Stories with Tag Discord

• Discord's face scanning age checks 'start of a bigger shift'

  permalink

  Posted: 2025-04-17 12:34:38

  Verbose tl;dr

  Discord is testing AI-powered age verification using a selfie and driver's license, partnering with Yoti, a digital identity company. This system aims to verify user age without storing government ID information on Discord's servers. While initially focused on ensuring compliance with age-restricted content, like servers designated 18+, this move signifies a potential broader shift in online age verification moving away from traditional methods and towards AI-powered solutions for a more streamlined and potentially privacy-preserving approach.

  The BBC article "Discord's face scanning age checks 'start of a bigger shift'" details the platform's implementation of age verification technology and its broader implications for online safety and privacy. Discord, a popular communication platform utilized by diverse groups, including younger users, is introducing a system that uses facial recognition technology powered by Yoti, a digital identity provider. This system aims to verify the age of users attempting to access age-restricted servers specifically designated for adult content. The process involves users taking a selfie, which is then analyzed by Yoti's technology to estimate their age. If the estimated age aligns with the age restrictions of the server, the user is granted access. Crucially, Discord itself does not receive the selfie or retain the image data; instead, Yoti acts as an intermediary, confirming the user's age range to Discord.

  The article highlights several key aspects of this development. First, it emphasizes the increasing pressure on online platforms to implement more robust age verification mechanisms, particularly in the context of protecting minors from accessing inappropriate content. This pressure emanates from regulators, parents, and advocacy groups who are concerned about the potential harms of online environments. Second, the article explores the privacy implications of using facial recognition technology for age verification. While Discord emphasizes the privacy-preserving nature of its system, relying on Yoti's intermediary role, concerns remain about the collection and potential misuse of biometric data. The article notes that the system is initially optional, only applying to users attempting to join age-restricted servers who have not previously verified their age through traditional methods like credit card information.

  Further, the article discusses the potential for this development to signal a broader shift in online age verification practices. It suggests that other platforms may follow suit, adopting similar technologies to address the growing demands for online safety and regulatory compliance. The article also acknowledges the limitations of age verification technology, noting that systems like Yoti's provide age estimates rather than precise age confirmations, introducing the possibility of errors and inaccuracies. Finally, the article explores the user experience aspect of such systems, recognizing that requiring users to provide biometric data could create friction and potentially deter some users from accessing certain online spaces. The article concludes by positioning Discord's move as a potentially pivotal moment in the ongoing evolution of online identity verification and the increasing integration of biometric technologies into online interactions.

  • Discord
  • age verification
  • Face Scanning
  • biometrics
  • privacy
  • online safety
  • Children's Online Privacy Protection Act (COPPA)
  • Regulation
  • social media
  • Technology
  • AI
  • artificial intelligence

  Summary of Comments ( 356 )
  https://news.ycombinator.com/item?id=43715884

  Verbose tl;dr

  Hacker News users discussed the privacy implications of Discord's new age verification system using Yoti's face scanning technology. Several commenters expressed concerns about the potential for misuse and abuse of the collected biometric data, questioning Yoti's claims of data minimization and security. Some suggested alternative methods like credit card verification or government IDs, while others debated the efficacy and necessity of age verification online. The discussion also touched upon the broader trend of increased online surveillance and the potential for this technology to be adopted by other platforms. Some commenters highlighted the "slippery slope" argument, fearing this is just the beginning of widespread biometric data collection. Several users criticized Discord's lack of transparency and communication with its users regarding this change.

  The Hacker News post "Discord's face scanning age checks 'start of a bigger shift'" has generated several comments discussing the implications of Discord's new age verification system, which uses Yoti's facial analysis technology. Users express a range of concerns and opinions.

