www.welivesecurity.com
Open in
urlscan Pro
2a02:26f0:6c00::210:ba10
Public Scan
URL:
https://www.welivesecurity.com/2023/05/03/using-discord-privacy-security-risks/
Submission: On May 03 via api from TR — Scanned from DE
Submission: On May 03 via api from TR — Scanned from DE
Form analysis 5 forms found in the DOM
GET https://www.welivesecurity.com/
<form action="https://www.welivesecurity.com/" class="basic-searchform imc dark col-md-12 col-sm-10 col-xs-12" method="get" role="search">
<div class="search-input clearfix">
<input type="text" name="s" value="" placeholder="Search..." class="imc">
<button class="imc">
<span class="icomoon icon-icon_search imc"></span>
</button>
</div>
</form>GET https://www.welivesecurity.com/
<form action="https://www.welivesecurity.com/" class="basic-searchform imc dark col-md-12 col-sm-10 col-xs-12" method="get" role="search">
<div class="search-input clearfix">
<input type="text" name="s" value="" placeholder="Search..." class="imc">
<button class="imc">
<span class="icomoon icon-icon_search imc"></span>
</button>
</div>
</form>GET https://www.welivesecurity.com/
<form action="https://www.welivesecurity.com/" class="basic-searchform imc col-md-12 col-sm-10 col-xs-12" method="get" role="search">
<div class="search-input clearfix">
<input type="text" name="s" value="" placeholder="Search..." class="imc">
<button class="imc">
<span class="icomoon icon-icon_search imc"></span>
</button>
</div>
</form>POST https://enjoy.eset.com/pub/rf
<form action="https://enjoy.eset.com/pub/rf" class="basic-searchform col-md-12 col-sm-12 col-xs-12 no-padding newsletter" method="post" role="search">
<div class="search-input clearfix">
<input type="text" name="EMAIL_ADDRESS_" value="" placeholder="Email...">
<input type="hidden" name="TOPIC" value="We Live Security Ukraine Newsletter">
<input type="hidden" name="_ri_" value="X0Gzc2X%3DAQpglLjHJlTQGgXv4jDGEK4KW2uhw0qgUzfwuivmOJOPCgzgo9vsI3VwjpnpgHlpgneHmgJoXX0Gzc2X%3DAQpglLjHJlTQGzbD6yU2pAgzaJM16bkTA7tOwuivmOJOPCgzgo9vsI3">
<input type="hidden" name="_ei_" value="Ep2VKa8UKNIAPP_2GAEW0bY">
<input type="hidden" name="_di_" value="m0a5n0j02duo9clmm4btuu5av8rdtvqfqd03v1hallrvcob47ad0">
<input type="hidden" name="EMAIL_PERMISSION_STATUS_" value="O">
<input type="hidden" name="CONTACT_SOURCE_MOST_RECENT" value="WLS_Subscribe_Form">
<button class="button-flag"> Submit </button>
</div>
</form>POST https://enjoy.eset.com/pub/rf
<form action="https://enjoy.eset.com/pub/rf" class="basic-searchform col-md-12 col-sm-12 col-xs-12 no-padding newsletter" method="post" role="search">
<div class="search-input clearfix">
<input type="text" name="EMAIL_ADDRESS_" value="" placeholder="Email...">
<input type="hidden" name="NEWSLETTER" value="We Live Security">
<input type="hidden" name="_ri_" value="X0Gzc2X%3DAQpglLjHJlTQGgXv4jDGEK4KW2uhw0qgUzfwuivmOJOPCgzgo9vsI3VwjpnpgHlpgneHmgJoXX0Gzc2X%3DAQpglLjHJlTQGzbD6yU2pAgzaJM16bkTA7tOwuivmOJOPCgzgo9vsI3">
<input type="hidden" name="_ei_" value="Ep2VKa8UKNIAPP_2GAEW0bY">
<input type="hidden" name="_di_" value="m0a5n0j02duo9clmm4btuu5av8rdtvqfqd03v1hallrvcob47ad0">
<input type="hidden" name="EMAIL_PERMISSION_STATUS_" value="O">
<input type="hidden" name="CONTACT_SOURCE_MOST_RECENT" value="WLS_Subscribe_Form">
<button class=""> Submit </button>
</div>
</form>Text Content
In English * Em Português * En français * En Español * In Deutsch Menu toggle menu * All Posts * Ukraine Crisis – Digital Security Resource Center * We Live Progress * Research * How To * Videos * White Papers * Threat Reports * Resources * Our Experts * Em Português * En français * En Español * In Deutsch Award-winning news, views, and insight from the ESET security community USING DISCORD? DON’T PLAY DOWN ITS PRIVACY AND SECURITY RISKS It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut Márk Szabó 3 May 2023 - 11:30AM Share It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut There are several tools or software applications that enable us to stay connected with our fellow teammates even during gameplay, with the best of them having a low impact on our network connection while allowing important elements like tap-to-talk or messaging capabilities. Discord is one of the online services that combine a traditional online forum (remember those?) with voice chat and social media-like resources, so even after a heated gaming session, you can stay in contact with the same people. The difference is that Discord has a server-based core, where you can connect or join servers established for specific topics, rather than having a focus strictly on gaming or movies. This way a person can cover most of their interests and interact with hundreds of people daily. However, since Discord