> “The amount of the fine was decided regarding the breaches identified, the number of people concerned, but also taking into account the efforts made by the company throughout the procedure to reach compliance and the fact that its business model is not based on the exploitation of personal data,” the regulator said.
> the fact that its business model is not based on the exploitation of personal data
Is it? I suppose you can take their turning down of Microsoft as a token of good faith, but it's also possible that they just think they can cash out for more in the future. If that's the case, then accumulating a massive user dataset is very much the business model, because the business model is to eventually sell the company for as much as possible.
Not that I trust discord for sensitive communications but I'm personally quite happy to pay $ for my animated emojis and increased upload limit instead of them monetizing my info.
> its business model is not based on the exploitation of personal data,
That's strange, given the software's functionality includes showing friends and people in servers you're in what games you're playing, for how long, and even what game mode and so on. There's zero chance they're not monetizing that in some fashion. Almost certainly in aggregate, but I'd be shocked if they aren't doing non-aggregate data sharing behind some very tightly closed doors.
Also, just an fyi that tencent has heavily invested in Discord - though the exact amount is unknown.
That doesn't quite hold for gdpr fines. It's a fine + you're going to comply, or we'll start stacking more fines. By definition this is a fine on top of the cost of compliance.
There are a lot of different ways to measure this. You could look at this as renting time for non-compliance. What they were able to work on by kicking this can down the road I don't know.
I personally don't want my old accounts to be deleted. Just because I don't sign on to a site that doesn't mean I want everything to be deleted.
>Closing the Discord window doesn't quit the entire application and just closes the window
This is normal behaviour of programs. In fact most macos programs work this way. Windows still shows Discord in the bottom right no people can access it if they need it even if they don't want a window for it.
>Discord's password requirements were not what they wanted
Most people's discords accounts are stolen via token stealers and not by having their passwords guessed. They had proper rate limiting so this isn't a big deal.
>They didn't create various paperwork
Legal compliance is annoying.
I hate how foreign governments can trample over US products.
> This is normal behaviour of programs. In fact most macos programs work this way. Windows still shows Discord in the bottom right no people can access it if they need it even if they don't want a window for it.
On my computer it goes to a little arrow menu in the bottom left where you can't see it unless you click in. And when I first found out this behavior I ended up accidentally treating a lobby to some very bad singing.
I'm very skeptical of GDPR regulation, including multiple of the other things CNIL listed here. (If your "data protection impact assessment" concludes that there's nothing high-risk, doesn't that suggest it wasn't in the GDPR's bucket of "likely to result in a high risk"?) But this point seems pretty reasonable.
You would hate living in those foreign governments and seeing us companies with their free infinite money trample everything first, then. Imagine competing against a foreign company that genuinely doesn't even care about making a profit
> This is normal behaviour of programs. In fact most macos programs work this way. Windows still shows Discord in the bottom right no people can access it if they need it even if they don't want a window for it.
Excuse me, it's the EU who determines what is normal and what is not. Not some decades old conventions.
Hahaha. Yes some stodgy bureaucrats surely know more than designers of OS and software. Please. There's definitely a gap to bridge but let's not pretend one side knows everything.
Government going for the win over social media by levying fines. It's a bold move Cotton, let's see how it pays off. Surely government will save us from social media!
I take it you didn't read the article. The fine is low in part because discord cooperated and proactively complied with the regulator's orders before the fine was issued.
So the problem with Discord is that following GDPR would just make for a really crappy user experience.
Let's say you're a community moderator, and you type out the rules for the community. Well... now, unless someone wants to re-do everything you did, those rules will forever say, "YourName said..." and if someone leaves a server, and asks for their content to be removed... it would make for a big mess for users and moderators, "See the pinned posts!" "Uh, what pinned posts?"
Also, quotes and replies of your messages... do those have to be removed? Someone responds to your message, and quotes, "> YourName said..." before their response. And along the same logic... there are a lot of bots that automatically track all the updates to messages, so that people can't say something nasty, and edit it and say, "No, I didn't say anything nasty!" The bots see all... and normally they record it in a public channel for the admins, where the bot just says, "YourName edited their post from X, to Y!" Do all those have to be removed?
Not to mention emoji, and sponsorship, and the list of "joined the server" / "YourName kicked SomePunk because..." where the admin leaves a note outlining why they booted someone. Would all that have to be expunged upon request?
Dunno man, I'm all for GDPR, but I think Discord is sort of like Hacker News... like public forums shouldn't have to remove content someone put up. Just find a way to change ownership or change YourName to [DeletedUser123] would be fine... still sucks from a UX perspective I think, and all the messages quoting you, and bots recording your changes... those are still there. Can't really un-pee in the pool. But you know that using Discord.
