Using technology is all about making use of what we have, but as we all know, technology is more often than not and Skinner box designed to manipulate the masses.
No company has gone through all of this better than Discord. Now before the zoomers in the comments start calling me old and out of touch (I’m well aware that I am), I’m just stating what we know from public record and the public record shows Discord doesn’t believe in your rights.
Discord is a free of charge chatting app. It’s pretty much Slack, if Slack wasn’t owned by Salesforce and run by a bunch of people who think they’re more hip than they really are.
But being free has a cost. Discord has Nitro subscriptions and sells games, but this can’t even come close to fixing their revenue problem. Naturally, they copy the Big Tech companies who sell people’s information, and monetize the data of their users. I think this is something that is horribly overlooked and if people aren’t aware, you should be.
But even if you can stand the privacy violation, let’s take it a step further. Members of some rival furry communities feuded over discord.gg/furry and one of the moderators of the link gave access to one of the groups he was a part of. While the URL has been returned to the original owners, it proves the administration and moderation of Discord is corrupt and cannot be trusted.
The Gameplan
Now that all young people are gone, we’ve weeded out the smart people who stayed here (or skipped to the timecard). I want to have my cake and eat it too. I would like to use Discord, but don’t want Discord slurping up my personal data or spying on me.
Just use the app bro…
Now firstly, people are wondering, shouldn’t you just use the app? The issue with the app is :
- The app uses an outdated fork of Electron, which hasn’t been updated in at least 2 years from what can be found. If you use Chromium-based browser, you are basically doing the same thing, but on a more up-to-date, secure, and feature-packed browser.
- Discord scans all of your local processes the same way spyware does to find out what games you are playing. As far as I’m concerned, they don’t need to know what games I play or the programs I use. They can just subscribe to my channel if they’re so interested.
- The Linux version of Discord is broken on Wayland and they still only officially distribute a DEB package and tar archive, so sucks to be you if you have preferences.
- Discord dragged their feet to make an Apple Silicon version of their program, almost 2 years after Apple’s original announcement (March 22, 2022).
No Forks or Third-Parties
Second, any unofficial Discord forks will get you banned, because they have banned developers who make third-party front-ends. You also need to trust an additional party along with Discord. No forks or alternative front-ends.
My solution:
This leaves my solution. Using a Chromium-based browser like Brave, we’re going to create a PWA, use Brave Shields to clam up any telemetry, and have a more secure and a more Wayland-friendly Linux experience. This requires two things, both of which I’ve done videos on:
- A Chromium-based browser like the Brave Browser.
- While you could attempt this with Firefox, Firefox has a different WebRTC engine than Chromium and causes incompatibilities with Discord. Firefox also does not support Progressive Web Apps.
- A content blocker with the ability to intercept and block network requests. You can use uBlock Origin, but because of the need for a Chromium-based browser and the deprecation of ManifestV2, this will not work for long.
- Brave’s content blocker, since it’s built into the browser, will last us beyond ManifestV3’s beginning.
Note: blocking XHR elements will not be counted in Brave Shields “blocked” items. However, if you use the Chromium Developer Tools, they will be correctly blocked.
Configuring Chromium & Discord PWAs
The first step is we need to create a separate profile for Discord to live in, in case Discord tries to sniff on our local data.
- Hamburger menu → Create a New Profile
- Configure your profile however you want.
Next, go log into your Discord account and we’re going to create a Progressive Web App (PWA). This lets us run Discord in a glorified browser window and the best part of all is this is an undocumented and official means of using Discord.
PWAs are basically a way for you to run a website like you would a native app. Since Discord is based on Electron anyway, using another Chromium-based browser isn’t too much of a stretch. It also adds a desktop shortcut and a copy in your menus.
Unlike the official app, content blockers will still function for PWAs, so you can take advantage of what we doing next.
Configuring Brave’s Shields
Next, we need to learn a little bit about what Discord is doing behind the scenes. In uBlock Origin, you can use the logger to intercept all connections to the website.
It’s pretty clear what some of these domains are supposed to do. We’ve got attachments, @me, and more.
The key connections we are looking for have been documented by Luna, someone who I stumbled across on Gitlab who documented some of the inner workings of Discord’s API (she works on a XMPP/Discord bridge).
In her documentation, Discord uses the following to track you. The worst part about this is even if you opt out in the settings, Discord will still collect this anyway (they claim to delete it server side, you just have to trust them, pretty please?). Using her documentation and from the obvious Discord domain names, I have compiled the following:
- /api/science (This is blocked by EasyPrivacy, a default list in Brave/uBlock Origin)
- /api/track (a previous domain which Discord changed to /api/science because of the furry fiasco above)
- /api/applications/detectable (Discord attempting to scan applications)
- /api/friend-suggestions (because I hate people)
Now we need to add these to Brave Shields in brave://settings/shields/filters. The API version needs to be changed when Discord internally updates their API. Paste the following into Brave Shields and click “Save”:
discord.com/api/v9/science
discord.com/api/v9/track
discord.com/api/v9/applications/detectable
discord.com/api/v9/friend-suggestions
Change Discord’s Useless Checkboxes
- Gear → Safe Direct Messaging → Do not scan
- Gear → Use data to improve Discord → Off
- Gear → Use data to customize my Discord experience → Off
- Gear → Allow Discord to track screen reader usage → Off
- Gear → Connections → Remove all unused/unnecessary connections
- Gear → Activity Privacy → Display current activity as a status message → Off
- Gear → Activity Privacy → Display your activity status by default when joining large servers → Off
- Gear → Text & Images → Show embeds and preview website links pasted in chat → Off
Additional things to know:
- Deleting messages does not work. Discord will just store a copy permanently and this can be found if you ever request your data.
- Discord ignores all GDPR and CCPA requests, so screw your right to privacy.
- Expect any message you send, server you join, or anything you attempt to stream will be intercepted and viewed by Discord staff or moderators of your current server.
- Everything done here is “badness reduction.” It will not completely prevent Discord from doing whatever they want to you.