources may not be enough. Discord has raised $279.3 million dollars<sup><a href="#4">[4]</a></sup>
|
|
and it has to return on this investment. (which is more than 279.3 million dollars that has to be paid back)
|
|
</p>
|
|
<p>
|
|
If Discord is not able to satisfy it's obligation to it's investors, it has a third option- selling user information
|
|
to advertisers. Discord is already datamining it's users to produce it's recommendation system,<sup><a href="#8">[8]</a></sup> which means that it
|
|
is already turning it's userbase into extremely valueble, sellable, advertising data. Discord has 130 million users<sup><a href="#7">[7]</a></sup>,
|
|
and it can produce a statistical model of what games each user (who does not opt-out of advertising) owns, plays, and wants to buy.
|
|
This is incredibly valueble information that Discord can sell if it cannot reach it's profit obligations with it's current
|
|
revenue model. If Discord is a successful games store, then it wont need to do this. But if Discord gets in financial trouble,
|
|
it probably will be forced to liquiate this asset.
|
|
</p>
|
|
|
|
<hr>
|
|
<h2>Further Reading</h2>
|
|
|
|
<a href="https://old.reddit.com/r/privacy/comments/8lkb5s/friends_dont_let_friends_use_discord_the/">Friends Don't Let Friends Use Discord</a>
|
|
<a href="https://archive.is/Q4N9J">[archive.is]</a><br>
|
|
|
|
<a href="https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">Help Me, Tom's Guide: Is Discord Tracking Me?</a>
|
|
<a href="http://archive.is/20180418204656/https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">[archive.is]</a><br>
|
|
|
|
<a href="https://www.hooktube.com/watch?v=cn4CENr5NV0">Why Discord is Trash</a><br>
|
|
<a href="https://www.hooktube.com/watch?v=QN_6AZT92pU">Why You Shouldn't Use Discord</a><br>
|
|
<a href="http://subvert.pw/res/discord.pdf">THE DISCORD SITUATION</a>
|
|
<a href="https://web.archive.org/web/20180528205030/http://subvert.pw/res/discord.pdf">[web.archive.org]</a><br>
|
|
<hr>
|
|
<h2>Sources</h2>
|
|
<p>
|
|
<a name="1">1.</a>
|
|
<a href="https://discordapp.com/privacy">Discord Privacy Policy</a>
|
|
<a href="https://web.archive.org/web/20180528052213/https://discordapp.com/privacy">[web.archive.org]</a>
|
|
<a href="http://archive.is/20180515102020/https://discordapp.com/privacy">[archive.is]</a><br>
|
|
|
|
<a name="2">2.</a>
|
|
<a href="https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">Why is Discord recording our open programs and uploading them?</a>
|
|
<a href="https://web.archive.org/web/20180410043931/https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">[web.archive.org]</a>
|
|
<a href="https://archive.li/qFcQA">[archive.is]</a><br>
|
|
|
|
<a name="3">3.</a>
|
|
<a href="https://discordapp.com/company">Discord</a>
|
|
<a href="http://wayback.archive-it.org/all/20171226205723/https://discordapp.com/company">[wayback.archive-it.org]</a>
|
|
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
|
|
|
|
<a name="4">4.</a>
|
|
<a href="https://www.crunchbase.com/organization/discord">Crunchbase</a>
|
|
<a href="https://web.archive.org/web/20180423015034/https://www.crunchbase.com/organization/discord">[web.archive.org]</a>
|
|
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
|
|
|
|
<a name="5">5.</a>
|
|
<a href="https://discordapp.com/nitro">Discord Nitro</a>
|
|
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
|
|
|
|
<a name="6">6.</a>
|
|
<a href="https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">Discord receives government requests. No plans on adding E2E Encryption any time soon.</a>
|
|
<a href="https://archive.is/JrdJ9">[archive.is]</a>
|
|
<a href="http://web.archive.org/web/20180228033615/https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">[web.archive.org]</a><br>
|
|
|
|
|
|
<a name="7">7.</a>
|
|
<a href=" https://www.statista.com/statistics/746215/discord-user-number/">Number of registered Discord users</a>
|
|
<a href="http://web.archive.org/web/20181119040747/https://www.statista.com/statistics/746215/discord-user-number/">[web.archive.org]</a><br>
|
|
|
|
|
|
|
|
<a name="8">8.</a>
|
|
<a href="https://support.discordapp.com/hc/en-../articles/360004109911">Data Privacy Controls</a>
|
|
<a href="http://web.archive.org/web/20181201004455/https://support.discordapp.com/hc/en-../articles/360004109911">[web.archive.org]</a><br>
|
|
</p>
|
|
|
|
<hr>
|
|
<p><b>
|
|
This article was last edited on 4/11/2019
|
|
</b></p>
|
|
<p><b>
|
|
This article was created on 11/23/17
|
|
</b></p>
|
|
<p>
|
|
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
|
|
</p>
|
|
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="../images/cc0.png" alt="CC0 Liscence"></a>
|
|
</body></html>
|