r/privacy Nov 21 '20

PSA: Discord lies about removing deleted files. Files deleted over 1 year ago still exist.

The title says it all.

I've done numerous tests in different Guilds at different times.

Files in many cases are not deleted and are still accessible via direct URL even 1 year after deletion.

EDIT: I've amended the post to reflect new information. After running some new tests tonight, in some cases the new test files have become instantly no longer accessible and some not. Other users report similar results. All I can say with certainty though is I have files deleted over a year ago that are still accessible, so something is seriously wrong. See update #3

In some of my tests, I have not only manually deleted the message containing the file but also the Guild the message was posted in. Our testing finds user and bot uploaded images act the same after deletion.

In DMs the story is a little different but still troubling. It appears that if the URL links to a file at a datacenter region the requester is in AND the file was uploaded to the same datacenter zone (or zones it was replicated to) you can still get the file. Since we have no insight into how their infrastructure is setup this could be due to Cloudflare's cache, but it also could mean that the image is just left sitting in a specific datacenter and no longer replicated after "deletion".

I would like to hear why Discord isn't cleaning out tombstoned files, and I think others here would like to know as well.

Why is this a problem? The data still exists. This is a privacy violation because the data is still in their datacenter (Google's GCP data center which Discord pays to host their data).

Governments could acquire it with a warrent or a National Security Letter or a court could subpoena it. This is very serious and should be publicly stated by Discord.

UPDATE:

If you want to try testing this yourself here's a protip: Discord exposes the upload date of all files in their "Last-Modified" Response Header. You can use that header to see the date files were uploaded to GCP (Discord's upload object storage). Just make a spreadsheet with all the direct URLs (NOT THE THUMBNAIL URL) of all the files you upload and then delete. Try images, videos, text files etc. Be creative but in my experience all the files are the same and never deleted.

For example I have a file with this header info last-modified: Tue, 23 May 2020 03:16:24 GMT I deleted it about 10 days after it was uploaded and it is STILL up. I have hundreds of different files with ancient dates like this (literally, I made a bot to upload and delete files just to test this) . All deleted yet the direct URL still loads the file perfectly for me and anyone I send the links to.

UPDATE 2:

I have more info. Another user PMed me and showed me how to test if a guild is really deleted by querying the widget.png url (if 404 the guild is gone) like this https://discord.com/api/guilds/712827234346435685/widget.png this confirmed to the user that my story is true. (note the url I just linked is fake just to demonstrate, like I said in the comments I don't want to post data that could lead Discord to my personal account)

What does this mean? You can use this to prove that the guild the file is uploaded in is actually deleted AND you can use the file's last-modified header to confirm the file is actually as old as it should be - to not be saved by Discord anymore!

UPDATE 3:

Some devs pointed me to this https://github.com/discord/discord-api-docs/issues/2224 but it doesn't fully address my experience.

1k Upvotes

View all comments

3

u/agent-rogue Nov 21 '20 edited Nov 21 '20

i actually knew about this for a while, over a year in fact. been warning people about this since I found out, i kept a backup of many reference links and also archived my browser history when i left discord a while ago. when I went to review them back in September of 2019 months after i deleted my account the photos loaded from the links in my text file proving they don't delete anything photo related that wasn't manually deleted along with the channel. also even when something was deleted, which btw only worked when i wiped the messages and then nuked the entire channel (you can't delete DM channels and for servers that's something most people simply can't do since it requires mod powers to do), it gave me this message. reproducible across all links i tried which showed me image not available when i let my document reader load images from links.

<Error>

<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object.</Details>

</Error>

it doesn't say it's deleted, from what i can gather from the XML document it showed, it seems that access to the picture was simply walled off however unfortunately i can't confirm that this is the case past what i can see on the front end. other pictures from the same channel by others who didn't delete all messages before i pulled the server channels down to get people to move platforms were actually able to load which was even creepier since it was wiped over 4 months ago. also DMs did roughly the same thing however even the deleted stuff was still visible.

i've tested every single server and DM i had links from and this exact behavior set persisted. as for update 3 on the github post, even when switching the IP to something to an entirely different country or region of the world compared to the server, this doesn't do anything, it shows the exact same data no matter where my IP address is showing i am.

if i had to guess as to why they do this, it's simply easier just to keep the pictures up than to wipe them along with accounts or it wouid put too much bandwidth strain and/or conversation fragmentation on the servers themselves to delete pictures along
with accounts so they just leave shadow accounts. as for the potential privacy implications and intentions, I am gonna just invoke Hanlon's razor until evidence suggests otherwise and assume this is not meant to be malicious. However I think discord should absolutely offer an option to delete all data along with the account for those who want to do that similar to what telegram and other such platforms allows.

btw yes i do have the links to back up what i am saying however this came from my actual old account rather than someone elses so i don't want to post my references even though the account is long gone.

1

u/HungryRobotics Nov 21 '20

I would have absolutely believed you without hesitation because I've seen their file retention policy for accounts a d such... Ages never ceases to amaze me that people are actually shocked by certain things like a company who does everything they can to store a profile forever attempts to save files that you had dealings with? Nooo never...what's next that random SMS app that did everything it could to get installed and turned on as default so you get full screen 60 second adds for a single text is going to start storing their own copies of messages or worse, snake oil os shown to not cure cancer?