Hacker News new | ask | show | jobs
by sbagel 1881 days ago
Discord does not give users a choice to opt-out of their wildly invasive data collection methods including logging executables running on your system while the desktop client is open, not just games. This data alone is very valuable.

Comment from a 2019 support thread "I am pretty flabbergasted that people aren't making a bigger deal of this than they are. Discord actively monitors your executables, but the larger concern for people now seems to be its inaccuracy in identifying them as games. As if to say "make it better at identifying games" instead of "stop scanning my programs"."

https://support.discord.com/hc/en-us/community/posts/3600307...
5 comments
judge2020 1881 days ago
This is false - your list of running executables is never exported. Instead, it works by downloading a list of games to scan for[0,1] and runs a local scan that only compares them against this in-memory list of programs, never making a XHR with info from the scan.

The API does not require authorization so you can view it in your browser: http://discord.com/api/v8/applications/detectable

0: https://i.judge.sh/boring/Babs/Discord_gMqvfoQEor.png

1: https://i.judge.sh/focused/Dash/Discord_qbSQfFNWZn.png

link
tgsovlerkhgsel 1881 days ago
Why would you install the desktop app? Isn't it Electron anyways, so aren't you basically running the same thing as you would in the browser, except now you've replaced the exceptionally well sandboxed, trusted browser with an outdated, unsandboxed browser and have given an app that doesn't need this access to your entire system?
link
nextlevelwizard 1881 days ago
Easier separation of ideas. I want to be able to close my browser while still keeping VoIP running. Alt-Tab-ing is far superior UX compared to trying to find the VoIP tab in browser. Over all UX is way nicer with separate application even if it is just another browser running.
link
hyperpl 1881 days ago
Not sure why this is downvoted (if that's what the light gray represents). I wouldn't install any Electron app when an app works equally well within a browser like Firefox, doubly so in my case considering my Firefox is running in firejail already.
link
ajkjk 1881 days ago
People like you and the OP are rather rare among users. Most people just do not care about the data collection or the Electron-ness. They just want to use Discord.
link
dharmab 1881 days ago
> Why would you install the desktop app?

In-game push-to-talk requires a desktop app.

link
blibble 1881 days ago
would seem to be easy enough to hack up a minimal browser extension to support that

chrome extensions can register global hotkeys

link
nextlevelwizard 1881 days ago
Yeah... Do not use the already existing wheels fiddle your own shitty wheels
link
coding_lobster 1881 days ago
> Why would you install the desktop app?

Not sure if this is still the case but the browser version didn't have the same noise suppression features as the desktop client.

Another minor thing for me was that the desktop client doesn't stack with the browser window in the taskbar (i.e. I can still 1 click both if I only have 1 browser window open which I usually do) and it can be minimized into the system tray.

link
Mashimo 1881 days ago
>Why would you install the desktop app?

It scans executables running on my system and switches to "Streamer mode" when I start OBS.

link
c7DJTLrn 1881 days ago
It sends a list of running programs, including the command line arguments to the server. It's worrying because although it's bad practice some programs get passed credentials like this.

With regards to Discord's invasion of privacy as a whole, I'm not sure if it's malice or incompetence.

link
AceJohnny2 1881 days ago
For one thing, command-line arguments are public information about processes in every OS since forever. Putting security-sensitive information there is a fault of its developers, not Discord.

For another, Discord spies on the system to report what games you're playing, including which mods. It's a cool feature for some, but indeed requires a set of abilities that are indistinguishable from malware.

link
naikrovek 1881 days ago
it doesn't send anything like that anywhere. it matches a list of executables it downloads with what it sees running, to determine if you are running a game.
link
cedws 1880 days ago
One of my GDPR data downloads contained a list of programs I had ran along with the command line arguments. Not sure how you can explain that if it's not sent to the server.
link
363738373664 1881 days ago
It's almost like no one using the app chose it for the privacy implications. Sort of silly of them considering all the harm they've suffered because of it.
link
judge2020 1881 days ago
Maybe in 2019 it was different but you can disable almost all of it in settings.

https://i.judge.sh/caring/Derpy/Discord_AsIcI0l9B8.png

link
sbagel 1881 days ago
These options do not disable executable logging. That information is still collected with all data collections options disabled.
link
judge2020 1881 days ago
I think you misunderstood what's sent to their servers in that case - see my other reply[0]. Now you might still consider this spyware (the EFF did classify this sort of scanning as spyware in 2005 [1]) but it looks like this is the status quo for anything that's not a game store to do running game detection.

0: https://news.ycombinator.com/item?id=26884448

1: https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spy...

link
junon 1881 days ago
Sources please. second time you've claimed this and many have objected that they do this.
link