20 February 2020
( 3900 words, approximately a 21 minute read. )
It’s simple: free software projects should not use Discord. (This goes equally for any sort of public interest group.) Here’s why.
TL;DR: Standardizing on communications tools like Discord discriminates against and excludes everyone who, either for physical safety reasons, or personal preferences, cannot give up their privacy to participate, due to its demands for personally identifiable information like IP address, location, and phone number.
Update, 2020-06-04: It would appear that the repugnant yet well-known human known as rms has some similar thoughts on the matter.
Total Lack of Privacy
Discord reads, logs, and can censor your “private”, 1-to-1 messages:
Discord’s communication is not end to end (e2e) encrypted. It is encrypted only between the individual user and the servers operated by Discord Inc. Their spying extends to every single message sent and received by anyone, including direct messages betweeen users. The service can and does log every message sent, both in-channel and DMs. It is impossible to have a private conversation on Discord, as there will always be an unencrypted log of it stored by Discord. Discord can, at their option, provide those stored messages to any third party they wish, including cops or government snoops, for any reason, even without a legal order, without any obligation to tell you that they have done so.
You should not use services that can rat on you and your friends to the cops.
Unrelated to this article: in general, for private messaging, you should use Signal.
Discord is spyware, silently logging and tracking every action performed within their app, without once asking the user if they consent or not:
It cannot be used simply as a communications tool without also incurring surveillance of your usage. Every time you interact with Discord (outside of Tor) it reveals your approximate location (via IP geolocation) for permanent storage.
Privacy is a human right.
Use of Discord by a group discriminates almost totally against those who prefer or, due to circumstance, require privacy for their own personal information, such as IP or related geolocation. You cannot sign up for Discord anonymously.
(IPs are absolutely personally identifiable information, despite what the GDPR carves out. Your IP indicates your approximate physical location.)
Attempting to sign up for Discord anonymously via Tor will demand from you first as many as 30(!) CAPTCHAs, and, if you can get through those (which is sometimes impossible, read on), it will then demand a telephone number from you for SMS verification.
Telephone numbers deanonymize you. Not many realize this, but a telephone number is one instant, low-cost API call to a data broker away from your name, physical address, associated/other email addresses, date of birth, et c. The US has no meaningful privacy or data protection laws. You may think I’m exaggerating, but if you live in the US, right this moment, dozens of companies with whom you do business have already provided data brokers with the complete set of your name, phone number, email address, and street address. These lookups are commonly for sale by API and used by many other companies to detect potential fraud, spam risks, et c.
Phone numbers are a simple lookup identifier to all of your commonly used personal information. That’s why everyone asks you for them! It’s not to call you. The same goes for your email address.
Additionally, the mobile operators in the US have been selling access to phone handset location data (collected from the towers, and unblockable) to thousands of people for many years. It’s so bad, even the FCC has gotten involved. Providing your telephone number to a service is, from a privacy standpoint, the exact same as showing them your government ID and sharing your physical location.
Another 30 or so CAPTCHAs await you during the email verification link step, if you can get past the SMS part (say, with a burner number).
…and then again on each and every login. It takes more than a few minutes, every time, to log in, even after having given them a phone number.
…except that, sometimes, you can’t even log in at all, because the Google CAPTCHA they make users accessing via Tor fill out on every single login just gives up and tells the user to fuck off:
This excludes many people from your group by discriminating against those who insist on their human right to privacy. Don’t immediately dismiss this as some esoteric interest: many people have legitimate, non-paranoid privacy requirements different from the mainstream, for many different reasons that may not be immediately obvious to someone without such specific circumstances: examples include being targets of public harassment campaigns, stalkers, internet rage mobs, creepy or violent ex-partners, et c. But, even people not subject to those threats, who simply prefer not to have their activities tracked also deserve their privacy if they wish it. Remember: privacy is a human right.
Not everyone can afford to out themselves in every group in which they participate! Some may be subject to retaliation, harassment, or even physical violence for doing so. Pretending that everyone can choose to do so safely or that it’s not a big deal to give up your identity information is simply rude and inconsiderate to those people.
Critically, this issue may end up practically excluding some of the most essential and valuable potential participants. People who are rich, famous, or both are well acquainted with how essential personal privacy can be when you’re in the public eye. Tim Ferriss published a pretty complete list earlier this month of the negative consequences he’s had to deal with and the cumbersome privacy steps he’s had to take to ensure the physical safety of himself and those close to him—all because he’s only somewhat famous. Multiply that by ten to see what Actual Famous People are used to dealing with.
