> At the time of the online investigation, when creating an account on DISCORD, a password of six characters including letters and numbers was accepted.
> The restricted committee considered that DISCORD's password management policy was not sufficiently strong and restrictive to ensure the security of users' accounts.
Ahh yes, finally, government-enforced password policies. They have lost their mind.
> However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
Getting fined for the the system tray behavior is a little much, that's how all chat apps have behaved going all the way back to at least AIM (and Trillian, Pidgin, etc) and I'm assuming before then as well, and its good UX that's why it's been copied for so long. I'm actually annoyed that WhatsApp desktop doesn't have this feature.
> When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room. However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
>
> DISCORD's behavior is different and may lead to users being heard by other members in the voice room when they thought they had left. The restricted committee considered that DISCORD should specifically inform users by making them aware that their words are still being transmitted and heard by others.
>
> However, as part of the procedure, DISCORD INC.set up a pop-up window to alert people connected to a voice room, when the window is closed for the first time, that the DISCORD application is still running and that this setting can be changed directly by the user.
Rather the issue was that you could close to tray while in a call without any prompt.
Too late to edit this now but it appears I fumbled the quote so here it is again properly formatted.
When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room. However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
DISCORD's behavior is different and may lead to users being heard by other members in the voice room when they thought they had left. The restricted committee considered that DISCORD should specifically inform users by making them aware that their words are still being transmitted and heard by others.
However, as part of the procedure, DISCORD INC.set up a pop-up window to alert people connected to a voice room, when the window is closed for the first time, that the DISCORD application is still running and that this setting can be changed directly by the user.
This is especially daft considering the vast majority of credit and debit card PINs are four or six numerical-only digits. At least the discord password could be alphanumeric plus symbols. Why is a Discord password being held to higher standards than a bank card PIN?
Because the bank card chip is irremediably blocked after three wrong tries, and you need to submit documentation to your bank to get a new PIN. I don't think discord forces users to reset their password via snail mail after three wrong tries.
> Ahh yes, finally, government-enforced password policies. They have lost their mind.
Sure arguing over the password policy itself is somewhat silly however those shorter/lower complexity passwords are trivial to crack in the event of a data leak even when properly salted and hashed.
> And they have thoughts on UI design too!
This one makes perfect sense. The complaint is that you can close the window while in a call without any prompts. It's not that the UX is bad (IMHO it's very useful) but that it can lead to accidental leaks of information that could be trivially avoided with minor changes.
The solution to this is trivial. Prompt on close (but not minimise) when in a call to warn the user and provide a setting to hide this prompt.
Prompt on close is very bad solution in terms of UX.
For example, I never click minimize in Discord because I hate non-tray apps if I need them in background. I dislike Obsidian for that because I can't even use RBTray without enabling native window frame which is worse than standard.
And because of habit to have minimize-to-tray on [x] I would also dislike moving that option to [_] and reserve [x] to exit. I know I will just press it because of habit and close my active chat with app. And discord is not fast app to load on my PC.
But technically it will be best solution if they want to comply with the requirements of officials. Or maybe already implemented one-time prompt is enough for them.
It's only a bad solution if it's not disable-able and it happens in all cases (rather than only when the user is still in a call).
Ideally it's a warning that you can disable. With safety/privacy it's generally preferable to have warnings as the default and allow users to take the trainer wheels off rather than risk a new user exposing themself accidentally.
Yes, that would work too and quite good practice.
But not sure if I like that it's push from officials anyway, especially when I see that's adjacent to other "breaches" in that document.
The password thing is silly, but the actual complaint with "X minimizes to tray" is that it doesn't disconnect ongoing voice calls, which _could_ be confusing.
When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room. However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
DISCORD's behavior is different and may lead to users being heard by other members in the voice room when they thought they had left. The restricted committee considered that DISCORD should specifically inform users by making them aware that their words are still being transmitted and heard by others.
However, as part of the procedure, DISCORD INC.set up a pop-up window to alert people connected to a voice room, when the window is closed for the first time, that the DISCORD application is still running and that this setting can be changed directly by the user.
> The restricted committee considered that DISCORD's password management policy was not sufficiently strong and restrictive to ensure the security of users' accounts.
Ahh yes, finally, government-enforced password policies. They have lost their mind.
> However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
And they have thoughts on UI design too!
This is like the opposite of what GDPR should be.