Star Get Early Access

Static vs Discord: A Privacy Comparison

By Static Team 14 min read
privacy

Imagine you send a message in a Discord server: “Hey, is anyone free Saturday for the raid?”

Here is everyone who can read that message:

  • Discord’s servers (stored in plaintext)
  • Discord’s Trust and Safety team
  • Discord’s AI training pipeline (per their 2024 privacy policy update)
  • Any law enforcement agency with a valid subpoena
  • Any attacker who breaches Discord’s infrastructure
  • Any “trusted partner” under Discord’s data-sharing agreements

Now imagine you send the same message in Static.

Here is everyone who can read it:

  • The members of the channel you sent it to

That is the difference. Everything else in this post is explaining why.

We are going to walk through eight categories of privacy, comparing exactly what Discord does versus what Static does, with citations. This is not an attack ad. It is a factual comparison, presented so you can make an informed decision about where to host your community.

1. Message Encryption

Discord

Discord uses TLS (transport-layer encryption) between your device and their servers. This protects messages from being intercepted in transit by third parties. However, messages arrive at Discord’s servers in plaintext and are stored in plaintext. Discord can read, process, index, and analyze every message sent on the platform.

Discord’s privacy policy (updated January 2024) explicitly states that message content may be used to “improve our services,” which includes training machine learning models. Discord has stated that “we may use your data to improve Discord, including by training models.”

In practice, this means every message you send on Discord is available to Discord employees with appropriate access, to automated systems processing content for Trust and Safety, to AI training pipelines, and to any entity that gains access to Discord’s databases through legal or illegal means.

Static

Every channel in Static is an MLS group (RFC 9420, the IETF Messaging Layer Security standard). Messages are encrypted on the sender’s device using the group’s current encryption key and can only be decrypted by devices that are members of that MLS group.

The supernode that relays messages between members handles only ciphertext. It cannot decrypt messages. This is not a policy decision --- it is a mathematical impossibility. The supernode does not possess the decryption keys.

Our privacy audit (Test 1: “Supernode Cannot Read Messages”) verified this by sending 10 MLS-encrypted messages through a supernode and confirming that the relay payloads contained zero plaintext fragments. All relayed payloads are padded to fixed bucket sizes, adding an additional layer of protection.

Why It Matters

The difference between transport encryption and end-to-end encryption is the difference between trusting the road and trusting the destination. TLS ensures nobody can intercept your letter in the mail. E2EE ensures that even the post office cannot open it.

If Discord is ever breached, every message ever sent is exposed. If a Static supernode is breached, the attacker gets a hard drive full of ciphertext that is computationally infeasible to decrypt.

2. Identity Requirements

Discord

Discord requires an email address to create an account. Phone number verification is required for servers that enable it (which Discord increasingly encourages). As of March 2026, Discord is rolling out mandatory age verification that requires either a government-issued photo ID or a real-time facial scan for access to age-restricted servers.

Discord stores all of this identity information and associates it permanently with your account. Even if you delete your account, Discord retains certain data for legal and safety purposes. Your Discord identity is a rich profile: email, phone number, IP addresses, device fingerprints, payment information (if you have Nitro), and potentially your face or government ID.

Static

Static requires nothing. When you first launch the app, a cryptographic keypair is generated locally on your device. That is your identity. There is no email, no phone number, no name, no ID, no face.

You can optionally set a display name and avatar. These are stored locally and shared with your community through the encrypted channel. They are not stored on any central server.

Our privacy audit (Test 3: “Ephemeral IDs”) verified that each session generates a fresh Ed25519 keypair, and that 10 consecutive sessions produced 10 unique, unlinkable NodeIds.

Why It Matters

Identity requirements create a permanent link between your online activity and your real-world identity. This link can be exploited by attackers (phishing, doxxing), by governments (surveillance, persecution of dissidents), by corporations (profiling, targeted advertising), and by Discord itself (data monetization).

When no identity is required, no identity can be leaked.

