63 comments

[ 4.9 ms ] story [ 140 ms ] thread
I didn’t know this perception existed about Discord.

We are launching our open source product, and someone from the open source community warned us because we use Discord for communication and encourage our community to join us there.

How popular is this perception? Where do you prefer to hang out as closed online communities?

They would say matrix or irc but it's mostly a decision you should base on your target group. If it's mainly younger people with a high internet affinity there is no better place than discord.
I like Discord and that's why it came as shocking to me to have to think about alternatives. We'll keep listening to the community though!
Personally, while I am forced to use Discord for work, for participating in open source communities or any other sort of interest-based community, I will only use IRC.

It's not even solely the spyware and proprietary aspect of it, though that counts for a lot. It's also the fact that I can use any IRC client I desire and I am not forced to use either an Electron app, or a web browser tab. Also the quality of people seems to be significantly higher. But hey, at least Discord is not Slack! That I really won't use, due to the fact that I have to install the Electron app.

Matrix is extremely unreliable so I gave up on it a long time ago.

> How popular is this perception? Where do you prefer to hang out as closed online communities?

This opinion seems to be part of the HN zeitgeist, similar to those who think RSS is going to make a comeback any day now. People who have this opinion form a very loud, yet very small, minority.

> This opinion seems to be part of the HN zeitgeist

Does it really? I mostly see comments about how a list of facts and a spyware rating is "extreme" or "emotional" (which I presume to be mansplaining dismissal). And those things seem very HN to me.

That’s because this isn’t a post about whether or not you should use Discord for your OSS project ;)
The adage of "if you're not paying for the product, then you're the product" probably applies to Discord as much as it did to Facebook or Gmail.

I wish there was an open alternative to Discord and Slack, but they usually lack features or are less convenient, making it very hard to get people on board, which is really unfortunate because that's the whole point of using something like Discord or Slack in the first place.

There's also Zulip which is likely the closest solution with a nice UI / UX.
That's an extreme POV that takes some general ideas that apply to almost every app and describes them as malicious in case of Discord specifically.

There's lots of reasons not to use Discord (no data export, random bans, can't safely use 3rd party clients, etc.), but i don't believe the perspective from there post is a popular one. They want to make a point so badly, they stretch the definition of spyware to absurd levels.

Beside from Discord not being open-source and forcing me to disclose my personal information to them when I log in through some glorified proxy, using discord to engage with the community is a bad idea.

Here are my reasons to use alternatives (of course, I have no say in what you should use).

1. A centralized platform like discord can kill your community engagement plan whenever they want (you own nothing, and they don't owe you anything).

2. You don't really get a "closed community" as they collect your messages in plain text[1]

3. There are better alternatives that won't spy on you and has better accessibility[2][3][4]

If the alternatives make one think that no one uses them, it is because the projects are promoting discord in the first place.

If more FOSS projects start using an alternative (matrix, for example), more users will be hesitant to use discord.

I have more reasons, like Discord community usually end up in less meaningful discussion, have significantly less searchability, and visibility than a forum has -- but they are not really a big problem in a closed community.

And if the project wants a place to have civilized discussion, engagement, and visibility, it is far easier and better to host a forum like discourse[5] than using a chat based system.

[1] https://discord.com/privacy#3

[2] https://sourcehut.org/blog/2021-11-29-announcing-the-chat.sr...

[3] https://matrix.org/ (is much more reliable than in the past)

[4] https://zulip.com/

[5] https://www.discourse.org/ (a forum)

> How popular is this perception? Where do you prefer to hang out as closed online communities?

Why closed community if the community is about an open source product?

Since you asked, my personal preference is that you stop trying to get me to sign up to another instance of another heavy-weight, bloated, proprietary IRC In A Browser. Create a forum board instead, and own it.

It may be my age showing, but I don't get how people handle it. One of the main reasons I don't hang out anymore with communities for my favorite programming languages, OSS products and videogames, is precisely that everyone has switched to Slack or Discord. It's not just that I don't like those platforms. Group chats are ill-suited for this purpose.

I don't have time to pay attention to 20 different communities in real-time. I don't have time to catch up with 100 to 10k new messages per community that appeared while I was at work, especially as most of those messages are noise. There's no way I can keep track of 20 different ongoing discussions times 20 different communities. The medium is just way too noisy, way too diffuse.

And then the platforms themselves are not optimizing for this use case either. Neither Slack nor Discord are usable alone for maintaining a community, because their functionality is geared towards ephemeral shitposting, and thus severely lacks in the organization, searching and retrieval departments. And, of course, you (the community creator) don't own the data anyway, so there's not much you can do to fix this.

