OSL Privacy

Threat model

What OSL defends against, and what it doesn't.

What OSL defends against #

OSL protects the content of your messages against the following adversaries:

  • Discord itself reading your messages. Discord receives ciphertext only.
  • Discord employees with database access. Same as above.
  • Attackers who breach Discord's infrastructure. Same as above.
  • Network eavesdroppers — your ISP, public-wifi snoopers, governments tapping the wire. They see only TLS-encrypted Discord traffic carrying ciphertext.
  • Anyone with subpoena access to Discord's data. Discord can hand over what they have. What they have is ciphertext.

What OSL does NOT defend against #

OSL is not a complete privacy solution. It does not protect against:

  • Metadata. Discord can see who you're talking to, when, message frequency, message sizes, and channel membership. OSL hides the contents of conversations, not their existence.
  • A compromised computer. If malware, a keylogger, or a screen-recorder is running on your device, OSL can't help. Encryption only protects data in transit and at rest — it can't protect data while you're reading or typing it.
  • The other side leaking. The person you're talking to can screenshot, copy-paste, or otherwise share your messages. Encryption defends against third parties, not against your recipient.
  • Voice and video calls. Not encrypted by OSL. Discord's normal infrastructure handles those.
  • Server moderation. If a server admin sees a problem (because they're in the conversation, because someone reports it, or because they have OSL installed and you whitelisted them), they can act on it.

Specific concerns #

Can Discord ban me for using OSL?

Possibly. Discord's terms of service prohibit client modifications. We're not aware of bans specifically related to OSL but use it at your own risk. If you have a Discord account you can't afford to lose, weigh the risk.

Can the government compel Discord to read my messages?

Discord can be compelled to hand over what they have. For OSL-encrypted messages, what Discord has is ciphertext — random bytes. Decrypting requires your keys, which Discord doesn't have.

Can the government compel ME to hand over my password?

Depending on jurisdiction, possibly. Some legal systems can compel you to disclose passwords; others can't (or it's unsettled law). OSL doesn't protect against legal coercion or physical compulsion. If you're in a high-risk situation, consult a lawyer and consider whether OSL alone is enough.

Is OSL right for you? #

OSL is appropriate for:

  • Casual privacy. You don't want Discord, your employer, or your ISP reading your group chats.
  • Communities discussing sensitive topics (health, identity, politics, finances) without changing platforms.
  • Anyone who wants end-to-end encryption added to conversations they're already having.

OSL is not appropriate for:

  • Activists, journalists, or dissidents in hostile environments. The metadata Discord sees is enough to map your network. Use Signal or Session instead — they're designed for that threat model.
  • Crime. Don't.