this post was submitted on 17 Sep 2024
83 points (89.5% liked)

Privacy

32111 readers
596 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.ml/post/20406932

all 49 comments
sorted by: hot top controversial new old
[–] Quail4789@lemmy.ml 66 points 2 months ago (4 children)

Am I too harsh in believing that if you claim to have E2EE but I can't verify a) your source code b) my client was built from that source code (i.e. reproducible builds) then you don't have E2EE? The whole point of encrypting my traffic on the client is I don't trust you. Why would I believe you aren't sending the encryption keys off to your server if I didn't trust you before?

[–] jeffhykin@lemm.ee 9 points 2 months ago* (last edited 2 months ago) (1 children)

I mean technically the client is verifiable if you use discord in a browser tab... and verify it every time you load the web page... 🙃

[–] autonomoususer@lemmy.world 3 points 2 months ago* (last edited 2 months ago)

every time you load the web page...

You said it better than me. 🤣🤣

[–] Chais@sh.itjust.works 9 points 2 months ago (1 children)

Am I too harsh […]?

No. If there's no way to verify anything then all we have to go on is their word.
The word of a company generally isn't worth a whole lot. Same with Telegram.

[–] jeffhykin@lemm.ee 3 points 2 months ago (1 children)

The clients are source available for telegram though

[–] Quail4789@lemmy.ml 6 points 2 months ago

Which is how we know their self-rolled encryption is shit.

There's a reason why Telegram CEO can be arrested when Signal's can't. Because Telegram has information they can give but refuse to whereas Signal give everything they've got, which is basically nothing.

[–] ReversalHatchery@beehaw.org 7 points 2 months ago

you aren't. to me this is just PR

[–] warmaster@lemmy.world 1 points 2 months ago

They just mean you now really have to pay to get private data. 🤣

[–] hal_5700X@sh.itjust.works 38 points 2 months ago
[–] autonomoususer@lemmy.world 34 points 2 months ago* (last edited 2 months ago) (1 children)

False, this is a lie.

Discord is anti-libre software. We do not control it.

It bans us from proving its claims. It bans us from fixing its lies.

It fails to include a libre software license text file, like AGPL. Discord is malware, anti-libre.

[–] thesmokingman@programming.dev 17 points 2 months ago (1 children)

Interesting. I was able to access the linked whitepaper and repositories without trouble and the 3rd party stuff too. Do you have local config preventing you from downloading the source code to review?

While I can respect your distaste for non-libre software, you’ll need to back up the malware claim. There are real security concerns out there in common non-libre; labeling things that are not libre as malware solely because they are not libre muddies the waters and makes your message much less palatable.

[–] autonomoususer@lemmy.world -3 points 2 months ago* (last edited 2 months ago) (2 children)

Where's the rest of Discord's source code?

While it bans us from proving its claims and more, i'll never let it infect my devices.

[–] thesmokingman@programming.dev 5 points 2 months ago (1 children)

The claim is that audio and video are E2EE. I’m not sure how you’re unable to disprove that using the linked code, audit report, and COTS debugging tools. Can you expand on that? I see a lot of FUD without anything more than “they’re not libre” which, again, doesn’t do a great job of selling your point.

[–] autonomoususer@lemmy.world -2 points 2 months ago* (last edited 2 months ago) (1 children)

Just reverse engineer me bro

And every update, every other app, all their updates too, across every device... 🚩

Should we just waste our whole lives nothing but knee deep in disassembled binaries?

How stupid and gullable does openly hostile Discord think we are?

Couldn't be me still coping and shilling trash like this.

[–] thesmokingman@programming.dev 4 points 2 months ago (2 children)

In another post you’re actively looking at purchasing GPS systems. The satellites you’re sending info to are not available to dissect and I highly doubt the firmware of the devices you’re looking at is publicly available much less libre. Your trolling is not internally consistent so it’s clear you don’t have any clue what you’re on about. Good luck with that.

[–] GreyCat@lemmy.world 1 points 2 months ago

I don't think you need to send info for a GPS client to work. You are just a receiver, no data sent.

[–] autonomoususer@lemmy.world -3 points 2 months ago* (last edited 2 months ago)

This conflates software with service.