is also a bit more immediate and interactive than your regular forum or chat service, it comes with its own issues, and scamming is one of them. Since this week is Privacy Awareness Week, we’ll look at what you should know about Discord and how you or your children can steer clear of threats lurking on the platform. IMAGINE A PLACE…WHERE YOUR PRIVACY IS AT RISK Perhaps the most immediate thought that comes to mind when thinking of free instant messaging combined with forums is the aspect of privacy, and the way your data can be used for the company’s purposes. After all, when it comes to free services, you are the product, since you provide data that can be sold to marketers. We have gotten used to all the tracking that happens to us daily, as your email service might use data within your messages to create personalized ads, or your phone can track your app interaction to do the same. Privacy concerns have become increasingly relevant today, and in a survey conducted in the US in 2019, 79% of the respondents were concerned over the use of their data, with 81% feeling they lack control over their data. RELATED READING: Hybrid play: Leveling the playing field in online video gaming and beyond Since Discord is a free service, you might ask how it finances its operations. Servers are not cheap and the company staff does not work for free, and while their Nitro subscription might account for some revenue, there is still a question of how the data on Discord’s servers is being handled. All your messages are passing their servers, unless you use Discord through a web browser, which can partially block some trackers. Discord’s Privacy & Safety Policy states that you can agree with the use of your collected data but not whether it’s being collected. And therein lies the problem, as Discord collects your data in case you would allow its usage in the future. However, since the data is already in their hands, how can you be sure they are not using it? What’s more, what if a data breach happens? Discord conversations include a lot of useful info about you, so that is another thing to consider. BE CAREFUL WHAT YOU SAY OR SEND, OR HOW PEOPLE GET DOXED Doxing is not a new term; it means that a certain person might unwittingly send or reveal some information about themselves that can give away their location, looks, address, or any other sort of personally identifiable information (PII) to an unintended audience, or get exposed because of that information by someone else. This sort of connects to the privacy aspect, as in a way, through server-side discussions, you slowly reveal more and more about your interests as you get to know the other users. And on public servers this can be dangerous, since they can host malicious lurkers (a user of an internet message board or chat room who does not participate), who could sometimes easily track you. A user of a server they frequent often can dox themselves by revealing their desktop on a gaming stream or by having a file with their name or picture on it. Likewise, when a user regularly posts pictures of their route to and from work, they could theoretically enable a stalker to locate them during specific times of day. Some users might find face reveals interesting, but uploading pictures of yourself to a public server could mean that a malicious actor might access and use your face image for nefarious purposes, like phishing, or in worst cases even blackmail, depending on the content of the picture. Moreover, a profile picture inexplicably links you to your anonymous account name, and it might not take long for someone to find you online just by using your picture and combing through some of your messages. SMOOTH CRIMINAL(S) Honestly, online gaming, or online communities in general, have never been 100% safe. Apart from data privacy concerns, there is also the shadow of cyberbullying, exemplified by all of the news reports on kids being bullied by their peers online on social media. And again, Discord kind of fits into that box. If a bully knows someone’s username on Discord, for example, they can make their life miserable on the servers they visit or harass them via direct message. However, bullying is only one aspect. Just to recall a previous point, Discord can be frequented by malicious actors who, just like bullies, can coerce you into doing something, either through blackmail (using your picture, location, personal data) or by phishing, taking on the appearance of a Discord admin or a user whom they know you frequently message with. RELATED READING: Hidden in plain sight: How the dark web is spilling onto social media Add to this the fact that Discord allows file sharing, meaning that anyone can