this post was submitted on 17 Sep 2024
81 points (89.3% liked)

Privacy

32482 readers
217 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.ml/post/20406932

all 49 comments
sorted by: hot top controversial new old
[–] [email protected] 65 points 3 months ago (4 children)

Am I too harsh in believing that if you claim to have E2EE but I can't verify a) your source code b) my client was built from that source code (i.e. reproducible builds) then you don't have E2EE? The whole point of encrypting my traffic on the client is I don't trust you. Why would I believe you aren't sending the encryption keys off to your server if I didn't trust you before?

[–] [email protected] 9 points 3 months ago (1 children)

Am I too harsh […]?

No. If there's no way to verify anything then all we have to go on is their word.
The word of a company generally isn't worth a whole lot. Same with Telegram.

[–] [email protected] 3 points 3 months ago (1 children)

The clients are source available for telegram though

[–] [email protected] 6 points 3 months ago

Which is how we know their self-rolled encryption is shit.

There's a reason why Telegram CEO can be arrested when Signal's can't. Because Telegram has information they can give but refuse to whereas Signal give everything they've got, which is basically nothing.

[–] [email protected] 8 points 3 months ago

you aren't. to me this is just PR

[–] [email protected] 8 points 3 months ago* (last edited 3 months ago) (1 children)

I mean technically the client is verifiable if you use discord in a browser tab... and verify it every time you load the web page... 🙃

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago)

every time you load the web page...

You said it better than me. 🤣🤣

[–] [email protected] 1 points 3 months ago

They just mean you now really have to pay to get private data. 🤣

[–] [email protected] 38 points 3 months ago
[–] [email protected] 34 points 3 months ago* (last edited 3 months ago) (1 children)

False, this is a LIE.

Discord is anti-libre software. We do not control it.

It bans us from proving its claims. It bans us from fixing its lies.

It fails to include a libre software license text file, like AGPL. Discord is malware, anti-libre.

[–] [email protected] 17 points 3 months ago (1 children)

Interesting. I was able to access the linked whitepaper and repositories without trouble and the 3rd party stuff too. Do you have local config preventing you from downloading the source code to review?

While I can respect your distaste for non-libre software, you’ll need to back up the malware claim. There are real security concerns out there in common non-libre; labeling things that are not libre as malware solely because they are not libre muddies the waters and makes your message much less palatable.

[–] [email protected] -3 points 3 months ago* (last edited 3 months ago) (2 children)

Where's the rest of Discord's source code?

While it bans us from proving its claims and more, i'll never let it infect my devices.

[–] [email protected] 5 points 3 months ago (1 children)

The claim is that audio and video are E2EE. I’m not sure how you’re unable to disprove that using the linked code, audit report, and COTS debugging tools. Can you expand on that? I see a lot of FUD without anything more than “they’re not libre” which, again, doesn’t do a great job of selling your point.

[–] [email protected] -2 points 3 months ago* (last edited 3 months ago) (1 children)

Just reverse engineer me bro

And every update, every other app, all their updates too, across every device... 🚩

Should we just waste our whole lives nothing but knee deep in disassembled binaries?

How stupid and gullable does openly hostile Discord think we are?

Couldn't be me still coping and shilling trash like this.

[–] [email protected] 4 points 3 months ago (2 children)

In another post you’re actively looking at purchasing GPS systems. The satellites you’re sending info to are not available to dissect and I highly doubt the firmware of the devices you’re looking at is publicly available much less libre. Your trolling is not internally consistent so it’s clear you don’t have any clue what you’re on about. Good luck with that.

[–] [email protected] 1 points 3 months ago

I don't think you need to send info for a GPS client to work. You are just a receiver, no data sent.

[–] [email protected] -3 points 3 months ago* (last edited 3 months ago)

This conflates software with service.

Signal's offical servers, when we don't own them, and we don't run them, we can't see inside them too.

Signal is an end-to-end encrypted libre app, so we don't need to.

here's half the source missing

just reverse me bro

that's not your server

Always the same talking points. Some people never learn.

[–] [email protected] 1 points 3 months ago (1 children)

what the hell are you doing that you keep being banned from discord?

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago) (2 children)

It bans us from modifying its source code, sharing its exact and modified copies, using it for any purpose, etc.

We do not control it, anti-libre software.

Which software license do you think Discord is distributed under?

[–] [email protected] 2 points 3 months ago (1 children)

Why put the effort into such a hostile service?

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago) (1 children)

Replied to the wrong comment?

[–] [email protected] 2 points 3 months ago (1 children)

Responding broadly to the thread of folks talking about userScripts & add-ons. This effort would be better put to getting folks to a different protocol where client modification & alternate clients are the norm.

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

Yeah, some people never learn.

[–] [email protected] -1 points 3 months ago (1 children)

I've been using a modified client for about 2 and a half years now without being banned.

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

Where's our legal right to modify and share its source code forever? We don't control it.

[–] [email protected] 23 points 3 months ago* (last edited 3 months ago) (1 children)

If you believe anything you write or say on discord is private. Or would ever even be encrypted, I want whatever you're smoking please.

[–] [email protected] 9 points 3 months ago (1 children)

Yeah, Discord is not a privacy preserving service in the slightest. Honestly I'm only using it because of the network effect at this point.

[–] [email protected] 2 points 3 months ago

That and it has full functionality in the browser. No bullshit "download the app".

[–] [email protected] 8 points 3 months ago (1 children)
[–] [email protected] 8 points 3 months ago

nah, selling messages is way easier

[–] [email protected] 6 points 3 months ago (2 children)

Hey Discord, give us the ability to stream audio when sharing our screen on Linux ffs.

[–] [email protected] 5 points 3 months ago (1 children)

Vencord/Vesktop supports audio streaming on Linux and is just a generally better experience compared against the Discord official app. Free and open source.

[–] [email protected] 3 points 3 months ago

+1 for vesktop works great for me

[–] [email protected] 1 points 3 months ago
[–] [email protected] 5 points 3 months ago
[–] [email protected] 5 points 3 months ago

No I'm not.

[–] [email protected] 4 points 3 months ago (1 children)

How will they comply with the US government?

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago) (2 children)

They can deliver the data that they do have, which will be encrypted. Though I doubt they were ever recording calls anyway.

[–] [email protected] 3 points 3 months ago

Their TOS says they don't record but who knows..

[–] [email protected] 2 points 3 months ago

How would the US government be able to see the messages? They need to monitor for young people leaking data from the Pentagon. /s

[–] [email protected] 2 points 3 months ago
[–] [email protected] 1 points 3 months ago
[–] [email protected] 1 points 3 months ago (1 children)

It's interesting that the threat model also includes participants. They take into account that when a user leaves, it should be impossible for them to continue listening.

[–] [email protected] 2 points 3 months ago

screams in Matrix

[–] [email protected] -3 points 3 months ago

End to end directly to ccp