Using Discord? Do not downplay the risks to their privacy and security
It’s all fun and games until someone gets hacked – here’s what to know, and how to avoid, the threats that lurk in the social media giant
There are few tools or software applications that will allow us to stay connected with our teammates even during gameplay, with the best having a low impact on our network connection while allowing for important elements like tap-to-talk or messaging capabilities.
Discord is one of those online services that combines traditional online forums (remember?) with voice chat and resources like social media, so even after a heated gaming session, you can stay in touch with the same people.
The difference is that Discord has a server-based core, where you can connect or join servers created for specific topics, rather than focusing solely on games or movies. This way a person can cover most of his interests and interact with hundreds of people every day.
However, because Discord is also a bit more direct and interactive than your typical forum or chat service, it has its share of problems, and scams are just one of them. Since this week is Privacy Awareness Week, we’re going to be looking at what you should know about Discord and how you or your kids can avoid the threats lurking on the platform.
Imagine a place…where your privacy is threatened
Probably the most immediate thoughts that come to mind when thinking of free instant messages bundled with forums are the aspect of privacy, and the ways in which your data can be used for corporate purposes. After all, when it comes to free services, you are the product, because you provide marketers with salable data.
We’re used to all the tracking happening to us every day, because your email service may use the data in your messages to create personalized ads, or your phone may track your app interactions to do the same. Privacy issues are becoming more and more relevant today, and in a survey conducted in the US in 201979% of respondents are concerned about the use of their data, with 81% feeling they lack control over their data.
Since Discord is a free service, you may ask how to fund its operations. Servers don’t come cheap and the company’s staff don’t work for free, and while their Nitro subscription may generate some revenue, there are still questions about how the data on Discord’s servers is handled. All your messages pass through their servers, unless you use Discord through a web browser, which can partially block some trackers. Discord Privacy & Security Policy states that you can consent to the use of the data you collect, but not consent to whether it is collected.
And therein lies the problem, because Discord collects your data if you allow its use in the future. However, since the data is already in their hands, how can you be sure they don’t use it? What’s more, what if a data breach occurs? Discord conversations include a lot of useful info about you, so that’s something else to consider.
Be careful what you say or post, or how people get doxed
Doxing is not a new term; it means that certain people may unknowingly send or disclose some information about themselves that could provide unsolicited audiences with their location, appearance, address, or other types of personally identifiable information (PII), or be exposed to such information by others.
This sort of connects to the privacy aspect, as through server side discussions you slowly reveal more about your interests as you get to know other users. And on public servers these can be dangerous, as they can host malicious snoopers (non-participating users of internet message boards or chat rooms), who can sometimes easily track you down. A user of a server they visit frequently can dox themselves by displaying their desktop in the game stream or by having a file with their name or image in it. Likewise, when users regularly post pictures of their route to and from work, they could theoretically enable stalkers to find them at certain times of day.
Some users may find disclosing your face attractive, but uploading a photo of yourself to a public server can mean that bad actors can access and use your facial image for nefarious purposes, such as phishing, or in the worst case even extortion, depending on the content of the image. Plus, profile pictures mysteriously link you to your anonymous account name, and it might not take long for someone to find you online by simply using your picture and combing through a few of your messages.
To be honest, online games, or online communities in general, are never 100% safe. In addition to data privacy concerns, there is also the shadow of cyberbullying, which is exemplified by all the news reports on children are bullied by their peers online on social media. Then again, Discord fits in the box. If a bully knows someone’s username on Discord, for example, they can make their life miserable on the server they visit or harass them via direct message.
However, bullying was only one aspect. Just to remember the previous point, Discord can be frequented by bad actors who, like bullies, can force you to do something, either through extortion (using your pictures, location, personal data) or by phishing, taking on the appearance of a Discord admin or user who they know you message often.
Add to that the fact that Discord allows file sharing, meaning that anyone can easily share images, videos, links or anything of that caliber on servers or via private messages. This makes it easy for someone to share IP Grabber, which can be used to track a user’s IP address for various reasons, such as targeted advertising or identifying a user’s location. A bad actor can, in some cases, also damage the entire router for a period of time. The worst case scenario is that they send data packets to someone’s router and if the router allows it, they can see all the devices connected to the Wi-Fi and even install spyware on them.
Overall, from a cybersecurity perspective, Discord shares many vulnerabilities with email or social media services, with a focus on user (human) error to compromise one’s device. And though Discord terms of service specifying that users under the age of 13 are not permitted to use it, they do so frequently, due to the gaming nature of the service and the way it appeals to a younger crowd in general.
Improvise, adapt, overcome
First, the best advice anyone can get regarding Discord is to change their behavior online. Consider changing how many data points you share about yourself. Don’t share your location, hometown, place of work, or travel-related information, as this information could be used to track you.
Second, consider a more anonymous approach. Don’t use your real face as your profile picture, don’t link Discord to other services (like music streaming) created under your own name, and most importantly, try not to use your real name as your username.
Finally, for more technical advice, don’t click on suspicious links or files. Additionally, use strong security software such as ESET Smart Security Premium or ESET Mobile Security to build a robust firewall against internet-transmitted threats.
With all of this in mind, Discord is still a very useful tool for connecting with like-minded people and communities. Don’t let bad apples like cyber criminals or malicious users sow the seeds of discord, but be prepared to harvest the fruits of interesting conversation with your security in mind.