Discord Read Receipts Exploit: When, How Often, How Long
10 hours ago
- #i
- #p
- #
- #g
- #t
- #k
- #n
- #v
- #,
- #u
- #r
- #y
- #a
- #c
- #b
- Discord deliberately lacks read receipts for privacy, but a bug can reveal viewing details.
- Link previews are proxied by Discord to hide recipients' activity from the sender.
- Cache poisoning with a failed image fetch causes multiple retries, exposing viewing time.
- Six retry attempts with delays allow tracking when, how often, and for how long a message is viewed.
- Proof of concept uses session grouping, delays, and nearly invisible links to conduct tracking.
- Bug was reported, validated, and bounty paid, leading to approved public disclosure.