Sure but the workaround is pretty trivial. Any inconvenience caused by working around this issue is smaller than the inconveniences caused to the community at large by spammers, raiders, trolls, etc.
The reality is that other platforms like Matrix fail to provide adequate protection against these very real threats. GrapheneOS rooms are constantly raided by trolls and spammers on Matrix who just ban-evade by simply creating new accounts without any blocks.
Using public wifi to create an account anonymously is not a very high bar. Besides you fail to mention anything about the moderation issues that can plague communities.
As I read through the thread, it seems using Discord is secure as a communication channel. But for the users, it’s not very good for privacy.
Privacy might be out of scope of the project (not entirely, but wouldn’t put it first before security) considering the dev’s response. So, the question is: does Discord really more secure than Matrix in terms of moderation?
A forum like this is another form of communication, but it’s not the same, hence can’t replace Discord/Matrix.
Public wifi? Still gives your general location away, and your account may get flagged later if you connect to a VPN from home. I had a 10 year old account, never used it for anything bad, the instant I removed my phone # my account got locked, and it still is locked to this day, can’t even delete it.
This kind of personal attack isn’t going to lead anywhere productive.
There are absolutely valid reasons for a project like Secureblue to use Discord, such as to minimise moderation related overhead. It has nothing to do with their project at it’s core and has very little, if any bearing on their commitment to privacy and security.
So does your timezone. Your country code can also be trivially detected if you are going to be using the mobile application. A general location from an IP is much less of a problem than providing a phone number.
Discord won’t let you register using Tor/Mullvad browser. Even if they do, Discord doesn’t work in strict mode, which leads us to the second point.
Fingerprinting resistant browsers simply enumerate badness and will fail once the surveillance capitalism inevitably uses new fingerprinting technique.
Anyway, this has gone on for long enough. As @phnx mentioned, the choice of Discord has little to no effect on Secureblue’s commitment to privacy and security and is not a reason to write the project off and invalidate any technical feats that the project has accomplished.
@fiqiluvo.epileto I would appreciate it if the personal attacks stop because I have no idea who you are and why you think that statement coming from me is funny.
Not to the same degree, a timezone is a much bigger area than a city. Plus, like I said, your account can always be flagged later for no reason, as often happens.
If Discord is the only support channel, it would be fine to recommend on a site like Security Guides. But for PG, I am not sure, since the users need workarounds (if they’re working at all) for the arise privacy issues whenever they want to get support from the project.
Firstly, they are not obligated to provide any support whatsoever. Would such a scenario be preferable? Personally, I don’t think so, and I happily accept the compromise that is a Discord given it allows them to offer a support channel at all.
Secondly, the fact that it’s the only official support channel doesn’t mean it’s impossible to get help elsewhere. I bet you could get pretty good help with Secureblue in this community or Linux communities if you asked.
The privacy of Discord is far beyond the scope of a hypothetical recommendation of Secureblue. Discord’s privacy shortcomings are a reason to exclude Discord from consideration, not Secureblue. Should we also exclude every project that uses GitHub to host their code and issue trackers?
This project isn’t mature and doesn’t have any community outside Discord. You can’t even browse Discord without a login.
I bet you’d get a bad experience. Secureblue’s set of security hardenings is pretty unique in the Linux Desktop landscape, the OS itself is niche, sitting at 379 stars on GitHub. hardened_malloc is somewhat discussed in Alpine, Gentoo, Arch communities. hmalloc with kargs, container policies, caps combined? It matters because the most desirable place to discuss the OS isn’t accessible to a person who strives for privacy.
I haven’t looked at this issue too closely, but i know for a fact i can get first class support for every software i use and that gets recommended here on PG. Projects having GitHub isn’t a problem. Projects having GitHub as the only mean of communication with developers/community is concerning. We care because when we look at the project holistically.
Yes!
I see this as an opportunity to voice my desire for privacy to developers in hopes of getting the desirable outcome. If you want your OS to be recognized as security and privacy oriented - please deliver!
The following question is: Is the cost of this compromise too high? Is it align well with the community’s mission?
I believe a (good) Linux distro should have their own place for communication. Whether that place can be recommended in which community is also important. And if that only place is in the opposite direction of the community, the project itself might not be ready to be recommended in said community.
I feel far more safer having an account with GitHub/Microsoft or Google than the like of China’s owned Discord. I could be wrong, though. With that said, I have an account with them. But that’s another matter entirely when it comes to the recommendation in a privacy-focus community.
Moreover, it’s not realistic to ban all GitHub projects, but using other communication channels than Discord is very doable. But doesn’t mean it will align with the project’s goal. That could be why they use Discord.
GitHub allows VPNs, does not demand phone numbers, and can be freely browsed without an account.
To be clear, I still think that Secureblue should be recommended (if PG can make a guide on how to make it more usable), because it’s good. But please don’t defend the undefendable… Discord is the worst, period.
Depends on the context, e.g. I wouldn’t discriminate Volvo cars because it’s China owned, since the contract doesn’t allow the investor company to interfere with the management in Sweden. While this is not true with MG cars, Nokia, etc., and definitely with Discord.
