Discord as the only official support channel is a big no-no. Projects with a clear posture against privacy don’t belong here IMHO.
2 Likes
Secureblue isn’t aigainst privacy, it just doesn’t sacrifices security for privacy.
And why the project uses Discord is described here.
It’s a public channel it doesn’t really matter. Using discord doesn’t mean they’re against privacy, it’s all about the threat model and for a public discussion discord is perfectly fine.
Not having a support channel that isn’t Discord doesn’t show a “clear posture against privacy”. Discord is the best platform in terms of moderation tools which makes it ideal for hosting a community or a support channel.
It’s the only official support channel. You simply can’t get OS support without sacrificing your privacy.
But they are in this concrete example and the issue is very real.
secureblue is not a privacy project, it’s a security project.
I don’t see how Discord having better modtools and 2fa has anything to do with security. If you want to play this game, having an online forum instead doesn’t sacrifice security since it’s only accessed through the web browser. We can have a discussion on whether or not a selfhosted forum with ACME-CAA and DNSSEC is better fit to fight advanced adversaries when Discord “server” doesn’t belong to you, but… I hope you’re seeing how lead dev making bad faith arguments to support the decision hypocritical by his own standards shows his clear posture against privacy. If you need modtools to gatekeep the community against bad actors spreading viruses, you should own the server at the very least.
2 Likes
Privacy isn’t the same as security, and I’d say the two are being conflated here. I’d consider Discord quite secure for most use cases, but definitely not privacy respecting. Given it is a security focused project, they likely don’t have the same requirements as PG does.
With this, PG pretty much says “any Linux distro is good for privacy”. Instead of PG bailing and saying use any distro, they’ve decided to filter distros based on the next tightly coupled concept: security.
I don’t think I understand your argument. The project uses Discord, ergo the project is bad? I’d agree it’s less than ideal, as I believe having a public viewable forum like this allows anyone to search without needing to post the same question multiple times, but that’s more of a user experience issue. They also seem to be ramping up still - they don’t have a site yet. Discord is likely good enough for them for the time being, especially for real time chatting.
Maybe we can ask the project leader here @RoyalOughtness: do you think it makes sense to include a searchable forum like this for the project (in addition to Discord), or is it on the roadmap for the site? I’ve found it’s much more user friendly in terms of searching for issues of the past.
While i’m frustrated by the anti privacy posture i’ve observed, my initial goal was to make a constructive suggestion.
Discourse supports 2fa, respects user privacy and can be accessed through Secureblue’s hardened browser. It can also be indexed properly and isn’t a knowledge sinkhole as a bonus. Correct me if i’m wrong, but it meets every tickbox lead dev mentioned.
3 Likes
I wouldn’t say it doesn’t matter, as many who care about privacy wouldn’t use discord and therefore probably won’t get support.
3 Likes
I care about privacy and use Discord - privacy is a spectrum, not binary. We all have different use cases.
You can’t expect privacy on a public channel.
No one said it had anything to do with security.
The main use of moderation tools are to protect the community from people raiding the rooms, spamming, trolling, ban-evading and posting content like CSAM. This is hard to prevent on platforms like Matrix usually.
Yes, that’s why I said “many”, but it’s undeniable that discord IS anti-privacy, you cannot hide your identity without jumping through numerous hoops, and everything is logged.
5 Likes
This is so bad faith.
how? It’s a public channel. Anything you post can be seen, logged, scraped by anyone.
My point exactly. Discord provides tools that are better able to protect the community.
This forum is public too, and yet I didn’t have to de-anonymize myself to post here
2 Likes
It is very possible to create a Discord account without a phone number. The secureblue server doesn’t require having a phone number either.
Not with a VPN. I tried, always got my account locked until I provided a phone #.
2 Likes
You misinterpreting my point to make an unrelated, trivial point about the nature of public discussions and coming back at me with an irrelevant conclusion.
1 Like
VPN IPs are usually flagged because of spam similar to how websites block Tor users. Use public wifi or cellular data (shared IP) to create the account.
I don’t understand what your point is, please explain.
Yeah sure, doesn’t make it any less privacy invasive. Cellular data can still be tied to your identity. You could use a VOIP but Discord actively blocks these too.
3 Likes
You can read privacyguides to learn what privacy is.
When privacyguides forum users refer to Discord’s privacy problems, they mean surveillance capitalism. It’s very hard to browse Discord without it and it’s numerous partners tying the dots together since browsers can’t effectively fight fingerprinting, and Discord prohibits the usage of modified clients on top of having strict anti privacy measures making it difficult to register properly. While it’s possible to register properly, the bar is too high, hence why many people end up giving up due to privacy fatigue.
2 Likes