The obvious solution, and one that I've tried before from the community management side, is to run both a mailing group or a threaded[0] discussion forum, and a group chat (IRC, Slack, Discord, Telegram groups, whatever) - and then, critically, institute the rule that group IM discussions are non-binding - anything that matters, and especially every proposal and decision, must be made on the mailing group/forum. If you don't do that, your community will end up being run by teenagers and students[1], as adults with jobs or better things to do than following your IM chat 24/7 won't be able to keep up with the sheer volume of messages the teens and students generate.

From experience, though, I'd say that if you can skip the group IM, just skip it, and stick to mailing group/forum. The instant chat is a powerful attractor. It's the lowest-effort way of participating. If it's available, people will use it. The more it's used, the more people will try, and eventually you will have a clique of always-on, always-talking people that will form a community within community.

Enforcing the "only mail group is binding" rule is a hard, uphill battle. I've spent years fighting it somewhat successfully, yet the feeling of being excluded from the community just because you can't keep up with the group IM always remained.

This feeling is why I eventually gave up, and no longer participate in the very community I helped build and run early on. As I started to work full-time, I eventually lost the ability to keep up with the volume.

And that's one community of less than 100 people. No way I'm ever joining your Discord.

--

[0] - I strongly prefer tree-threaded over linear-threaded, i.e. HN/Reddit-style instead of phpBB style, but that's a discussion for another day.

[1] - And procrastinators. And sysadmins so good at their jobs that they can get away monitoring community IRC/Telegram for 90% of their work day. And 3D asset modellers in gamedev. OK, that last one is still a mystery to me - I have no idea how the person I have in mind manages to shitpost all day, every day, and still deliver quality work.

That's the price you have to pay for a good program nowadays
I'll probably search for existing requests on Discord for a self-hosted server feature and upvote them. That could be an okay solution to the problem, I guess.
"Discord is spyware because it collects all information that passes through its communication platform."

By this definition almost every website is spyware too.

These days? Yeah, pretty much.

Don't trust anything that isn't E2E encrypted and is on a centralised server.

Well, yeah. For a good example of just how much the discussion has shifted, look at BonziBuddy. Back then their data mining stirred up a huge shit storm. Today we have Alexa and Cortana and Siri doing the exact same thing like no big deal.
Wrapping legitimate concerns with emotive clickbait, marvellous.

Not everyone shares the RMS perspective, and those that do are particularly bad at getting the message out and explaining why people should care and why it's worth the trade-off.

It is not an easy topic to explain because the threat is abstract. Although the same arguments that lead to health information being protected apply here more or less 1:1. Why do you believe health information needs to be protected? Or do you believe it does not?

Yes, you need some facilities to understand the threat, out of the question. But not too many either. I don't like to use Discord but do it anyway. In the browser at least with an anonymous handle. There is still data that is leaked and you can pretty reliably identify people by their writing style, but there might be information worth protecting.

At some point you either you get it or you don't. There are many things like that.

> Wrapping legitimate concerns with emotive clickbait

Should be the motto of that page - they've been doing it for years, while often extrapolating suspicions into reality or even being factually incorrect. Doesn't mean that the concerns aren't legitimate, though, Discord is spyware, just like the most other software.

"Discord is spyware because it takes user data." Everything nowadays takes your data. Go to google.com/myaccount and just look at all the features, finding your device, a timeline of your location.

Also it isn't spyware if it doesn't use it for a malicious purpose, as the article says it is unknown whether discord sells users' data. Don't talk about things you cannot validate for sure.

"Everything nowadays takes your data." Yes, everything is spyware nowdays.

Why would that make it more okay (than if only a single thing was spyware) is beyond me.

Collecting people's personal data is malicious behavior. I'm not sure I agree with your definition of spying anyway. Is a hidden camera recording my bedroom not spying because I'll never know what the person who receives the video is doing with it?
Oh shit how dare they provide me with a convenient history of all the messages I've willingly shared with them, these monsters!!
It's possible to do that without spying on your users, e.g. by storing them encrypted.
> storing them encrypted.

Do you have a source for the claim that message do not have encryption at rest?

Read the article.

    Discord explicitly confirms in its privacy policy[1] that it collects the following information:

        IP Address
        Device UUID
        User's e-mail address
        All text messages
        All images
        All VOIP data (voice chat)
        Open rates for e-mail sent by Discord

    [1] https://discord.com/privacy
None of that means that message aren't encrypted at rest.
It does mean that Discord has the ability to read them, which is what the original reply to your comment was about.

The "convenient history of all the messages" does not require a service having access to your messages.

