Remember you can trust Discord with your driver’s license for verification, I’m sure they won’t accidentally store them in a plain text open API call or anything.
How do you “accidentally” record other people’s conversations?
If I’m reading it right, it’s kinda like how that one guy “hacked” 70,000 robot vacuums. Bad scope limits.
Game uses token to do the rich presence stuff, and instead of just getting a confirmation back, it gets everything.So in other words rich presence shares your conversations with game makers
Not necessarily. Developers choose what permissions their authorization token has when they register it with Discord. In this case the game asked for an auth token with all permissions, so the game connects to Discord with the same access levels as your actual login.
Yeah that’s what the person before me said. I’m saying that the fact it’s possible at all is a horrible violation of privacy
There are legitimate reasons to ask for an “all permissions” token, such as setting up and using a third party client. A game is not one of the things that should be asking for that though.
In any case it sounds like a reason to actually read what the oauth login screens are actually telling you…
But the fact that you have no control (or transparency) over that matter is atrocious
By being a bad security actor when asking permission and giving permission.
Lmao. A game accidentally receiving your Discord DMs and credentials if you sent a crash report just because game devs integrated basic Discord functionality is insane. But kind of what you have to expect from Discord and why I’ll never enable Discord integration.
“accidentally”
Issue seems to be with Discord’s SDK, not Embark. Good on Embark responding quickly by patching something Discord should be responsible for, though.
Well… They quickly patched it when it went public. It was reported to them a month ago.
Based on a post from him he had difficulty actually getting to their bug bounty report system, which is hosted by another company. So sounds like until it was made publicly they hadn’t actually received the report
Fuck Discord
This shit is why I only use discord on the browser and try not to directly link any accounts anywhere. Anything sniffing around my executables and talking between them is sketchy. Anything asking for access to my other accounts is sketchy
accidentally
accidentally?
Can’t wait until Fluxer is ready for full migration from Discord.
I’ve been using Fluxer recently. It’s been pretty nice since they migrated the servers, and as soon as self-hosting and federation gets added (which is top priority according to Herman), I hope people will switch over.
Federation and easy self hosting will be killer for sure. There is already a Discord migration bot and a Discord-Fluxer bridge bot I think. Future is looking hopeful.
Why use fluxer over Matrix?
Matrix still misses a ton of features to be a direct 1:1 Discord replacement. On top of that Fluxer has a familiar UI (it’s essentially just a Discord clone) and is simpler in onboarding (Matrix is still techy).
Fluxer is a direct Discord drop-in. Matrix requires a lot of setup and tweaking to get high throughput video. Plus the default server and client are bloated and buggy
Plus the default server and client are bloated and buggy
I’m not sure why people keep repeating this. I’ve been running both for 6 months without issues (see recent comment about DB maintenance). Maybe it was true before and isn’t true anymore.
I just assumed the python one would be more bloated inherently, and that is the common theme I’ve heard about matrix specifically. I tried using an alternative server supposedly lighter on resources but just never finished setting up ¯\_(ツ)_/¯
I didn’t test the default server myself tho
All I did was take the information and put it in a paper bag and leave it on the side of the road. If a bad person picked up the bag and did bad things with the information, that’s not my fault!
/S
It‘s more like some business partner keeps hiding pages of personal information of customers in the work they submit to you. Then someone finds out you have all that information and now it‘s your job to clean up the mess. If you have friends like Discord you don‘t need enemies.
It’s a good point around the recent CA age verification laws: Sensitive data (is this user a potential target for predators?) can’t be leaked if it was never recorded in the first place.
It’s more than time to move away from Discord.
So far, on the matrix protocol front, Commet is a good candidate.
On the XMPP protocol front, Movim is… moving forward, developping a clone interface that is promising.
There are others, like Stoat and Fluxxer, but I don’t know much about them.
Why commet and not element?
Hi! Because of the UI, which aims to be similar to discord.
But the ui is the worst part of discord
Maybe, but when you’re looking to make discord users migrate to a safer/saner app, you need the new app to be as discord-like as possible.
Same thing for an OS (thus DE) change, i’d recommend KDE above all else to a windows user because it’s the DE that is the most windows-adjacent.
I understand the impulse, but I think it’s wrong for a few reasons:
- Discord didn’t become popular because of its ui. It became popular by lowering barriers to entry.
- I don’t think you’ll get a critical mass of people by being “discord but less evil”.
- A better ui or ux could be a genuine selling point, or a way to distinguish it
Sure, kde shares a lot of the conventions of Windows. But it’s also very willing to do its own thing.
To be honest, this is why I immediately disable integrated voice chat for any games that have it and use a third-party voice chat app with end to end encryption for chatting (like Signal).
This didn’t have to do with voice chat, it was the in-game integration with discords SDK that was just supposed to be for including your discord friends in your in game friends list and being able to invite them.
