Prologue
Navigation
Introduction
TL;DR
The Table of Instant Messaging Systems
Name | Spyware Rating | Network Architecture | Operating System | License | Verdict |
Adamant | Unrated | Decentralized, Blockchain | Android and Web | GPLv3 | ? |
Briar | Unrated | Decentralized, P2P | Android | GPLv3 | Probably okay |
Cabal | Unrated | ? | Electron | AGPLv3 (core), GPLv3 (client) | ? |
Cwtch | Unrated | Decentralized, Semi-P2P | Linux, Windows, macOS, iOS & Android | MIT | ? |
DeltaChat | Unrated | Decentralized, same as email | Various | MPLv2, GPLv3 | Probably okay |
Discord | Extremely High | Centralized | Web Interface and Electron, 3rd party clients prohibited | Proprietary | Do Not Use |
IRC | Unrated | Distributed, Load balanced | Various, depends on client | Depends on implementation, usually open source | Good |
Jami | Unrated | Decentralized, P2P | Various | GPLv3 | Probably okay |
Keybase | Unrated | Centralized | Linux, Windows, Mac, Android, iOS | Custom Open Source (Client), ? (Server) | Do Not Use |
Matrix | Unrated | Decentralized w/ dominant instance (matrix.org), Federated | Web Interface and electron (official client), Various (3rd party clients) | Apache (official implementations), various (other) | Avoid When Possible |
Psyc | Unrated | Decentralized, Federated | Various | ? | ? |
Signal | Unrated | Centralized | Various | MIT | Avoid |
Session | Unrated | ? | ? | ? | ? |
Skype | Unrated | Centralized | Various | Proprietary | Do Not Use |
Telegram | Unrated | Centralized | Various | Open Source (client), Closed Source (server) | Do Not Use |
Threema | Unrated | Centralized | Android, iOS, Web | GPLv3 (client), Proprietary (server) | Avoid |
Tox | Unrated | Decentralized, P2P | Various | GPLv3 | Avoid When Possible |
Utopia | Unrated | ? | ? | ? | ? |
Wire | Unrated | Centralized | Various | AGPLv3, GPJv3 | ? |
Unrated | Centralized | Various | Proprietary | Do Not Use | |
XMPP | Unrated | Decentralized, Federated | Various, depends on client | CC-BY-SA 2.0 (specification), Various (client) | Good |
Instant Messaging Systems Notes
Adamant
Briar
Cabal
Cwtch
DeltaChat
Discord
For the love of god please do not use this platform.
Discord by OpenFeint Ltd
I think Discord is not appropriate for anyone because, contrary to popular belief, it works against the user in many ways.
Besides being spyware, Discord has implemented a black box system to flag accounts automatically, having to now follow a dubious-at-best laundry list to not be coerced into giving them your phone number. You may not believe my personal account, but I was banned from 3 accounts for using a custom client (Ripcord). The following things were taken care of, however they were futile efforts:
- Changed IP address
- Used popular email services (google mail and mail.com)
- Used spare phone numbers, every time I was asked to verify it
- maybe other things, ask me for more
On all 3 accounts, whenever I responded to a direct message, it got my account disabled. All 3 times, with an email response stating I would not get my account back. Also, when a friend's account was disabled, he said he was transsexual, and it got him unbanned. There have also been cases of users suspected to be under the minimum age for Discord, that is 13, being requested to send their government-issued ID: [1] [2, in Russian].
Tangentially, don't forget about those staffed at Discord (cub porn scandal) and their marketing strategies (built on shilling). They also have a blatant political bias. (free speech for me but not for thee...)
