It should be noted, that if you are really worried about your privacy and do go the internet disabling route: Don't just clear your cookies. Also clear local storage, local database, check for any web workers it might have spawned, etc. Make sure nothing of that site remains behind, then restart the browser.
When you remove the cookies like so: 5:00 it will delete the cache storage, cookies, indexed databases, local storage, service workers and session storage
For extra paranoids: Boot a VM, open a browser, open the website, cut the internet access to the VM, do what you need to do, force shut down VM, delete all traces of the VM on your PC
@@capsey_ it doesn't effect your PC. the only risk is leaking of information, which can only be done when connected to the internet regardless of if you have a VM or not, its just a useless step.
That doesn’t mean it can’t connect to other servers. Hosting it on your computer won’t stop anything if it has manual code in there to purposely log your data.
Also, don't forget there is NO OPTION to request your data to be deleted. You can "delete"/disable your account but nothing gets deleted as far as I can tell. Just your access to the account. The account name will be changed to "deleted user " and the account itself will still exist, the messages it has sent will still exist, and so on. Including DMs. You can't request or tell discord to delete all of this private information they have collected about you. :)
@@thundurr Idk about you..but that doesn't sound like "deleting" lol. I don't want my data in DISCORD'S hands either. Also the account still exists and everyone will just see it as "deleted user " instead.
@@therealOri_ It's not Discord's fault, Discord themselves will not be able to tell who's data it is after 45 days, but they HAVE to keep certain data like payment information to comply with legal obligations, tax and accounting reasons, but they will eventually be permanently deleted as well. Discord will then permanently delete your email address and phone number after about 180 days for fraud and trust related reasons. Then finally your service requests and support ticktes will be permanently deleted after 5 years for legal reasons, in case you try to sue Discord, they need it as defence. However, they will never delete message history and publicly shared info, just so other users can still view it and you can also write to them if you really want it gone.
Note that there are victims of child online exploitation who are unable to remove this compromising information because they deleted their accounts; they're still dealing with stalkers et al years later. I'm pretty sure Discord is in violation of US federal law by keeping this data after the account is terminated. No idea why they haven't been held accountable.
At first I was a little frightened, because I have used Discord Data Package websites recently (approximately a month ago), so I thought I just gave away my information (like my payment information, since I have those connected). But I am rest assured because I used the first website mentioned in the video; also worth noting the website is open source as well, and it didn't look like anything it could send information via a webhook or anything. I didn't disable my Internet in the process, so hopefully that didn't do anything particularly harmful.
It also should be noted that to do the ethernet disabling thing effectively you also need to go to your browser settings and disable "Run in background". Because websites take advantage of the packages sent by a browser. You can send some data to a website and it will be pending until you have internet. Closing before turning the internet on just keeps the package in the "running in background" and continue to send it after you do have internet. Another thing that should be noted is browser storage (and I do not mean cookies. There are cookies, indexedDB and even localStorage [less used because the user can see it very easily]). Servers can save something locally in your browser which doesn't require internet and when internet comes despite how late you may come back to the website (unless your browser clears data) you will still send the data. So make sure to never visit that website with internet even as a 2 second lookup.
The sites you just mentioned in the video are open source, which means you can download the source code and host it locally on your PC. Which is pretty neat IMO
"it is open source" means your data is (mostly) not sent to any alternative server in any form. people would not want their data to be sent, because they value freedom in their software. there are some cases that is not true, either the author is malicious or that repository was attacked due to a dependency vulnerability
@@itzcalocalo5749 yes, you are right about that one regardless of what i said above though. you can't easily trust a random developer you've never even heard of before, can you? it all depends on your choice, and that is the point of this whole open source projects. you get to only believe what you believe in. that is also an important freedom in software imo
I think going to secret mode and turning off wifi would give you better privacy with less effort. In addition to cookies being deleted after closing the window, secret window also prevents the browser from storing stuff into web storage and IndexedDB.