3. Data Collection and Storage

Discord

Discord’s privacy policy enumerates the data they collect. The list is extensive:

  • Account information: email, phone number, date of birth, username
  • Content you create: messages, images, videos, audio, files
  • Communication metadata: who you talk to, when, how often, in which servers
  • Device information: OS, browser, device type, device identifiers
  • Connection information: IP addresses, approximate location
  • Activity data: servers joined, channels visited, features used, time spent
  • Payment information: billing address, payment method (for Nitro subscribers)
  • Voice data: Discord processes voice for features like noise suppression
  • Biometric data: facial geometry or government ID (age verification, March 2026)

Discord retains this data for as long as you have an account, and certain categories for an unspecified period after account deletion. They share data with “service providers, law enforcement, and other third parties” as described in their privacy policy.

Static

Static’s supernode stores the following about connected users:

  • A connection ID (a sequential integer, reset when the supernode restarts)
  • A list of channels the connection is subscribed to
  • An authentication flag (boolean)

That is the complete list. Our privacy audit (Test 7: “Session Table Has No Persistent Identity”) verified this by compile-time inspection of the Session struct, confirming it contains exactly three fields: connection_id, channels, and authenticated. No public key. No MLS credential. No IP address. No device fingerprint.

When a user disconnects, the session is removed entirely. The audit confirmed that get_session() returns None after disconnection --- zero state, no trace.

Message content is stored only on the devices of channel members, encrypted in a local SQLCipher database. The supernode archives encrypted ciphertext for message history (scrollback), but it cannot decrypt this archive.

Why It Matters

You cannot leak data you do not collect. You cannot be compelled to hand over data you do not possess. You cannot monetize data you never had. Static’s minimal data architecture is not a feature --- it is a structural guarantee that the privacy violations endemic to platforms like Discord are not possible.

4. Metadata Protection

Discord

Discord has complete visibility into communication metadata. They know exactly who sends messages to whom, in which servers and channels, at what times, how frequently, and from which devices and IP addresses. This metadata is arguably more revealing than message content. Metadata analysis can determine social networks, daily routines, sleep schedules, relationships, interests, political affiliations, and physical locations.

Discord’s servers process all of this metadata in real time for message routing, and retain it for analytics, safety, and legal compliance.

Static

Static implements multiple layers of metadata protection:

Ephemeral session identities. Each time you connect, your device generates a fresh Ed25519 keypair. The supernode has no way to correlate today’s session with yesterday’s. There is no persistent identity at the network layer.

Relay routing. By default, Static routes all connections through Iroh relay servers (relay_only = true). The supernode sees the relay’s IP address, not your real IP address. Our audit (Test 2) confirmed that EndpointConfig defaults to relay_only = true with production relay mode, and that clear_ip_transports() removes all direct IP paths.

Batch shuffling. The supernode does not relay messages immediately. It buffers messages and releases them in shuffled batches. Our audit (Test 5) confirmed that 60 buffered messages were shuffled such that 59 of 60 messages (98.3%) changed position, with multiple trials producing different random orderings. This prevents an observer from correlating sender timing with receiver timing.

The supernode can still observe which channels have activity and approximate message frequency. This is an acknowledged trade-off --- the supernode needs to know where to route messages. But it cannot determine who is sending, it cannot link sessions across time, and it cannot correlate senders with specific messages within a batch window.

Why It Matters

Former NSA director Michael Hayden famously said, “We kill people based on metadata.” Even without message content, metadata reveals patterns of life. Static does not eliminate all metadata --- that would require impractical overhead for a real-time communication system --- but it minimizes metadata to the operational minimum and protects what remains with ephemeral identities, relay routing, and batch shuffling.

