• MentalEdge
    link
    fedilink
    1310 months ago

    Discord collects every message you ever send in cleartext.

    • @Takumidesh
      link
      910 months ago

      So does lemmy, so does matrix if that’s what the admin wants to do.

      • MentalEdge
        link
        fedilink
        910 months ago

        Lemmy is public and my matrix server doesn’t.

        Yeah, e2ee on activitypub platforms isn’t widely implemented yet, but it’s likely it will be.

        I don’t see discord making that jump.

    • @LufyCZ
      link
      310 months ago

      That’s how joining a server and being able to see history works

        • @LufyCZ
          link
          010 months ago

          Do you want to explain how to do it better?

          • MentalEdge
            link
            fedilink
            110 months ago

            Well, first, at least encrypt your damn DMs.

            Second, allowing access to message history is perfectly doable if the invite process involves the inviter providing the decryption keys to the invitee.

            • @LufyCZ
              link
              -110 months ago

              You’re actually joking with the “inviter providing the decryption keys to the invitee” part right?

              The whole point why people use discord is that it’s simple, this is a feature that’d only annoy the average person, and every single extra step is a disaster for user retention (look at any eshop study).

              Stuff like this is completely irelevant to discord, the tiny subset of people who actually care will and should use Matrix / other solutions, because that’s the people they were made for.

              • MentalEdge
                link
                fedilink
                0
                edit-2
                10 months ago

                Have you ever had to worry about the encryption keys in chat apps that encrypt messages? No?

                That’s because the app handles it all. Why would you think I’m suggesting something complicated?

                All I’m telling you, is that the technical limitation you claim exists, doesn’t.

                • @LufyCZ
                  link
                  110 months ago

                  They are exchanged between the two devices.

                  Have you tried using Signal on desktop? It doesn’t offer history syncing. Cross device for whatsapp for example is also a terrible experience. Unusable for something like Discord.

                  For a seamless experience Discord would probably have to store the keys themselves, defeating the whole point.

                  • MentalEdge
                    link
                    fedilink
                    0
                    edit-2
                    10 months ago

                    That’s because both Signal and WhatsApp don’t store the message history anywhere except on your primary device. (plus personal backups) That’s why WhatsApp desktop stops working if your phone is off. Because it works by getting your message history, from your phone.

                    So to get the message history on Signal/WhatsApp in a chat you just joined, someone else already there would have to send you the entire chat history from their primary device. Which might not be on. Or have the battery to spare to stream years of messages to random people coming and going from the chat.

                    For “a seamless experience” Discord only needs store the message history on their servers, just as they already do, but do so encrypted.

                    For you to see that history, all that needs to change with how invites work, in that they would come with a decryption key transferred in the same secure way normal messages are. So your client can then access that server-stored chat history and decrypt it.

                    The difference here isn’t that WhatsApp and Signal are encrypted, it’s that they fundamentally handle messages differently from discord. Their servers only deliver them. So you can’t get the chat history from their servers, because it isn’t there.

      • MentalEdge
        link
        fedilink
        5
        edit-2
        10 months ago

        “If you have nothing to hide” has never been a valid excuse to compromise on privacy.

        Yeah, most of the time you don’t actually need it, but if you don’t make it the norm, one day you’ll wake up and find that the entire concept of encrypted communication was made illegal.

        As the UK is actively trying to do. And the first sparks of which have been seen in the EU as well.

        And that’s before even bringing up that even innocent normal conversation data can be used to profile individuals and mass-influence the democratic voting process with targeted campaigning.

          • MentalEdge
            link
            fedilink
            5
            edit-2
            10 months ago

            What?

            You need a forum, not a fucking discord server.

              • MentalEdge
                link
                fedilink
                4
                edit-2
                10 months ago

                Again. What?

                Discord is a DM platform first, a public space second. And it’s way better at being the first, than the second.

                Providing support on discord is stupid, it’s only semi-public and hides solutions to already solved problems beyond the reach of search engines and real public platforms.

                  • MentalEdge
                    link
                    fedilink
                    2
                    edit-2
                    10 months ago

                    I’m not trying to convince anyone to ditch discord.

                    You pushed the point that “it doesn’t need to be secure because it’s all public” which is complete bullshit. Not everything on discord is public.

                    That its secondary ability to function as a public space has over the years become the standard way to provide a point of communication in a manner that tries to fit the round peg into the square hole, is not an excuse for their privacy policy to be as crappy as it is.