LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 10-21-2020, 12:59 PM   #1
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,742
Blog Entries: 23

Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
Wink Discord...safe to use?


Hi all,
Well, the title says it all, I was asked to join discord in a discussion.
There is an app (Linux) to use it, or it can be used web-based.
Is it safe? Any tips a newbee should know?
Thanks
Melissa
 
Old 10-21-2020, 01:17 PM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,060
Blog Entries: 13

Rep: Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156
I feel it's as safe as any online chat. Can't offer technical security information here though, that might merit a web search for any security concerns for their collaboration service.

Yeah, just use it via a browser. It very much advertises that you can install an application, I never did.

You should set expectations that you're not online all the time. It defaults to providing information as to whether or not you're online, or you can block that. But I find that some people assume you're "on" whenever it matters to them.
 
Old 10-21-2020, 01:46 PM   #3
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,742

Original Poster
Blog Entries: 23

Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
Quote:
Originally Posted by rtmistler View Post
I feel it's as safe as any online chat. Can't offer technical security information here though, that might merit a web search for any security concerns for their collaboration service.

Yeah, just use it via a browser. It very much advertises that you can install an application, I never did.

You should set expectations that you're not online all the time. It defaults to providing information as to whether or not you're online, or you can block that. But I find that some people assume you're "on" whenever it matters to them.
Thanks
Let me try that thing, then...
Wish me luck
Melissa
 
Old 10-21-2020, 02:04 PM   #4
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,946

Rep: Reputation: Disabled
Depends on what you think safe is, you should read this before deciding.

https://sneak.berlin/20200220/discor...ware-projects/
 
Old 10-21-2020, 02:08 PM   #5
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,742

Original Poster
Blog Entries: 23

Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
Quote:
Originally Posted by orbea View Post
Depends on what you think safe is, you should read this before deciding.

https://sneak.berlin/20200220/discor...ware-projects/
Wow, that is a sobering read. I posted this to the party that invited me. We're supposed to roll out a software project, so...discord is out...
Thanks for posting!
 
Old 10-21-2020, 02:12 PM   #6
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,060
Blog Entries: 13

Rep: Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156Reputation: 4156
Quote:
Originally Posted by ButterflyMelissa View Post
Wow, that is a sobering read. I posted this to the party that invited me. We're supposed to roll out a software project, so...discord is out...
Thanks for posting!
The ironic, genius would be if you posted that USING Discord!

Right. Well that's what I meant by a web search, but obviously someone here had pre-awareness about the topic.
 
Old 10-21-2020, 07:17 PM   #7
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,811

Rep: Reputation: 505Reputation: 505Reputation: 505Reputation: 505Reputation: 505Reputation: 505
There is a guy on the Debian user forums who apparently got hacked by a 'friend' through Discord. The friend sent him screenshots of his system running. There were no other obvious possibilities for the break in. I certainly wouldn't use it, since there are many other choices, some of them completely secure. For chat/IM I use Signal if possible.
 
Old 10-22-2020, 05:22 AM   #8
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,890
Blog Entries: 10

Rep: Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655
Quote:
Originally Posted by orbea View Post
Depends on what you think safe is, you should read this before deciding.

https://sneak.berlin/20200220/discor...ware-projects/
One of the screenshots suggests that turning off message scanning for "explicit" (always hated the convenient vagueness of that term) content makes you "go straight to the dark side".
I strongly disagree with the implication, the Nudging.

The next screenshot shows how Discord clearly spies on you. Why is this considered normal and acceptable nowadays? Bah.

That said I don't know if I like the article, either.

Saying "recording your IP is a privacy problem" is like saying "the internet is a privacy problem". Which isn't wrong, of course.
 
Old 10-22-2020, 06:09 PM   #9
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,500

Rep: Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823
If its "free" and those nefarious Windows 10 / Chromium style opt out "slider" button things are involved, you should smell a rat...
 
Old 10-22-2020, 06:32 PM   #10
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,155

Rep: Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169
Any app, even a web app, that facilitates multiple connections comes with some risk, but Discord via the browser web address is quite a bit safer than the installed app on your system. I used Discord via browsers for over 5 years and never had a single problem and BTW it never asked for my phone number. It did verify my email address but that's pretty small potatoes in the scheme of things. I certainly wouldn't use such an app, web or installed, for anything I really needed to be exclusively private. In fact I wouldn't use a paid version of any app that allows multiple connections by default for sensitive communication. IRC is still very good for that, giving you a great deal of control over who can be involved, legitimately or otherwise.

