##Some general background

Discord is a privacy and security disaster. They do not make their money through ads and tracking (as of now) but they do not care about privacy or security just the slightest bit either. Discord messages are not end to end encrypted. Discord, their employees and their infrastructure partners like Google Cloud Messaging have access to your messages at all time. Do not ever send anything sensitive over Discord! Discord also does not delete your messages when you delete your account, leave a server or delete a channel or group. When you delete a channel or group or get removed from one your messages still stay on their server. You just lose access to them and have no way to delete them anymore. If you delete your account without deleting your messages first they will stay on their servers forever without you having any way to access or delete them. There is no official way for deleting all your messages. I am not a lawyer, but I am very sure that is a violation of the GDPR and highly illegal. They claim they anonymize that data when you delete your account, but all your messages are still tied to an account ID and there is no way to anonymize private messages that can contain personal information. Using client mods to automate deleting messages is even against their TOS. They do not comply with laws that require them to delete your data and reserve the right to ban you when you try to do that yourself. You should absolutely regularly delete your messages anyways. Make sure to have another mean of contact for your Discord friends so you do not rely on Discord as they can and do of course ban you for any or no reason whatsoever.

Discord also has extremely extensive telemetry that is not anonymized. They basically log every click you make in the app: when you click on a profile, when you join a voice channel etc. You can see this data when you do a GDPR request. Included in this logs is your IP address, your rough location and device information for every single event. You can block some of this with uBo in a browser or with client mods.

##Settings in Discord

  • Opt out of personalization and other data sharing.
  • Set yourself to invisible/offline. Everyone on every server can see when you are online otherwise and there are bots collecting this information.

##Modifications

  • If you can, use Discord in a browser with uBlock Origin.
  • Regularly use a script like this to delete your messages.
  • Consider using a VPN to hide your IP address and location.
  • If you use their mobile app do not grant it storage permission and instead share files from your gallery or file manager with Discord.

##Usage

Assume that absolutely everything you do on Discord – every message you send every word you say in a voice channel, every click you make – gets permanently recorded by Discord and secrete services, gets sold to advertisers either right away or in the future and breached to the public in the future. That is exactly what you risk when using Discord. Use it accordingly and do not share anything sensitive. If you need to discuss something private shift to another platform.

  • TriStar@lemmyfly.org
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I am not a lawyer, but I am very sure that is a violation of the GDPR and highly illegal.

    Sadly not. GDPR mandates that user content be deleted or anonymized and replacing your username with “Deleted User” seems to satisfy this requirement, even if everybody knows it’s you who sent them. FWIW Reddit doesn’t delete your comments either, but at least they don’t prevent you from deleting them via a script.

      • TriStar@lemmyfly.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        The fediverse caught regulators on the back foot, as new tech tends to do. Yes, legally speaking they admins should anonymize or delete the modlogs and comments/posts, but is it technically possible on lemmy considering content is distributed across multiple instances? No idea. Your best bet is to email the administrators of your home instance. Also mind GDPR rights only apply to you if you’re a citizen of the EU.

    • ThreeHopsAhead@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Messages can contain personally identifiable information and they very often do. You cannot anonymize messages by just deleting the user name and email address of the sender. With Reddit the difference is that it is public in the first place while with direct messages you have anexpectations of privacy. But of course how things turn out in court is another matter.