Discord

Discord

Discord, Inc
Wi-Fi

Review date: Sept. 8, 2021

|
|

Mozilla says

|
People voted: Somewhat creepy

Discord is more of a community with video call features built in, than a stand-alone video call app. Initially a place for gamers to meet, chat and share, Discord has grown to over 150 million users and its communities now include everything from book clubs, dance classes, study groups, anime, music, and more. Discord features text and voice chats as well as video call. The app is available on Android and iOS, as well as a download on Mac, Windows, and Linux. Users can also login through their browser. Discord has had problems with toxic content harming its users, ranging from harassment, human trafficking, and other online crimes. So if this is something your kids are using (it probably is), it's good to keep an eye out

What could happen if something goes wrong?

Last year we found Discord didn’t require a strong password to login. When our research came out, Discord, to their credit, immediately changed their login process to require a strong password. Yay! We love to see companies step up and make change for the better. Good work Discord! Discord does collect a fair amount of data on its users and says it can share that data with third-parties. Discord says they do not monetize this data -- their business model is based on subscriptions to premium services rather than monetizing data for advertising. However, we found their privacy policy to be pretty vaguely worded, which is a concern. They may not sell users’ data, however, it appears they can and likely do share data with many third-parties for only vaguely defined purposes. Discord did let us know they are in the process of updating their privacy policy to make it easier to understand for users, which is good to hear. One final concern with Discord is its history of malware and toxic communities. Discord users have reported experiencing harassment, abuse, and predators. Getting targeted with hate speech, getting harassed by misogynistic gamers, or accidentally stumbling across a porn ring are all real concerns for people on Discord who aren't careful. Discord recently acquired a start-up that makes AI-powered software to detect and remove online harassment, which could be a good step forward. However, other instances of AI content moderation in use in recent years have a questionable track record, so stay tuned.

mobile Privacy warning Security A.I.

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Discord states it is 'not in the business of selling your information," which is great. That said, the way Discord manages data is currently largely vaguely defined. One of numerous confusing clauses is, 'We may also share aggregated or non-personally identifiable information with our partners or others for business purposes.' Discord says the do share data with third parties, including service providers like Google, Stripe, and Paypal. Discord also let us know they are in the process of updating their privacy policy to make it easier to understand for users. This is good to hear and will hopefully clarify some of the questions we found to be vaguely addressed in their current privacy policy.

How can you control your data?

Discord claims users can delete any message they have ever sent. Once a message is deleted, it is permanently deleted from their servers. If a channel, a server or a user account is deleted, all personal information is deleted too. However, we found the data retention section of their privacy policy a wonderful example of how a privacy policy can be made unspecific and confusing. Leaving it here in full: 'We generally retain personal data for so long as it may be relevant to the purposes identified herein. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time." While this may be rather standard privacy policy language, the vagueness leaves us with questions like, what purposes are relevant?, how is anonymizing data disposing of it?, and that last sentence seems to negate the first two. Vague privacy policies leave us scratching out head.

What is the company’s known track record of protecting users’ data?

Needs Improvement

In June 2020, Discord was identified as a favorable place to steal accounts. Discord also has a dubious track record of hate speech, abuse, and toxic behaviors on the platform. The company says they are in the process of enhancing their processes to make it easier to report these types of issues. Hopefully this will be a good step forward to help improve their track record at protecting users and their data.

Can this product be used offline?

Not Applicable

User-friendly privacy information?

No

The policy is short and vague.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Discord uses encryption at rest and encryption in transit for all data.

Strong password

Yes

A strong password is required to login

Security updates

Yes

Discord pushes regular security update as necessary.

Manages vulnerabilities

Yes

https://discord.com/security

Privacy policy

Yes

Does the product use AI? information

Yes

Discord allows AI chatbots. Discord recently bought Sentropy, a start-up that makes AI-powered software to detect and remove online harassment.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

No

Does the user have control over the AI features?

Can’t Determine


News

Parents' Ultimate Guide to Discord
Common Sense Media
Is Discord safe? How does it work? And what does it have to do with Fortnite? Here's everything you need to know about this popular chat app for gamers.
Discord privacy tips that you should use in 2020
Cyber News
This article will give you all that you need to know about staying private when using Discord and having no fear when linking up with other players.
Hackers have turned Discord into an account stealer - here's what you need to know
TechRadar
Researchers have uncovered a new malware campaign that turns popular gaming chat service Discord into a dangerous account stealer.
Discord has won over gamers. Now it wants everybody else
Financial Times
Citron has his sights on another prize: bringing the niche Discord, whose 150m users mostly use it to chat to one another while gaming, to a mass audience.
Why Does Discord Not Use Ads? And Why Is Microsoft Interested? We Asked Discord's CEO
NPR
What started as a community for gamers has in the past year become a hub for virtually everything: conferences, karaoke, book clubs, group therapy, homework help, sneaker trading and analyzing Wall Street stocks. It doubled its users during the pandemic, with nearly 150 million worldwide now using the chat app every month.
Hackers Are Exploiting Discord and Slack Links to Serve Up Malware
Wired
Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victims—sometimes in unexpected ways.
How to upgrade Discord security
Kaspersky Lab
Evade spammers, take control of your notifications, and protect your Discord account from hijacking.
Inside Discord’s Security Overhaul
OneZero on Medium
Zero monetized data sharing is a pretty bold claim for a technology company to make. So I started to dig deeply into Discord’s privacy and security — from a legal, technical, and business standpoint. I expected to find all kinds of lurking demons. But instead, I walked away pleasantly surprised. Discord still faces challenges, but the company seems genuinely committed to improving privacy and security for its users.

Comments

Got a comment? Let us hear it.