That would also prevent the website from using background sync to send the data after it's been closed. Although it's worth noting that the data can still be stored in a private session, just that it'll be removed afterwards
It's also worth noting that if you do want to be extra safe but still see this info from these sites you can go in a manually delete any sensitive data from your discord data package
Disconnecting the from the internet when using such websites is completely NOT going to keep your data safe... If the website is using local storage then it can easily store 50MB of your most important information and send it the next time it's loaded again. You have to clear all the data related to that website, and even then you're not 100% safe...
@@AnEnderNon Cookies are a few kB of data. Modern browsers have complete embedded databases that can store up to 50MB per site... And judging from what you just said I can easilly guess you haven't got much experience with web development...
@@AnEnderNon open devtools (f12, ctrl+shift+i, right click>inspect), click on the double arrow at the top, open "application", and somewhere near the top there should be a category labelled "local storage". open it, and then right click on the website you want and select delete. same with session storage. you can also click on it to see if it's storing your data, in a very long string of ascii characters or otherwise i have no idea if that's how you're supposed to clear it, but i'm a web developer
I noticed the second one was open source, and a person replied the first one was also open source. If you are confident enough, you can a build a version of the site locally. You could also look for some sketchy stuff inside the code. Still remember to run it with wifi disconnected, because people can add a simple POST request to a server with all of your data. remember to be safe when using these sort of websites in general.
Also in all the messages you ever sent, it shows your attachments with the post. Those attachments links can be opened by anyone, anywhere. Just FYI in case you use Discord for naughty naughty things
They get your IP because the entire internet has your personal info. Your IP, etc, and maybe your real name and stuff if it gets them from the ISP. So it's not scary to me. It's how the Internet works.
@@ITSTHEANGELGUY uh well swat dont operate here so HAH 💀💀💀💀😵😵😔☺️🤕☺️☺️🤕☺️☺️☺️😎☺️😎☺️😎😎😎😎😎😊😎😊😎😎😎😊😎😎😎😂😂😭🤣😂😂🤣🤣❤️❤️❤️😎❤️😎❤️💋💋💋🍓🍓🍓🤕💀💀💀😉😉😉😉😉😉😉😉😉😉😉😎😉😎😉😎😎😉😉😎😉😎😉📊😁😁😁📊📊📊📊😁
That's not what the video says. It warns you to be careful with sharing the package because then *other people* will have your IP address, not just Discord themselves.
@@ginge3845 Nordin said “he can’t be 100% sure it’s safe” with dawn replying “it’s OPEN SOURCE” you come out here saying that just because it’s open source doesn’t mean it’s safe, you are clearly misunderstanding this, he can 100% sure it’s safe because he can view the source code. do your research before talking
@@ginge3845 Lol I'm pretty sure several people checked the source code, especially when dealing with a website that has the POTENTIAL to steal your data
The comments section is literally a cespol of 8 year olds, script kiddies and outright ignorant people saying the most stupid things posible, besting eachother in stupidity with every new entry.
people can probably use this to scam younger discord users. this reminds me of the har file scam on roblox, where you download data that literally says your .roblosecurity code (which is a code that reminds roblox of which user is currently logged into and using the website on this pc, meaning that when somebody gets a hold of this code, roblox will think they are logged into the website with that account on that pc) , and the scammer says its something they need to either make a 3d render of your avatar or whatever else they can think of. and if people were to use this that way, well then thats a life quickly ruined from some innocent discord user.
IP addresses aren't that bad. Anyone can basically get that on any peer to peer service. And they can maybe ddos you once, but 99% of modern routers have dynamic IP. Just turn it off for a few mins and the IP changes.
That doesn't usually change your external ip address which is what's being stored, dynamic IP usually just changes the internal IP address which is only used by devices on your network and isn't seen by websites.
ISPs won't give you a static IP (or even a public IP, most of the time you will be behind CGNAT, depends on your ISP), it will change every x days, but you can force the change by restarting the router. I wouldn't worry about my IP being leaked, the IP location is approximate (or sometimes it's not the city you live in). What's the worst thing that could happen? DDoS? Restart your router.
discord itself is dangerous. really. I use it, for some limited servers, but man I hate it, if only there was a good alternative. Sadly it has such good user experience and popularity that everyone uses it meaning one has to make sacrifices if don't want to use it (like youtube, facebook etc.)
