Evergreen Guide: How to Be Safer On Discord

WARNING: DISCORD IS A LEGACY GAMER PLATFORM THAT IS NOW HOME TO

MORE “VULNERABLE COMMUNITIES” THAN ANY OTHER PLATFORM. IF YOU USE
IT, YOU MUST TAKE STEPS TO PROTECT YOURSELF.
COMMUNITY LEADERS STRONGLY ADVISED TO SWITCH PLATFORMS!!!

Assume anything you say and do on Discord is in the public domain, no matter what anyone says.

What is this about Discord? Is it not safe to use? I’ve heard some rumors, but with over two hundred
million users, surely they can’t be doing anything that terrible, right?

We’re all used to social media by now. If you’ve looked at how the major platforms
make money, you already know they can offer “free” services because they
harvest detailed user data for a variety of reasons:
1. to understand what it takes to keep you engaged and constantly using
their services
2. to show you targeted ads
3. to recommend third-party products and services that they can monetize
through commissions
4. to be able to sell vast amounts of sensitive information about everyone to
third-party data aggregators
5. to collaborate with state actors as part of a global surveillance strategy.

Discord is somewhat worse than the average social media spyware we use every
day, in a number of ways:

1. They do not have end to end encryption

2. They make it easy for admins to see “everything”
 3. They don’t follow typical standards for consent when recording calls and
videos
4. They have not fixed vulnerabilities that make it possible for over a dozen
third party companies to commercialize spyware (e.g., “protect and watch
your children” or “catch your cheating spouse”)
5. Malware affects most users; you get it most commonly by opening a shared
and dangerous link or file or picture from someone you trust (they didn’t
know)
6. They make recordings of users constantly even when you are not using
voice features
7. They monitor what you are doing in your browser constantly even in
different windows or tabs
8. It was sold to a Japanese company and employees have been caught
stealing and spying
9. It is generally considered easy to reverse engineer by software developers

Omg! So what can I do??? This is where all my support network “lives” right now. I have so much content
on Discord. I am screwed! Am I screwed?

READ THEIR POLICY

First of all, everyone who uses any social media product probably should read the
company's Privacy Policy. In the case of Discord, it's a pretty shitty one. The policy
"sounds" good because they used marketers to manipulate the language. But
what it actually says is anything but comforting to privacy & security experts and
advocates. (That said, most social media behemoths have shit for privacy.)

GET A GOOD VPN AND USE IT ALWAYS

A VPN is not going to guarantee total privacy, but it will mask your IP address
from Discord and prevent them from tracking your location.
Also, even if you have done everything else possible to protect your privacy, did
you know that your ISP probably logs absolutely everything you do? They are
known to share data about US citizens with government agencies at a scale that
may be massive. ISPs can track you across devices, in any browser or app, and
across any login or profile you may have.

There are really only two ways around this. One is to use a VPN. This obfuscates
your IP address and other information, making it a bit harder for ISPs to spy.

There are a ton of services, but you can’t trust many of them. Since they will
become the single point of failure through which all your activity is funneled,
choose wisely!! I have used expressVPN, NordVPN, Proton, and a couple of others.
Whichever one you pick, make sure it absolutely does not log user data under any
circumstances. Ideally their servers should be located somewhere outside of what
is called “the 14 eyes countries” that are known to have invasive surveillance
programs and regularly spy on citizens.

Another good idea is to use a router at home with excellent threat detection and
prevention features.

DELETE YOUR NATIVE DISCORD APPS & CAREFULLY USE ONE BROWSER ONLY
You heard it from me. Get rid of those apps. Sign out first, and delete them, then
delete them from the trash, then reboot your devices. If you are paranoid, there
are guides about how to really delete programs from your devices, leaving no
trace behind. You can also reimage devices.

Up to you, how far you want to take this, but you need to get rid of the Discord
apps from every device you use. This is because it tends to make it MUCH easier
for Discord to abuse its powers and invade your privacy.

Start using Discord in a browser, ideally a privacy-focused browser (like Brave,

Firefox, Mozilla, Duck Duck Go, and recently now Safari too) , and use one browser
exclusively for Discord and nothing else. NOTHING. (See below for how to harden a
browser.)

You can pin Discord tabs to make them easier to find on a desktop browser. Most
mobile devices will let you add web bookmarks as icons to your homescreen (this
will look almost exactly like you have the app installed, so be careful not to get
confused).

Do not ever log into Discord using another service (like with Google, Facebook,
etc.). NO NO NO NO!!!! .