5. Wire Traffic Analysis Protection

Discord

Discord makes no effort to protect against wire traffic analysis. Messages are variable-length, transmitted immediately upon sending, and use standard TLS framing that reveals payload sizes. A passive observer on your network (your ISP, your employer’s IT department, a government surveillance system, or anyone on the same Wi-Fi network) can determine:

  • That you are using Discord (via SNI in TLS handshake and DNS queries)
  • When you send and receive messages (timing analysis)
  • The approximate size of each message (length analysis)
  • Your activity patterns over time (frequency analysis)
  • Whether you are in a voice call (traffic pattern analysis)

Static

Static implements a comprehensive traffic analysis resistance system. All messages are padded to one of four fixed bucket sizes: 256, 1024, 4,096, or 16,384 bytes. The padding uses a wire format that XOR-masks the length header with random bytes:

[mask: 4 random bytes][masked_length: u32 LE XOR mask][payload][random_padding]

Cover traffic fills gaps between real messages with dummy frames that are structurally identical to real messages on the wire. The supernode silently discards cover frames without relaying them.

The result is measurable. We tested our wire traffic against standard statistical randomness tests:

  • Shannon entropy: 7.999996 bits per byte (theoretical maximum: 8.0)
  • Chi-squared statistic: 283.45 (critical threshold at p=0.01: 310.457 --- our traffic is more uniform than the threshold for random data)
  • Autocorrelation: 0.001612 (threshold: 0.02 --- no detectable patterns between bytes)
  • Cross-type indistinguishability: 0.000953 (threshold: 0.002 --- cover traffic and real messages are statistically identical)
  • Urandom baseline comparison: 0.000162 (threshold: 0.005 --- our traffic is indistinguishable from /dev/urandom output)

For a full explanation of the mathematics, read The Math Behind Your Privacy.

Why It Matters

Encryption hides what you say. Traffic analysis resistance hides that you are saying anything at all. In environments where the mere act of using an encrypted communication tool is suspicious (authoritarian regimes, corporate espionage scenarios, domestic abuse situations), traffic analysis resistance is the difference between safety and discovery.

6. Voice and Video

Discord

Discord’s voice and video calls use encryption in transit (DTLS-SRTP), but Discord’s servers terminate the encryption and re-encrypt for each participant. This means Discord’s servers process unencrypted audio and video frames. Discord uses this access for noise suppression (Krisp integration), automatic gain control, and content moderation.

Discord’s voice servers can record, analyze, and store voice data. Whether they currently do so for all calls is not publicly documented, but the architecture permits it.

Static

Static’s voice and video integration (in development) uses LiveKit as the SFU (Selective Forwarding Unit) with end-to-end encryption using insertable streams. Encryption keys are derived from MLS group secrets, meaning only channel members can decrypt audio and video frames.

The LiveKit SFU forwards encrypted frames without being able to decrypt them, similar to how the supernode relays encrypted messages. Key rotation happens automatically as the MLS group state changes (members joining or leaving), with a target rotation gap of less than 500 milliseconds.

Why It Matters

Voice calls often contain the most sensitive content --- private conversations, business discussions, emotional disclosures. A system where the infrastructure operator can listen to voice calls is a system where voice calls are not private, regardless of what the privacy policy promises.

7. Open Source and Auditability

Discord

Discord is proprietary software. The client application, the server infrastructure, and the internal data processing systems are all closed source. Users cannot verify:

  • What data the client collects and transmits
  • How messages are processed on Discord’s servers
  • Whether encryption is implemented correctly
  • What happens to data after it reaches Discord’s infrastructure
  • Whether backdoors or surveillance capabilities exist

You must trust Discord’s statements about their practices. You cannot verify them.

Static

Static is fully open source under the AGPL-3.0 license. Every component is published and auditable:

  • static-core: Core Rust library exposing the CoreApi
  • static-net: Iroh networking with privacy primitives (padding, cover traffic, relay routing)
  • static-mls: OpenMLS abstraction layer
  • static-store: SQLCipher encrypted local storage
  • static-supernode: The relay server binary
  • app/: The Flutter client (Android, iOS, Windows, macOS, Linux)

The privacy audit tests are also published. You can run cargo test and verify every privacy claim yourself. The 7-test privacy audit and 5-test stress test are automated and produce machine-readable results.

