💾 Archived View for gemlog.blue › users › spyware › 1676928500.gmi captured on 2023-04-20 at 00:56:46. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-03-20)
-=-=-=-=-=-=-
==========
Discord is an instant messaging application for macOS, Windows, GNU/Linux, Android, and iOS. Discord is used to communicate via voice chat and text chat, and has image-sharing and file-sharing capabilities.
Discord is spyware because it collects all information that passes through its communication platform. As Discord is a centralized communication platform, all communications have to go through Discord's official servers, where all of that information can potentially be recorded. The vast majority of said information has been confirmed to be recorded, such as all communications between users. Discord has also been confirmed to use other spyware features such as various forms of telemetry. Discord's main source of income is from investment, from which it has received over $279.3 million dollars. Discord cannot be built from source and the source code for Discord is unavailable.
It is impossible to download and examine Discord's source code, which means that it is impossible to prove that Discord is not spyware. Any program which does not make its source code available is potential spyware.
Discord explicitly confirms in its privacy policy that it collects the following information:
Discord does not explicitly confirm that it collects this information, but still collects it by default:
The implications of this information can be broken down like this: By recording your IP address, Discord can track your general location (about as precise as which county you are in). Discord can also tell which devices you use, as it uniquely identifies each device, and how much you use those devices, as it can record your device usage habits (since Discord is usually open in the background so that it can receive messages). Discord also records every single interaction you have with other users through its service. This means that Discord is confirmed to log every conversation that you have through Discord, and record everything that you say on Discord, and view all images that you send through Discord. Therefore, none of your interactions on Discord are private. Discord's privacy policy also contains several occurrences of phrases such as "including but not limited to," which is an explicit confirmation that Discord contains more spyware features that are not disclosed to the user.
Discord contains the opt-in spyware feature known as "social media integration." This allows you to sync your persistent user identity on Discord with your persistent user identity on other spyware platforms, such as Facebook and Twitter. In its privacy policy, Discord has confirmed that if you opt in to this spyware feature, Discord will obtain an undisclosed amount of access to information obtained about you by the spyware platforms that you choose to sync with.
Discord has been confirmed to monitor the open processes on your operating system. This is a spyware feature known as a "process logger" that is generally used to record your program usage habits. This was confirmed by the CTO of Discord in a Reddit thread. In the same thread, the CTO also elaborates that this spyware feature (the monitoring of processes) is mandatory for several features of the platform. The CTO and a Discord engineer go on to claim that Discord does not use the process logger to send records of the open processes on the user's computer.
The test to prove that Discord logs processes was done again by the writer with procmon on 4/11/2019 with the features: "Use data to customize my Discord Experience" and "Display currently running game as a status message" turned off. Discord did NOT log all of the processes open this way. However, when setting the "Display currently running game as a status message" turned on, the behavior described in was replicated.
Discord claims this feature can be disabled through the UI. This is sadly false. Because of the nature of closed-source software it isn't possible for either this article or the Discord developers to prove how much information is being sent to Discord's servers when the process logger is turned on. But it's at least possible to turn it off.
Discord will lock users out of its service and will not allow them to continue using it without giving their phone number or contacting Discord support. This is especially true for TOR users. This kind of feature is designed to extract very personal information out of its users (phone numbers). The criteria for locking out users isn't known.
Discord has confirmed in an email correspondence that it does receive government requests for information. So, we know that the government potentially has access to all of the information that Discord collects about you.
It's unknown whether Discord currently is or isn't selling user information. Currently, Discord has been able to consistently raise new investment capital, which is at a level where it could reasonably be covering all of its operating costs. However, Discord, like any other company, is not going to exist in a constant state of investment. Discord is going to have to transition away from an investment-financed business model to a revenue model that exclusively relies on generating revenue from the users of the platform.
Discord has several ways of making money. It can license emoji's and other features of the program with Discord Nitro, or it can make money licensing video games through its new online store, as a competitor to Steam. However, both of these revenue sources may not be enough. Discord has raised $279.3 million dollars and it has to return on this investment. (which is more than 279.3 million dollars that has to be paid back)
If Discord is not able to satisfy its obligation to its investors, it has a third option- selling user information to advertisers. Discord is already datamining its users to produce its recommendation system, which means that it is already turning its userbase into extremely valuable, sellable, advertising data. Discord has 130 million users, and it can produce a statistical model of what games each user (who does not opt-out of advertising) owns, plays, and wants to buy. This is incredibly valuable information that Discord can sell if it cannot reach its profit obligations with its current revenue model. If Discord was a successful games store, then it would not need to do this. But if Discord gets in financial trouble, it probably will be forced to liquidate this asset.
==========
==========
Mozilla Thunderbird is an email, newsgroup, news feed, and chat client that was developed by the Mozilla Foundation, who are also the developers of Firefox.
Thunderbird contains a lot of spyware features, however all of these can be opted-out of and most of the spyware is connected to the web-browsing capabilities of Thunderbird. Thunderbird contains some minor spyware protection to its users and does not attempt to collect any information that is extremely sensitive, however it is spyware and does share and collect user information by default that it does not need to share.
From the Thunderbird privacy policy:
Thunderbird may try to contact external DNS servers, standard autoconfiguration URIs, and Mozilla's configuration database to try and work the settings needed for your account. This may involve sending part or all of your email address, but never involves sending your password. When Thunderbird does this, the parties contacted may retain logs of those requests.
Thunderbird contains web browsing spyware features, including compatibility with tracking cookies and JavaScript, which can both be used to allow other parties to spy on users. As such, all of the spyware concerns of browsing the web are relevant when using Thunderbird. However, these features can be turned off. They are not spyware in and of themselves but they are attack vectors for other spyware programs to be downloaded and executed by the user. Thunderbird however provides some basic protections by default such as blocking all remote content in HTML E-Mails.
Thunderbird details in its privacy policy that it updates Mozilla with the add-ons that users have installed, and then uses that information to recommend other add-ons to its users. Thunderbird will also track which "personas" a person installs and uses (these are like themes) when the user is using Mozilla's centralized "personal gallery". These spyware features can be opted-out of or not used.
From the Thunderbird privacy policy:
When you visit a secure website or access secure remote content via emails, Thunderbird may check the identity of that secure remote service using any status provider mentioned in the certificate provided by that service. Thunderbird sends only the certificate identification to the certificate provider, not the exact URL you are visiting. Sending these verification requests to third parties is sometimes important to ensure your connection to a site is secure; to help maintain your security, Thunderbird may deny access to the site if it can't verify your connection using the third party.
Keep in mind that this only applies to web browsing activity that happens on Thunderbird, and not web browsing activity that happens on any other program. This feature can be opted-out of.
Thunderbird will try and download new versions of itself using its update system. Since new versions of programs means that there could be new forms of spyware hidden in the program after updating, this is a form of spyware. This feature has an opt-out.
Thunderbird contains several forms of opt-in spyware that only collects information when the user specifically authorizes it. This includes crash reports and detailed user analytics. Mozilla says that it anonymizes this information if you choose to share it.
==========
==========
HexChat is an IRC client based on XChat, but unlike XChat it's completely free for both Windows and Unix-like systems.
Hexchat is not spyware in and of itself, however you can use it to connect to services that may be spyware. Hexchat is also distributed on spyware platforms such as the Windows Store. If you want to download Hexchat, download it from the developers' website instead of the Windows Store.
==========