All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Discord Privacy Bug: How OpenGraph Image Proxy Reveals Message Read Information

By

pauxel

1mo ago· 6 min readenInsight
Bagel score 75 of 100
75/100
Toasty
Bagelometer

A bagel you'd recommend to a friend without hedging.

Score75TypeanalysisSentimentnegative

Summary

The article reveals a privacy bug in Discord's platform where read receipts can be inferred despite Discord's deliberate design choice to not include them. The bug occurs in Discord's OpenGraph image proxy system - when a user views a message containing a link, Discord fetches the OG image through its proxy server, and this proxy request reveals not only when the message was viewed, but also how frequently and for how long. This creates a privacy vulnerability that contradicts Discord's stated privacy principles of not tracking message reads.

Key quotes

· 4 pulled
Discord deliberately does not have read receipts. It's one of the platform's unwritten privacy promises.
When you paste a URL into a message, the backend fetches the page, parses the OpenGraph meta tags, and shows a preview embed with whatever og:image the page declared.
The image itself never loads from the original server in a user's client. Discord proxies it through images-ext-1.di
A bug in the OG image proxy reveals not only when a message was viewed, but also how often and for how long.
Snippet from the RSS feed
Discord does not have read receipts by design. However, a bug in the OG image proxy reveals not only when a message was viewed, but also how often and for how long.

You might also wanna read

ZenX Browser Extension Filters Out Toxic and Political Content on Twitter/X

ZenX is a browser extension that automatically collapses toxic, political, and controversial tweets on Twitter/X, allowing users to focus on

Product Hunt·1mo ago

Granola AI Note-Taking App Has Default Privacy Issues: Notes Viewable by Anyone with Link

The article reveals that Granola, an AI-powered note-taking app, has concerning default privacy settings. Despite claiming notes are 'privat

The Verge·1mo ago

BrutalVerdict: Local Browser-Based Chat Analytics for WhatsApp and Instagram

BrutalVerdict is a privacy-focused chat analytics tool that analyzes WhatsApp or Instagram chat exports locally in the browser. It provides

Product Hunt·2mo ago

TikTok declines to implement end-to-end encryption for direct messages, citing user safety concerns

TikTok has decided against implementing end-to-end encryption (E2EE) for direct messages, arguing that the privacy feature would make users

bbc.com·2mo ago

Discord Partners with Peter Thiel-Backed Persona for UK Age Verification Experiment

Discord has confirmed it's working with Persona, an identity detection firm backed by Peter Thiel, as part of a global age verification syst

rockpapershotgun.com·3mo ago

Discord's Age Verification Rollout Has Ties to Peter Thiel's Founders Fund, Raising Privacy Concerns

Discord is implementing global age verification requirements starting in March, requiring users to scan faces or government IDs to access ce

pcgamer.com·3mo ago