DEF CON Forum Site Header Art


No announcement yet.

DEF CON Safe Mode Platform Discussion

  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    privacy concerns with discord seem to be... *shrug*?

    4 years ago

    Hey there.

    CTO of Discord here.

    This part of the ToS is to allow us to send data through Discord on your behalf. This statement does exist in Slack but its definitely phrased differently.

    " In order for us to provide the Service to you, we require that you grant us certain rights with respect to Your Data. For example, we need to be able to transmit, store and copy Your Data in order to display it to you and your teammates, to index it so you are able to search it, to make backups to prevent data loss, and so on. Your acceptance of this TOS gives us the permission to do so and grants us any such rights necessary to provide the service to you, only for the purpose of providing the service (and for no other purpose). This permission includes allowing us to use third-party service providers (such as Amazon Web Services) in the operation and administration of the Service and the rights granted to us are extended to these third parties to the degree necessary in order for the Service to be provided."

    I have asked our CEO to look into making it sound more friendly. We have no intention of using your data for anything and hopefully we can clear that up in our ToS with friendlier language. It is currently this way "because lawyers". :)

    From their privacy policy @


    No Sale of Personal Information: The CCPA sets forth certain obligations for businesses that sell personal information. We do not sell the personal information of our users.


    The Company is based in the United States. No matter where you are located, you consent to the processing and transferring of your information in and to the U.S. and other countries. The laws of the U.S. and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.
    So a) at least they claim that data is not sold, and b) obviously they must comply with federal regulations - which means the service could be compelled to fork over identifying data by the US, but this should be expected of literally any such service.

    I don't think we have to be reasonable concerned about discord re:privacy, but then again i'm not planning to talk about 0-days or totalitarian regimes in a discord server. I think it's reasonable to say "it's an open service, assume it's heavily monitored, don't be a sheep" as a disclaimer and the privacy issue is a non-issue.


    • #32
      Discord cannot be used without an account

      Guest Access: NO


      • Dark Tangent
        Dark Tangent commented
        Editing a comment
        Actually it can, but then we would be overrun by trolls. You can set the server to be essentially none (Only a link is needed), email account, or phone number verified account.

    • #33
      Discord works with a temp username, its a setting set in the invite you create for the server


      • #34
        +100 for Twitch - great software, super solid, allows for monetization.

        I don't believe Twitch allows simulcast on Youtube, but we may be able to negotiate/allow third party coverage by vloggers.

        I believe IRC and Discord should both be in play for text, so Riot could be a good choice.

        For an immersive experience, I might actually be able to pull together a full-fledged MMOG with embedded video streams and some cool holographic captures of speakers.


        • #35
          came here to voice support for Twitch or YouTube as the main broadcast media.

          whatever platform is used (seems like Twitch is winning on popular support here?) i'd very much hope to see one sort of "reception hall, general commentary" channel going almost at all times, with some notable folk serving as hosts, discussing things that are going on, what's a hot topic coming up next, etc. that kind of channel can be the place many users "return" to after watching something for a while, and they can get ideas as to what else to check out next.

          for discussion... i'm massively a fan of Slack over Discord, but i may be in the minority there. Discord is fine if you're trying to bolt-on a lot of additional functionality beyond simply talking. But Slack excels at a *clean* and simple interface. There are bots and other tools that can augment Slack to great effect (with MasksForDocs, for example, we have all kinds of awesome triggers and bot actions integrated with it) but its main focus is on being a simple and straightforward chat, and that's what makes it great and easier to use for the masses.
          "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
          - Trent Reznor


          • EvilMoFo
            EvilMoFo commented
            Editing a comment
            I too much prefer slack over discord. However, when it's free, that 10k message retention limit is pretty obvious with ~500 active users; that limit would be brutal with thousands of people chatting at once. Likewise, paying for slack is a bit ridiculous considering the amount of people that would surely join. For this reason, discord likely makes the most sense when it comes to usability (phone app, web interface, etc); especially considering the self-hosted / on-prem options seem to be unable to scale well.

            The few popular streams I have seen with chat enabled on youtube, along with a couple random twitch videos I have glanced at, have such a sheer volume of chat messages that it's seemingly impossible to interact in any meaningful way.