Most projects can benefit from additional resources, reach, or publicity. The kinds of people who can champion your team or your project to millions of people will frequently not participate at all if doing so requires that they expose private information about themselves. By de-facto excluding all such people on privacy grounds through the use of Discord, you lose any benefits, financial, social, or otherwise, that they might have brought to the table for your project or group.
When you endorse and support services that deny people even the possibility of privacy, you are choosing to hard-exclude all of these types of people from your group, whether you realize it or not. Worse yet, they won’t even tell you when they nope out of your webpage and bounce. (That’s actually why this post exists.)
Please don’t engage in this type of discrimination by using Discord.
This type of access-based gatekeeping performed by Discord, regardless of motivation (don’t assume malice: it’s likely primarily motivated by an effort to keep the experience of most users up by erring on the side of over-blocking any user account that might send spam or unwanted messages), is accurately and objectively described by a word:
Many people in the free software movement find censorship in general to be abhorrent. (That’s one very good reason, for example, why emails you receive that might be spam go into a special folder, instead of being silently deleted without you having a option to choose to see them if you wish. Your email server could just delete them! The fact that it doesn’t was a deliberate design choice to avoid censorship.)
John Gilmore, one of the founders of the EFF, once famously wrote, “The ‘net interprets censorship as damage and routes around it.” I am encouraging you to recognize this particular damage, and route around it by avoiding any use of Discord. If you see teams using it, please link them to this page.
(Please don’t email me about how Discord can do what Discord wants, including engage in censorship, on Discord’s own servers. Of course they can. It’s still censorship, and I can still say (on my own servers) that Discord’s censorship is dumb, discriminatory, and harmful.)
Using Discord, even as a free user, requires agreement with their Terms Of Service. Regardless of the actual contents of their ToS, this excludes anyone for whom such agreement is unacceptable, impractical, or impossible from participating as an equal in your group.
Now let’s talk about the actual contents of the ToS. Here’s an excerpt:
As an example, you agree not to use the Service in order to:
defame, libel, ridicule, mock, stalk, threaten, harass, intimidate or abuse anyone;
Regardless of whether or not you are the kind of person who mocks or ridicules people—you should be able to use your communications tools to mock and ridicule people, if you so wish. These are normal, acceptable things to do in society.
The point of bringing this up is not that you should tolerate these things in your group. The point is that the place to deal with these is in your group’s own culture and internal rules, not a legal agreement that everyone is forced to be bound by simply to participate.
This is unreasonable not because we want our groups to be filled with mocking of other people. This is unreasonable because, Discord’s ToS, as written, prohibits, for example, the sending of political cartoons in DMs.
Another nugget from the ToS:
Notwithstanding the foregoing, disputes concerning patents, copyrights, moral rights, trademarks, and trade secrets and claims of piracy or unauthorized use of the Site shall not be subject to arbitration, and the notice and good faith negotiation required by this paragraph shall not apply to these types of disputes.
Binding Arbitration. Except as provided herein, if we cannot resolve a dispute informally, any dispute will be resolved only by binding arbitration to be held in the U.S. state in which you reside. For residents outside the United States, arbitration shall be initiated in San Francisco, California. Discord and you further agree to submit to the personal jurisdiction of any state or federal court in San Francisco, California to compel arbitration, stay proceedings pending arbitration, or to confirm, modify, vacate, or enter judgment on the award entered by the arbitrator.
To even use Discord, you must waive your right to sue them for any reason outside of patents, copyrights, trademarks, et c (they put this clause in so that they can always still sue you in real court over these matters, if they ever want to).
If at some time in the future Discord decides to destroy your team or business by an unjust suspension, or fucks up and, via their own negligence gets hacked and leaks their user database with phone numbers, or has a rogue sysadmin who doxxes you or spies on your DMs specifically and forces you to have to move, or ships faulty software that bricks your computer or leaks (even more) data from your phone, or damages you or your team or business in any other way that might happen, you have no recourse other than binding arbitration, critically, a process outside of a normal court of law.
