Your Discord Data Package is DANGEROUS! Here's why
HTML-код
- Опубликовано: 22 июл 2024
- Many people are using their Discord data package to learn about their Discord stats. With the increasing popularity of these websites, many people do not understand what data is inside that package.zip file and how scammers and malicious users could use it to figure out your personal information.
LINKS
-----------------------------------------------------------------------------
Discord Post
/ discord
Discord Package
discordpackage.com/
Discord Data Package Explorer
ddpe.androz2091.fr/
SOCIALS
-----------------------------------------------------------------------------
Discord Server
/ discord
TIMESTAMPS
-----------------------------------------------------------------------------
00:00 - YOUR DATA IS DANGEROUS
00:26 - Getting your Data Package
00:58 - What's inside your data package?
02:21 - Data package websites
03:15 - OPTIONAL: Turning off Wifi
04:25 - Speedrun video any%
04:53 - OPTIONAL: Clearing cookies
05:10 - Marker 8 
Развлечения
It should be noted, that if you are really worried about your privacy and do go the internet disabling route: Don't just clear your cookies. Also clear local storage, local database, check for any web workers it might have spawned, etc. Make sure nothing of that site remains behind, then restart the browser.
When you remove the cookies like so: 5:00 it will delete the cache storage, cookies, indexed databases, local storage, service workers and session storage
I love the 5x paranoia that paranoid people will get from this.
For extra paranoids: Boot a VM, open a browser, open the website, cut the internet access to the VM, do what you need to do, force shut down VM, delete all traces of the VM on your PC
@@capsey_ it doesn't effect your PC. the only risk is leaking of information, which can only be done when connected to the internet regardless of if you have a VM or not, its just a useless step.
Chrome allows you to see external network requests and stored cookies, don't be so paranoid :D
The sites are also open source which gives you the ability to use docker to host the website on your own computer
i was searching for this
everything on this website works locally on your machine
ok
That doesn’t mean it can’t connect to other servers. Hosting it on your computer won’t stop anything if it has manual code in there to purposely log your data.
@@dareallando still if ur a developer u could scan the code and remove sus stuff
Also, don't forget there is NO OPTION to request your data to be deleted. You can "delete"/disable your account but nothing gets deleted as far as I can tell. Just your access to the account. The account name will be changed to "deleted user " and the account itself will still exist, the messages it has sent will still exist, and so on. Including DMs.
You can't request or tell discord to delete all of this private information they have collected about you. :)
then i will sue them bc thats an option
Nope, after 45 days after account deletion your data will be anonymised and Discord and will be basically untraceable back to you.
@@thundurr
Idk about you..but that doesn't sound like "deleting" lol.
I don't want my data in DISCORD'S hands either.
Also the account still exists and everyone will just see it as "deleted user " instead.
@@therealOri_ It's not Discord's fault,
Discord themselves will not be able to tell who's data it is after 45 days, but they HAVE to keep certain data like payment information to comply with legal obligations, tax and accounting reasons, but they will eventually be permanently deleted as well.
Discord will then permanently delete your email address and phone number after about 180 days for fraud and trust related reasons.
Then finally your service requests and support ticktes will be permanently deleted after 5 years for legal reasons, in case you try to sue Discord, they need it as defence.
However, they will never delete message history and publicly shared info, just so other users can still view it and you can also write to them if you really want it gone.
@@therealOri_ things the account has said and files that have been sent stick around, the rest, payment information, tag and such are deleted
Note that there are victims of child online exploitation who are unable to remove this compromising information because they deleted their accounts; they're still dealing with stalkers et al years later.
I'm pretty sure Discord is in violation of US federal law by keeping this data after the account is terminated. No idea why they haven't been held accountable.
Majority is chinese owned, and your data is being sent right to them.
@@epiclyepic_7655 the china is stealing our data no
If the data is disassociated with the individual then the individual is not legally considered to have any relation to it.
The sites you just mentioned in the video are open source, which means you can download the source code and host it locally on your PC. Which is pretty neat IMO
hosting it in my oc is worse than giving them my msgs💀
"it is open source" means your data is (mostly) not sent to any alternative server in any form. people would not want their data to be sent, because they value freedom in their software.
there are some cases that is not true, either the author is malicious or that repository was attacked due to a dependency vulnerability
@@itzcalocalo5749 yes, you are right about that one regardless of what i said above though. you can't easily trust a random developer you've never even heard of before, can you? it all depends on your choice, and that is the point of this whole open source projects. you get to only believe what you believe in. that is also an important freedom in software imo
It also should be noted that to do the ethernet disabling thing effectively you also need to go to your browser settings and disable "Run in background". Because websites take advantage of the packages sent by a browser. You can send some data to a website and it will be pending until you have internet. Closing before turning the internet on just keeps the package in the "running in background" and continue to send it after you do have internet.
