Discord is spyware – archived source

Discord

Discord is an instant messaging application for macOS, Windows, GNU/Linux, Android, and iOS. Discord is used to communicate via voice chat and text chat, and has image-sharing and file-sharing capabilities.

Spyware Level: EXTREMELY HIGH

Thanks to Richard Stallman for linking to our article here! The spotlight is very much appreciated.

Discord is spyware because it collects all information that passes through its communication platform. As Discord is a centralized communication platform, all communications have to go through Discord’s official servers, where all of that information can potentially be recorded. The vast majority of said information has been confirmed to be recorded, such as all communications between users. Discord has also been confirmed to use other spyware features such as various forms of telemetry. Discord’s main source of income is from investment, from which it has received over $279.3 million dollars[4]. Discord cannot be built from source and the source code for Discord is unavailable.

Discord does not make its source code available

It is impossible to download and examine Discord’s source code, which means that it is impossible to prove that Discord is not spyware. Any program which does not make its source code available is potential spyware.

Discord confirms that it collects large amounts of sensitive user data

Discord explicitly confirms in its privacy policy[1] that it collects the following information:

  • IP Address
  • Device UUID
  • User’s e-mail address
  • All text messages
  • All images
  • All VOIP data (voice chat)
  • Open rates for e-mail sent by Discord

Discord does not explicitly confirm that it collects this information, but still collects it by default:

  • Logs of all of the other programs that are open on your computer

The implications of this information can be broken down like this: By recording your IP address, Discord can track your general location (about as precise as which county you are in). Discord can also tell which devices you use, as it uniquely identifies each device, and how much you use those devices, as it can record your device usage habits (since Discord is usually open in the background so that it can receive messages). Discord also records every single interaction you have with other users through its service. This means that Discord is confirmed to log every conversation that you have through Discord, and record everything that you say on Discord, and view all images that you send through Discord. Therefore, none of your interactions on Discord are private. Discord’s privacy policy also contains several occurrences of phrases such as “including but not limited to,” which is an explicit confirmation that Discord contains more spyware features that are not disclosed to the user.

Discord contains features which allow integration with other spyware platforms

Discord contains the opt-in spyware feature known as “social media integration.” This allows you to sync your persistent user identity on Discord with your persistent user identity on other spyware platforms, such as Facebook and Twitter. In its privacy policy[1], Discord has confirmed that if you opt in to this spyware feature, Discord will obtain an undisclosed amount of access to information obtained about you by the spyware platforms that you choose to sync with.

Discord contains a process logger

Discord has been confirmed to monitor the open processes on your operating system. This is a spyware feature known as a “process logger” that is generally used to record your program usage habits. This was confirmed by the CTO of Discord in a Reddit thread.[2] In the same thread, the CTO also elaborates that this spyware feature (the monitoring of processes) is mandatory for several features of the platform. The CTO and a Discord engineer go on to claim that Discord does not use the process logger to send records of the open processes on the user’s computer.

The test to prove that Discord logs processes was done again by the writer with procmon on 4/11/2019 with the features: “Use data to customize my Discord Experience” and “Display currently running game as a status message” turned off. Discord did NOT log all of the processes open this way. However, when setting the “Display currently running game as a status message” turned on, the behavior described in[2] was replicated. You can see that behavior here:

Discord claims this feature can be disabled through the UI. This is sadly false. Because of the nature of closed-source software it isn’t possible for either this article or the Discord developers to prove how much information is being sent to Discord’s servers when the process logger is turned on. But it’s at least possible to turn it off.

Discord uses its process logging for advertising

Discord shows this in its privacy option here:

That the process logging features of Discord are now being recorded on Discord’s servers as a form of telemetry (spyware), and removes speculation about why this feature exists. It is clarified by Discord that this spyware feature is used for advertising to its users.[8] This means that Discord is recording the programs you have open to build a statistical model of what programs you might buy/license in the future.

Discord tries to force some users to give their Telephone numbers

Discord will lock users out of its service and will not allow them to continue using it without giving their phone number or contacting Discord support. This is especially true for TOR users. This kind of feature is designed to extract very personal information out of its users (phone numbers). The criteria for locking out users isn’t known.

Discord receives government requests for your information

Discord has confirmed in an email correspondence[6] that it does receive government requests for information. So, we know that the government potentially has access to all of the information that Discord collects about you. You can read a copy of the email image posted in the sourcehere in case the link there dies.

Speculation on Discord’s future

It’s unknown whether Discord currently is or isn’t selling user information. Currently, Discord has been able to consistently raise new investment capital, which is at a level where it could reasonably be covering all of its operating costs. However, Discord, like any other company, is not going to exist in a constant state of investment. Discord is going to have to transition away from an investment-financed business model to a revenue model that exclusively relies on generating revenue from the users of the platform.

Discord has several ways of making money. It can license emoji’s and other features of the program with Discord Nitro[5], or it can make money licensing video games through its new online store, as a competitor to Steam. However, both of these revenue sources may not be enough. Discord has raised $279.3 million dollars[4] and it has to return on this investment. (which is more than 279.3 million dollars that has to be paid back)

If Discord is not able to satisfy its obligation to its investors, it has a third option- selling user information to advertisers. Discord is already datamining its users to produce its recommendation system,[8] which means that it is already turning its userbase into extremely valuable, sellable, advertising data. Discord has 130 million users[7], and it can produce a statistical model of what games each user (who does not opt-out of advertising) owns, plays, and wants to buy. This is incredibly valuable information that Discord can sell if it cannot reach its profit obligations with its current revenue model. If Discord was a successful games store, then it would not need to do this. But if Discord gets in financial trouble, it probably will be forced to liquidate this asset.

This article was created on 11/23/17
This article was last edited on 8/17/2021

chevron_left
chevron_right

Leave a comment

Your email address will not be published. Required fields are marked *

Comment
Name
Email