Add support for end-to-end encryption

Opmerkingen

37 opmerkingen

  • lengo
    This is honestly a great idea. Like some non-profits that are related to gaming may have private channels with actual private company information or like, stuff that should be extremely secure.
    53
  • NotKyon

    This was already posted, and ignored, years ago. (Just like being able to crop avatars when uploading.) I support it regardless. (Just like being able to crop avatars when uploading.)

    42
  • beastman

    This would only be good if they did it right.

    For example, Snapchat current has end to end encryption on its snaps. But nobody cares. Why? Because they did it wrong. Snapchat allows for an unlimited number of keys for an account, and you can change keys after a message is sent. This means that Snapchat can add a key to an already sent message and decrypt it. What’s even the point?

    If they did it like signal, where the fingerprint is visible and messages are locked to that key if you verify it, I would be extremely happy.

    Another point with signal is that it’s open source. The problem with tools like WhatsApp is that you can’t really know they’re end to end encrypted. There’s no way of knowing for sure.

    To sum it up, if discord is going to do end to end encryption, they need to be able to verify and lock keys, and they need to be open source. Otherwise, there is little point.

    I’d like to note that if they did these two things, I would buy nitro hands down. Just a tip, discord, (nudge nudge). (+1 on the vote)

    38
  • Anatomis (Perfect)
    I liked the idea, so, +1
    33
  • Mousii

    While discord has previously expressed a disinterest in it. I'm going to have to agree with this suggestion regardless. With even apps like facebook messenger gaining encryption support soon Discord has absolutely zero excuse here. Privacy is important, millions of people use discord as their primary method of online communication. People share private thoughts and intimate moments on online chat clients such as discord. 
    Even if encryption is just a toggle or just between mutual friends it would still be an absolutely massive improvement to the platforms usability. No one should have to worry about every current or past sensitive message being intercepted by unwanted third parties. Which in the US, generally refers to the Governments ethically questionable mass data collection initiatives.

    24
  • Sam

    By not valuing end-to-end encryption, Discord is actively buliding its own competitors' fanbases. I love Discord but I have some friends who refuse to use apps that aren't e2e encrypted, so I'm exploring other options not because I don't love Discord, but because it doesn't meet my needs. Some people in this thread might say "good for you, don't use Discord," and fair enough, just wanted to point this out in case someone from Discord reads :P

    I love your platform! I wish it had e2e encryption! I will be using other platforms now!

    20
  • TomFryers

    I'd also like to express my support for this.

    19
  • Xblade

    Absolutely. Look at all the privacy crap going on lately in other platforms? It's the way to go.

    12
  • alwei

    This is very important as I sometimes exchange important files with Discord. Very standard in other chat tools.

    12
  • Poised

    Regarding Discord having said no before because they'd like to enforce rules re: immoral content, there's a great comment on Reddit:

    https://www.reddit.com/r/discordapp/comments/dn0xqn/please_discord_add_endtoend_encryption_to_direct/f57jezw/

    Basically, everything can still be end-to-end encrypted. But if Discord needs to investigate a report, they can ask the client software to send over chat history over an encrypted channel to them. Discord claims to the best of my knowledge to not casually read through conversations without a report to investigate anyways.

    This way Discord only had the messages where they were asked to investigate, and ideally those data requests would be logged. It would not deter highly targeted attacks on an individual, but it would make Discord's systems a very uninteresting target. And if someone started making too many requests without proper authorization, it could be shut down.

    Finally, highly targeted attacks can never be prevented. If someone wants some one user's data, they'll just break in their home and steal their laptop. They'll phish out login details, they'll use a more advanced MITM technology, whatever. However... gaining access to ridiculous amount of data for all sorts of spray-and-pray applications with a breach on Discord's side would be impossible.

    11
  • KushGene

    No E2E Encryption in 2020 is just bad as hell.

    Privacy is a right!

    11
  • mango

    please. i would like some basic privacy and i can't "just use something else", because many of my over 200 discord friends don't want to go through the hassle of using a different messenger just to talk to me. :/

    10
  • Lem.on.Lime

    PLEASE add E2E encryption.
    This is a solid platform, but I wouldn't be surprised if the secure messenger by Mass Luminosity, beaconx.com , didn't blow past Discord once it's out of Beta.

    8
  • Dumbledore

    Also Chris Taylor that's a bad idea, you shouldn't need nitro for e2e Encryption, it's pretty important.

    6
  • Samuel_Jones

    Discord will never add end-to-end encryption because they want to collect your data and share it with third parties, which is exactly why the platform shouldn't be used for discussing/sharing any sensitive information. People who truly care about privacy don't use Discord. I made the switch about over a year ago and have never looked back, although I've since stopped talking to almost everyone I had communication with on Discord.

    There are lots of alternatives to Discord for regular messaging, but unfortunately, all of them are flawed. For instance, lots of people incorrectly believe that Telegram is a secure and private messenger despite the wide criticism from infosec individuals about their protocol, the metadata leakage, and the lack of end-to-end encryption by default. There are also various useability issues that are more prevalent among end-to-end encrypted messengers such as problems with messages syncing between devices, losing chat history/not being able to back up chats, messages being delayed, messages not getting decrypted, notifications not working, and so on. However, things are improving, with more alternatives to Signal being available like Session, Threema, and Element. These services should only improve with more time and users.