  A prominent sentiment is skepticism and apprehension regarding privacy. Several commenters question the security and potential misuse of biometric data collected through the system. They worry about the creation of large datasets of facial scans vulnerable to breaches or exploitation by governments or corporations. The lack of transparency about how Yoti handles and stores this data fuels these concerns. Some also express discomfort with the idea of a third-party company, Yoti, having access to such sensitive information.

  Several users discuss the accuracy and potential biases of facial recognition technology. They point out that such systems have historically exhibited biases based on factors like race and gender, raising concerns about unfair or discriminatory outcomes for certain user groups. Commenters also speculate on the potential for circumvention by minors using fake IDs or manipulating the system.

  The discussion also touches on the broader implications of age verification and content moderation online. Some commenters argue that age verification measures, while potentially well-intentioned, could erode online privacy and freedom of expression. Others raise concerns about the slippery slope, fearing that such technologies could be used for more intrusive forms of surveillance or control in the future.

  Some commenters offer alternative approaches to age verification, suggesting methods that don't rely on facial recognition, such as credit card verification or government-issued IDs. However, these alternatives are also met with counterarguments regarding their own limitations and privacy implications.

  Finally, a few comments specifically criticize Discord for implementing this system, accusing the platform of succumbing to pressure from regulators or prioritizing perceived safety over user privacy. There is a general feeling among some commenters that this move represents a worrying trend towards increased surveillance and control in online spaces.

• Revolt: Open-Source Alternative to Discord

  permalink

  Posted: 2025-03-06 08:47:32

  Verbose tl;dr

  Revolt is a free and open-source alternative to Discord, offering a similar feature set with a focus on user privacy and community control. It features text and voice channels, direct messaging, file sharing, rich text editing, and voice chat, all hosted on its own servers. Revolt aims to provide a transparent and extensible platform, allowing users to self-host or contribute to its development. Its client is available on desktop and web, with mobile apps planned for the future. The project prioritizes community involvement and customization, giving users more control over their communication experience.

  Revolt presents itself as a robust, open-source alternative to the popular communication platform, Discord, emphasizing user freedom and control. The project aims to provide a fully-featured chat experience comparable to Discord, but with the added benefits of transparency and community-driven development inherent in open-source software. Revolt boasts a comprehensive set of features, including direct messaging, server creation with customizable roles and permissions, voice and video calling capabilities, file sharing, and rich text formatting. Furthermore, the platform prioritizes user privacy and data security, offering end-to-end encryption options and self-hosting possibilities, empowering users to maintain complete control over their communication data. This self-hosting option allows individuals and communities to operate their own Revolt instances, independent of any centralized authority, further solidifying the principle of decentralization.

  The platform's open-source nature facilitates community contributions, allowing developers and users to contribute code, identify and fix bugs, and propose new features. This collaborative approach fosters a dynamic environment where the platform can continually evolve and adapt to the needs of its users. Revolt also champions customizability, offering a range of themes and plugins to personalize the user interface and extend functionality. This allows users to tailor the platform to their specific preferences and integrate with other services. The project aspires to create a viable and thriving alternative to proprietary communication platforms, providing a community-owned and controlled space for online interaction, collaboration, and community building, all while maintaining a high level of performance and feature parity with established alternatives. By prioritizing open access, community involvement, and user autonomy, Revolt seeks to establish a new paradigm for online communication that prioritizes freedom and control in the hands of the users.

  • Revolt
  • Discord
  • Alternative
  • open-source
  • Chat
  • Messaging
  • Communication
  • instant messaging
  • VoIP
  • group chat
  • Community
  • privacy
  • self-host
  • Federation
  • Matrix
  • XMPP
  • Decentralized

  Summary of Comments ( 264 )
  https://news.ycombinator.com/item?id=43277918

  Verbose tl;dr

  Hacker News users discussed Revolt's potential as a Discord alternative, praising its open-source nature and commitment to user privacy. Several commenters expressed interest in self-hosting, viewing it as a significant advantage. Some questioned Revolt's long-term viability and ability to compete with Discord's network effects and feature set, while others pointed to Matrix as a more established alternative. Concerns were also raised about moderation challenges and potential abuse on a decentralized platform. A few users shared their positive experiences using Revolt, highlighting its performance and clean interface, though acknowledging it's still under development. Overall, the comments reflect cautious optimism about Revolt, with many hoping it succeeds but recognizing the hurdles it faces.