Another thing that should be noted is browser storage (and I do not mean cookies. There are cookies, indexedDB and even localStorage [less used because the user can see it very easily]). Servers can save something locally in your browser which doesn't require internet and when internet comes despite how late you may come back to the website (unless your browser clears data) you will still send the data. So make sure to never visit that website with internet even as a 2 second lookup.
Bold of you to assume none of us care about your discord data
🚗🚙🚗
i personally mustang
i literally bentley
ford f 150 (the joke is that the original comment said "-none of us car about your-")
Didn’t realise auto correct changed my words 😅
seriously underated channel, love the content.
bro spelled dox with 2 x's, chill out.
@@-4023- huh? what does that have to do with my comment?
how is he underrated he has 139k subs
@@_speedyhops8058 I just personally feel that more people should watch him 🤷
It's not, he spreads false information all the time like with his most recent video
At first I was a little frightened, because I have used Discord Data Package websites recently (approximately a month ago), so I thought I just gave away my information (like my payment information, since I have those connected). But I am rest assured because I used the first website mentioned in the video; also worth noting the website is open source as well, and it didn't look like anything it could send information via a webhook or anything. I didn't disable my Internet in the process, so hopefully that didn't do anything particularly harmful.
5months later, still all good? if so i feel save enough to use the site aswel.
Is it still safe? I just used it and now im pretty worried
I think going to secret mode and turning off wifi would give you better privacy with less effort. In addition to cookies being deleted after closing the window, secret window also prevents the browser from storing stuff into web storage and IndexedDB.
That would also prevent the website from using background sync to send the data after it's been closed. Although it's worth noting that the data can still be stored in a private session, just that it'll be removed afterwards
Se
I love the content and jokes, keep it up!
It's also worth noting that if you do want to be extra safe but still see this info from these sites you can go in a manually delete any sensitive data from your discord data package
No it's not gonna do anything
The data will remain but they'll just send u the data they have gotten from ur acc
Disconnecting the from the internet when using such websites is completely NOT going to keep your data safe...
If the website is using local storage then it can easily store 50MB of your most important information and send it the next time it's loaded again.
You have to clear all the data related to that website, and even then you're not 100% safe...
yea thats literally what he showed, u clearing the cookies
@@AnEnderNon Cookies aren't always the entirety of site data. There can also sometimes be network packets stored on your device for later transfer.
@@AnEnderNon Cookies are a few kB of data. Modern browsers have complete embedded databases that can store up to 50MB per site... And judging from what you just said I can easilly guess you haven't got much experience with web development...
@@shapelessed yea ur right, how do i clear this other storage
@@AnEnderNon open devtools (f12, ctrl+shift+i, right click>inspect), click on the double arrow at the top, open "application", and somewhere near the top there should be a category labelled "local storage". open it, and then right click on the website you want and select delete. same with session storage. you can also click on it to see if it's storing your data, in a very long string of ascii characters or otherwise
i have no idea if that's how you're supposed to clear it, but i'm a web developer
Ayy finally early dude! Keep up the good work ❤️
i like how i just subbed, and a few mins later u upload
I noticed the second one was open source, and a person replied the first one was also open source. If you are confident enough, you can a build a version of the site locally. You could also look for some sketchy stuff inside the code. Still remember to run it with wifi disconnected, because people can add a simple POST request to a server with all of your data.
remember to be safe when using these sort of websites in general.
both of them are open source
average github chad
but you could also flood that server with garbage data if it's unsecured in that fashion.
how about Man-in-Middle attack?
@@Vysair youd need to have someone on your netwirk for that, doubt it
Also in all the messages you ever sent, it shows your attachments with the post. Those attachments links can be opened by anyone, anywhere. Just FYI in case you use Discord for naughty naughty things
Hey No text to speech! Thanks for making such awesome content.
Hope everyone here is having a super day and wishing everyone well!
I have your credit card information and geographical location. Thanks discord!
@@BonziBUDDY who are you ?