There is an opt-out provision (which is more like opt-in to maintaining your basic civil rights to sue for damages) in their ToS, but if your account is older than 90 days and you didn’t email them specifically about opting out of mandatory arbitration, you are, per their abusive ToS, deemed to have agreed to give up your right to lawsuits and be bound by the agreement to arbitrate, even if you did nothing other than sign up for the service to chat with people.
There is also another provision where you waive your right to sue them as part of a class action, in the event that they fuck over a whole bunch of people in the future somehow (remember Equifax?). That part has no opt-out, and extends forever, even after you delete your account or stop using Discord. Anyone who has ever used Discord is presumed by Discord to have agreed to this and cannot ever sue them in a class action.
This is nonsense, and you should never demand that your users agree to such abusive terms simply to participate in your team or group on equal footing.
Discord is proprietary, non-free software, held closely by a for-profit company. How you personally feel about this is dependent upon your own philosophical views, but, objectively, it is not very consistent with the ideals of most groups dedicated to free software or open collaboration to produce and improve free software.
It seems to me inappropriate for an organization that believes in free software to choose proprietary and privacy-disrespecting tools when free and private alternatives are readily available and can be hosted very inexpensively.
Additionally, free software-adjacent teams and groups, such as hackerspaces, art camps, and other DIY undertakings should always question falling by default onto the “buy” side of “build vs. buy”. DIY or die! Run your own!
Remember: A Jedi builds her own lightsaber.
What To Use Instead
There are some great alternatives. I’m not going to tell you to go use IRC like some cranky old Thinkpad-toting unixbeard who doesn’t recognize that mobile apps are a hard requirement for meaningful social collaboration these days. IRC is a total nonstarter for this use case for many reasons which have been written about before.
If you have done so in the past, please stop recommending IRC as a replacement for Slack and Discord. It’s absolutely not. IRC is great, but it is not simply “open source Slack” (that’s Mattermost). They are both chat systems, but they are different tools for different jobs. I love IRC, but it’s simply not a useful tool for most groups.
There’s no one single free/self-hostable alternative that has the exact same level of polish and all of the features of Discord, but there are some that come close all of the important functionality. Presuming that you don’t use the voice chat much or often, and simply want an asynchronous chat system (with DMs) that supports multi-client, including web and mobile apps, there are several workable options.
You’ll likely want to use a combination of tools, as follows.
Replacement for Announcements: Email
Email is underrated.
First of all, you should not let any single organization or tool intermediate your communication with your community or group, lest they attempt to rent-seek and charge you for access to your own social graph (like Facebook and Instagram have made a multibillion-dollar business doing). The first and best line of communication with your group should always be email.
Make an email list for use by group organizers, and make sure everyone is subscribed to it. Collect email addresses as an essential part of signup in your group, and direct privacy-sensitive users to one of several free anonymous email services if they need one. If nothing else, you can email everyone once or twice per year with a set of links to whatever tools or resources for chat/discussion are currently being provided to the group for its use. Everyone has an email address, and several services are available for people who desire privacy to obtain anonymous email addresses that they can use for free and access in ways that preserve their privacy.
Additionally, as an organizer or admin, there are many vendors that can cheaply provide this email list hosting service to you, and you can then periodically download the list of email subscribers to your own computer for backup, making you independent of any one service. As long as you have direct email contact information for your group members, you cannot be censored or shut down by any single provider. If they decide to raise prices on you (e.g. Meetup or e.g. Mailgun) you can always take your downloaded list to another service or even run your own mail server in a pinch. You can thus always communicate things to your membership directly if you have their email addresses.
Set up two email lists:
One, an email announcement list (
ORGNAME-ANNOUNCE) , to which everyone in the group is subscribed, to which only management/senior group members can post. This should ideally send a message no more often than about once per month, so that people aren’t tempted to ignore or filter them, or wish to be unsubscribed.
-ANNOUNCE list, use a standard footer at the bottom of every message sent to this list that includes all of the following:
- a link to the project’s webpage
- a link to the project’s repository hosting
- a link to the project’s documentation site
- links to the project’s chat/discussion spaces
- links to any other public social media accounts
- the names and email addresses and titles/roles of 2-4 people in charge so that everyone always has a direct communications channel to organization management
Keeping this list’s traffic to a maximum of about 6 emails total per year (excepting special events) is ideal.
Two, an email discussion list (
ORGNAME-DISCUSS), to which everyone is initially subscribed (with a welcome message that explains to them how to unsubscribe if they wish), for discussion, that lets all subscribed members post. Skip setting up this list if you end up using Discourse for web-based bbs/forum discussion functionality (see below), as most people these days will probably prefer using the shiny Discourse web interface over email threads.