  The Hacker News post titled "Revolt: Open-Source Alternative to Discord" sparked a discussion with a moderate number of comments, primarily focusing on Revolt's potential, its comparison to Discord and Matrix, and the challenges of building a successful open-source community platform.

  Several commenters expressed interest in Revolt as a viable alternative to Discord, praising its open-source nature and potential for greater user control and privacy. Some voiced frustration with Discord's perceived shift towards commercialization and centralization, seeing Revolt as a promising solution. However, many also acknowledged the significant network effect enjoyed by Discord, questioning whether Revolt could realistically compete with such an established player.

  A recurring theme in the discussion was the comparison between Revolt and Matrix. Some commenters argued that Matrix, with its decentralized architecture and existing user base, offered a more robust and mature alternative to Discord. They questioned the need for another similar platform, suggesting that efforts might be better spent contributing to the Matrix ecosystem. Others countered this by pointing to perceived usability issues with Matrix and its steeper learning curve, arguing that Revolt's simpler, more Discord-like interface could attract a wider audience.

  The challenges of building a thriving community were also discussed, with commenters emphasizing the importance of moderation, feature development, and user experience. Some expressed concerns about potential moderation difficulties and the risk of Revolt becoming a haven for undesirable communities if not managed carefully. Others highlighted the need for consistent development and a clear roadmap to build trust and attract users.

  Several technical aspects of Revolt were also touched upon, including its use of technologies like Rust and Postgres, with some commenters praising these choices while others raised questions about scalability and performance.

  Overall, the comments reflected a mixture of cautious optimism and pragmatic skepticism about Revolt's prospects. While acknowledging its potential and the appeal of an open-source alternative to Discord, many commenters recognized the significant hurdles faced by any new platform attempting to compete in this space. The discussion highlighted the importance of community building, user experience, and careful consideration of existing alternatives like Matrix.

• Discord client that works on Win95*, Win98 and above

  permalink

  Posted: 2025-02-03 11:49:49

  Verbose tl;dr

  DM is a lightweight, unofficial Discord client designed to run on older Windows operating systems like Windows 95, 98, ME, and newer versions. Built using the Delphi programming language, it leverages Discord's web API to provide basic chat functionality, including sending and receiving messages, joining and leaving servers, and displaying user lists. While not offering the full feature set of the official Discord client, DM prioritizes minimal resource usage and compatibility with older hardware.

  This GitHub repository, titled "Discord Messenger (dm)," houses a project dedicated to creating a Discord client compatible with older versions of Microsoft Windows, specifically targeting Windows 95, Windows 98, and subsequent releases. The project aims to provide users of these legacy operating systems with access to the Discord communication platform. While Discord's official client has evolved with modern operating system advancements, leaving behind compatibility with earlier Windows versions, this project seeks to bridge that gap. It attempts to recreate the core Discord experience within a framework that can function on the limited resources and older architecture of these systems. The technical details within the repository likely involve utilizing compatible libraries and potentially employing strategies to optimize performance on less powerful hardware. This allows users who maintain these older systems, whether due to preference, necessity, or specific technical constraints, to connect with communities and individuals on Discord. The project represents a significant undertaking, addressing the challenges of software compatibility and ensuring the functionality of a modern platform on aged operating systems.