Bro, these types of videos make me remember how stupid people are with their very personal information. Ignoring the fact that these packages could unearth years of dirt on you.
@dawn "your social life is probably worth nothing and a new identity is easy to make" me when my credit card information gets leaked with my home address and full name with 50 armed men appearing at my doorstep with explosives and munitions: 😃
Turning off your internet connection will not guarantee information isn't being sent anywhere. It could be saved temporarily and sent to third parties once you reconnect your PC
I was so fucking confused what the problem was until the websites came up. Like for a good half the video I was just think, "Yes, this is the information you've put on discord?"
Websites can upload your data even if your ethernet is disabled. Data can be cached in the local store or index db and uploaded later when the website is visited again.
you are the only one who say "Anyways i love you_kiss" you are really the only one who i know who does that and i (and also everyone i think lul) love its heartwarming keep doing good stuff ur a very good ytber ❤
You could also make a virtual machine, from which you then remove internet and later when you're done just nuke the entire machine so there's 0 chance of data leak.
Everyone saying DDPE is open source and can be locally hosted: I had tested this out when I came across the website, and that won't work to keep your info private. The website uses its api to lookup usernames and pfps from account ids, but the apt is just a proxy to a discord bot. The api in question is also open source, but you'll have to make your own bot. (This might be out of date, last time I looked was at least 4 months ago)
If this application works offline I'm assuming it might be built as a PWA. PWAs have the power of queueing requests made while offline and shooting them to their destination when you're back online. If you're *really* paranoid, you should also clear your indexed db, session storage, local storage, and website cookies before going back online. Web workers too.
All websites can do that if your browser supports the background sync api. Although I think only chrome supports it at the moment. Neither actually have service workers though, they probably just have everything downloaded when you first load the page. If you want to be paranoid and aren't just using a private tab for some reason, you should also make sure to clear any background sync requests in the application tab. Maybe while script execution is paused just in case. But there shouldn't be any there if it's safe.
Have an alt account that you don't use and nobody knows and use it to just buy nitro and gift it to your main With no interactions with any server or messages is much more unlikely to get your data stolen
nitro gifts in some countrys are more expensive than normal buying for example me i live in poland normal nitro costs 5$ but gift costs 10$ so its not worth it
@@erikkonstas nope, he's right. discord added regional pricing like months ago, from 10usd it became 4usd for my country, but gifting still costs 10usd.
@@neksiaak i think that’s to prevent abuse since or else people from Poland would just start selling nitro gifts for cheaper because it’s cheaper for them to buy it
The real question is why need a browser when you can have an open source application in code only, run the application from your IDE and and do everything locally without even needing the browser. The application should be coded to write any data or setting files in a folder you specify with the proper permissions.
It would be worse if someone successfully hacked one of those Discord Pakage websites and leak all the info. Who knows maybe one day someone comes at my door claim to be one of my Discord Friends. That's messed up.
I'm kinda curious to see the network requests on those sites. You can see all of them in the developer tools, and even if your internet is off, they'll still appear there as failed requests.
just to say, i once decided to check my settings if i wanted to change anything and i saw the request my data thing, i didnt think much of it and i didnt think it was dangerous or anything but i left it since i thought "im fine for now, i'll prob do it later in the future or smth" but glad i saw this vid!
How do you get your tabs so neat and compact @ 1:23 , my internet explorer looks like a mess literally every single folder I have ever created just displays under "This PC"
That might be the folder history setting. You can turn off File Explorer displaying recently used folders by selecting the three dots in the top right, selecting options, and then at the bottom of the General tab, disabling "Show frequently used folders" if you're using Windows 11; then it'll only show pinned folders on the left. Sorry if you're using Windows 10 though, I forgot if it's different on there.
@@MetalAlec I appreciate the comment, I use windows 10 but it motivated me to try to find a fix knowing it was specifically called folder history.. I went into View -> Options -> Folder options and turned off the thing at the bottom under navigation pane that said "All Folders", thank god I can actually see things more compactly now
People bein to paranoid, no shit the privacy package is going to contain your IP and Payment info, thats the whole point when they send you EVERYTHING THEY KNOW ABOUT YOU
Just goes to show that Discord just like every other company doesn't give a shit about ur privacy no matter how many times they claim they do, I'm glad I didn't spend a DIME on nitro tho.