Why It Matters

Trust in software comes from two sources: reputation and verification. Reputation can be manufactured, manipulated, or invalidated by a single data breach. Verification is permanent. If Static’s encryption has a flaw, any security researcher in the world can find it. If Discord’s encryption has a flaw, you will find out when it is exploited.

The AGPL-3.0 license additionally ensures that anyone who modifies and deploys Static must publish their modifications. This prevents the creation of surveillance forks --- if someone runs a modified Static supernode, they must make their changes available.

8. Hosting and Control

Discord

Discord is a centralized platform operated by Discord Inc. All servers, channels, and messages exist on Discord’s infrastructure. Discord has complete control over:

  • Whether your server continues to exist (they can shut it down)
  • Whether your account continues to exist (they can ban you)
  • What content is allowed (they enforce their Terms of Service)
  • How your data is used (as described in their privacy policy, which they can update unilaterally)

Community operators (“server owners”) have moderation tools within their server, but these tools exist at Discord’s discretion. Discord’s Trust and Safety team has override authority over all servers.

Static

In Static, communities are hosted on supernodes --- either self-hosted by the community operator or hosted by Static as a managed service. A self-hosted supernode is a single binary you run on your own hardware (or a VPS, or a Raspberry Pi). Hosted supernodes start at $5/month for communities that don’t want to manage infrastructure.

Either way, the community operator has full control:

  • You own your community. Nobody can shut it down without shutting down the hardware it runs on.
  • You set your rules. There is no Terms of Service imposed from above.
  • You control your data. Encrypted message archives live on your storage.
  • You can migrate. Move your supernode to different hardware at any time.
  • You can switch. Move from hosted to self-hosted (or vice versa) whenever you want.

The privacy guarantees are identical whether you self-host or use a hosted supernode. The supernode only handles encrypted blobs it cannot read. We do not charge for privacy features --- E2EE, padding, cover traffic, and ephemeral identities are free at every tier. You pay for the convenience of managed hosting, not for encryption.

Static provides the software. Community operators provide the rules. We have no ability to read your messages, because the supernode does not possess the decryption keys --- regardless of who operates it.

Why It Matters

Centralized control creates a single point of failure for communities. Discord has banned entire servers with thousands of members based on automated detection or manual review of reported content. Whether you agree with specific decisions or not, the structural problem remains: a single corporation holds an off switch for every community on the platform.

Decentralized hosting eliminates this structural risk. No entity --- not Static, not a government, not a corporation --- can unilaterally shut down a community hosted on its own infrastructure.

Summary

CategoryDiscordStatic
Message EncryptionTransport only (TLS). Discord reads all messages.End-to-end (MLS RFC 9420). Nobody but members can read messages.
Identity RequiredEmail, phone, facial scan / gov ID (March 2026)Nothing. Local keypair only.
Data CollectedMessages, metadata, device info, IP, location, payment, biometricsConnection ID, channel list, auth flag. That is all.
Metadata ProtectionNone. Full visibility into who, when, where, how often.Ephemeral IDs, relay routing, batch shuffling.
Wire Traffic AnalysisNo protection. Sizes, timing, patterns visible.Padded + masked. Shannon entropy 7.999996/8.0. Indistinguishable from random.
Voice/VideoServer-terminated encryption. Servers can access audio/video.E2EE via LiveKit with MLS-derived keys. SFU forwards encrypted frames only.
Open SourceProprietary. Unverifiable.AGPL-3.0. Every line published and auditable.
HostingCentralized. Discord controls the off switch.Self-hosted (free) or hosted ($5/mo+). Community operators own their community.

The choice is straightforward. If you are comfortable with a corporation reading your messages, requiring your face, and holding an off switch for your community, Discord works.

If you are not, there is now an alternative.

For the story of why we built Static, read Why We Built Static. For the technical deep dive on our wire traffic analysis, read The Math Behind Your Privacy.