easily share a picture, video, link, or anything of that caliber on a server or through a private message. This makes it easy for someone to share an IP Grabber, which can be used to track users’ IP addresses for a variety of reasons, such as targeted advertising or identifying the location of a user. A malicious actor can, in some cases, also crash a whole router for a period of time. The worst-case scenario is that they send data packets to one’s router and if said router lets them through, they could see all devices connected to its Wi-Fi and even install spyware onto them. All in all, from a cybersecurity perspective, Discord shares many vulnerabilities with email services or social media, with a focus on user (human) error to compromise one’s devices. And even though Discord’s terms of service specify that users below the age of 13 are not allowed to use it, they often do, due to the gaming nature of the service and how it attracts younger crowds in general. IMPROVISE, ADAPT, OVERCOME Firstly, the best advice that anyone could get when it comes to Discord is to alter their online behavior. Consider changing how many data points you share about yourself. Do not share your location, hometown, workplace, or travel-related information, as that can be used to track you. Secondly, consider a more anonymous approach. Do not use your actual face as a profile picture, do not link Discord to other services (like music streaming) established under your own name, and above all, try not to have your actual given name as your username. Lastly, for a piece of more technical advice, do not click on any suspicious links or files. In addition, use robust security software like ESET Smart Security Premium or ESET Mobile Security to erect a strong firewall against internet-borne threats. With all of this in mind, Discord is still a very useful tool for connecting with like-minded people and communities. Don’t let bad apples like cybercriminals or malicious users sow the seeds of discord, but be ready to harvest the fruits of interesting conversations with your security in mind. Márk Szabó 3 May 2023 - 11:30AM SIGN UP TO RECEIVE AN EMAIL UPDATE WHENEVER A NEW ARTICLE IS PUBLISHED IN OUR UKRAINE CRISIS – DIGITAL SECURITY RESOURCE CENTER Submit NEWSLETTER Submit SIMILAR ARTICLES Social Media CLEANING UP YOUR SOCIAL MEDIA AND PASSWORDS: WHAT TO TRASH AND WHAT TO TREASURE Social Media STAYING SAFE ON ONLYFANS: THE NAKED TRUTH Social Media WHAT TIKTOK KNOWS ABOUT YOU – AND WHAT YOU SHOULD KNOW ABOUT TIKTOK Social Media TWITTER ENDS FREE SMS 2FA: HERE’S HOW YOU CAN PROTECT YOUR ACCOUNT NOW DISCUSSION * Home * About Us * Contact Us * Sitemap * Our Experts * ESET * Research * How To * Categories * RSS Configurator Privacy policy Legal information Manage cookies Copyright © ESET, All Rights Reserved Back to top Your account, your cookies choice We and our partners use cookies to give you the best optimized online experience, analyze our website traffic, and serve you with personalized ads. You can agree to the collection of all cookies by clicking "Accept all and close" or adjust your cookie settings by clicking "Manage cookies". You also have the right to withdraw your consent to cookies anytime. For more information, please see our Cookie Policy. Accept all and close Manage cookies Essential cookies These first-party cookies are necessary for the functioning and security of our website and the services you require. They are usually set in response to your actions to enable the use of certain functionality, such as remembering your cookie preferences, logging in, or holding items in your cart. You can´t opt out of these cookies, and blocking them via a browser may affect site functionality. Basic Analytical Cookies These first-party cookies enable us to measure the number of visitors/users of our website and create aggregated usage and performance statistics with the help of our trusted partners. We use them to get the basic insight into our website traffic and our campaign performance and to solve bugs on our website. Advanced Analytical Cookies These first or third-party cookies help us understand how you interact with our website and each offered service by enriching our datasets with data from third-party tools. We use these cookies to improve our website, services, and user experience, find and solve bugs or other problems with them, and evaluate our campaigns´ effectiveness. Marketing cookies These third-party cookies allow our marketing partners to track some of your activities on our website (for example, when you download or buy our product) to learn about your interests and needs and to show you more relevant targeted ads. Accept and close Back