          • ohmr
            ohmr commented
            Editing a comment
            I agree. I voice support for Twitch *and* YouTube at the same time. I have streamed to both platforms at the same time using The Speaker/presenters join over Webex and then the audio and video is streamed over to both platforms at the same time. That way you can get the best of both worlds. You can even have people participate in the chats over Discord. I am doing this for the Red Team Village Mayhem event this weekend.

          • abaranov
            abaranov commented
            Editing a comment
            The main issue is that messages on a DefCon Slack will disappear in a manner of hours, if not minutes.
            Also, Discord have a "clean" version which is pretty useable.
            And Discord has a really cool RBAC (yes, role-based-access-control) so you can assign people different roles and they will have access to different channels and different abilities on those channels. When I saw this - this alone sold Discord for me.

        • #36

          The Villages have been looking at social, presentation, and broadcast platforms, and several organizers have helped run other virtual conferences we've learned lessons from. While there isn't a consensus around a single way that works well, we have learned several things that are worth sharing. Some of these have been mentioned above. Happy to go into more detail on these if/where it's needed.
          • It's probably worth distinguishing social/community platforms (like Slack and Discord) from presentation platforms (like Zoom and Webex). Social/community platforms tend to suck for presenting and vice-versa. However, there are lots of native or third-party integrations.
          • Some of the presentation platforms (like Discord and Go To Webinar) may support multiple simultaneous broadcast platforms. There are benefits and drawbacks to having a single broadcast channel versus putting content where people are comfortable going.
          • Most platforms have different options for meetings versus webinars. For instance, Zoom Webinar is a lot more capable for our purposes than Zoom Meetings.
          • Some platforms (StreamYard, for instance), give some broadcast TV level capabilities. For instance, dropping in text overlays and zooming into subsets of speaker views (for instance, focus on a pair of speakers who are talking, while putting all others off camera and on mute), and will pull in questions from YouTube so you can pop them up as a screen overlay.
          • Some platforms (Zencastr, though it's audio only) remotely capture high-fidelity feeds from each side so connectivity issues don't affect a recording.
          • Video mixing software packages (Open Broadcast Studio, vMix) seem to have some really cool capabilities, though they introduce an additional point of failure. For instance, some of them seem to be able to take separate remote video feeds, add professional quality overlays and screen positioning, and stream directly to broadcast channels.
          • While I like the experience of watching talks in VR, not everyone does and not everyone has the equipment. Some platforms, like AltVR, have the ability to stream YouTube in VR, so it can be an option. For instance, DEF CON Groups can set up rooms and create a group activity.
          • Some VR options, like Mozilla Hubs, have an in-browser option, while other VR platforms, like AltVR are only available on headsets or on Windows.
          • It's rumored that Zoom for Healthcare allows you to run a server on-premesis or in your own cloud environment.
          • Interactive technical content like CTFs will all have different requirements. Car Hacking Village has built some tools for gating access to physical devices with webcam to show what's happening, serial interface, and limiting the number of people testing at once. Biohacking Village is building site-to-site VPNs from a cloud infrastructure to give access to different physical devices, and will have to limit the number of people using those connections at one time.


          • #37
            Anyone have experience running a Riot server? How does it compare to Discord? We are testing Discord now and plan to try something else next and Riot looked promising.
            PGP key: valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A


            • abaranov
              abaranov commented
              Editing a comment
              Yeah but I have no people on it. :)

              Probably the best people to chat to are the ThugCrowd guys. They have a very busy server and they are very into Riot over Discord and Slack.

          • #38
            (Background: Chinese newbie living in Mainland China)

            Would like to provide some ideas about "See in China" column.

            As @darktangent said, most services familiar to you guys (like Youtube, Twitch, Discord and the internal version of Zoom) are blocked by GFW, which means inaccessible to Chinese users.

            There do have some Chinese local providers/softwares for streaming or online meeting, including:

            - Tencent Meeting: Free. Can support up to 500 people if you ask help from the support team. I knew someone who might help. However it always need a client software (or, "Miniapp" supported by WeChat), which might be disappointing.

            - (Chinese version of) Zoom: Could be free. Not connected with Internal version of Zoom. Might need registration as a Chinese company.

            - Bilibili Live, Douyu Live: Both are streaming-only platform (like Youtube Live). Chatting support is weak (only damaku is supported).

            However, due to legal and political limitations, I strongly recommend you not considering the support in Mainland China as an item of your SLA, mainly due to following reasons:

            1. Most people willing to join (or have heard little about) DEF CON will be also familiar with bypass the blocking of GFW, which is called Fan Qiang (翻墙) in Chinese, or, "F**k the GFW". Those people would nearly have no problem using Zoom, Youtube, Twitter, Discord or anything else.