Don’t leave Discord on in the background all the time. Log in and out. Log out
whenever possible.

Don’t ever accept files from anyone on Discord.

Never install or interact with any Discord bots.

PICK A PRIVACY BROWSER, HARDEN IT, AND STOP USING RISKY FEATURES

CHOOSE: There are a million guides comparing browsers for 2022. Some of the
most secure browsers (like Chrome) are really bad when it comes to privacy. A few
browsers that I have used include: Firefox, Brave, DuckDuckGo, Safari.

USE: Once you pick a browser, make it the default browser on all your devices.

HARDEN: No browser is good enough “out of the box.” Search for a guide from a
reputable company that specializes in security & privacy. These will have names
like “ How to harden your browser to maximize privacy.”

NOTE: Be prepared to spend a while implementing all the steps.

There are so many things you can do to harden a browser: Set the default search
engine to one that does not track or collect user data, disable cookies, clear
cache regularly, avoid javascript, disallow data collection about usage, turn on
“do not track” (which is just a request, and is not enforceable), do not save your
history, etc,

There are a few things that are so important they each deserve their own
paragraph:

- Use a privacy focused search engine and make it your default.

- Use a third-party password manager. NEVER EVER store credit card

information, your name or address, or saved passwords in the browser
 itself!!! Don’t use the password managers that come with devices. Use a tool
like 1password.

- Stop sites from fingerprinting you. This is exactly what it sounds like. Even if
you have done EVERYTHING ELSE, you are still easily and personally
identifiable (with precision that is equal to or greater than actual
fingerprints). Advanced models have been trained to analyze every bit of
information they can detect, including system settings, screen size, etc. This
also includes information about how fast you type and the specific
cadence of certain letter combinations and words; typos you make over
and over, how you use keyboard shortcuts, etc. BLOCK FINGERPRINT
TRACKING. Good guides will tell you exactly how.

- Stop ad trackers. These are hidden little pixels or tiny bits of information
that follow you around the internet to analyze everything you do. This is a
big massive boom for data harvesting services, who then sell information
about targeted groups of people to basically anyone who can afford it. \

Right now, I can buy a list of people who consider themselves Experiencers,
live in a specific area, are males under 40, have higher than average
discretionary income, tend to make impulsive decisions, use Discord, etc. I
can buy this data legally and use it to promote a product or service. This is
the business of Ad Tech in America.

If I am a real denizen, I can get this kind of information for free (or steeply
discounted), without having to disclose my identity. This happens all the
time when hackers and government agencies buy your data from the
cobwebby corners of the sketchy “Dark Web.”

- Limit plug-ins. These are also called browser extensions, and they almost
always suck. Go above and beyond to avoid them wherever humanly
possible. They are responsible for more consumer security incidents than
almost anything else.

BE AWARE. SLOW DOWN. REPORT VIOLATIONS.

1. Block all DMs except from people you know.

 2. Take a minute to verify a user’s info (their NUMBER not their NAME)
matches the official community roster.
3. Learn about social engineering and don’t believe anything people say.
4. Cover your camera.
5. Take away all possible permissions on your devices that Discord wants in
Settings.
6. Always ask if you are being recorded. Assume every recording requires all
party consent.
7. Does you community have a clear policy about consent pinned to the top?
Demand one!
8. If you have any issues, report them to Discord’s Trust and Safety team, as
well as local law enforcement. Here are guides on reporting violations:

Server Violations:

https://www.wikihow.com/Report-a-Discord-Server

User Violations:

https://www.makeuseof.com/how-to-report-someone-on-discord/

United States Violations:

https://getterms.io/blog/how-do-i-report-a-privacy-violation

European Violations

https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/reporting-on-
gdpr-compliance-to-the-board

Other Resources

https://www.courthousenews.com/gamers-say-openfeint-sold-them-out/

https://cadence.moe/blog/2020-06-06-why-you-shouldnt-trust-discord

https://luna.gitlab.io/discord-unofficial-docs/science.html
https://discord.news/trust-and-scam/

https://www.forbes.com/sites/thomasbrewster/2019/01/29/discord-the-2-billion-gamers-paradise-co
ming-to-terms-with-data-thieves-child-groomers-and-fbi-investigators/

https://www.newsweek.com/discord-furries-terms-service-community-guidelines-1323099

https://techcrunch.com/2017/06/07/discord/

https://medium.com/tenable-techblog/lets-reverse-engineer-discord-1976773f4626