    If you're looking for a privacy alternative to Discord, then I recommend Signal, Session, or Element. Signal is currently one of the best privacy messengers, but it's far from perfect and has a long way to go in several respects. Session is more anonymous than Signal since it has no phone number requirement. Then Element is more similar to Discord in some ways, but I've found it to be unreliable, with messages failing to decrypt on multiple occasions. Whatever you do, avoid Telegram, Whatsapp, Skype, Zoom, Keybase, Wire, and Wickr. There are no doubt others to avoid that I have failed to mention, but those are some of the more well known ones with end-to-end encryption. A messenger should always be free and open source so that it's trustworthy. It should also minimise metadata like Signal does.

    Finally, end-to-end encryption should never be paywalled; it should be enabled by default for everyone. Privacy is a human right that's being violated by nearly every company you've ever heard of. Many governments are even trying to ban and backdoor encryption for anti-terrorism and anti-pedophilia reasons. Such arguments are nonsensical since the lack of encryption results in security issues for everyone and criminals will just move to other unaffected platforms. Most people are not terrorists or criminals; therefore, they shouldn't be monitored and tracked. You have the right to have private conversations. Furthermore, end-to-end encryption is available for free on many other services, so there would still be no reason to use Discord if you wanted end-to-end encryption. You also shouldn't be forced to support a company who doesn't care about privacy in order to feel the illusion of privacy. Even if Discord did implement end-to-end encryption, it would be extremely unlikely that they'd handle metadata properly, and metadata can reveal a lot.

    Seriously, give up on the idea of Discord getting end-to-end encryption, support a better platform, and educate yourself enough to realise that end-to-end encryption shouldn't be paywalled. Take a look at blogs/guides from the EFF if you don't know where to start.

    6
  • brochard

    Zipdox That's not right, you have to transfer file history on newly linked devices if you want to, but once you're linked you receive messages on multiple devices independently. Try Signal with the desktop app.

    4
  • mango

    i swear to god if they paywall E2EE

    3
  • woodendoors7

    You are partly right, but the point of E2E encryption is that only you, and the person you are messaging with can see your messsges. Now, Discord has full access to all your messages, and can look at them or.even modify them (not implying they would do that), so yes, a guy can't whip up wireshark in a coffee shop and see your conversations, but Discord, or an hacker that just hacked Discord's SQL database can.

    2
  • woodendoors7

    Sorry macley, but do you understand the concept of End to End encryption?

    1
  • Macley

    Well, yes, mostly.
    It's that from both parties, encryption is applied that makes any third party unable to see what the content of a message is.

    I know it can be done using session keys/personal keys (w/ public keys)/whatever. But TLS/HTTPS works in the same way doesn't it? You have a public certificate and between the end user it's encrypted and that makes it possible to communicate/login in a safe way, without a VPN.

    I'm all open to learn, so please correct me if i'm wrong!

    1
  • beastman

    Keys could be stored in the cloud, encrypted by your password. New key generation could be as simple as changing your password and using the old key to sign the new one. A compromised/recovered account would be flagged with an unsigned keychange, old messages would be irrecoverable and all friends of the account would warned.

    1
  • brochard

    Joseph Saber That's false, having E2EE with content hosted on the cloud is totaly feasable, Proton Mail for example does it.
    If you want a messaging app that is E2EE with messages stored in the cloud, there's also the matrix protocol that does it.
    Nothing new to invent.

    1
  • woodendoors7

    Yes, very false.
    Discord could send you the encrypted message, you would decrypt it. That's how it works.

    1
  • Chris Taylor

    Make it so that E2E Encryption is a paid service, maybe as part of Nitro.

    Then those that don't want it and are happy to continue as normal, fine no problems they get un-encrypted data. 

    However those such as my political organisation, that want to be able to debate in private without the possibility of having their words taken out of context can pay for an encrypted service, and relax with the certainty they they can debate all side of any argument without people taking what they say as "their own opinion", and causing unnecessary hurt and suffering.

    0
  • Dumbledore

    living The point is that how are you meant to report people if they are just spying on your messages and you can't even see them...

    0
  • Ahmed minegames

    discord will never add E2E encryption cause they wanna share data with third parties, if you really wanna send a sensetive information to a discord chat you should encrypt the message with a public key and the other should decrypt it with the private key he have (encrypting and decrypting manually) and the best you can encrypt with are RSA

    0
  • Macley

    I'm looking back at this, and i kinda wonder the following.

    The requests/networking related part of the Discord client goes trough HTTPS isn't it?

    Wouldn't it be so that thanks to TLS, the traffic between the end-user and Discord is then encrypted and has like bank level/normal level of encryption?

    i'm curious what you guys think, perhaps i can throw this to a Discord support member so we can perhaps feel a bit more safer using Discord :P.

     

    Do you think it's worth using E2E if TLS is already involved?

    0
  • Macley

    Thank you for the fully and well explained answer! I was only thinking about literal E2E but indeed the part of discord being able, and 3rd parties access to the DB are a concern!

    I hope they’ll implement this, as it would then be a more worthy competitor against WhatsApp.

    thank you again for explaining, I really appreciate this.

    0
  • Zipdox

    I think the biggest problem for E2E is how the keys are stored. If you look at something like WhatsApp (let's ignore the fact that it's probably backdoored), the messages are stored on your device locally, and so are the keys. Discord can't really store the keys for you because then the E2E encryption would be pointless as they have access to the keys.

    0
  • Paparamericano

    beastman YES. this is something I wanted to say here a while ago, but I couldn't log in

    0

U moet u aanmelden om een opmerking te plaatsen.