If these websites can only make your data human readable, what's the point in using it? You have options such as building a local one and hosting it safely, or getting it from someone who made an open source one.
That`s one of the many reasons I don`t like to use Discord. People think they "have a Discord Server", actually, they have no shit. I have my own hosted TeamSpeak 3 Dedicated Server running off my OWN PHISICALLY Server with SSL Certificate
Noooo they need to fix this asap. Do you have any idea how easy Discord is to hack without 2FA? You can steal someone's Discord account with a damn QR code or an image. Discord is a dangerous program.
@@NnLd and YOU think that a file with your DISCORD DATA is the biggest issue with someone having physical access to your computer? not EVERYTHING ELSE which will have that sensitive data and more?
wow who'd have thought personal data would be personal data. the only way people can get this info is it you give it to them so if you are super paranoid then just don't and if you are extra paranoid then just dont give your info to discord its self. 2FA can suck it, not giving my mobile number to some chat app with dubious backgrounds.
As an amateur enthusiast interested in security, this video is still gives horribly bad advice from my point of view. One should NEVER use the data export feature UNLESS they have actual privacy/legal concerns, want to REQUEST FULL DELETION, or can ONLY restore some of their data in this way. Why? Please let me explain. Imagine the worst-case scenario: an attacker got hold of the package file. This is NOT just about your own safety. What if your friend sent you some sensitive information and that piece of data got included in the package? Not to mention other than getting your financial credentials stolen, attackers can also build a detailed profile of your behavior to launch further attacks against you, your family, your friends, or anyone who shares some level of connection with you. If an attacker has your phone number and somehow knows that you work for a decently sized company, they may be able to perform precise spear attacks against your workspace, using YOU as the entry point to gain the initial access. If you are prone to the temptation of sharing everything in your life online, I bet you cannot even withstand the most primitive, outdated form of social engineering snipes. (In other words, if an air rifle pellet goes right through your vest, how do you convince me that it's capable of stopping a 5.56 FMJ rifle round?) Therefore, do NOT upload ANYTHING like these onto ANY third-party websites or share it with ANYONE. Items marked as "optional" in this video are NOT optional at all. You should NOT even do whatever leads to you having to decide whether you should perform the "optional" tasks or not. Why? At a certain point, the website may seem benign, but it's ALWAYS subject to changes you have absolutely NO control of. There are plenty of instances in which previously innocent apps became malicious and started causing all sorts of crazy mayhem to profit from their well-built user base. Not to mention this kind of service would probably be a major target for attackers to aim at. What if I, as an attacker, can just compromise the web server and inject malicious JavaScript snippets that send everything to my collection? Furthermore, having almost all your sensitive data packed up in a zip file lingering around your user directory is still a really REALLY bad idea. An attacker with access to your local account can just grab it and run. Token grabbers disguised as games are bad enough, and having a gold mine using a constant filename "package.zip" under your download directory is just making attackers' lives easier. Even if it's not under a fixed path, a fast scan through all zip files can still reveal the package contents due to its distinct signature structure. Why would it still matter if an attacker had compromised your devices? After all, they can just use the token to get everything, isn't it? For financial credentials, well, yeah; but for full chat logs? Not so much. Maybe they could still use the token to crawl through everything you have, however, doing so would likely trigger the alarms from either Discord or Cloudflare. Discord is now infested with grab-and-run malware written in Python or Node.js, with both of the variants having extremely low detection rates due to the nature of how Python and JavaScript codes are stored. Anyway, if you really REALLY want to get some clicks out of your Discord analytics, write a Python script to parse the zip file yourself. And after you finished computing the statistics, delete all the copies of the data package you have made. You get clicks on your social (probably) and also learned how to code in Python. It's a much better deal!