Edit... I confused GDPR with CCPA for "request to export" / "request to delete" -- sorry. Meh, I'll leave this up because I'm an idiot, and I still think Discord / "public" places should be except from requests to delete data.
> At the time of the online investigation, when creating an account on DISCORD, a password of six characters including letters and numbers was accepted.
> The restricted committee considered that DISCORD's password management policy was not sufficiently strong and restrictive to ensure the security of users' accounts.
Ahh yes, finally, government-enforced password policies. They have lost their mind.
> However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
Getting fined for the the system tray behavior is a little much, that's how all chat apps have behaved going all the way back to at least AIM (and Trillian, Pidgin, etc) and I'm assuming before then as well, and its good UX that's why it's been copied for so long. I'm actually annoyed that WhatsApp desktop doesn't have this feature.
> When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room. However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
>
> DISCORD's behavior is different and may lead to users being heard by other members in the voice room when they thought they had left. The restricted committee considered that DISCORD should specifically inform users by making them aware that their words are still being transmitted and heard by others.
>
> However, as part of the procedure, DISCORD INC.set up a pop-up window to alert people connected to a voice room, when the window is closed for the first time, that the DISCORD application is still running and that this setting can be changed directly by the user.
Rather the issue was that you could close to tray while in a call without any prompt.
Too late to edit this now but it appears I fumbled the quote so here it is again properly formatted.
When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room. However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
DISCORD's behavior is different and may lead to users being heard by other members in the voice room when they thought they had left. The restricted committee considered that DISCORD should specifically inform users by making them aware that their words are still being transmitted and heard by others.
However, as part of the procedure, DISCORD INC.set up a pop-up window to alert people connected to a voice room, when the window is closed for the first time, that the DISCORD application is still running and that this setting can be changed directly by the user.
This is especially daft considering the vast majority of credit and debit card PINs are four or six numerical-only digits. At least the discord password could be alphanumeric plus symbols. Why is a Discord password being held to higher standards than a bank card PIN?
Because the bank card chip is irremediably blocked after three wrong tries, and you need to submit documentation to your bank to get a new PIN. I don't think discord forces users to reset their password via snail mail after three wrong tries.
> Ahh yes, finally, government-enforced password policies. They have lost their mind.
Sure arguing over the password policy itself is somewhat silly however those shorter/lower complexity passwords are trivial to crack in the event of a data leak even when properly salted and hashed.
> And they have thoughts on UI design too!
This one makes perfect sense. The complaint is that you can close the window while in a call without any prompts. It's not that the UX is bad (IMHO it's very useful) but that it can lead to accidental leaks of information that could be trivially avoided with minor changes.
The solution to this is trivial. Prompt on close (but not minimise) when in a call to warn the user and provide a setting to hide this prompt.
Prompt on close is very bad solution in terms of UX.
For example, I never click minimize in Discord because I hate non-tray apps if I need them in background. I dislike Obsidian for that because I can't even use RBTray without enabling native window frame which is worse than standard.
And because of habit to have minimize-to-tray on [x] I would also dislike moving that option to [_] and reserve [x] to exit. I know I will just press it because of habit and close my active chat with app. And discord is not fast app to load on my PC.
But technically it will be best solution if they want to comply with the requirements of officials. Or maybe already implemented one-time prompt is enough for them.
It's only a bad solution if it's not disable-able and it happens in all cases (rather than only when the user is still in a call).
Ideally it's a warning that you can disable. With safety/privacy it's generally preferable to have warnings as the default and allow users to take the trainer wheels off rather than risk a new user exposing themself accidentally.
Yes, that would work too and quite good practice.
But not sure if I like that it's push from officials anyway, especially when I see that's adjacent to other "breaches" in that document.
The password thing is silly, but the actual complaint with "X minimizes to tray" is that it doesn't disconnect ongoing voice calls, which _could_ be confusing.
When a user logged into a voice room closes the DISCORD application window by clicking on the "X" icon at the top right of the window in Microsoft Windows, they actually just put the application in the background and stay logged into the voice room. However, in Microsoft Windows, clicking on the "X" at the top right of the last visible application window will exit the application for the vast majority of applications.
DISCORD's behavior is different and may lead to users being heard by other members in the voice room when they thought they had left. The restricted committee considered that DISCORD should specifically inform users by making them aware that their words are still being transmitted and heard by others.
However, as part of the procedure, DISCORD INC.set up a pop-up window to alert people connected to a voice room, when the window is closed for the first time, that the DISCORD application is still running and that this setting can be changed directly by the user.
https://news.ycombinator.com/item?id=33637977 (258 points | 9 days ago | 285 comments)