Comment on Can we please unpin the proprietary off-site/off-network promotion of discord

CantSt0pPoppin@lemmy.world ⁨1⁩ ⁨year⁩ ago

Sure, Lemmy does not offer end-to-end encryption by default, which means that your messages could be intercepted by someone who is able to access your ISP’s network or the Lemmy server. A red flag for me is the fact that Lemmy stores some user data on their servers, such as your IP address and email address. This data could be used as breadcrumbs.

Lemmy may not sell user data to third parties, but what about the servers? There have been some security vulnerabilities found in Lemmy’s code. These exploits could result in servers being hijacked or user accounts compromised.

So, what does all this mean? It means that it is your personal responsibility to take steps to protect your privacy and security when using Lemmy. This includes using the encryption feature, being aware of the risks associated with using Lemmy, and carefully evaluating the privacy policies of any platform before you use it.

I know it’s a lot to keep track of, but it’s important. Your privacy is your business, and it’s up to you to protect it. So take these things seriously, and don’t let anyone take your privacy away from you.

About the concerns with Discord:

Creating a post saying, ‘everyone else does it’ and locking it is funky in my book. I, like you, I am all about transparency and understanding. I fully understand your anxiety, and it is a bit warranted. I am not trying to sound like an alarmist.

On the subject of Discord, it is amazing and disturbing how much data is curated and harvested. Their business model is quite mysterious. No one really knows what their real motives are. Discord shrouds itself and does not provide clear and concise privacy audits or statements on the subject.

You are concerned about your privacy, and rightfully so. Lemmy is designed for privacy from the ground up when used properly and only with encryption functions enabled. Discord, on the other hand, unfortunately has a stranglehold on the instant messaging backbone.

CVE-2021-29465: This vulnerability allowed attackers to overwrite any file on the system with the command results. This could have been used to steal user data, install malware, or take control of Discord servers.

CVE-2021-29466: This vulnerability allowed attackers to read local files from the server. This could have been used to steal user data, such as passwords or chat logs.

CVE-2021-34491: This vulnerability allowed attackers to bypass Discord’s rate limit, which could have been used to send spam or DDoS attacks.

CVE-2022-22936: This vulnerability allowed attackers to take control of Discord servers by exploiting a flaw in the Discord Token Generator.

These are just a few examples, but I would be lying if I said they were not patched. That being said there is no telling how many zero-day security risks are out there at this time, so it is important to stay vigilant and ask the hard questions to ensure that your privacy is protected.

Lastly, you could totally start a community here on .world for Discord alternatives. It’s a easy breezy lemon squeezy way to find people who are also into privacy and security.

source
Sort:hotnewtop