But it gets worse. There is also public proof they automate analysis of anything you put through their network. A prime example is their purchase of Sentropy, an "AI anti-harassment company". One can only wonder where they came from... Another one is them using Google Cloud Storage for their CDN, as one can clearly see a reference to it when a file is unsuccessfully accessed:
<?xml version='1.0' encoding='UTF-8'?> <Error> <Code>AccessDenied</Code> <Message>Access denied.</Message> <Details> Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object. </Details> </Error>
You could presume they are just using this for affordability reasons, however, Microsoft's PhotoDNA is known to be used by Discord: (original) (local archive)
We reported 6,948 accounts to NCMEC during the second half of 2020. This figure represents distinct accounts reported and not the total number of reports submitted.
The majority of our reports were for child sexual abuse images flagged by PhotoDNA hashing software. Trust & Safety reviews all flagged images and reports confirmed instances of child-harm content. These totals are represented as “Media reports” in the graph above.
Another 83 of our reports were for higher-harm grooming or endangerment situations. Trust & Safety thoroughly investigates all cases that could result in immediate harm to a minor. We partner closely with NCMEC to ensure that time-sensitive escalations receive prompt attention.
Realistically, the only way PhotoDNA could do this is if it had samples to compare to, and that seems to be the case (note the infographic's source). They hash the images first, of course, but there's still the question: where do they get those samples from? Hmmmm...
Anyway, this is just speculation, but I believe with all this proof of weird automation, it would not be far-fetched to say they are also using Google CloudVision AI to identify and datamine the contents of all images in general (the whole botnet package, right?).
Now, to round it off, Discord's founder Jason Citron had founded a company called OpenFeint which was subject to a class action suit over privacy issues (more info here). He sure learned a lesson from that, it's impossible to do that against Discord now. [youtube] [local backup]
Alternatives?
I don't mean to market to you with this little writeup (once again, not like them...). But XMPP and Mumble have worked quite well for me so far. Not only are they quite feature rich in their own right, but you have the promises of independence, security and privacy. They're also computationally effective and bandwidth effective, even moreso than Discord. I suggest you try them out as an alternative for online communication at any scale.
But the alternatives don't have everything Discord has!
With time, I've either found those features' ideas manifested in a different way, or just either forgot about them or don't miss them.
Although personally I don't do video conferencing, I've heard about Jitsi Meet, Spreed and BigBlueButton. Hopefully some XMPP clients are able to leverage jitsi-videobridge in the future, instead of having to use its WebRTC interface (Jitsi Meet).
It's clear this happens throughout history, but, right now, Discord has faciliated the descent into a mindset in which the person is a slave of himself, impulsed by emotionality, almost losing a capacity of insight. At least, that's what it seems like when I bring up the Discord Question to any Discord user.
The vicious cycle of "but all my friends use Discord" can only be ended by realizing that's what Discord itself WANTS happening, and working actively to escape it. I invite you to begin a migration to a better communications system right now, because tomorrow you'll say "tomorrow", and it will never happen.
Others have written about why Discord is really terrible:
IRC
Jami
Keybase
Will collect your data, especially if unencrypted.[1] You also can't talk about weapons or firearms.[2]
- 1. Keybase Review – No Longer Recommended (Privacy Issues) - Restore Privacy, 2/17/2022 https://restoreprivacy.com/secure-encrypted-messaging-apps/keybase/ http://web.archive.org/web/20220605073948/https://restoreprivacy.com/secure-encrypted-messaging-apps/keybase/
- 2. Acceptable Use Policy - Keybase Docs, 7/23/2021 https://keybase.io/docs/acceptable-use-policy http://web.archive.org/web/20220606045614/https://keybase.io/docs/acceptable-use-policy
Matrix
The reference server implementation (Synapse) is massively bloated and very poorly performing. The premier alternative, Construct, is purportedly treated in a hostile way[3] by the reference developers.
The official (massive) instance, matrix.org, is Cloudflared and employs a Google ReCaptcha to keep people away, and is hosted on Amazon servers. If you do use Matrix, be sure to use an independent homeserver or self-host.
- 3. Hacker News - Riot/Matrix is a chat standard, but it's not an open standard, 3/12/2019 https://news.ycombinator.com/item?id=19365968