My local org uses Discord. What should I know about account security / op sec / settings I should immediately change before using it?
I know Discord is super convenient and easy to use, but please don’t use it for organizing purposes, this is a horrible idea for so many reasons. If you’re going to use Discord for this purpose, you may as well just invite the local police officers to your meetings. This goes for Microsoft’s Windows as well, but that’s a whole different conversation and not in the scope of this post.
Piggybacking on what @hello_hello said, I’d bring Matrix to your organizations attention and lobby for it’s adoption. It’s free, open-source, decentralized/federated, and end-to-end encrypted (important!) and has everything you’d want like direct messages, group chats, voice & video calls, and plenty more.
If you really must use Discord, make a throw away e-mail that you only use on Discord, do not attach a phone number to your account, pick a username that you’ve never used on any other platform, don’t talk about anything that could be linked back to you, etc. Assume everything you send/do is being looked at, because it is.
Opsec: None whatsoever. Use it to shitpost and meme only.
- Opt out of the arbitration agreement within 1 month of registering by sending something like this to arbitration-opt-out@discord.com
- Don’t use the official desktop client, which is very bad for privacy. Use ArmCord (unlike other third-party clients like Ripcord, no one has been banned for using ArmCord), which is open source and blocks Discord’s trackers.
- Disable everything in the How we use your data section of the Privacy & Safety settings
- Disable everything in the Activity Privacy settings so it doesn’t scan your computer to detect games that are running
- Assume everything you put on Discord is public information, data mining companies pay Discord for your data.
Much appreciated. Between what you and @hello_hello@hexbear.net have said it sounds like Discord is a colossal mistake for an org. I wish I had more options locally, but in the meantime I’ll keep Discord communication as minimal as possible.
Discord is horrible. People have already said Matrix. and they’re right. Try to get them to switch, and give them the reasons many people here have already listed. As soon as they realize they can be surveilled they should be willing to switch. (Can’t discord also ban servers or users at will?)
Yes. I will see what I can do.
Ask them if they can switch to Matrix. If they’ve only been using Discord as free hosting for a chat/video call service then it shouldn’t be difficult.
Discord is a horrible platform and I don’t trust any leftist org that uses discord for its main communication: zero E2EE (not even in your fucking “private” dms), horrible and juvenile userbase of gamers (most chuds and liberals), poor moderation, predatory user interface and worst of all: forced to use a shitty electron app. You also are required to submit an email address and a phone number to use the service (no telling what other requirements they would impose). Impossible to access via tor or through VPNs.
For video conferencing you can use Jitsi Meet which AFAIK is integrated into the Element client for Matrix. I’ve not joined orgs because they use shit like Google Docs and Discord for basic tasks.
Case in point a marxist group at my uni uses google forms for signups. Like wtf no I’m not signing up using Google literally just use E2EE email you fucking lib. Maybe a Signal username to the group’s main recruiter? Maybe an XMPP username??? There’s so many freer ways to do this shit that doesn’t require de-anonymizing people.
Hell, even the uses Google Forms for initial on boarding where they ask you for things like your full name, phone number, e-mail address, social media handles, and all that jazz. Really big yikes moment, but I understand that hosting an open-source alternative/writing their own solution is a lot of work and they might not have the resources to pull something like that off right now, but still.
You also are required to submit an email address and a phone number to use the service
Goddammit.
The last time I used Jitsi Meet was a year or so ago, but I will wholeheartedly second this if it’s as good now as it was then.
Jitsi is just using WebRTC I believe, so basically P2P over the web. Call participants will see each others’ IP addresses unless any take additional precautions.
That’s only if a peer-to-peer connection can be made in the first place, which most of the time it can’t because of NAT and other things. The Element client even has a checkbox to prevent you from making peer-to-peer connections forcing you to go through your homeserver’s TURN server or Matrix’s fallback TURN server.
Edit: To clarify the warning under the “Allow fallback call assist server” saying your IP address will be shared, it means it will be shared with matrix.org, not the parties you are calling.
I’ll echo others and say no discord!
Matrix is good though a little complex and unintuitive. I would recommend limiting your online chats in general for opsec reasons and maybe sticking to something simpler like Signal for announcements.
deleted by creator