This is completely counter productive to growing Lemmy. I absolutely despise discord. Look at the network traffic it generates and tell me wtf they are doing. They won’t tell you. Their business model will leave you completely dumbfounded as to how they exist. Everything shared on the platform is lost in a black hole unavailable to the outside world and everything shared is a privacy nightmare. Posting this, pinning it here, and locking it is one of the biggest trolls possible. It pisses me off every time I log in. “Everyone else does it” is the excuse of idiots. Discord makes absolutely no sense to anyone that actually cares to look into it, read the user agreement, and ask sane questions about what they are doing.

  • CantSt0pPoppin@lemmy.world
    link
    fedilink
    arrow-up
    20
    ·
    1 year ago

    Sure, Lemmy does not offer end-to-end encryption by default, which means that your messages could be intercepted by someone who is able to access your ISP’s network or the Lemmy server. A red flag for me is the fact that Lemmy stores some user data on their servers, such as your IP address and email address. This data could be used as breadcrumbs.

    Lemmy may not sell user data to third parties, but what about the servers? There have been some security vulnerabilities found in Lemmy’s code. These exploits could result in servers being hijacked or user accounts compromised.

    So, what does all this mean? It means that it is your personal responsibility to take steps to protect your privacy and security when using Lemmy. This includes using the encryption feature, being aware of the risks associated with using Lemmy, and carefully evaluating the privacy policies of any platform before you use it.

    I know it’s a lot to keep track of, but it’s important. Your privacy is your business, and it’s up to you to protect it. So take these things seriously, and don’t let anyone take your privacy away from you.

    About the concerns with Discord:

    Creating a post saying, ‘everyone else does it’ and locking it is funky in my book. I, like you, I am all about transparency and understanding. I fully understand your anxiety, and it is a bit warranted. I am not trying to sound like an alarmist.

    On the subject of Discord, it is amazing and disturbing how much data is curated and harvested. Their business model is quite mysterious. No one really knows what their real motives are. Discord shrouds itself and does not provide clear and concise privacy audits or statements on the subject.

    You are concerned about your privacy, and rightfully so. Lemmy is designed for privacy from the ground up when used properly and only with encryption functions enabled. Discord, on the other hand, unfortunately has a stranglehold on the instant messaging backbone.

    CVE-2021-29465: This vulnerability allowed attackers to overwrite any file on the system with the command results. This could have been used to steal user data, install malware, or take control of Discord servers.

    CVE-2021-29466: This vulnerability allowed attackers to read local files from the server. This could have been used to steal user data, such as passwords or chat logs.

    CVE-2021-34491: This vulnerability allowed attackers to bypass Discord’s rate limit, which could have been used to send spam or DDoS attacks.

    CVE-2022-22936: This vulnerability allowed attackers to take control of Discord servers by exploiting a flaw in the Discord Token Generator.

    These are just a few examples, but I would be lying if I said they were not patched. That being said there is no telling how many zero-day security risks are out there at this time, so it is important to stay vigilant and ask the hard questions to ensure that your privacy is protected.

    Lastly, you could totally start a community here on .world for Discord alternatives. It’s a easy breezy lemon squeezy way to find people who are also into privacy and security.

    • brandon@lemmy.ml
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      I just wanted to address a single point from your comment:

      Lemmy does not offer end-to-end encryption by default, which means that your messages could be intercepted by someone who is able to access your ISP’s network

      If the Lemmy server is using HTTPS, nobody at your ISP or anywhere else between you and the Lemmy server should be able to read your messages (they could see that you are exchanging data with a particular host, but not the contents).

      • ninchuka@lemmy.one
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Glad someone mentioned this already, not so surprised OP hasn’t either updated their comment or replied