The "Illusions" in Privacy: Discord, IRC, and general ramblings

Murphy Will Get You

This page's cover image and relevant xkcd here: https://xkcd.com/1269/


Remarks on Privacy, Discord & IRC


This topic comes up all too frequently: especially when the comparison between two platforms: IRC and Discord, and their subsequent differences, leads to quite a bit of animosity or resentment.

To keep this simplified, I am going to assume an open IRC network and an open Discord server (not private) as that is the primary case here and there isn't much to discuss with private setups due to the variation.

IRC is an inherently open source system as the protocol has been standardized for decades. While there exist proprietary implementations of IRCd, this is not very common and you'll see most IRC networks operating with a well known, open-source structure at its base. In the case of TripSit, they utilize the charybdis IRC daemon

Discord is a closed-source system based on proprietary technology as well as incorporating open-source components. The result is an application that is, by nature, hybrid, but from the point of security a closed platform.


Much of my project interests and idealistic ramblings lie in the field of cryptography, more specifically the mathematical models behind the protocols, but a good amount of the practical implications of such methods as well.

Why do I call this The Illusions in Privacy? It stems from understanding the nature of privacy, both from a user standpoint, coupled with a hint of practicality1 - all combined with a dose of common sense and the realization of facts (not fake news 🙂) over fiction and, above all, to clear misconceptions (of which there are many) and then having an open mindset to form a truly realistic worldview on things (this formulae can really apply to anything, but we talk about it in the context of privacy and the related here).

Then, the so-called "Illusions of Privacy" become figments of ones past and are replaced with "The Realistic Mindset and Nature of Privacy." Knowledge that is fact-based, taken with an open mind and a hint of skepticism clears many of these misconceptions.

Sorry for the rambling there. The philosophy part of my background got to me 😳

Continuing onwards...!


Common misconceptions
  • Closed source platforms (such as Discord) are completely non-private: one should expect any and all data on such platforms to be compromised.

  • "Open" platforms such as those like IRC (Internet Relay Chat) are considerably more secure than closed platforms.

I am not a proponent of closed source, nor will you find me advocating for any such thing, but it is important to differentiate and understand the two misconceptions presented above. Let us break it down with a single rule:

Unless provable, vetted complete end-to-end encryption is present in an application, one should assume that the platform, closed or not, is public and any data posted is public.


Quick Sidenote: This "suggestion" of assuming the above is mentioned in our rules/policies page which we ask all members read for/in our Discord server, and how I personally think in general.


This is the cryptographers take on security, simply put, without provable connection mechanisms (strong end-to-end encryption), we should assume that our data is public. This is the safe way to practice security, that is don't post anything you expect to be private on any platform that isn't provable end-to-end encrypted with vetted mechanisms.


OK, this may seem a bit extreme, and it technically is. This is the "cryptographers" stance on security; the pure, unadulterated way of understanding. Now, let's bring in two things that I do not usually mention: practicality1 and a bit of common-sense.

For sake of time, I will do a quick comparison between IRC and Discord directly.

We can assume by understanding the architectures of IRC and Discord the following:

  • Discord: closed backend, messages can be deleted (but we can never be sure), verifiable partial client <-> server xsalsa20_poly1305 voice encryption with downloaded client.

  • IRC: open design, relies on server operator, all messages to channels are permanent and public to anyone who can access that channel, no deletion possible.

Many don't realize that there is no deletion in public IRC (or private), due to the nature of the protocol. Case in point: any user can, with relative simplicity, keep the full logs (of all users connecting in any channels they have access to, all messages sent in those channels, etc.) as long as they wish - a ZNC dump is all one needs to show this.

Case in Point: I have a 300 megabyte file containing more than two years of data from an IRC network for 4-5 of the largest channels that my account with ZNC joined. It has all events, since you cannot delete in IRC. And this is basically plain text, so 300MB is quite a bit. I say this to demonstrate: the conception of privacy should be looked at with an honest eye.

Am I saying that IRC is worse?

    No!

We can do the same thing, sort of, with Discord, but it's difficult. While logging bots do exist, they are as practical. Because the information can be modified, and the structure of the platform, and deletion mechanisms, it's harder to store definite data.

Also, we can never be sure with one-hundred percent certainty that deletion on something like Discord is truly permanent.