No? The reply mentions storing them encrypted. If the reply meant end to end encryption, the reply could have said that.
It was my reply, I know what I meant. While it could've been written more precisely, I'd expect the HN crowd to practice steelmanning instead of arguing phrasing in order to be right for the sake of being right.
? It is fair to expect a cursory knowledge of the terminology for the topic in discussion.
A mistake in description does not necessarily reflect lack of knowledge. Are you implying you've never in your life imperfectly described a thing you know about?
Yo, after I (and three other commenter) used the correct term or asked for clarification you didn't go "ah there was a misunderstanding" you doubled down even accusing me of not having read the article.

Besides, "tu quoque" is a really weak way to carry an argument.

Anyway, ample chances were given to understand your point, but you seem to value having the last word more than having a conversation. So there, reply below and "win" whatever imaginary prize you wish:

Encryption at rest isn't the same as end-to-end encryption.
I assume they are talking about E2E-encryption, since that would prevent them from spying on their users even if they wanted to (assuming the client doesn't leak the key).

That said, E2E-encryption doesn't come without drawbacks, for example you would lose all your messages if you lost access to your device and any backup mechanism.

That would also lose the feature of being able to browse all the history for Channels just joined. But parent specifically said stored.
It's also an anti-feature for business environments. You want to have full control of your chat platform and be able to recover anyone's messages + history.
Digging around in this website, I can't work out if it's parody or not, which I guess is a sign of an excellently constructed parody.
Honestly a bit too emotionally loaded for my taste.

However, I share the concern that Discord text messages are unencrypted, leaving a lot of sensitive information vulnerable.

That's why I made discryptor.io [0], an innovative app running on top of Discord that end-to-end-encrypts all private text messages. It does this by employing a Discord bot that forwards encrypted messages. (More info on discryptor.io)

Client source code will be made available soon.

[0] https://www.discryptor.io/launching-discryptor-beta/

I wanted to look a Discord solution to this problem! Thanks for sharing this here, you came on point.
It is noteworthy that this site also classifies the Brave browser's spyware level as High.

Just seems a bit dramatic to me, but I might be wrong.

Interesting, I didn't know the website, I'm going to check what it's really about.
> Discord is spyware because it collects all information that passes through its communication platform

Yeah, you lost me at sentence one.

If that's the definition of spyware, what are things that do this in the dark? e.g. I install it to make snapshots on my computer, but it also records my browsing activity in the background for no reason other than to send it back to the vendor.

It's things like this that take attention away from legitimately frightening privacy issues.

The service you're using has access to the stuff you send through it, yes, well done. If you thought anything different, I don't know what to tell you.

If they had made some claims of respecting user privacy, then sure, bellow away, but as it is, you're putting them in the same category as Whatsapp's privacy statement revision. This results in people not taking _any_ of this stuff seriously. Good job.

[dead]
You cannot tell someone is fraud because they are keeping some secrets.
Nice one! When do you tell someone is fraud? When you have the evidence that they are?
I agree with many of the other commenters, that this is maybe not the perfect way to frame it. But can't help but feel that if Discord was a Chinese company in any way, it would be a very different comment section here. People were clutching pearls the other week because TikTok sends user-agent strings out in their app's requests!
If you install it on a different machine and log in, are you going to find all your servers/channels/messages? Yes?

So it is storing all your data. Just like WhatsApp and tons of other software.

Use it accordingly. The responsibility is on you.

As far as I know, WhatsApp is different and that's why you have to back up your messages when you move to a new device. Messages are primarily stored on the device and not on the cloud.

"Use it accordingly" is a good way to look at it, but requiring a higher level of protection and security is not a bad idea at all, in my opinion.

Apologies about WhatsApp, I don't use it that much and the information I have might be stale.

I would prefer being given the encryption keys of my content any time it is stored online. But since this is not a reality, not trusting these platform with sensitive data is best for the moment. If you just need to talk while playing they are fine.

"Is X Spyware"?

Depends on your definition of spyware. It's really hard to find any network-connected application that doesn't do some kind of analytics. If that makes it "spyware", then yes.

Also Betteridge's law of headlines says: No

I don't post here frequently, does anyone know why this post is flagged? And how that affects my account?
The FAQ has a list of reasons on why a post can be flagged[0][1], and I don't think it will affect your account unless you frequently post flagged content.

My guess would be the title, or the way the article was written.

IMO, the article makes valid points from both technical and privacy perspective, but it was written less like a critic and more like an attack.

People in Free software community will agree with the article as most knows about how bad a centralized proprietary program can be.

But the wordings could have been better so that it would trigger fewer people.

[0] https://news.ycombinator.com/newsfaq.html

[1] https://news.ycombinator.com/newsguidelines.html

Got it, thank you. I think I'm not used to posting the full content in the title and I should improve it. Things like: "Is it popular to think Discord is a spyware in the OSS communities?". I'll learn and get better!