Add support for end-to-end encryption


36 kommentarer

  • lengo
    This is honestly a great idea. Like some non-profits that are related to gaming may have private channels with actual private company information or like, stuff that should be extremely secure.
  • Anatomis (Perfect)
    I liked the idea, so, +1
  • NotKyon

    This was already posted, and ignored, years ago. (Just like being able to crop avatars when uploading.) I support it regardless. (Just like being able to crop avatars when uploading.)

  • TomFryers

    I'd also like to express my support for this.

  • beastman

    This would only be good if they did it right.

    For example, Snapchat current has end to end encryption on its snaps. But nobody cares. Why? Because they did it wrong. Snapchat allows for an unlimited number of keys for an account, and you can change keys after a message is sent. This means that Snapchat can add a key to an already sent message and decrypt it. What’s even the point?

    If they did it like signal, where the fingerprint is visible and messages are locked to that key if you verify it, I would be extremely happy.

    Another point with signal is that it’s open source. The problem with tools like WhatsApp is that you can’t really know they’re end to end encrypted. There’s no way of knowing for sure.

    To sum it up, if discord is going to do end to end encryption, they need to be able to verify and lock keys, and they need to be open source. Otherwise, there is little point.

    I’d like to note that if they did these two things, I would buy nitro hands down. Just a tip, discord, (nudge nudge). (+1 on the vote)

  • living

    Everybody is just ignoring they said no before

  • Mousii

    While discord has previously expressed a disinterest in it. I'm going to have to agree with this suggestion regardless. With even apps like facebook messenger gaining encryption support soon Discord has absolutely zero excuse here. Privacy is important, millions of people use discord as their primary method of online communication. People share private thoughts and intimate moments on online chat clients such as discord. 
    Even if encryption is just a toggle or just between mutual friends it would still be an absolutely massive improvement to the platforms usability. No one should have to worry about every current or past sensitive message being intercepted by unwanted third parties. Which in the US, generally refers to the Governments ethically questionable mass data collection initiatives.

  • purpzie

    This seems unnecessary tbh. I mean sure, if you want it go ahead, but both users would have to agree. Otherwise, bots would take over discord with advertisements. There isn't much improvement by enabling it tbh other than "feeling" more secure, but discord already is secure on their end :/

  • Sketchie

    Guys, evil corporation bad. Downvote all who disagree.

    Give me a break. Discord is meant to be a chat platform for gamers. If you have anything that you feel needs to be this private, use some other platform. You're not symbiotically attached to Discord, for God's sake. If a service doesn't fit your needs, go to another service. Don't try to change it at the expensive of others just because you're paranoid and think that some evil hackerman is reading every single message sent through Discord ever at all times. One of the main arguments for this is literally "other services do it," so why not use those other services? Discord needs to be able to moderate its own platform. It can't do that if they can't even see offending content in the first place.

    Another thing people keep saying is that you can just "send screenshots." Sending screenshots to report is not at all a good idea, because guess what: Discord uses Chrome. Inspect Element is literally just a keystroke away. It's so easy to fake screenshots, that would be abused to Hell and back.

  • Poised

    Regarding Discord having said no before because they'd like to enforce rules re: immoral content, there's a great comment on Reddit:

    Basically, everything can still be end-to-end encrypted. But if Discord needs to investigate a report, they can ask the client software to send over chat history over an encrypted channel to them. Discord claims to the best of my knowledge to not casually read through conversations without a report to investigate anyways.

    This way Discord only had the messages where they were asked to investigate, and ideally those data requests would be logged. It would not deter highly targeted attacks on an individual, but it would make Discord's systems a very uninteresting target. And if someone started making too many requests without proper authorization, it could be shut down.

    Finally, highly targeted attacks can never be prevented. If someone wants some one user's data, they'll just break in their home and steal their laptop. They'll phish out login details, they'll use a more advanced MITM technology, whatever. However... gaining access to ridiculous amount of data for all sorts of spray-and-pray applications with a breach on Discord's side would be impossible.

  • Xblade

    Absolutely. Look at all the privacy crap going on lately in other platforms? It's the way to go.

  • Sam

    By not valuing end-to-end encryption, Discord is actively buliding its own competitors' fanbases. I love Discord but I have some friends who refuse to use apps that aren't e2e encrypted, so I'm exploring other options not because I don't love Discord, but because it doesn't meet my needs. Some people in this thread might say "good for you, don't use Discord," and fair enough, just wanted to point this out in case someone from Discord reads :P

    I love your platform! I wish it had e2e encryption! I will be using other platforms now!

  • alwei

    This is very important as I sometimes exchange important files with Discord. Very standard in other chat tools.

  • mango

    please. i would like some basic privacy and i can't "just use something else", because many of my over 200 discord friends don't want to go through the hassle of using a different messenger just to talk to me. :/

  • Lem.on.Lime

    PLEASE add E2E encryption.
    This is a solid platform, but I wouldn't be surprised if the secure messenger by Mass Luminosity, , didn't blow past Discord once it's out of Beta.

  • Chris Taylor

    Make it so that E2E Encryption is a paid service, maybe as part of Nitro.

    Then those that don't want it and are happy to continue as normal, fine no problems they get un-encrypted data. 

    However those such as my political organisation, that want to be able to debate in private without the possibility of having their words taken out of context can pay for an encrypted service, and relax with the certainty they they can debate all side of any argument without people taking what they say as "their own opinion", and causing unnecessary hurt and suffering.

  • KushGene

    No E2E Encryption in 2020 is just bad as hell.