Naturally every PC user needs a solid firewall and running rootkit hunters occasionally is good practice. I seriously doubt that the guy mentioned above on the Debian user forums "got hacked" via screenshots on Discord, especially when so vaguely reported. Some people suspect hackers and viruses every time their PC acts funny, when on Linux the odds are extremely low... Windows? not so much despite substantial improvements... well... against every "hacker" but Microsoft.
 
Old 10-23-2020, 04:31 AM   #11
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,890
Blog Entries: 10

Rep: Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655
^ Yeah, I would take any such thing posted on either DUF or FDN (the 2 debian forums) with two grains of salt.

And yeah again, it would seem like the best way to use Discrod is in a suitably isolated browser, possibly in a VM even.
 
Old 10-23-2020, 11:34 AM   #12
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,811

Rep: Reputation: 505Reputation: 505Reputation: 505Reputation: 505Reputation: 505Reputation: 505
The poster on DUF is a little goofy, but he says he was using the installed package version of discord, not the browser version, and the other person showed him evidence that he had accessed the poster's system. I can't say that it's all true, but I can say that I will not install that software on my system.
 
Old 10-23-2020, 12:55 PM   #13
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,155

Rep: Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169
Quote:
Originally Posted by sgosnell View Post
The poster on DUF is a little goofy, but he says he was using the installed package version of discord, not the browser version, and the other person showed him evidence that he had accessed the poster's system. I can't say that it's all true, but I can say that I will not install that software on my system.
OK now I'm curious. Was the goofy guy actually in Linux at the time of "access"? Does he not run a firewall? What sort of evidence is there of "access"? The "hacker" was so good he broke into a firewalled, security updated, modern Linux system but so bad he left "footprints"? Your last sentence is what has been noted. Don't install anything extra. Just use the browser version and be smart about what you do there. Sure it is technically possible to embed and hide malicious code in an ostensibly graphic file, but it's REALLY rare and it's ability to do anything depends on very specific targeting. It's easy to target Windows because everyone using it has had essentially the same kernel for over a decade and always has come with backdoors ever since it had connectivity AND it has all it's "eggs" in one "basket" - The Registry. Linux is a compartmentalized moving target, far harder to hit, especially with something as silly as a jpg (far too much work for too little effectiveness).
 
Old 10-23-2020, 05:45 PM   #14
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,811

Rep: Reputation: 505Reputation: 505Reputation: 505Reputation: 505Reputation: 505Reputation: 505
His system is not firewalled, AFAIK, and far from up to date. He refuses to follow advice to upgrade. He's running a 4.4 kernel that hasn't been updated for a very long time. He installs apps from all over, not just the Debian repositories. The evidence was screenshots of his system, while he was running Discord, sent by another Discord user in the same chat. Here is the long sad story, if you're interested. http://forums.debian.net/viewtopic.php?f=3&t=147685
 
Old 10-24-2020, 07:47 AM   #15
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,890
Blog Entries: 10

Rep: Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655Reputation: 4655
Quote:
Originally Posted by sgosnell View Post
Here is the long sad story, if you're interested. http://forums.debian.net/viewtopic.php?f=3&t=147685
Honestly, I find this sort of stuff funny. Yeah, I know, I'm sick and socially challenged.
And this OP has been doing the same things already 1 or 2 years ago, when I last logged in there.
I think they're running a FrankenDebian only to have something to post about, and to prove a point.
This sums it up:
"So you're using a kernel and Ķcode package that were released before Spectre & Meltdown were announced? Are you ****ing stupid?"
And of course OP's answer be like:
"My system is perfect , stable and clean like water.."
Sorry, I don't want to throw this thread OT... I have to stop now...
 
  


Reply

Tags
discord, safety, webapp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: 5 of the Best Discord Bots to Improve Your Discord Server LXer Syndicated Linux News 0 07-11-2019 01:21 PM
LXer: Discord at Libreboot Over GNU Withdrawal LXer Syndicated Linux News 0 09-19-2016 05:43 AM
LXer: How to install Discord on Linux LXer Syndicated Linux News 0 09-14-2016 12:34 AM
LXer: Discord At Last! Unix and Linux-y Humor LXer Syndicated Linux News 3 03-01-2009 04:38 AM
LXer: Debian discord over de-classified developer proposal LXer Syndicated Linux News 0 11-04-2008 09:20 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 05:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration