Using Discord? Don’t play down its privacy and security risks

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut

There are several tools or software applications that enable us to stay connected with our fellow teammates even during gameplay, with the best of them having a low impact on our network connection while allowing important elements like tap-to-talk or messaging capabilities.

Discord is one of the online services that combine a traditional online forum (remember those?) with voice chat and social media-like resources, so even after a heated gaming session, you can stay in contact with the same people.

The difference is that Discord has a server-based core, where you can connect or join servers established for specific topics, rather than having a focus strictly on gaming or movies. This way a person can cover most of their interests and interact with hundreds of people daily.

However, since Discord is also a bit more immediate and interactive than your regular forum or chat service, it comes with its own issues, and scamming is one of them. Since this week is Privacy Awareness Week, we’ll look at what you should know about Discord and how you or your children can steer clear of threats lurking on the platform.

Imagine a place…where your privacy is at risk

Perhaps the most immediate thought that comes to mind when thinking of free instant messaging combined with forums is the aspect of privacy, and the way your data can be used for the company’s purposes. After all, when it comes to free services, you are the product, since you provide data that can be sold to marketers.

We have gotten used to all the tracking that happens to us daily, as your email service might use data within your messages to create personalized ads, or your phone can track your app interaction to do the same. Privacy concerns have become increasingly relevant today, and in a survey conducted in the US in 2019, 79% of the respondents were concerned over the use of their data, with 81% feeling they lack control over their data.

RELATED READING: Hybrid play: Leveling the playing field in online video gaming and beyond

Since Discord is a free service, you might ask how it finances its operations. Servers are not cheap and the company staff does not work for free, and while their Nitro subscription might account for some revenue, there is still a question of how the data on Discord’s servers is being handled. All your messages are passing their servers, unless you use Discord through a web browser, which can partially block some trackers. Discord’s Privacy & Safety Policy states that you can agree with the use of your collected data but not whether it’s being collected.

And therein lies the problem, as Discord collects your data in case you would allow its usage in the future. However, since the data is already in their hands, how can you be sure they are not using it? What’s more, what if a data breach happens? Discord conversations include a lot of useful info about you, so that is another thing to consider.

Be careful what you say or send, or how people get doxed

Doxing is not a new term; it means that a certain person might unwittingly send or reveal some information about themselves that can give away their location, looks, address, or any other sort of personally identifiable information (PII) to an unintended audience, or get exposed because of that information by someone else.

This sort of connects to the privacy aspect, as in a way, through server-side discussions, you slowly reveal more and more about your interests as you get to know the other users. And on public servers this can be dangerous, since they can host malicious lurkers (a user of an internet message board or chat room who does not participate), who could sometimes easily track you. A user of a server they frequent often can dox themselves by revealing their desktop on a gaming stream or by having a file with their name or picture on it. Likewise, when a user regularly posts pictures of their route to and from work, they could theoretically enable a stalker to locate them during specific times of day.

Some users might find face reveals interesting, but uploading pictures of yourself to a public server could mean that a malicious actor might access and use your face image for nefarious purposes, like phishing, or in worst cases even blackmail, depending on the content of the picture. Moreover, a profile picture inexplicably links you to your anonymous account name, and it might not take long for someone to find you online just by using your picture and combing through some of your messages.

Smooth criminal(s)

Honestly, online gaming, or online communities in general, have never been 100% safe. Apart from data privacy concerns, there is also the shadow of cyberbullying, exemplified by all of the news reports on kids being bullied by their peers online on social media. And again, Discord kind of fits into that box. If a bully knows someone’s username on Discord, for example, they can make their life miserable on the servers they visit or harass them via direct message.

However, bullying is only one aspect. Just to recall a previous point, Discord can be frequented by malicious actors who, just like bullies, can coerce you into doing something, either through blackmail (using your picture, location, personal data) or by phishing, taking on the appearance of a Discord admin or a user whom they know you frequently message with.

RELATED READING: Hidden in plain sight: How the dark web is spilling onto social media

Add to this the fact that Discord allows file sharing, meaning that anyone can easily share a picture, video, link, or anything of that caliber on a server or through a private message. This makes it easy for someone to share an IP Grabber, which can be used to track users’ IP addresses for a variety of reasons, such as targeted advertising or identifying the location of a user. A malicious actor can, in some cases, also crash a whole router for a period of time. The worst-case scenario is that they send data packets to one’s router and if said router lets them through, they could see all devices connected to its Wi-Fi and even install spyware onto them.

All in all, from a cybersecurity perspective, Discord shares many vulnerabilities with email services or social media, with a focus on user (human) error to compromise one’s devices. And even though Discord’s terms of service specify that users below the age of 13 are not allowed to use it, they often do, due to the gaming nature of the service and how it attracts younger crowds in general.

Improvise, adapt, overcome

Firstly, the best advice that anyone could get when it comes to Discord is to alter their online behavior. Consider changing how many data points you share about yourself. Do not share your location, hometown, workplace, or travel-related information, as that can be used to track you.

Secondly, consider a more anonymous approach. Do not use your actual face as a profile picture, do not link Discord to other services (like music streaming) established under your own name, and above all, try not to have your actual given name as your username.

Lastly, for a piece of more technical advice, do not click on any suspicious links or files. In addition, use robust security software like ESET Smart Security Premium or ESET Mobile Security to erect a strong firewall against internet-borne threats.

With all of this in mind, Discord is still a very useful tool for connecting with like-minded people and communities. Don’t let bad apples like cybercriminals or malicious users sow the seeds of discord, but be ready to harvest the fruits of interesting conversations with your security in mind.

Latest Posts