  • Discord
  • Client
  • Windows
  • Win95
  • Win98
  • Retrocomputing
  • Vintage
  • Legacy
  • Operating System
  • Messaging
  • Chat
  • Community
  • Software
  • Application
  • Open Source
  • GitHub

  Summary of Comments ( 133 )
  https://news.ycombinator.com/item?id=42917268

  Verbose tl;dr

  Hacker News users discuss the Discord client for older Windows systems, primarily focusing on its novelty and technical ingenuity. Several express admiration for the developer's skill in making Discord, a complex modern application, function on such outdated operating systems. Some question the practical use cases, while others highlight the potential value for preserving access to communities on older hardware or for specific niche applications like retro gaming setups. There's also discussion around the technical challenges involved, including handling dependencies and the limitations of older APIs. Some users express concern about security implications, given the lack of updates for these older OSes. Finally, the unconventional choice of Pascal/Delphi for the project sparks some interest and debate about the suitability of the language.

  The Hacker News post about the Discord client for older Windows systems generated a moderate amount of discussion, with several commenters expressing interest and appreciation for the project.

  Many comments focused on the technical aspects. One user questioned the choice of using Electron for the client, arguing that a native application would offer better performance, particularly on resource-constrained older hardware. They suggested exploring alternatives like using a minimalist GUI framework or even a terminal-based interface for improved efficiency. This sparked a small back-and-forth with other users about the trade-offs between development ease (favoring Electron) and performance.

  Another commenter praised the project for its potential to bring modern communication tools to older systems, highlighting the value in keeping older hardware functional and accessible. They pointed out that many people might still have working older machines and could benefit from having access to Discord.

  Several users expressed curiosity about the project's compatibility with specific older operating systems and hardware configurations. One asked about support for Windows ME, while another inquired about performance on systems with limited RAM. The developer responded to some of these queries, clarifying supported operating systems and offering insights into performance considerations.

  A few commenters shared their personal experiences with older hardware and software. One recounted their fondness for Windows 98 and expressed interest in trying the Discord client on an old machine. Another mentioned using older systems for retro gaming and expressed appreciation for projects that breathe new life into vintage hardware.

  Some comments touched upon the security implications of using a modern application on older operating systems. One user raised concerns about the potential vulnerabilities of older systems and the risks associated with running software that might not be fully compatible with the security features of these platforms.

  Overall, the comments reflect a positive reception to the project, with many users expressing interest in its potential and appreciating the effort to bring modern software to older hardware. There's also a notable thread of technical discussion regarding the choice of Electron and its performance implications. Finally, some users touched upon the nostalgia and practical value of keeping older systems functional.

• 0-click deanonymization attack targeting Signal, Discord, other platforms

  permalink

  Posted: 2025-01-21 14:59:44

  Verbose tl;dr

  A security vulnerability, dubbed "0-click," allowed remote attackers to deanonymize users of various communication platforms, including Signal, Discord, and others, by simply sending them a message. Exploiting flaws in how these applications handled media files, specifically embedded video previews, the attacker could execute arbitrary code on the target's device without any interaction from the user. This code could then access sensitive information like the user's IP address, potentially revealing their identity. While the vulnerability affected the Electron framework underlying these apps, rather than the platforms themselves, the impact was significant as it bypassed typical security measures and allowed complete deanonymization with no user interaction. This vulnerability has since been patched.

  A newly disclosed vulnerability, dubbed the "0-click deanonymization attack," poses a significant threat to user privacy on several popular communication platforms, including Signal, Discord, and others employing WebRTC, a real-time communication technology. This attack exploits a subtle flaw in the way these platforms handle IP address leaks within WebRTC connections, allowing a malicious actor to uncover the IP address of a target user without any interaction from the target—hence the "0-click" designation.

  The exploit leverages Session Traversal Utilities for NAT (STUN) and Interactive Connectivity Establishment (ICE) servers, integral components of WebRTC's functionality. These servers facilitate the establishment of peer-to-peer connections by assisting clients in discovering their public IP addresses and traversing network address translation (NAT) gateways. Normally, these IP addresses are exchanged between communicating parties. However, the vulnerability arises from the fact that these platforms inadvertently expose IP addresses to STUN/ICE servers even before a connection is fully established, and crucially, even if the target user declines or ignores a call.

