78
Discord file links will expire after a day to fight malware
(www.theverge.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 05 Nov 2023
78 points (100.0% liked)
Technology
37208 readers
108 users here now
Rumors, happenings, and innovations in the technology sphere. If it's technological news or discussion of technology, it probably belongs here.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
This is a very sensible change. It's an open secret that discord has been leveraged by hackers for quite some time. You can even search Github and find examples where exfiltration of data is done via discord. Discord is not a file host and should not be used as such. I'm just glad they're doing it in such a way to minimize the impact on users and devs.
I don't know how much of a difference it will make.
It's easy to host files. Even if the malware "author" is clueless and just buying a customizable malware, either they'll figure out how to host files or file hosting will be provided along with the service they're buying.
It may not stop Discord from being the file host either. Malware distributing bot accounts could keep copying a new link to the file, or could upload a new version of the file on demand.
Discord can't expire webhooks the same way so webhooks will continue to be used for exfiltration. Pointing out that it's used for exfiltration as if it were related seems like bad reporting. It's a difficult problem because if they did break webhooks it'd only make things more difficult for legitimate users. These malware packages usually hijack the user's Discord installation and could send out the information as the user without using webhooks.