@@BonziBUDDY bro why still people information 😭
omg… thank you I was close to putting my data onto a website to see how much messages I’ve ever sent and stuff but I was hesitant, now I know 😭
i love your new memey video style
i requested my data only to find dms from specific people i unfriended and dont have the tag for and i cant even find them
Websites can upload your data even if your ethernet is disabled.
Data can be cached in the local store or index db and uploaded later when the website is visited again.
people can probably use this to scam younger discord users.
this reminds me of the har file scam on roblox, where you download data that literally says your .roblosecurity code (which is a code that reminds roblox of which user is currently logged into and using the website on this pc, meaning that when somebody gets a hold of this code, roblox will think they are logged into the website with that account on that pc) , and the scammer says its something they need to either make a 3d render of your avatar or whatever else they can think of.
and if people were to use this that way, well then thats a life quickly ruined from some innocent discord user.
is it possible to go into the package and delete the sensitive data before using these websites and it still works?
Everyone saying DDPE is open source and can be locally hosted:
I had tested this out when I came across the website, and that won't work to keep your info private. The website uses its api to lookup usernames and pfps from account ids, but the apt is just a proxy to a discord bot. The api in question is also open source, but you'll have to make your own bot.
(This might be out of date, last time I looked was at least 4 months ago)
Now I know every channel you sent a message in! thanks:)
The comments section is literally a cespol of 8 year olds, script kiddies and outright ignorant people saying the most stupid things posible, besting eachother in stupidity with every new entry.
No wonder I'm here from last year. Nice video kekw
Who could have guess that 100% transparency on our recorded information, which can be sent to us at the click of a button, would lead to this!
ita required by law, they dont do it by "themself" because they "love" you" or by "transparency" reasons, its jsut marketing, they MUST provide this
what about how to tell if someone has been using the webcam on discord to video with other people through the data download and how to decipher each camera action inputted.
"is there any risk to giving away your data?" . . . YES!
How do you get your tabs so neat and compact @ 1:23 , my internet explorer looks like a mess literally every single folder I have ever created just displays under "This PC"
That might be the folder history setting. You can turn off File Explorer displaying recently used folders by selecting the three dots in the top right, selecting options, and then at the bottom of the General tab, disabling "Show frequently used folders" if you're using Windows 11; then it'll only show pinned folders on the left. Sorry if you're using Windows 10 though, I forgot if it's different on there.
@@MetalAlec I appreciate the comment, I use windows 10 but it motivated me to try to find a fix knowing it was specifically called folder history.. I went into View -> Options -> Folder options and turned off the thing at the bottom under navigation pane that said "All Folders", thank god I can actually see things more compactly now
4:25 yaay davinci btw are you using fusion often?
Uh Oh…
It would be really bad if all your data got the wrong hands, especially if you use discord a lot
hey man just wondering do u use the free version of davinci relsolve
The Love you's and kisses, omg I love this channel, subbed immediately
Turning off your internet connection will not guarantee information isn't being sent anywhere. It could be saved temporarily and sent to third parties once you reconnect your PC
if i have bought nitro but then removed the card informati0on. Will it still be there?
Love how you showed you cutting out the boring part, please shor your editing self again!
why isn't there an offline application for reading the data like this?
4:36 i chuckled. Best way to censor your data with humor.
just to say, i once decided to check my settings if i wanted to change anything and i saw the request my data thing, i didnt think much of it and i didnt think it was dangerous or anything but i left it since i thought "im fine for now, i'll prob do it later in the future or smth" but glad i saw this vid!
You are probably the most wholesome YT channel
gay
@@prizma45 Okay
what browser and what theme do you use for it please
Most people use Dynamic IP addresses or CG-NAT anyway. A simple router reboot will fix most peoples ddos issues.
So you want to be DDoS-ed?
Thankfully, cgnat isn't too common. Yeah dynamic ips are.
but, I don't put blinds on my Discord, why do you say I'm putting blinds on my windows?
Or just remove the sensitive information from the json?
Other than the 2 sites he showed, would Friendcord be safe to use as well? Does anybody know?
Is there a way to cancel a request to make the process a lot quicker?
Pls talk about why discord can't recover your account if suddenly you lost your 2fa or the buck up codes
The real question is why need a browser when you can have an open source application in code only, run the application from your IDE and and do everything locally without even needing the browser. The application should be coded to write any data or setting files in a folder you specify with the proper permissions.
You can do that.
I am very glad that I stumbled upon your video
I like how there’s no text to speech in your videos.
They get your IP because the entire internet has your personal info. Your IP, etc, and maybe your real name and stuff if it gets them from the ISP. So it's not scary to me.
