I basically refuse to create accounts on random forums anymore. They've been the source of the vast majority of breached PIID for me over the course of my internet life because:
- The software is usually poorly written - even the big guns. I helped maintain a vbulletin forum for years and oh my god is that codebase a disaster. It also for the longest time, if not still, stored passwords in plaintext in the database.
- The people who want to have the forum rarely have the tech skills to keep up to date on security issues, let alone keep the software up to date.
- There are 'forum as a service' sites but they inevitably become essentially ad spam platforms that are intolerable to use.
So you can do this, and I might even benefit from it showing up in google searches, but I'd actually still be way more likely to use discord if I have a question.
Also, I reject the idea that there even is a strict dichotomy between "synchronous" and "asynchronous" communication systems. If anything, you can always do what's usually described as async on a synchronous platform but you can't really do the opposite, so they're a superset/subset pair to me.
I don't care if the maintainer takes 2 days to get back to me on discord but at least if they do I get a notification and I don't have to keep hopping on a damn forum every day to check if they have or not.
If you're putting PII on a random forum, that's your problem, respectfully. I have a specific email account for "random forums" and don't put real info in my account.
I disagree that random forums are spam-fests. That is purely a matter of moderation and user activity. Overclock.net and bronco6g.com are two (non-reddit) forums I can think of that I've been to recently, and neither have a large amount of spam posts.
You can set up email notifications to thread replies in most forum software, so you don't have to actively check if you don't want to.
Finally, I reject the notion that you can effectively search through years and years of discord or slack chat for topics related to your question. The nature of creating a thread differentiates itself from a "random" post. Perhaps if Discord/Slack's UI prompted a person to label a post "conversation starter" or "thread starter" then it would be better organized.
Cool as a cucumber that has been cut off from every single account they have the moment somebody at Google (or an algorithm) doesn't like you. Good luck!
if OAuth had really succeeded at its goals and really federated authentication I'd be more interested in it, but no I'm not really comfy attaching my google account to random shitty things either because then we get into real name disclosure and such.
There's effectively only a few SSO providers that are viable to use on most of the internet (google, github, microsoft mostly) and they're all attached to more personal information than the forums were to begin with.
I do really wish federated identity had gotten off the ground the way it was promised though. That would be a better world.
never understand the purpose of that kind of question. What do you do when the forum owner closes your account? Complain or go somewhere else, as long as there's an account someone can close it by definition.
Chance that your Google account outlives everything else is if anything, pretty high.
The difference is that if Google blocks your account you might lose access to a hundred sites where you were using it for login. If a forum owner blocks your account you only use that one account.
I've never used "sign in with Google" for anything.
What PII are you putting on a forum? All I can think of is email and password. Your password should be unique to the forum, and I would hardly say that an email address is PII. If you're super worried about email, just use an alias.
Yes and no; info@example.com used at one site is not going to personally identify you, but most personal and work email addresses are some variant of name or initials. Unless you expect the forum owners to individually mark each member's email address as personally identifiable or not, they ought to treat them as if they were all PII because most of them will be.
(the upshot of your suggestion that your email address sometimes doesn't identify you and so isn't PII would be what, forum owners can leak your email address tied to your forum posts so long as they don't know whose address it is? That doesn't sound particularly desirable.)
Since several people asked, yes, email addresses are PII and may or may not be sensitive.
And yes, my response to the number of forum breaches I've seen has indeed been to stop putting information on them -- that's exactly what I said. I stopped using them.
> I basically refuse to create accounts on random forums anymore. They've been the source of the vast majority of breached PIID for me over the course of my internet life
Why were you putting PIID on web forums? Why weren't you using a unique password?
> I don't have to keep hopping on a damn forum every day to check if they have or not.
Discord is a nightmare. Someone mentions you in a busy channel, 6 hours ago? Try to find it. Go on. I'll wait. Discord has no "skip to where I was mentioned" feature.
You're forced to use a (visible to everyone) unique identifier across every discord server, ripe for doxxing or stalking people. Targeting someone's account is attractive because their single login gets you into every server they're part of.
Their implementation of threading sucks. They rolled it out with little warning to server mods/admins and it caught nearly everyone off guard, with users going hog wild creating threads because it was a way to get something like "joesuckscocks" into the channel list. The icing on the cake was that threads created before the ACLs were rolled out couldn't be removed by server admins and mods, so they had to go around begging users to delete them.
Every server I belong to, I've had to spend a minute or two making sure I disable all the by-default-on notifications because people abuse the shit out of @everyone, @here, etc; some server admins even abuse roles to push a notification to everyone (ie, they'll create a role everyone is added to, and then spam it with mentions.)
Discord has done little to address problems like server raids and trolls targeting LGBTQ/PoC groups, 'rivals' to their favorite streamers, you name it. They've shrugged and said "we don't have the staff to do it", yet they have estimated profits around $130M/year. As a result people have had to add all sorts of bots to deal with the problem, and nobody has any idea what all these bots are doing with all the chat logs people share.
There's so much fragmentation, too. I play a not-very-popular tactical shooter game and the number of servers I've been added to and have to keep track of is crazy because everyone creates their own server.
Oh, and last but not least: tencent has a significant investment in them.
Edit: since I am on dang's naughty list and only allowed to comment five times per day despite having over 500 karma in a month or so, I have to respond via edit: Discord on desktop does not allow for any way to navigate to where you were mentioned in a channel. I've also found the "scroll me back to what I last read" function works poorly or not at all.
> Go on. I'll wait. Discord has no "skip to where I was mentioned" feature.
You’ll have to excuse the HN pendantics, but it does. In iOS app, for example, open the left draw and there’s a navigation tab on the bottom. There’s a mentions tab that will show you a list of mentions (that is replies and pings) and tapping on one takes you to that message.
- The software is usually poorly written - even the big guns. I helped maintain a vbulletin forum for years and oh my god is that codebase a disaster. It also for the longest time, if not still, stored passwords in plaintext in the database.
- The people who want to have the forum rarely have the tech skills to keep up to date on security issues, let alone keep the software up to date.
- There are 'forum as a service' sites but they inevitably become essentially ad spam platforms that are intolerable to use.
So you can do this, and I might even benefit from it showing up in google searches, but I'd actually still be way more likely to use discord if I have a question.
Also, I reject the idea that there even is a strict dichotomy between "synchronous" and "asynchronous" communication systems. If anything, you can always do what's usually described as async on a synchronous platform but you can't really do the opposite, so they're a superset/subset pair to me.
I don't care if the maintainer takes 2 days to get back to me on discord but at least if they do I get a notification and I don't have to keep hopping on a damn forum every day to check if they have or not.