    Privacy is a right!

  • Dumbledore

    Also Chris Taylor that's a bad idea, you shouldn't need nitro for e2e Encryption, it's pretty important.

  • Dumbledore

    living The point is that how are you meant to report people if they are just spying on your messages and you can't even see them...

  • mango

    i swear to god if they paywall E2EE

  • Zipdox

    Have you ever noticed how every chat app with E2EE doesn't allow you to access chats from multiple devices without a host device? It's a major technological drawback.

  • brochard

    Zipdox That's not right, you have to transfer file history on newly linked devices if you want to, but once you're linked you receive messages on multiple devices independently. Try Signal with the desktop app.

  • Samuel_Jones

    Discord will never add end-to-end encryption because they want to collect your data and share it with third parties, which is exactly why the platform shouldn't be used for discussing/sharing any sensitive information. People who truly care about privacy don't use Discord. I made the switch about over a year ago and have never looked back, although I've since stopped talking to almost everyone I had communication with on Discord.

    There are lots of alternatives to Discord for regular messaging, but unfortunately, all of them are flawed. For instance, lots of people incorrectly believe that Telegram is a secure and private messenger despite the wide criticism from infosec individuals about their protocol, the metadata leakage, and the lack of end-to-end encryption by default. There are also various useability issues that are more prevalent among end-to-end encrypted messengers such as problems with messages syncing between devices, losing chat history/not being able to back up chats, messages being delayed, messages not getting decrypted, notifications not working, and so on. However, things are improving, with more alternatives to Signal being available like Session, Threema, and Element. These services should only improve with more time and users.

    If you're looking for a privacy alternative to Discord, then I recommend Signal, Session, or Element. Signal is currently one of the best privacy messengers, but it's far from perfect and has a long way to go in several respects. Session is more anonymous than Signal since it has no phone number requirement. Then Element is more similar to Discord in some ways, but I've found it to be unreliable, with messages failing to decrypt on multiple occasions. Whatever you do, avoid Telegram, Whatsapp, Skype, Zoom, Keybase, Wire, and Wickr. There are no doubt others to avoid that I have failed to mention, but those are some of the more well known ones with end-to-end encryption. A messenger should always be free and open source so that it's trustworthy. It should also minimise metadata like Signal does.

    Finally, end-to-end encryption should never be paywalled; it should be enabled by default for everyone. Privacy is a human right that's being violated by nearly every company you've ever heard of. Many governments are even trying to ban and backdoor encryption for anti-terrorism and anti-pedophilia reasons. Such arguments are nonsensical since the lack of encryption results in security issues for everyone and criminals will just move to other unaffected platforms. Most people are not terrorists or criminals; therefore, they shouldn't be monitored and tracked. You have the right to have private conversations. Furthermore, end-to-end encryption is available for free on many other services, so there would still be no reason to use Discord if you wanted end-to-end encryption. You also shouldn't be forced to support a company who doesn't care about privacy in order to feel the illusion of privacy. Even if Discord did implement end-to-end encryption, it would be extremely unlikely that they'd handle metadata properly, and metadata can reveal a lot.

    Seriously, give up on the idea of Discord getting end-to-end encryption, support a better platform, and educate yourself enough to realise that end-to-end encryption shouldn't be paywalled. Take a look at blogs/guides from the EFF if you don't know where to start.

  • Ahmed minegames

    discord will never add E2E encryption cause they wanna share data with third parties, if you really wanna send a sensetive information to a discord chat you should encrypt the message with a public key and the other should decrypt it with the private key he have (encrypting and decrypting manually) and the best you can encrypt with are RSA

  • Macley

    I'm looking back at this, and i kinda wonder the following.

    The requests/networking related part of the Discord client goes trough HTTPS isn't it?

    Wouldn't it be so that thanks to TLS, the traffic between the end-user and Discord is then encrypted and has like bank level/normal level of encryption?

    i'm curious what you guys think, perhaps i can throw this to a Discord support member so we can perhaps feel a bit more safer using Discord :P.


    Do you think it's worth using E2E if TLS is already involved?

  • woodendoors7

    Sorry macley, but do you understand the concept of End to End encryption?

  • Macley

    Well, yes, mostly.
    It's that from both parties, encryption is applied that makes any third party unable to see what the content of a message is.

    I know it can be done using session keys/personal keys (w/ public keys)/whatever. But TLS/HTTPS works in the same way doesn't it? You have a public certificate and between the end user it's encrypted and that makes it possible to communicate/login in a safe way, without a VPN.

    I'm all open to learn, so please correct me if i'm wrong!

  • woodendoors7

    You are partly right, but the point of E2E encryption is that only you, and the person you are messaging with can see your messsges. Now, Discord has full access to all your messages, and can look at them or.even modify them (not implying they would do that), so yes, a guy can't whip up wireshark in a coffee shop and see your conversations, but Discord, or an hacker that just hacked Discord's SQL database can.

  • Macley

    Thank you for the fully and well explained answer! I was only thinking about literal E2E but indeed the part of discord being able, and 3rd parties access to the DB are a concern!

    I hope they’ll implement this, as it would then be a more worthy competitor against WhatsApp.

    thank you again for explaining, I really appreciate this.

  • Zipdox

    I think the biggest problem for E2E is how the keys are stored. If you look at something like WhatsApp (let's ignore the fact that it's probably backdoored), the messages are stored on your device locally, and so are the keys. Discord can't really store the keys for you because then the E2E encryption would be pointless as they have access to the keys.


Du måste logga in om du vill lämna en kommentar.