search

wotanut / DiscordStuff

A collection of all my stuff for discord
7 stars 6 forks source link

Add option to remove Discords new inbuilt tracking #8

Closed BaconCatBug closed 1 month ago

BaconCatBug commented 1 year ago

Example URL: https://cdn.discordapp.com/attachments/1082316518810992700/1157783541401268274/controller-20092023-0002.mp4?ex=651b2ef2&is=6519dd72&hm=b5ec32fdca25effc8c202fc6ae8682286f0fbba25d962214b790d78f4328f5cb&

The part from ?ex= onwards is a tracking token.

koliwbr commented 11 months ago

It's not a tracking!

🔐 New Authenticated Attachment URL Parameters

To improve security of Discord's CDN, attachment CDN URLs have 3 new URL parameters: ex, is, and hm. Once authentication enforcement begins later this year, links with a given signature (hm) will remain valid until the expiration timestamp (ex).

⚠️ Attachment CDN URLs have already started following the new pattern, so your app will begin to encounter the new parameters in attachment CDN links, but authentication is not being enforced until later this year. More details about when authentication will start to be enforced will be shared in the upcoming weeks.

Details about authentication parameters

ex: timestamp indicating when the attachment URL will expire, after which point you'd need to retrieve another URL (by doing something like retrieving a message via HTTP). More details to come about the length of time this will be by default. is: timestamp indicating when the URL was issued hm: unique signature that remains valid until ex.

https://discord.com/channels/613425648685547541/697138785317814292/1157372186160537750 (https://discord.gg/discord-developers)

Lucatir commented 9 months ago

The unique signature IS tracking. Or rather, can be used for it. For example, it can be generated from information such as who sent the file and to where. The possibilities are quite broad. Sadly, if you strip that metadata, nowadays you can't access the file without it, so not much that can be done.

Edit: to give you some perspective, a media link itself has always contained data that links it to a specific message the very least. Wouldn't be surprised if it also contains the channel/guild ID there too. Discord has always kept a track of your activities.

koliwbr commented 9 months ago

Media links are in the format: channelID/messageID/filename.The new form probably works on the basis of cryptographic signatures. When I wrote that "it's not tracking" I meant: "the main purpose is not tracking - if you remove it, it will stop working"

Lucatir commented 9 months ago

Fair enough. KaeriThumbsUp