  The attacker initiates a WebRTC connection request to the target user. Even if the target doesn't accept the call, the target's client still interacts with the STUN/ICE servers, revealing its IP address in the process. The attacker, by controlling or monitoring the STUN/ICE server, can passively intercept this communication and capture the target's IP address. This allows for deanonymization, linking the target's online identity on the platform to their real-world location and potentially revealing their true identity.

  This vulnerability is particularly insidious because it requires no action from the target user. Merely receiving a connection request, even an ignored or rejected one, is sufficient for the attack to succeed. This bypasses traditional defenses against IP address leaks, such as disabling WebRTC entirely or using VPNs, as the leakage occurs before these protective measures can effectively intervene. While VPNs might mask the true IP address, the timing correlation between the call attempt and the observed IP address on the VPN server could still provide valuable information to a determined attacker.

  The technical details of the exploit involve manipulating the JavaScript execution within the target's browser to control the flow of WebRTC negotiation and observe the STUN/ICE server interactions. The author of the disclosure emphasizes the simplicity of the attack and its broad applicability to any platform utilizing WebRTC without adequate safeguards. The potential consequences of this vulnerability are serious, ranging from targeted harassment and doxing to large-scale surveillance and privacy breaches.

  • signal
  • Discord
  • deanonymization
  • privacy
  • Security
  • Vulnerability
  • attack
  • metadata
  • 0-click
  • Exploit
  • IP address
  • online privacy
  • communication platforms
  • messaging apps

  Summary of Comments ( 294 )
  https://news.ycombinator.com/item?id=42780816

  Verbose tl;dr

  Hacker News commenters discuss the practicality and impact of the described 0-click deanonymization attack. Several express skepticism about its real-world applicability, noting the attacker needs to be on the same local network, which significantly limits its usefulness compared to other attack vectors. Some highlight the importance of the disclosure despite these limitations, as it raises awareness of potential vulnerabilities. The discussion also touches on the technical details of the exploit, with some questioning the "0-click" designation given the requirement for the target to join a group call. Others point out the responsibility of Electron, the framework used by the affected apps, for not sandboxing UDP sockets effectively, and debate the trade-offs between security and performance. A few commenters discuss potential mitigations and the broader implications for user privacy in online communication platforms.

  The Hacker News post titled "0-click deanonymization attack targeting Signal, Discord, other platforms" generated a significant discussion with a variety of comments. Several commenters focused on the technical aspects of the exploit, highlighting how seemingly innocuous features like generating link previews could be manipulated to leak IP addresses. There's a strong consensus that the core issue stems from servers fetching content from user-supplied URLs without proper safeguards.

  Some commenters questioned the "0-click" nature of the attack, arguing that a user still needs to engage with a message containing a malicious link, even if they don't explicitly click it. Others pointed out that the practicality of the attack is limited by the need for the attacker to control a server capable of logging IP addresses connecting to it.

  The discussion also touched upon the responsibility of different platforms. Some commenters argued that platforms like Signal and Discord should have implemented better protections against this type of attack, while others emphasized that the underlying issue lies with the broader ecosystem of link previews and the lack of standardized security measures.

  A few commenters provided technical insights into potential mitigations, including the use of proxy servers for fetching previews and stricter validation of URLs. The feasibility and potential downsides of these solutions were also debated.

  Some users shared anecdotal evidence of similar attacks or vulnerabilities they've encountered in the past, reinforcing the concern about the potential for abuse of link preview functionality.

  Finally, there was some discussion about the ethical implications of researching and disclosing such vulnerabilities, with opinions varying on the responsible approach to handling such sensitive information. The overall sentiment seems to be one of concern about the potential privacy implications of this attack vector and the need for a broader industry response to address the underlying issues.