You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a user, I want to be able to hide my existence in a community, as well as hiding "mutual friends" and "mutual communities" to prevent relationship mapping attacks.
Discord membership relationship mapping attacks
Discord has a problem which directly utilizes the "mutual friends" and "mutual servers" information in a profile, as well as the sidebar in a community. This data can be used to build a full map of what a user does on Discord, without having access to their token or account.
This is not some far-fetched theoretical attack. It is easily carried out with as little as two accounts, and it happens thousands of times every day by abusing the APIs, and moreso now the GUI to gather large amounts of up-to-date info on people.
This discussion was converted from issue #14109 on July 14, 2023 10:59.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
As a user, I want to be able to hide my existence in a community, as well as hiding "mutual friends" and "mutual communities" to prevent relationship mapping attacks.
Discord membership relationship mapping attacks
Discord has a problem which directly utilizes the "mutual friends" and "mutual servers" information in a profile, as well as the sidebar in a community. This data can be used to build a full map of what a user does on Discord, without having access to their token or account.
This is not some far-fetched theoretical attack. It is easily carried out with as little as two accounts, and it happens thousands of times every day by abusing the APIs, and moreso now the GUI to gather large amounts of up-to-date info on people.
Beta Was this translation helpful? Give feedback.
All reactions