            2. For those don't know how to Fan Qiang, it would be difficult if the streaming server is located in non-Mainland area. The backbone bandwidth from China itself is not really big, and limited by the capacity of GFW, and sometimes GFW & ISP would intentionally throw some packets (to sell their high reliable MPLS VPN), so accessing oversea servers directly is already difficult enough. And if you want to put you server in China, you need to Bei An (or, register) piles of stuff including domain name and server addresses to the government. Besides, you need additional ICP license to perform broadcasting on the Internet.

            3. And most importantly, medias, including network steaming, is censored in China. Even send an meme could lead to your account being banned, and I believe you have no time to check every slides being used in the DEF CON.

            But I do think there is an alternate solution:

            For streaming, find some volunteers in China, and ask them if they want to open streaming accounts in China websites and forward your stream.

            For meeting and I have no idea.


            Additional recommendations: Do NOT treat the network in China as a part of the Internet. Due to the GFW (which means both political, culture, language and other complex reasons), there is some de-facto isolation between network in and out of mainland China. Lots of software is unable to run well in both areas. Most softwares are designed only possible to run in only one area.


            • EvilMoFo
              EvilMoFo commented
              Editing a comment
              I had to stream to a service in China once and we bounced the packets through the GCP region in China to avoid external forces; so that's one way to avoid the problem of getting a stream there intact.

          • #39
            Thank you s1lv3r for that. It matches with my experience. We have been having planning calls with friends in China and hear about the same, that the live streaming part is hardest. Our partner is interested in streaming something, it is just a question of how and what.

            For all the social if people can't direct connect to (You can but it was really slow so GFW must be throttling) then it will be up to them to find a way. It's too bad because building hacker community is hard enough without the added challenges.

            PGP key: valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A


            • #40
              personally i think discords your best bet though it will be my first defcon so i dont really understand the dynamics of the con goers, the panels or the con itself really so grain of salt and all


              • #41
                I think we to need to consider that some attendees won't be able to or won't be willing to juggle multiple application or be willing to create multiple accounts to attend. I think this might be a barrier to many. It would be nice to have one integrated platform but I don't know if there is a single, inexpensive/free, solution.
                Last edited by gurneyh; May 20, 2020, 11:01.


                • Dark Tangent
                  Dark Tangent commented
                  Editing a comment
                  If you come up with a recommendation please let us know!

              • #42
                Dark Tangent

                I have run multiple Riot/Matrix servers and they are much MUCH better than just plain IRC. Multiple channels that can be end to end encrypted, can be bridged to other media, etc. Better than discord as discord has a bad track record with privacy and they will immediately shutdown our discord server if someone slightly steps foot out of line, even if they are trolling.

                For BROADCAST though, it would be better to stick with twitch or youtube: the infrastructure for thousands of viewers is already in place.

                JRWR and I have a matrix server built for the defconmeshnet, which is also encrypted, and can be scaled.

                Another thing about matrix/riot is you can create "communities", which would allow villages a distinction.
                Last edited by McL0v1n; May 20, 2020, 11:34.


                • Dark Tangent
                  Dark Tangent commented
                  Editing a comment
                  For Discord we are making channel folders for each Village and they can self manage within, saving administrative time. For Riot can you delegate permissions like that to a community?

              • #43
                Might be over the top for DEFCON but this platform looks pretty cool, will service attendees, vendors etc all under the one platform. Also used by big Players like IBM etc.


                • #44
                  Dark Tangent: For Discord we are making channel folders for each Village and they can self manage within, saving administrative time. For Riot can you delegate permissions like that to a community?
                  Yes! There's more documentation than what I sent you previously. I grabbed that while on my phone.


                  • #45
                    I'm jumping into this late... if there is a late under the circumstance... but noting apps like HackerTracker, is it conceivable to build something fast enough with needed features/streaming platforms API'ed into it?
                    I've been wanting to dive into something similar as a personal project... but historically (and unfortunately) I've been more of an integrator than a coder.
                    It seems to me that within a mobile or vr (steam/oculus) environment (in unity for instance), a YT/Discord/Riot stream could be embedded on "stage". Any unity programmers here? I haven't looked into vfairs... and will... but that seems similar to what I'm imagining.