[fps]

Discord monitors all running processes on a user's machine so it can tag users with a "now playing ..." status text. The content of chats/private messages is also accessible to them. Their ToS allows them to sell/share this data.

[vel0city]

> The content of chats/private messages is also accessible to them.

Not only that, the attachments on private messages are publicly visible.

Send an attachment in a private chat. Grab the link. Open it in a browser unaffiliated with your Discord login. wget it on a VM a thousand miles away. Its now publicly hosted.

[judge2020]

Attachment links include the server ID but not the channel ID, so it's not like you can enumerate for files in a server by obtaining the server and channel IDs.

Each attachment's ID is in a snowflake[0], so the urls are

cdn.discordapp.com/attachments/:SERVER_ID/:ATTACHMENT_ID/:filename.png

0: https://discord.com/developers/docs/resources/channel#attach...