It's how the Internet works.
@dawn swatting exists..
wait until you learn what all information is actually public record ;)
@@ITSTHEANGELGUY uh well swat dont operate here so HAH 💀💀💀💀😵😵😔☺️🤕☺️☺️🤕☺️☺️☺️😎☺️😎☺️😎😎😎😎😎😊😎😊😎😎😎😊😎😎😎😂😂😭🤣😂😂🤣🤣❤️❤️❤️😎❤️😎❤️💋💋💋🍓🍓🍓🤕💀💀💀😉😉😉😉😉😉😉😉😉😉😉😎😉😎😉😎😎😉😉😎😉😎😉📊😁😁😁📊📊📊📊😁
That's not what the video says. It warns you to be careful with sharing the package because then *other people* will have your IP address, not just Discord themselves.
@@erikkonstas Every single website you visit knows what your IP is
you are the only one who say "Anyways i love you_kiss" you are really the only one who i know who does that and i (and also everyone i think lul) love its heartwarming keep doing good stuff ur a very good ytber ❤
You could also make a virtual machine, from which you then remove internet and later when you're done just nuke the entire machine so there's 0 chance of data leak.
this is hilarious because you would be making and nuking a vm all for the purpose of not increasing your security by any amount at all
@@SafetyKitten well you would let the page load on vm, and then just remove the network adapter so there's no way any data can leave the vm
If you go to inspect element then click network, you'll be able to see all the requests.
Why cant you just delete your data after getting it.. then nobody can read or get your info
how does a screenshot on reddit share any of this information. Paranoid is an understatement
whats the no no folder for? hm
IP addresses aren't that bad. Anyone can basically get that on any peer to peer service. And they can maybe ddos you once, but 99% of modern routers have dynamic IP. Just turn it off for a few mins and the IP changes.
address though
That doesn't usually change your external ip address which is what's being stored, dynamic IP usually just changes the internal IP address which is only used by devices on your network and isn't seen by websites.
@@ArtixBTW most of the time, it does. At least in the UK, I don't know many people who have ever even been DDosed
It depends on the ISP. I am behind CGNAT so a "dynamic IP" is the only option for me
ISPs won't give you a static IP (or even a public IP, most of the time you will be behind CGNAT, depends on your ISP), it will change every x days, but you can force the change by restarting the router. I wouldn't worry about my IP being leaked, the IP location is approximate (or sometimes it's not the city you live in). What's the worst thing that could happen? DDoS? Restart your router.
Thanks for this valuable info that I will most certainly not to steal people info
i got a heart attack from the title until you said ddpe androz was safe
open source does not mean 100% sure it's safe, do your research before talking
@@ginge3845 Nordin said “he can’t be 100% sure it’s safe” with dawn replying “it’s OPEN SOURCE” you come out here saying that just because it’s open source doesn’t mean it’s safe, you are clearly misunderstanding this, he can 100% sure it’s safe because he can view the source code. do your research before talking
@@user-fv2bn2jf4f because clearly you will be able to view every risk by looking at the source code once
@@ginge3845 Lol I'm pretty sure several people checked the source code, especially when dealing with a website that has the POTENTIAL to steal your data
@dawn bro the source on github can be the same as the website, or it has the "virus" removed in the "source"
Thanks to the new staff team they could care less about security
What if i downloaded my discord data from discord? Am i screwed?
If these websites can only make your data human readable, what's the point in using it? You have options such as building a local one and hosting it safely, or getting it from someone who made an open source one.
DiscordPackage is on github. So you can should be able to look through the code.
Bro, these types of videos make me remember how stupid people are with their very personal information. Ignoring the fact that these packages could unearth years of dirt on you.
@dawn I forgor it's discord💀
Its just messages lmao not that deep you aren’t sending your social security number on discord if you are then that’s your fault
@dawn "your social life is probably worth nothing and a new identity is easy to make"
me when my credit card information gets leaked with my home address and full name with 50 armed men appearing at my doorstep with explosives and munitions:
😃
@dawn i can confidently say I don't have much in the bank either but I don't think my profile is an accurate way of judging it LMFAO
Oh no, anyways
I was so fucking confused what the problem was until the websites came up. Like for a good half the video I was just think, "Yes, this is the information you've put on discord?"
wats that extension , in chrome?
discord itself is dangerous. really. I use it, for some limited servers, but man I hate it, if only there was a good alternative. Sadly it has such good user experience and popularity that everyone uses it meaning one has to make sacrifices if don't want to use it (like youtube, facebook etc.)
hows it dangerous
@@AnEnderNon this shit collects more data than facebook
Matrix is a decent alternative. Sad discord is so mainstream tho, my friends never check it when i message here.
