• Quail4789@lemmy.ml
    link
    fedilink
    English
    arrow-up
    65
    arrow-down
    1
    ·
    3 months ago

    Am I too harsh in believing that if you claim to have E2EE but I can’t verify a) your source code b) my client was built from that source code (i.e. reproducible builds) then you don’t have E2EE? The whole point of encrypting my traffic on the client is I don’t trust you. Why would I believe you aren’t sending the encryption keys off to your server if I didn’t trust you before?

    • Chais@sh.itjust.works
      link
      fedilink
      arrow-up
      9
      ·
      3 months ago

      Am I too harsh […]?

      No. If there’s no way to verify anything then all we have to go on is their word.
      The word of a company generally isn’t worth a whole lot. Same with Telegram.

        • Quail4789@lemmy.ml
          link
          fedilink
          English
          arrow-up
          6
          ·
          3 months ago

          Which is how we know their self-rolled encryption is shit.

          There’s a reason why Telegram CEO can be arrested when Signal’s can’t. Because Telegram has information they can give but refuse to whereas Signal give everything they’ve got, which is basically nothing.

    • jeffhykin@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      3 months ago

      I mean technically the client is verifiable if you use discord in a browser tab… and verify it every time you load the web page… 🙃

  • Autonomous User@lemmy.world
    link
    fedilink
    English
    arrow-up
    43
    arrow-down
    10
    ·
    edit-2
    3 months ago

    False, this is a lie.

    Discord is anti-libre software. We do not control it.

    It bans us from proving its claims. It bans us from fixing its lies.

    It fails to include a libre software license text file, like AGPL. Discord is malware, anti-libre.

    • thesmokingman@programming.dev
      link
      fedilink
      arrow-up
      20
      arrow-down
      3
      ·
      3 months ago

      Interesting. I was able to access the linked whitepaper and repositories without trouble and the 3rd party stuff too. Do you have local config preventing you from downloading the source code to review?

      While I can respect your distaste for non-libre software, you’ll need to back up the malware claim. There are real security concerns out there in common non-libre; labeling things that are not libre as malware solely because they are not libre muddies the waters and makes your message much less palatable.

      • Autonomous User@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        7
        ·
        edit-2
        3 months ago

        Where’s the rest of Discord’s source code?

        While it bans us from proving its claims and more, i’ll never let it infect my devices.

        • thesmokingman@programming.dev
          link
          fedilink
          arrow-up
          7
          arrow-down
          2
          ·
          3 months ago

          The claim is that audio and video are E2EE. I’m not sure how you’re unable to disprove that using the linked code, audit report, and COTS debugging tools. Can you expand on that? I see a lot of FUD without anything more than “they’re not libre” which, again, doesn’t do a great job of selling your point.

          • Autonomous User@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            6
            ·
            edit-2
            3 months ago

            Just reverse engineer me bro

            And every update, every other app, all their updates too, across every device… 🚩

            Should we just waste our whole lives nothing but knee deep in disassembled binaries?

            How stupid and gullable does openly hostile Discord think we are?

            Couldn’t be me still coping and shilling trash like this.

            • thesmokingman@programming.dev
              link
              fedilink
              arrow-up
              6
              arrow-down
              2
              ·
              3 months ago

              In another post you’re actively looking at purchasing GPS systems. The satellites you’re sending info to are not available to dissect and I highly doubt the firmware of the devices you’re looking at is publicly available much less libre. Your trolling is not internally consistent so it’s clear you don’t have any clue what you’re on about. Good luck with that.

              • Grey Cat@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 months ago

                I don’t think you need to send info for a GPS client to work. You are just a receiver, no data sent.

              • Autonomous User@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                5
                ·
                edit-2
                3 months ago

                This conflates software with service.

                Signal’s offical servers: we don’t own it, we don’t run it, we can’t see inside it too.

                Signal is an end-to-end encrypted libre app, so we don’t need to.

                here’s half the source missing

                just reverse me bro

                that’s not your server

                Always the same talking points. Some people never learn.

          • Autonomous User@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            3
            ·
            edit-2
            3 months ago

            It bans us from modifying its source code, sharing its exact and modified copies, using it for any purpose, etc.

            We do not control it, anti-libre software.

            Which software license do you think Discord is distributed under?

                • toastal@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  3 months ago

                  Responding broadly to the thread of folks talking about userScripts & add-ons. This effort would be better put to getting folks to a different protocol where client modification & alternate clients are the norm.

            • Blxter@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              3 months ago

              I’ve been using a modified client for about 2 and a half years now without being banned.

  • Eeyore_Syndrome@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    2
    ·
    edit-2
    3 months ago

    If you believe anything you write or say on discord is private. Or would ever even be encrypted, I want whatever you’re smoking please.

    • LostXOR@fedia.io
      link
      fedilink
      arrow-up
      9
      ·
      3 months ago

      Yeah, Discord is not a privacy preserving service in the slightest. Honestly I’m only using it because of the network effect at this point.

  • OR3X@lemm.ee
    link
    fedilink
    arrow-up
    6
    ·
    3 months ago

    Hey Discord, give us the ability to stream audio when sharing our screen on Linux ffs.

    • acockworkorange@mander.xyz
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      3 months ago

      They can deliver the data that they do have, which will be encrypted. Though I doubt they were ever recording calls anyway.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        How would the US government be able to see the messages? They need to monitor for young people leaking data from the Pentagon. /s

  • dyc3@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    It’s interesting that the threat model also includes participants. They take into account that when a user leaves, it should be impossible for them to continue listening.