This was undermined by the fact they were also trialling a switch to Persona (the vendor in the story), which did not uphold that guarantee. It was horrific optics to be reassuring people that it was ok because you didn’t save data but also be trialling a switch to a vendor which did save data, which I guess is a lot of the reason this vendor switch was cancelled. (Though it does call into question discord’s judgment that they thought this was a good idea).
Anyway, Persona was also breached which is how the government links were discovered and also probably a part of this decision. This is not to be confused with the breach in November of 5CA, _another_ vendor they used in the initial UK and Australia roll outs. The fact that two vendors were breached in four months is a good example of why this is a bad idea
No, they’re outsourcing the verification to an external company. Just not this one.
Side note: The verification is only if you want to remove content filters, join adult-themed servers and a couple other features. If you only want to chat with your friends and use voice then no verification is required.
We decided to just meet up in person twice a month and play board games instead.
Yes, I'm making (another) argument in favour of IRC. IRC has optional client-server encryption, and you can set channel modes to only allow encrypted clients access. So that way you at least prevent eavesdropping.
>Persona performs 269 distinct verification checks, including screening for “adverse media”
im sure everyone assumed this, but its good to know it.
>And the information was openly available. “We didn’t even have to write or perform a single exploit, the entire architecture was just on the doorstep,”
it is kind of scary how often these types of situations are only found out because of wild incompetence. you have to imagine that most similar situations dont suffer from the same incompetence (and thus arent known)
>“At Discord, protecting the privacy and security of our users is a top priority.
please, i wish companies would just stop saying this obvious lie. you know that you dont care. we know that you dont care.
>It’s dystopian that we want people to facedox themselves to everyone to be real online.
.... says the ceo of the company that you have to send your face ("facedox", if you will) to
Ah yes, we only store it for 7 days. During those 7 days, we pass it to Persona, and who knows how long they keep it!
> "Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation"
So now it's not "immediately" but 7 days? I don't know how anyone can trust any statement from these guys.
If a tech company says something to you, and they don't give you the means to verify it on your own, they are lying to you. Do not trust anything they say, ever.
this is the fun part, you can't!
https://vmfunc.re/blog/persona
I definitely recommend reading this primary source before drawing conclusions about the code as most of the secondary reporting is quite low quality.
@dang can this get a second chance?
different people have different tastes. people complain about boring websites, people complain about websites with animations or colors. the only guarantee is that the conversation isnt interesting.
if you are on the side that doesnt like music, animations, whatever, i recommend a combination of noscript and using reader mode.
Please make it actually readable and don't steal my audio!
if you expand the scope to a handful of adjacent figures, the catastrophe is truly amazing
(This is a joke in case that wasn't clear)
I'm forever grateful to Thiel for that clip, and to Musk for his crippling Twitter addiction. It was pretty impossible to get regular people to understand that folks like Bill Gates or Larry Ellison are skinwalkers when all they ever see about these people is professionally managed public relations content.
Discord's entire value proposition was "Hey just click here, no need to pay for a teamspeak server or do peer-to-peer jank." Deeply personal stuff is said and posted in those spaces. Common communication should not be shared like this and we keep falling back to the "tapped my phone line" problem.
The difference between then and now is that for a long time there was no alternative to POTS. You just had to use the phone to call someone. The phone company and whatever government tapping was very hard to get around. But today there are other ways to do near everything if we give up on for-profit centralized services.
I think society keeps flirting with federation and other things similar to that but never quite makes the jump. The twitter exodus went back to a new centralized service like Bluesky that will one day be sold to another deep-pocketed buyer with its own agenda, thus creating this problem again. Sure, now with federation or personal servers, the privacy issue goes back to the server operator, but at least that could be someone you trust, or even you. When currently, neither of those options are possible with things like Discord or Bluesky.
I'm testing moving my friends and gaming group to self-hosted teamspeak or stout or mumble or something like that. I think we'll lose some convenience, but life isn't all about gains. Sometimes you have to sacrifice things for the greater good. I also really want to start moving away from things like reddit, bluesky, HN, etc to federated services and have dipped my toes there quite a bit, but the population isn't there (yet?).
I hope this is a wakeup call that people need, much like the wake-up call the fight against personal encryption was in the 90s. I think we're in a super bad place right now, and its worth discussing the elephant in the room, even to non-techies, and what alternatives there are to the current system. I think people need to get over the convivence of the current system and realize if they want privacy and safety, they may have to migrate to services built with that in mind.
I do not know what this euphemism means. Is this like the modern trend of calling inmates “justice involved individuals”?
embedding-shape•3h ago
I think the whole "after its code was found tied to U.S. surveillance efforts" part is new and wasn't known before, so feels important to have in the title too. Although most of us probably assumed it was true before too.
blitzar•1h ago
New and also should be the big story.
"Butcher cuts ties with supplier when steaks found to be human meat" shouldnt be a story about changing suppliers ...
robtherobber•1h ago
crimsoneer•39m ago