uselessauth

[Opinion] Discord Shouldn’t Be Your Main Messenger.

Discord is a wildly popular voice and text messaging platform with >150 million monthly users. Many people use it as their primary messenger. But should they?

Security

Messaging services carry a huge burden: Keeping your messages safe. Private conversations with your friends are certainly something you don’t want strangers combing through. So, how secure is Discord?

Encryption

Discord uses standard HTTPS encryption. Messages are not end-to-end encrypted and can be read without a decryption key. Though this doesn’t mean that Discord is unsafe per se. Discord continuously updates its clients to be secure and even has a bug bounty program.
But how does Discord handle your

Privacy

I requested that Discord sends me my personal data. The package Discord sent me was 320MB in size and included info like my

  • IP address

  • E-mail address

  • (Phone number)

  • All settings I made inside Discord clients

  • All current sessions and their corresponding

    • Device ID

    • IP address

  • Friends and their user ID

  • (Payment information)

  • My ISP

  • Approximate location for every request made to Discord

  • Basically any interaction I made within a Discord client

  • Application activity

    • When I opened a Discord app

    • Which type of Discord app I opened

    • Which session that app is logged in to

    • How long I stayed on that Discord app

  • My Discord Bots and their activity

  • Hundreds of megabytes of additional account activity

  • Hundreds of (private) messages in clear text

A related issue is how Discord handles media. Discord is structured like a website. Every message, every channel and every image has a link. You don’t need to be logged in to access images or videos. This also applies to the download link for my private data. They sent me a link to a .zip file after I requested the data. This download link does not require authentication to be accessed. Anyone with this link can download all my private information.

Additionally, Discord’s privacy policy and client privacy is so bad that Spyware Watchdog gives it the EXTREMELY HIGH rating.
So I recommend to not share any sensitive information on Discord.

And as always, another problem with Discord is

Money

850 million messages are sent on Discord every day. All of them are permanently saved on Discord’s 850+ physical servers. This kind of infrastructure of course costs a lot of money.

How Discord Makes Money

Discord makes money with Server Boosts, game distribution fees, tickets to virtual events, stickers and merchandise. Though, Discord’s main source of income is the Nitro subscription model. However, this will probably not be enough to make Discord profitable. Discord - like many tech companies - still depends on

Investors

Some of Discord’s biggest investors include Dragoneer Investment Group and Sony. But recently another giant invested in Discord: Tencent, a Chinese conglomerate with ties to the CCP.

Conclusion

[OPINION]
Discord is not a private platform. Lots of media can be accessed without authentication, the privacy policy is very bad and Discord stores a lot of data. According to Spyware Watchdog Discord even includes a process logger. This is worrisome but one has to consider what Discord actually is: A communications platform for gamers. Discord is not supposed to be your private messenger. It is not supposed to host your business meetings. It is not supposed to hold any sensitive information. Discord isn’t profitable and harvests data to increase its revenue just like lots of other big tech companies.
Don’t use Discord for anything other than its purpose: Non-sensitive communication about gaming and more.

This post contains opinions. Always check sources and verify information.
Image Credit: Wikimedia

built with btw btw logo