top | item 32939803

(no title)

fps | 3 years ago

Discord monitors all running processes on a user's machine so it can tag users with a "now playing ..." status text. The content of chats/private messages is also accessible to them. Their ToS allows them to sell/share this data.

discuss

vel0city|3 years ago

> The content of chats/private messages is also accessible to them.

Not only that, the attachments on private messages are publicly visible.

Send an attachment in a private chat. Grab the link. Open it in a browser unaffiliated with your Discord login. wget it on a VM a thousand miles away. Its now publicly hosted.

judge2020|3 years ago

Attachment links include the server ID but not the channel ID, so it's not like you can enumerate for files in a server by obtaining the server and channel IDs.

Each attachment's ID is in a snowflake[0], so the urls are

cdn.discordapp.com/attachments/:SERVER_ID/:ATTACHMENT_ID/:filename.png

0: https://discord.com/developers/docs/resources/channel#attach...

unknown|3 years ago

[deleted]