This article details what data Discord collects from a regular browser. For the purposes of testing, a browser with cache disabled has been used.
To begin, almost every request sent to discord through the app contained this in the header (in base64):
{
"os": "Linux",
"browser": "Firefox",
"device": "",
"system_locale": "en-US",
"browser_user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0",
"browser_version": "88.0",
"os_version": "",
"referrer": "",
"referring_domain": "",
"referrer_current": "",
"referring_domain_current": "",
"release_channel": "stable",
"client_build_number": 84632,
"client_event_source": null
}If I were to use the desktop app, I’m sure more fields would be filled (such as “device”).
These can be used to accurately and easily identify the software one uses to access Discord. If you are trying to protect your privacy, this is certainly not optimal.
Let’s be introduced to https://discord.com/api/v9/science.
By clicking on the link, you will be greeted by a rather boring
Content type error. However, this is a rather interesting
API endpoint, as information is sent to it for almost every
interaction with Discord’s UI. Sent a message? metadata. Clicked
someone’s profile? metadata. Clicking a server, then checking a specific
channel? More metadata!
The article, “How
long Discord keeps your information,” says, “We keep some data for
the life of your Discord account. This includes information about how
you use Discord, which helps us understand how users interact with our
services, what features or products users may want, or how to improve
our services. This also includes information like your username, email,
and phone number.”
The “information about how you use Discord” is very likely the UI
interaction data that’s sent for every action done in the app.
So much interaction data is collected that Discord could “replay” your time on Discord from your client’s point-of-view. Somewhat interesting to think about.
Further Reading