My local org uses Discord. What should I know about account security / op sec / settings I should immediately change before using it?
My local org uses Discord. What should I know about account security / op sec / settings I should immediately change before using it?
Ask them if they can switch to Matrix. If they’ve only been using Discord as free hosting for a chat/video call service then it shouldn’t be difficult.
Discord is a horrible platform and I don’t trust any leftist org that uses discord for its main communication: zero E2EE (not even in your fucking “private” dms), horrible and juvenile userbase of gamers (most chuds and liberals), poor moderation, predatory user interface and worst of all: forced to use a shitty electron app. You also are required to submit an email address and a phone number to use the service (no telling what other requirements they would impose). Impossible to access via tor or through VPNs.
For video conferencing you can use Jitsi Meet which AFAIK is integrated into the Element client for Matrix. I’ve not joined orgs because they use shit like Google Docs and Discord for basic tasks.
Case in point a marxist group at my uni uses google forms for signups. Like wtf no I’m not signing up using Google literally just use E2EE email you fucking lib. Maybe a Signal username to the group’s main recruiter? Maybe an XMPP username??? There’s so many freer ways to do this shit that doesn’t require de-anonymizing people.
Hell, even the
uses Google Forms for initial on boarding where they ask you for things like your full name, phone number, e-mail address, social media handles, and all that jazz. Really big yikes moment, but I understand that hosting an open-source alternative/writing their own solution is a lot of work and they might not have the resources to pull something like that off right now, but still.
Goddammit.
The last time I used Jitsi Meet was a year or so ago, but I will wholeheartedly second this if it’s as good now as it was then.
Jitsi is just using WebRTC I believe, so basically P2P over the web. Call participants will see each others’ IP addresses unless any take additional precautions.
That’s only if a peer-to-peer connection can be made in the first place, which most of the time it can’t because of NAT and other things. The Element client even has a checkbox to prevent you from making peer-to-peer connections forcing you to go through your homeserver’s TURN server or Matrix’s fallback TURN server.
Edit: To clarify the warning under the “Allow fallback call assist server” saying your IP address will be shared, it means it will be shared with matrix.org, not the parties you are calling.