Hi all,

I haven’t used Discord in a while, but it became so that now I have to use it for communication with certain people getting support for some services that I use. What I’m doing currently is:

  • using a separate randomised e-mail address only for the Discord account
  • using a randomly generated username
  • no profile picture
  • tweaking the settings as best I can for privacy

Other than these points, I’m also being wary of talking about anything personal on Discord. Would you add anything so I can be even safer when using Discord?

  • m-p{3}
    link
    fedilink
    417 months ago

    Always consider what you say on Discord as potentially public, since there is no E2EE.

    • Autonomous User
      link
      English
      6
      edit-2
      7 months ago

      Worse, anti-libre software, Discord, bans us from proving it’s claims, if it ever claims privacy, security, anything.

  • @kitnaht
    link
    27
    edit-2
    7 months ago

    getting support for some services that I use

    NAME AND SHAME please.

    • @[email protected]
      link
      fedilink
      5
      edit-2
      7 months ago

      That could potentially open them up to legal problems. Whether it’s technically legal or not, nobody wants the possibility of their livelihood being taken away by court costs just because some idiot who is wrong wants to fight them and lose anyway, because they can afford it and you can’t (and often times they know it).

      I once paid for access to a stock options trading group, but they only used discord. Their website had no other contact info at all. My discord account got randomly banned (it happened right after I joined an innocent server, but maybe because a bunch of people were joining at once, that triggered it? idk), so I could no longer use the service I was paying for. The service auto-renewed on my credit card and I had no way to contact the people to cancel my account (couldn’t even make a new discord account). I had to dispute the charge with my CC company and it took months of back and forth with them because they simply could not understand that I could no longer access the only method of support that they offered.

      • @kitnaht
        link
        67 months ago

        It’s not illegal to tell people that a company uses discord for support. You’re not slandering them if it’s the truth.

      • Autonomous User
        link
        English
        -17 months ago

        You don’t know how to post from an alt account?

  • @[email protected]
    link
    fedilink
    237 months ago

    I know interested people don’t like to talk about it…but we, the people, should really be moving away from Discord. A bucket of water doesn’t fix a burning house, ya know?

    • @[email protected]
      link
      fedilink
      77 months ago

      Moving away from Discord can mean you need to stop interacting with the community using it. My personal examples are: Tilt5, Makera, Turbo Sliders. In the these cases Discord is also the way to access support for something you’ve paid for.

      Getting thise communities to move into something open (e.g. Matrix) can be a tall order.

      • @[email protected]
        link
        fedilink
        37 months ago

        I get your point, but that’s exactly what I do. When someone say “just use discord”, I drop their product/service/etc. and move on. I’m not saying everyone else should do that, but my life is too short for “support” via Discord

      • @[email protected]
        link
        fedilink
        27 months ago

        It’s a hostage situation they’re doing like any proprietary social network. You want to encourage people to move away from them, but then you need to interact with those same people in order to do that.

    • @Scolding7300
      link
      27 months ago

      Do you game with friends? If so, what do you use instead of discord?

  • @[email protected]
    link
    fedilink
    147 months ago

    Discord doesn’t have encryption and, according to the terms of service, can read your messages. If you care about privacy, I definitely would not recommend using it for private conversations, especially after recent rumors about adding ads. I think they won’t lose the opportunity to use your DMs for it

  • Autonomous User
    link
    English
    107 months ago

    Don’t waste time your life on harm reduction over solving the root, removing Discord completely.

    • tmpodM
      link
      fedilink
      47 months ago

      While this may be a good end goal, these comments are really more harmful than anything else. Removing your dependency on some proprietary service can be very far from trivial, or even doable, there is a wide-range of internal or external factors preventing you from ditching it.
      For example, part of my work and a bunch of good online friends of mine use Discord, so I keep it around. If you do any social gaming as well, you’ll also most likely find it hard to ditch the platform, as it’s grown deep roots in the community.

      Anyway, it’s better to take small steps in the right direction than trying to make a U-turn and fail miserably.

      • Autonomous User
        link
        English
        1
        edit-2
        7 months ago

        I would invest more into stopping ‘friends’ encourging me to get abused than micro-optimising the malware infecting me. Not saying don’t break it down into steps.

  • tmpodM
    link
    fedilink
    97 months ago

    Depends a lot on your threat model, of course, but here’s what I do:

    • use a temporary (but recoverable) email
    • use smspool or similar to verify my phone for less than a dollar
    • run Discord in a hardened Firefox profile (hardened browser settings + uBlock)
    • turn everything relevant off in Discord settings just in case
    • don’t share PII in conversation
    • use a VPN (or Tor)

    Using a hardened browser and not giving them your real phone are likely the most effective steps, everything else is either less relevant or overkill. As I said, depends a lot on your threat model and on your requirements (some things may be unachievable if you’re forced to use Discord by your employer, for example).

    • @[email protected]
      link
      fedilink
      17 months ago

      I’ve found that being consistent with what you choose to share is the most difficult thing. Conversations can get personal, and as you get closer to those random nicknames there’s the constant urge to share mundane stuff about your daily lives like weather, holidays, and such that will all add up.

      • tmpodM
        link
        fedilink
        27 months ago

        Yeah I feel you. It’s often hard to be fully alert of what you’re sharing all the time. I have slip ups but it’s usually fine, I’m only mega careful regarding things that could give away the city/town/village I live in, and where I work. If I ever really want to talk about it, I will use a different (often temporary) alias.

  • mox
    link
    fedilink
    7
    edit-2
    7 months ago

    In that situation, I would also:

    • Only use it through a browser (with fingerprinting protection), never a Discord app.
    • Dedicate a browser installation, or at least a user profile, to Discord.
    • Only use it over a VPN connection dedicated to Discord, or Tor if it’s allowed.
    • Have an alternative channel (maybe Matrix?) ready and waiting for contacts who might be willing to switch.
    • @[email protected]
      link
      fedilink
      1
      edit-2
      7 months ago

      When I tested it, VPN do work after sms verification. Tor nodes, however, resulted in all my test accounts being banned.

  • UnfortunateShort
    link
    77 months ago

    You can use it in a browser or opt for WebCord.

    Note that any text send to discord currently stays there forever. I don’t know when, but you can bet your ass they will be investigated for a violation of the GDPR, which hopefully stops that for good.

      • UnfortunateShort
        link
        17 months ago

        I heard the messages even stay when you delete them. At least people claimed they could recover then, don’t know whether that’s actually true.

  • @breadsmasher
    link
    English
    57 months ago

    If youre just talking to friends directly without joining servers so this might not matter. But discord might require a phone number for verification? Im not sure what triggers it specifically- I dont think its required just for an account though

    • @[email protected]
      link
      fedilink
      English
      17 months ago

      It depends on the server. Most servers set it to require an email verified account because of all the bots and spammers, I haven’t joined any that required a phone number but might if they support a product and want to link your discord to their orders or something