Hi all,
I haven’t used Discord in a while, but it became so that now I have to use it for communication with certain people getting support for some services that I use. What I’m doing currently is:
- using a separate randomised e-mail address only for the Discord account
- using a randomly generated username
- no profile picture
- tweaking the settings as best I can for privacy
Other than these points, I’m also being wary of talking about anything personal on Discord. Would you add anything so I can be even safer when using Discord?
- m-p{3} ( @mp3@lemmy.ca ) 29•6 months ago
Always consider what you say on Discord as potentially public, since there is no E2EE.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English14•6 months ago
Discord works hard not to private
- GolfNovemberUniform ( @GolfNovemberUniform@lemmy.ml ) 12•6 months ago
Discord doesn’t have encryption and, according to the terms of service, can read your messages. If you care about privacy, I definitely would not recommend using it for private conversations, especially after recent rumors about adding ads. I think they won’t lose the opportunity to use your DMs for it
- Interstellar_1 ( @Interstellar_1@lemmy.blahaj.zone ) 8•6 months ago
Use vencord, which bundles OpenAsar, which disables the built-in tracking from the app.
- Dymonika ( @Dymonika@beehaw.org ) 5•6 months ago
Is Vencord superior to Discord in the web browser?
EDIT: Never mind; it has browser extensions! https://vencord.dev/download/
- tmpod ( @tmpod@lemmy.pt ) 8•6 months ago
Depends a lot on your threat model, of course, but here’s what I do:
- use a temporary (but recoverable) email
- use smspool or similar to verify my phone for less than a dollar
- run Discord in a hardened Firefox profile (hardened browser settings + uBlock)
- turn everything relevant off in Discord settings just in case
- don’t share PII in conversation
- use a VPN (or Tor)
Using a hardened browser and not giving them your real phone are likely the most effective steps, everything else is either less relevant or overkill. As I said, depends a lot on your threat model and on your requirements (some things may be unachievable if you’re forced to use Discord by your employer, for example).
- rar ( @rar@discuss.online ) 1•5 months ago
I’ve found that being consistent with what you choose to share is the most difficult thing. Conversations can get personal, and as you get closer to those random nicknames there’s the constant urge to share mundane stuff about your daily lives like weather, holidays, and such that will all add up.
- tmpod ( @tmpod@lemmy.pt ) 2•5 months ago
Yeah I feel you. It’s often hard to be fully alert of what you’re sharing all the time. I have slip ups but it’s usually fine, I’m only mega careful regarding things that could give away the city/town/village I live in, and where I work. If I ever really want to talk about it, I will use a different (often temporary) alias.
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) English1•6 months ago
Good advice, but I can imagine that for using Tor they would ban. Or do you use it that way?
- tobogganablaze ( @tobogganablaze@lemmus.org ) English6•6 months ago
You forgot the VPN.
- mox ( @mox@lemmy.sdf.org ) 5•6 months ago
In that situation, I would also:
- Only use it through a browser (with fingerprinting protection), never a Discord app.
- Dedicate a browser installation, or at least a user profile, to Discord.
- Only use it over a VPN connection dedicated to Discord, or Tor if it’s allowed.
- Have an alternative channel (maybe Matrix?) ready and waiting for contacts who might be willing to switch.
- rar ( @rar@discuss.online ) 1•5 months ago
When I tested it, VPN do work after sms verification. Tor nodes, however, resulted in all my test accounts being banned.
- inlandempire ( @inlandempire@jlai.lu ) English5•6 months ago
No way when this https://lifehacker.com/tech/discord-data-sold-to-ai-and-law-enforcement and this https://spy.pet/ exist
- Harvest5634 ( @Harvest5634@lemmy.ml ) Русский4•6 months ago
Use any matrix client unstead.
- refalo ( @refalo@programming.dev ) 3•6 months ago
The biggest issue IMO is the random phone-walling. Eventually, all the things you try to do to increase privacy will just cause Discord to force your account into phone verification. This happened to me many times. It’s now to the point where I cannot even sign up for discord whatsoever because it immediately transitions from the logged in screen to “something suspicious going on” and forces you to give out a personal mobile number, which I refuse.
- tmpod ( @tmpod@lemmy.pt ) 3•6 months ago
Yeah, they have upped their “paranoia” quite a bit in the past couple of years. A while back, I discovered smspool.net while trying to register for Claude (wanted to give it a shot, was disappointed) and was so satisfied by their interface and prices I’ve used it again in 3 other occasions. There may be other similar services out there, you should give one a try next time Discord prompts you for a number.
- refalo ( @refalo@programming.dev ) 1•6 months ago
thanks for the recommendation, but unfortunately due to my privacy settings, most cloudflare sites do not work, I just get endless “are you human” prompts that never go away.
Plus any site that uses crimeflare isn’t private anyway because they can MITM all your traffic including credit card info etc.
- tmpod ( @tmpod@lemmy.pt ) 2•6 months ago
If you’re on Tor, that’s the very unfortunate reality atm. If you’re on a VPN, you may try switching providers or servers inside the same provider. I can recommend Mullvad, which works very well, even if you get some CAPTCHAs.
- refalo ( @refalo@programming.dev ) 1•6 months ago
Neither, it happens because my browser settings make it more difficult for them to fingerprint me which makes it think I’m a bot or something untrustworthy.
- tmpod ( @tmpod@lemmy.pt ) 1•6 months ago
Interesting, my Discord profile is also very hardened, and while it prompts me for confirmation, it’s always doable in a moment
- BaumGeist ( @BaumGeist@lemmy.ml ) 2•5 months ago
I’ll give you the most extreme solutions I can think of, and let you decide how much of each you want to enact.
First and foremost: use a secure and privacy friendly OS—Qubes on a burner pc or GrapheneOS on a burner phone—with secure and privacy-friendly networking—use DNS-over-HTTPS, or self-host as much of the infrastructure as you can, consider a VPN, keep the device on an isolated VLAN—use a secure/private web browser like LibreWolf.
General rules of online interaction apply for maintaining privacy within the servers: e.g. don’t talk specifics about your location, your age, your physical appearance, your childhood, your employer, etc.
As with most modern apps, the web app is necessarily less intrusive than the installable binary. Use the web app when you can, and limit your usage to only when you can use the web app on a computer and network you own—privacy enforcing habits are more important than all the software stopgaps in the world.
If you absolutely must use a binary, consider breaking Discord’s TOS and using a modified front-end: I know some people who use Aliucord for Android, and I just this moment learned about GoofCord for desktop
don’t install/run any software without verifying the integrity of the developers/distributors and binaries yourself, or building from source and verifying the code
It’s better to have Discord stealing your browsing data to sell you shit than have some random github malware rootkitting your phone.
- chevy9294 ( @chevy9294@monero.town ) English1•5 months ago
You can use Armcord or other Discord client which is for sure better than the offical.
- sic_semper_tyrannis ( @sic_semper_tyrannis@lemmy.today ) 1•6 months ago
Did you sign up with a VPN turned on? Are you always using a VPN and private DNS? You could also use a voice changer.