But, bringing practicality in, we can assume the following: it is unlikely that Discord caches deleted messages. If they do, it would be only a per-user basis on the report of something like a law enforcement request. And we know from public information by the moderators of the drug harm-reduction community TripSit - a large IRC group - that these requests are super rare, and that they have never gotten one in the several years that they have been running.

The point is that barring something terrorism or related to underage pornography, or other serious offenses, we can say that this is not a concern for 99.9999999+% of users.

Secondly, with a good amount of research, personal developer experience on the Discord platform, watching and interacting with staff, and then deduction - we can be pretty certain [also a better understanding of the underlying server architectures from public information/experience, observations of deleted messages, images, and uploads, and viewing the policies that the company has with regards to deleted content] that messages are deleted and unrecoverable once they are deleted. Some points would be that uploaded content expires after certain amounts of time and inactivity (like images), and when deleted, they are instantly issued <NoKeyFound> on the Discord platform, which we know uses Apache Cassandra as the primary distributed database for all messages. We also know that Discord devs had to restrict deletion from the bulk endpoint that bots use to quickly delete messages due to excessive fragmentation of data for large channels which is explained in detail on their blog.

And, just as I am editing this today on April 27, we can see some new polices or updates that Discord's Safety Team are providing. We are able to see a sense of transparency, at least compared to the 'old' tech firms (Google, etc.).

An important point to note: Discord also posted their first update to the Privacy Policy in almost two years which was mentioned in the blog post above just on April 26. It doesn't go into effect until May 1, 2017, but it is worth taking a look to stay up to date on these things.

We can see that they added a section about age (13+ for Discord - but we have always mentioned an age clause in our personal policy), the transient VOIP information that is collected - which we try to explain a bit on our policy page - and is nothing more than packets required for transmitting such data.

Lastly, they mention some things about cookies, advertisements - this is fairly standard with what they are saying, but of course need to say it for standard opt-out regulations. They conclude by adding a bit of stuff about the developer SDK/API and how any data collected from that for users can only be used for the strict purpose of the application. This is a good step to enforce developers to not take their member information, say from a list of donors, and use that to sell services or advertise.

So, we can see that Discord, while 'closed', is pretty transparent of a service, with a typical modern tech-startup "no bullshit" policy.


It would be a whole other post explaining the "reverse engineering" process for that. Explaining Discord's public mechanisms that we can see, therefore, serves another post. However, we try to describe the mechanisms and policies we - as server owners on Discord - use to protect privacy and other aspects of usage and to get a better understanding of what we can and cannot do.


Conclusion
  • Privacy is a tricky thing, but one must not rush to conclusions simply based on "closed" and "open" platforms (as these terms are sticky themselves)

  • Unless there's [Math-backed, CompSci-driven] proof of encryption that is end-to-end with the properties -- namely perfect forward secrecy and future secrecy, but here are some more from Open Whisper Systems (protocol used Signal, WhatsApp, etc.): confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, backward secrecy (aka future secrecy), causality preservation, message
    unlinkability, message repudiation, participation repudiation, and asynchronicity assume what you post can and will be made public.

  • 1 It is important to understand that practicality is not a pure 'cryptographic' term, rather the opposite. We bring it up here to demonstrate that real world considerations should be taken in (company design, what we can see from likelihood, public analysis of protocols, observation of data). These are not end-all and certainly weak when we discuss privacy as a whole.

  • We discuss this all with a KEY caveat: do not expect either of these protocols to provide any more than basic security, and minimal privacy, from a pure perspective. If that is the true concern, and one wishes to achieve such private communication, then the platforms mentioned here (Discord and IRC) are absolutely terrible choices.

  • Thankfully, if you fit in this category, there are TONS of great options for that. Are they like Discord, or even IRC? No. They will have compromises, which is the centerpiece of cryptanalysis and related secure design. But, as technology grows and we develop further, the utopia that is strong/provable/true end-to-end based and and 'perfect' UI/functionality/ease becomes a more realistic vision.


The views and opinions expressed on this web site are solely those of the original author (contact here) These views and opinions do not necessarily represent those of any other individual or business entity, corporation, or party.


vlexar

Read more posts by this author.

Subscribe to EC || Bot & Dev || General

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!