I have a hard time believing this is about blocking malware. Discord doesn't want to be a free file hosting platform anymore, and that's fine, but they shouldn't pretend this is about something else.
As someone who worked at a company that hosted content, I can believe it. Malware folks always want to get their content onto legitimate domains where 99.999% of the content is legitimate. The amount of time spent trying to keep your domains clean can be a nightmare. Dealing with abuse can become a major cost.
This doesn't really change Discord away from being a free file hosting platform for anyone that gets the link on Discord. It just prevents someone from uploading a file to Discord and then sending a link to the file along a different medium (email/text/etc).
Hosting files really isn't that expensive given Discord's tiny file size limit and Discord's scale. Cloudflare's R2 charges $0.36/million downloads. The problem is that if you're hosting content on your domains, you have a certain responsibility for the files on those domains. Your domain gets a reputation and at a certain point starts appearing on lists (even if you're a multi-billion dollar company). People trying to spread malware love taking advantage of any place they can store a file on a reputable domain or get a reputable link shortener to redirect to them. I don't blame Discord for wanting to cut them off.
Every email with a cdn.discordapp.com/attachments link has been blocked at the gateway for 60%+ of the Fortune 100 since January 2022. The global configuration history I'm looking at is actually kind of funny, you can see the "god damn it" moment:
Discord is responsible for handling reports about malicious content, so by shortening the lifetime of all content to 24 hours they're effectively giving themselves a 24-hour response SLA for free. It's a very reasonable move.
> After the file hosting change (described by Discord as authentication enforcement) rolls out later this year, all links to files uploaded to Discord servers will expire after 24 hours.
> CDN URLs will come with three new parameters that will add expiration timestamps and unique signatures that will remain valid until the links expire, preventing the use of Discord's CDN for permanent file hosting.
Pleas change your belief then. Discord is a very popular malware distribution platform. It is reliable and corporate networks don't block it. This only solves the malware dropper problem, you still have a ton of stealers that post stolen creds to discord rooms via webhook. Perhaps rate limiting might help there.
But I promise you this is a very prevalent problem, to the point where discord is blocked companh wide at some places because of this this issue.
It can perfectly be both. I mean, there's no reason to polarize every decision. On the contrary, the more points it covers, the better justification it has.
I don't think anyone who's worked at a product company can't imagine how some CISO whipping up a bunch of VPs into a frenzy over malware is the most likely scenario.
Definitely more likely than someone actually complaining that the money furnace was burning money in a way that increases engagement, gives people something to stream, and gives people a reason to buy their premium subscription.
Hotlinking doesn't happen in a vacuum: if people were seriously congregating to setup shares and paying for Nitro for the 500MB limit, I doubt anyone would have cross their "activation energy" to blanket ban the links rather than dealing with disruptive servers as needed
I also don't want them to be a perpetual file hosting platform either. I also wish they cleared sufficiently old text messages as well. Of course they won't delete text messages though because they can make more money from them then they can by not storing them.
This just happens to not be the case for larger files. I bet they have tried to find a way to monetize the data harvested from user image associations or possibly image AI training already.
This doesn't really change Discord away from being a free file hosting platform for anyone that gets the link on Discord. It just prevents someone from uploading a file to Discord and then sending a link to the file along a different medium (email/text/etc).
Hosting files really isn't that expensive given Discord's tiny file size limit and Discord's scale. Cloudflare's R2 charges $0.36/million downloads. The problem is that if you're hosting content on your domains, you have a certain responsibility for the files on those domains. Your domain gets a reputation and at a certain point starts appearing on lists (even if you're a multi-billion dollar company). People trying to spread malware love taking advantage of any place they can store a file on a reputable domain or get a reputable link shortener to redirect to them. I don't blame Discord for wanting to cut them off.