Replacement for Real-Time Chat: Mattermost
- License: AGPL (source) / MIT (binaries)
- Repository: https://github.com/mattermost/mattermost-server
- Website: https://mattermost.com/
Mattermost is a free software web application (written in Go and React) that replaces the text-chat functionality of censored/surveillance systems like Slack and Discord. It’s web-based, and there are native client applications for mobile (Android and iOS) and desktop (Windows, macOS, and Linux).
You can self-host Mattermost in a very straightforward fashion. The resource requirements are modest for installations with fewer than a few hundred users. Using free Let’s Encrypt certificates, it is possible for most small and medium-sized teams to have their own private Mattermost installation for under $5 per month. Like Slack, it has a lot of integrations that you can use to hook it up to external services and events like webhooks. Unlike Slack, it will keep your user data private, and keep private communications within your group.
Replacement for Threaded, Asynchronous Discussion: Discourse
Confusing name, I know. I’m now talking about Discourse, a piece of free software that you can run yourself to host BBS-style forums.
Discord doesn’t really do threaded/forum style communications, but if you’re using it for chat, such an organized permanent record may actually be an upgrade or enhancement for your team.
If you’re looking for a way of getting announcements out to your group and fostering discussions, look into Discourse, which is much better for discussion than linear, messy chat. It also has native mobile apps that work as clients, although they’re very minimal and don’t deliver notifications for self-hosted instances (which Discourse should get on fixing).
It supports emailing people notifications of their @-mentions, digests of new threads and activity so that people can catch up with what they’ve missed (all of which can be configured per-user, of course), and several different nice visual themes. It even comes with a nifty little tutorial walkthrough for first time users who join to teach them the basics of using it. It’s great!
It’s also generally more useful for the majority of busy people who don’t necessarily do much real-time chat, as it’s focused for more asynchronous, organized thread-based discussions. It’s much more organized than scrolling through the backlog of a bunch of different channels, as each board and thread has a name and topic, as is standard for forum/BBS software.
Replacement for Voice Chat: Mumble
- License: 3-Clause BSD
- Repository: https://github.com/mumble-voip/mumble
- Website: https://www.mumble.info/
I imagine most teams will skip this step, as I don’t think voice chat is very heavily used. However, if it is, Mumble is a great free software alternative. It works great, and has polished native desktop and mobile apps.
- Website: https://www.torproject.org/
All of the web-based replacement services can also be set up to be made available as a hidden service via Tor, also known as an “.onion address”. If you’re not overburdened by admin tasks, you should set this up!
The nice thing about using a hidden service is that the communication between your users and your server happens entirely within the Tor network, so neither the user nor the server can learn the location or metadata of the other via the network. It also works behind a firewall, in the event you wish to make the hidden service the primary/only method of accessing your web application (not generally recommended, as this will break connectivity for anyone using the mobile apps).
Offer Of Assistance
I know that self-hosting things can seem daunting, considering how point-and-click easy it is to use hosted services. It’s a lot easier than most people think due to some new technologies that have become production-ready in the last few years. It’s simply not that difficult anymore. Tools like CapRover almost make it a non-technical endeavor.
I sincerely hope that after reading the above you’ll re-consider self-hosting your project’s own communications infrastructure for privacy reasons. If you end up going this route, I have ~23 years of experience self-hosting communications tools (I founded
datavibe.net, a UNIX freenet, in 1997 and operated it for two decades) and am happy to help you in whatever ways I can. Feel free to drop me a line via email or on Signal if you need help, and I’ll do my best to sort you out.
A few minutes after publishing this post, I solved the requisite 60 CAPTCHAs, created a new Discord account with a disposable phone number that cost me €5, and joined a Discord chat for a project I participate in.
I sent the link to this post, via DM only, to three of the admins with a short note. Not 10, not 100, not a random project: three of the admins of a project in which I am already a participant.
Within 60 seconds of linking these users to my own webpage, Discord deleted my account.
No third-party service should be in a position to be deciding for you what your group membership should be allowed to communicate with each other.
Do not tolerate this sort of censorship within your community.
Note that I was not flagged by any user; this was an automated censorship of DMs by Discord simply because I was sending messages containing links to my other team members.