Privacy policies of Discord

You need to be aware of what security measures and privacy policies a company’s app has in order to understand how well data that you share with it are protected. The Analytical department of Falcongaze has reviewed the platform Discord, which is becoming more and more popular among people of different interests.

To begin with, the developers do their best to make Discord the most secure environment for users. They do not sell or share data with third parties. Messages are not monitored. On its website, Discord informs that only images can be scanned, but messages are private.

Message scanning depends on privacy policies that are configured by users. There are three modes on the platform: “Keep me safe”, “My friends are nice”, and “Do not scan”. Each mode has its own scanning configurations for presence of prohibited content.

  • “Keep me safe”: Discord scans all videos and images and blocks those with prohibited content.
  • “My friends are nice”: in this case, messages received from people not from your friends list are tracked.
  • “Do not scan”: this mode has no content scanning at all.

Discord stores the information that a user provides it with in order to gain access to the services of the platform and register in Discord (name, e-mail address, messages, images etc.). IP-address, device ID, and activity information in Discord services are tracked automatically. You can also sign in to social media using the platform. In this case, Discord will have an access to your social media data (ex. list of contacts).

Discord also uses cookie files. However, a user can switch them off. A user also can contact the company and ask to remove their data. Discord will inevitably consider your question.

The company does all possible to protect your data and not let it fall into the wrong hands. Nevertheless, this goal is difficult to achieve if you yourself do not care for your data. For instance, the company recommends:

  • To set up a secure password using capital letters, lowercase letters, and special symbols. You can also use password-manager to create such a password.
  • To enable two-factor authentication.
  • To configure privacy policies. They will determine whether your correspondence is scanned for presence of malicious content or not.
  • Not to follow suspicious links and download files received from unknown users.
  • Not to share your credentials. Discord do not request username and password, that is why you are the one to leak your credentials.
Although the company refuses to sell users’ data and tries to protect them using all methods, the incidents still happen. No code is perfect. Nevertheless, Discord participates in Bug Bounty program. That helps to detect a vulnerability quicker and with no harm to users.



Important publications

What is UBA? 6 August 2019
What is DLP systems? 13 February 2019