Implement WhisperSystems Encryption for Voice and Text
-
I totally agree with this. It's not necessary for all chats, and would be pretty impossible to do that in a user friendly way anyway. However, PMs should have the option for E2E encryption at least. It does present a problem with the mobile app, but I think there is a trade off that can make for a good middle ground.
For any devs that might see this, I think I have a method of making things work.
FOR ENCRYPTION:
- Let users that care about security generate their own GPG encryption keys.
- Have them upload the public key to the Discord Server and store it tied to their user ID (i.e. notBob#1234). This could easily be done under the "Privacy & Safety" as it's nothing more than a blob of data.
- Implement a way to point the app at the private key stored at whatever location it is stored at on the users computer for later decryption. Or store the private key locally on the app but DO NOT SYNC IT TO THE CLOUD!
- Add a checkbox (and probably a global, server, and/or per channel setting) on the PM system to encrypt a message (and/or REQUIRE a sender to do so based on the settings above).
- Have the system automatically check to see if the recipient has a public PGP key uploaded to their account.
- If yes, use it to encrypt the message. If not, generate a message to the recipient with a link to a webpage explaining how to generate a key and upload it. Send it on the PM channel so the recipient can let the person know when they have a key available (or have the system automatically notify the person that requested one to be generated).
- IF THERE WAS NO KEY: Let the sender know that the message will not be encrypted and that the recipient will be prompted to generate and upload a public encryption key and that they will be notified when this is done. Give them the option to send anyway or cancel the message and wait until a key is available.
FOR DECRYPTION:
- Since there's not really a way to store the private key locally (not and still have it be secure), wrap the message up and instead display a button that triggers the app to look for the private key at whatever location was specified in step 3 above.
- If on a mobile device, just disable the button. Let the user follow up when they get home. Some form of automatic way to remind the user would be a good idea. I would suggest either some form of "Snooze" option or making encrypted messages show as unread until the button has been clicked. Add an automatic timeout that resets the button to an active state and re-encrypts the message after some fixed interval, say 15 minutes, but without the unread flag.
25 -
I agree. I sometimes use Discord to share confidential information with my IRL friends and don't want Discord employees to see it.
7 -
Why do you guys think discord is free? They need access to your texts so they can sell the info they gathered to advertisers and so on, they're not going to strengthen the encryption anytime soon
2 -
That wouldn't work for trust and safety team.
Imagine those child abuse servers if all communications were encrypted.It has a place on some platforms like telegram/signal/whatsapp, but I don't think discord needs to be encrypted in that way too.
Sure, user -> discord, discord -> user (which they already do), but the trust and safety team need to read messages for ToS and law breaches.
-14 -
Seems unlikely since most of Discord's investors are advertisers and people who would care about spying on people, but I'll still upvote it. Maybe Discord can improve ethically and be a nicer company
7 -
Calls and screen shares should also be encrypted end to end.
Let's make discord a private platform!
1 -
Make it so that E2E Encryption is a paid service, maybe as part of Nitro.
Then those that don't want it and are happy to continue as normal, fine no problems they get un-encrypted data.
However those such as my political organisation, that want to be able to debate in private without the possibility of having their words taken out of context can pay for an encrypted service, and relax with the certainty they they can debate all side of any argument without people taking what they say as "their own opinion", and causing unnecessary hurt and suffering.
-5 -
+1 for end-to-end encrypted DMs and private groups!
4 -
For now, what you can do is to put published PGP keys fingerprint in the new "About" section, and send encrypted messages by sending the file (+ Discord has a really great text files interface)
-1 -
Discord really needs this feature, and it is been *years*. Since there are some concerns about safety/legal issues, maybe an initial pass at this could be limited to short, ad-hoc messages between individual users rather than fully encrypted chats/channels/etc... Here are some possible mitigations:
- Make this text-only and length-limited. The intended use case would be for individual messages with sensitive information, which shouldn't tend to be very long (shared passwords, health info, personal ID info, sensitive details related to an otherwise less sensitive conversation etc...).
- Allow a recipient who had access to decrypt the message to flag and report it, thus sharing the decrypted contents of just that message with Discord for review/investigation/etc... Warn users via appropriate UI elements that encrypted messages can be reported and shared with Discord solely at the discretion of the recipient or sender (in case a sender is providing context when reporting received messages).
- Encode URLs so that they are not clickable, warn users appropriately that they should not blindly copy and paste any received links into a browser.
- Make these messages expire and remove themselves automatically
- Rate limit messages and provide other restrictions (such as limiting it to mutual friends, etc...) to avoid unsolicited encrypted messages, spam, etc...
If there are any other concerns: they probably currently exist on the platform anyway due to the ability to send encrypted files, and thus really should not prevent implementation of this feature.
0
Accedi per aggiungere un commento.
Commenti
10 commenti