@@sliwka7889 bro did yo uforget your bank has your data not the discord itself?
@@sliwka7889 what specific data, and how does it affect us?
why not make a downloadable program to read these files instead?
My favourite channel rn
Fr he makes pretty helpful videos
i have discord running 24/7 on my second monitor 😭😘 ILY2 again
This discord recover data or whatever does it recover MP4 videos? because i sadly delted 9/10 videos and i want them back.
no it sadly doesn't recover stuff you deleted
why am i seeing this AFTER i requested my data package
fr
@@monoorvI feel you guys
BRO DID ANYTHING BAD HAPPE TO YOU…bc I’m losing my mind rn
@@monoorv did anything bad happen..I’m stressing over here
@@z0mbiebrat622 nah
theres a reason why i always disable "Request data" and all of the other "Discord may use data" shit
If this application works offline I'm assuming it might be built as a PWA. PWAs have the power of queueing requests made while offline and shooting them to their destination when you're back online. If you're *really* paranoid, you should also clear your indexed db, session storage, local storage, and website cookies before going back online. Web workers too.
does just going incognito work? i wen incognito mode and im kinda paranoid
All websites can do that if your browser supports the background sync api. Although I think only chrome supports it at the moment. Neither actually have service workers though, they probably just have everything downloaded when you first load the page.
If you want to be paranoid and aren't just using a private tab for some reason, you should also make sure to clear any background sync requests in the application tab. Maybe while script execution is paused just in case. But there shouldn't be any there if it's safe.
@@coco-uf6wg Yes. That's the easiest way if you want to remove all the data
@@hedgehog125 thankyouu
3:38 it is 100% still possible for the website to send the data once you turn the ethernet back on, caching.
I wonder what IP address it says for me, considering i live in the 21st century and have a dynamic IP address that changes every 24 hours for basic internet safety reasons
Alternatively, you can just go into your files to delete/change compromising information before uploading
That desktop background comes with Linux Manjaro.
This is like a revenge plan
can I have your desktop bg? looks cozy and I was trying to find one like it earlier
requested my data like 2 years ago and they flat out just never sent me mine...
nope I spoofed your email so the data is mine now
my ip changes everytime i turn off and on my modem
wow who'd have thought personal data would be personal data. the only way people can get this info is it you give it to them so if you are super paranoid then just don't and if you are extra paranoid then just dont give your info to discord its self. 2FA can suck it, not giving my mobile number to some chat app with dubious backgrounds.
don't open up the "attachments" tab on discordpackage, it will fill up your ram and possibly crash the entire web browser
Clear the cookies :'D
There is an other method too to store your data. It's a variable called "localStorage", and it persists if you close the page.
That`s one of the many reasons I don`t like to use Discord. People think they "have a Discord Server", actually, they have no shit. I have my own hosted TeamSpeak 3 Dedicated Server running off my OWN PHISICALLY Server with SSL Certificate
Just goes to show that Discord just like every other company doesn't give a shit about ur privacy no matter how many times they claim they do, I'm glad I didn't spend a DIME on nitro tho.
With all due respect, how does this video in particular show it? These sites aren't something discord can control.
whats in the no no folder...
I nearly had a heart attack, but it was relieving to learn androz2091 is safe
Now I want to know what was in the part he cut out of the video… ;-;
Thanks ntts for this video :))
how long does it take for me to get the mail? because my gf cheated
thats why i only use discord to use voice channels and text to ppl and don't mess with shit like this
you can also build a website yourself if its open source then you are 100% sure it will work properly and be safe
It would be worse if someone successfully hacked one of those Discord Pakage websites and leak all the info. Who knows maybe one day someone comes at my door claim to be one of my Discord Friends. That's messed up.
If they don't collect the data then they can't hack shit
one way to be safe is to download the website from the creator and host it on docker
The whole point of those websites is that they never receive anything, all of the processing is done on your computer.
@@Elian504 If someone gets access to the website's server that may no longer be true
@dawn time 0: Person A gets access to the website's server.
time 1: Person B uploads their data on the website
Now A has B's data
For the first 2 seconds of the video NTTS sounds scarily like jim browning...
If people have your token they can also see your payment info (Address).