Signal's offical servers, when we don't own them, and we don't run them, we can't see inside them too.

Signal is an end-to-end encrypted libre app, so we don't need to.

here's half the source missing

just reverse me bro

that's not your server

Always the same talking points. Some people never learn.

[–] morrowind@lemmy.ml 1 points 2 months ago (1 children)

what the hell are you doing that you keep being banned from discord?

[–] autonomoususer@lemmy.world 3 points 2 months ago* (last edited 2 months ago) (2 children)

It bans us from modifying its source code, sharing its exact and modified copies, using it for any purpose, etc.

We do not control it, anti-libre software.

Which software license do you think Discord is distributed under?

[–] toastal@lemmy.ml 2 points 2 months ago (1 children)

Why put the effort into such a hostile service?

[–] autonomoususer@lemmy.world 1 points 2 months ago* (last edited 2 months ago) (1 children)

Replied to the wrong comment?

[–] toastal@lemmy.ml 2 points 2 months ago (1 children)

Responding broadly to the thread of folks talking about userScripts & add-ons. This effort would be better put to getting folks to a different protocol where client modification & alternate clients are the norm.

[–] autonomoususer@lemmy.world 1 points 2 months ago* (last edited 2 months ago)

Yeah, some people never learn.

[–] Blxter@lemmy.zip -1 points 2 months ago (1 children)

I've been using a modified client for about 2 and a half years now without being banned.

[–] autonomoususer@lemmy.world 1 points 2 months ago* (last edited 2 months ago)

Where's our legal right to modify and share its source code forever? We don't control it.

[–] Eeyore_Syndrome@sh.itjust.works 23 points 2 months ago* (last edited 2 months ago) (1 children)

If you believe anything you write or say on discord is private. Or would ever even be encrypted, I want whatever you're smoking please.

[–] LostXOR@fedia.io 9 points 2 months ago (1 children)

Yeah, Discord is not a privacy preserving service in the slightest. Honestly I'm only using it because of the network effect at this point.

[–] yonder@sh.itjust.works 2 points 2 months ago

That and it has full functionality in the browser. No bullshit "download the app".

[–] als@lemmy.blahaj.zone 8 points 2 months ago (1 children)
[–] Oha@lemmy.ohaa.xyz 8 points 2 months ago

nah, selling messages is way easier

[–] OR3X@lemm.ee 6 points 2 months ago (2 children)

Hey Discord, give us the ability to stream audio when sharing our screen on Linux ffs.

[–] Lemongrab@lemmy.one 5 points 2 months ago (1 children)

Vencord/Vesktop supports audio streaming on Linux and is just a generally better experience compared against the Discord official app. Free and open source.

[–] Blxter@lemmy.zip 3 points 2 months ago

+1 for vesktop works great for me

[–] MashedTech@lemmy.world 1 points 2 months ago
[–] GolfNovemberUniform@lemmy.ml 5 points 2 months ago
[–] Etterra@lemmy.world 5 points 2 months ago

No I'm not.

[–] possiblylinux127@lemmy.zip 4 points 2 months ago (1 children)

How will they comply with the US government?

[–] acockworkorange@mander.xyz 3 points 2 months ago* (last edited 2 months ago) (2 children)

They can deliver the data that they do have, which will be encrypted. Though I doubt they were ever recording calls anyway.

[–] Quail4789@lemmy.ml 3 points 2 months ago

Their TOS says they don't record but who knows..

[–] possiblylinux127@lemmy.zip 2 points 2 months ago

How would the US government be able to see the messages? They need to monitor for young people leaking data from the Pentagon. /s

[–] dingdongitsabear@lemmy.ml 2 points 2 months ago
[–] dyc3@lemmy.world 1 points 2 months ago (1 children)

It's interesting that the threat model also includes participants. They take into account that when a user leaves, it should be impossible for them to continue listening.

[–] possiblylinux127@lemmy.zip 2 points 2 months ago

screams in Matrix

[–] mat@linux.community 1 points 2 months ago
[–] ryannathans@aussie.zone -3 points 2 months ago

End to end directly to ccp