1. 33
  1.  

  2. 9

    I’m quite uncomfortable with the idea of discord recording voice calls. Keeping records of chat logs is obviously necessary with the way Discord is designed, which is around long duration searchable history of channels, anyone being able to invite anyone to the server, etc.

    But voice calls are totally ephemeral. And people expect them to be treated that way. Someone keeping logs of a text conversation in Discord wouldn’t be considered odd. Someone recording a voice call they were in, without telling anyone? That’d be considered a breach of trust in every Discord community I’ve been in. So Discord the company having the ability to do so is just creepy.

    1. 6

      I’m not sure what drives you to expect privacy from a communications platform fueled with venture capital money. I wouldn’t be surprised they’re trying to do at least two things:

      1. Applying a censor to voice depending on server/user DM configuration. I know they’ve got some kind of OCR that tries to identify and block offensive words contained in images, such as the N word, when people are not friends and at least one side hasn’t changed the “safe direct messaging” option down to “I live on the edge”.
      2. Store records at least temporarily for law enforcement.

      And the obvious other things are keeping for post-processing and derive user interests for advertising, or batching and forwarding the information to intelligence agencies.

      It’s hard to tell, realy.

      1. 4

        If voice calls are being recorded, users should be shown a very clear warning, at the very least.

        On a side node, the fact that a behavior is not surprising does not make it acceptable or not worthy of discussion.

        1. 2

          Is there a mention of this in the ToS? (I don’t get a hit for the string “audio” there).

          At least in Sweden (and maybe in the EU in general), if you call a contact center that employs “sentiment analysis” and “quality control”, you are informed of this beforehand.

          If Discord does record voice but doesn’t inform beforehand (through a ToS), they could get in big trouble in the EU.

          1. 2

            I’m not a lawyer, get a lawyer for good advice.

            I couldn’t find anything related to recording and retention, or user deletion outside of copyright-infringement contexts, which is what a good section of this doc appears to be (dcma, etc).

            There is a dense “Your Content” paragraph, which I have modified to bullet by sentence, and also bold the major points:

            You represent and warrant that:

            • Your Content is original to you and that you exclusively own the rights to such content including the right to grant all of the rights and licenses in these Terms without the Company incurring any third party obligations or liability arising out of its exercise of such rights and licenses.
            • All of Your Content is your sole responsibility and the Company is not responsible for any material that you upload, post, or otherwise make available.
            • By uploading, distributing, transmitting or otherwise using Your Content with the Service, you grant to us a perpetual, nonexclusive, transferable, royalty-free, sublicensable, and worldwide license to use, host, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display Your Content in connection with operating and providing the Service.

            @gerikson, this appears to be full grant and indemnification, which also covers traditional voice chat.

            1. 2

              Thanks for this. The “content” section seems to be standard boilerplate that many content platforms include to allow them to duplicate content over CDNs etc. Periodically there’s a panic in the form of “OMG Facebook owns all your content!!!” based on misunderstanding of these clauses.

              Possibly Discord reserves the right to terminate service if they can determine that someoene is abusive in voice chat. It would be interesting to hear if anyone has lost access in this way - i.e. been unfailingly polite in text but violating the ToS in voice. That would be somewhat strong proof that audio is recorded and monitored, at least after complaints are made.

            2. 1

              Putting some fine print in the ToS that nobody reads doesn’t count as ‘notifying beforehand’ in my opinion.

        2. 2

          If they’re up-front with it, I say there’s nothing wrong. Otherwise, I agree. I use discord all the time because many communities are using it these days, but never the voice chat, just because text is more consistent and easier to communicate with many people and ideas.

          1. 10

            If they’re up-front with it, I say there’s nothing wrong.

            Muggers are often quite up-front too, and less opaque than most web TOSes these days.

            1. 3

              Thanks for that comment, you made my morning :)

              1. 3

                Muggers and TOSes are not comparable…

                1. 1

                  Honest Americans offering a service of stress release, with clear and direct terms of service agreements. God bless

              2. 2

                There’s nothing suggesting they do any recording of voice calls. I wouldn’t at all be surprised they have the ability to, they own the server and the proprietary service you’re using to communicate with.

                1. 5

                  Discord provides a policy regarding user privacy, which explains it may capture “transient VOIP data”. While it’s a bit unclear what this may entail, our research shows that this “data” includes all voice and video data.

                  This suggests to me they’re recording voice calls.

                  1. 2

                    They could be doing literally anything with this unspecified data, and I’d basessly assert it’s probably related to audio processing features like noise cancelling and echo reduction, versus being vague terminology for nefarious purposes.

                2. 2

                  Are there any well-polished and E2EE (or selfhosted) voice + video call applications that people here on lobste.rs would recommend? The ones I could find don’t seem to work very well on slow connections (dynamic video bitrate pls), so I’m looking for more alternatives.

                  1. 3

                    The only thing I can recommend right now is Matrix.org. You can self-host it and compared to many many other solutions, the protocol is rather consistent and nothing is bolted on. I like the idea how encryption keys are first-class-citizens compared to XMPP and others.

                    1. 1

                      Does matrix.org support reactions in text chat (thumbs up, etc.)?

                      I tried the Fractal client and I couldn’t find a way to see or create reactions.

                      1. 2

                        i currently use the riot client and it supports emoji-style reactions in text. so i assume it’s part of matrix itself and maybe some clients haven’t implemented it (or it’s buried in the UI?)

                3. 7

                  Hm, I’m a little unsure about the conclusions, as the article does not make an effort to describe how e.g. multi-call scenarios work.

                  Discord is used in places where bandwidth usage is sacrosanct, because no one whats your chatter to impact your game simulation. At the same time, your user number might easily be high, we’re talking MMORPG raid groups and all. This is probably the reason why they don’t use P2P calling. For the same reason, I’d be surprised if they don’t multiplexing all audio signals on the server-side so that you have a predictable up- and downstream on your computer, independent of number of clients. This doesn’t work without unencrypted data on the server side.

                  1. 7

                    Also, a kind soul on Twitter pointed out to me that Discord has a rather detailed post detailing their infrastructure.

                    https://blog.discordapp.com/how-discord-handles-two-and-half-million-concurrent-voice-users-using-webrtc-ce01c3187429 (tl;dr: what this post is seeing is probably the SFU at work)

                    https://twitter.com/celkamada/status/1216661903977537536

                  2. 4

                    This kind of work is very important, so that we may know what these corporations are doing with our data without telling. And like others have already pointed out, you can’t expect a venture capital-backed company to treat your data with respect. I would go one step further and say that in this day and age, it’s impossible to trust any closed source system’s functionality to serve only one master (the user).

                    Not that just by virtue of being open source, software is going to be trustworthy, but at least you can verify more easily what is going on inside the program. That keeps the developers a bit more honest, at least I would hope so!

                    1. 1

                      Why “in this day and age”? I think that’s always been the case hasn’t it?

                      1. 3

                        Arguably yes, but in the olden days it was much, much less common that programs would do things against your wishes. Without internet access there’s only so much that a program can do that’s against what you want (and it would be much more obvious).