2:22 theres more to that by the way, people usually upload to the hosted website, and well.... that guy that hosts that and made that thing is really not a trustworthy person, he is a shady person i would say, so i wouldnt even be surprised if he stores all packages ever uploaded there, I HAVE NO IDEA ON WHY YOU EVEN SAID ITS TRUSTWORTHY, IT IS NOT!! hopefully people start being smart and stop uploading their data to a sketchy projects made by shady people, and rather use a trustworthy alternative and selfhost it just in case anyone that had any longer encounter or sort of a "friendship" with that guy who made the project mentioned in the video probably knows what im talking about :)
Discord also violates the GDPR law "right to be forgotten" When you "delete" your account, they just change your name to deleted account#???. They keep all of your data. If any of you know how to get discord to delete your data, please tell me.
Discord is a company based in the us, so unfortunately they have no requirement or obligation to delete the data they have collected about you. You could try emailing them to remove it, however only if they're feeling generous, and it's likely they will not allow you to continue using their services once it is gone, since they need that data for discord to function on the user end.
It should be noted, that if you are really worried about your privacy and do go the internet disabling route: Don't just clear your cookies. Also clear local storage, local database, check for any web workers it might have spawned, etc. Make sure nothing of that site remains behind, then restart the browser.
When you remove the cookies like so: 5:00 it will delete the cache storage, cookies, indexed databases, local storage, service workers and session storage
I love the 5x paranoia that paranoid people will get from this.
For extra paranoids: Boot a VM, open a browser, open the website, cut the internet access to the VM, do what you need to do, force shut down VM, delete all traces of the VM on your PC
@@capsey_ it doesn't effect your PC. the only risk is leaking of information, which can only be done when connected to the internet regardless of if you have a VM or not, its just a useless step.
Chrome allows you to see external network requests and stored cookies, don't be so paranoid :D
The sites are also open source which gives you the ability to use docker to host the website on your own computer
i was searching for this
everything on this website works locally on your machine
ok
That doesn’t mean it can’t connect to other servers. Hosting it on your computer won’t stop anything if it has manual code in there to purposely log your data.
@@dareallando still if ur a developer u could scan the code and remove sus stuff
Also, don't forget there is NO OPTION to request your data to be deleted. You can "delete"/disable your account but nothing gets deleted as far as I can tell. Just your access to the account. The account name will be changed to "deleted user " and the account itself will still exist, the messages it has sent will still exist, and so on. Including DMs.
You can't request or tell discord to delete all of this private information they have collected about you. :)
then i will sue them bc thats an option
Nope, after 45 days after account deletion your data will be anonymised and Discord and will be basically untraceable back to you.
@@thundurr
Idk about you..but that doesn't sound like "deleting" lol.
I don't want my data in DISCORD'S hands either.
Also the account still exists and everyone will just see it as "deleted user " instead.
@@therealOri_ It's not Discord's fault,
Discord themselves will not be able to tell who's data it is after 45 days, but they HAVE to keep certain data like payment information to comply with legal obligations, tax and accounting reasons, but they will eventually be permanently deleted as well.
Discord will then permanently delete your email address and phone number after about 180 days for fraud and trust related reasons.
Then finally your service requests and support ticktes will be permanently deleted after 5 years for legal reasons, in case you try to sue Discord, they need it as defence.
However, they will never delete message history and publicly shared info, just so other users can still view it and you can also write to them if you really want it gone.
@@therealOri_ things the account has said and files that have been sent stick around, the rest, payment information, tag and such are deleted
Note that there are victims of child online exploitation who are unable to remove this compromising information because they deleted their accounts; they're still dealing with stalkers et al years later.
I'm pretty sure Discord is in violation of US federal law by keeping this data after the account is terminated. No idea why they haven't been held accountable.
Majority is chinese owned, and your data is being sent right to them.
@@epiclyepic_7655 the china is stealing our data no
If the data is disassociated with the individual then the individual is not legally considered to have any relation to it.
seriously underated channel, love the content.
bro spelled dox with 2 x's, chill out.
@@-4023- huh? what does that have to do with my comment?
how is he underrated he has 139k subs
@@_speedyhops8058 I just personally feel that more people should watch him 🤷
It's not, he spreads false information all the time like with his most recent video
At first I was a little frightened, because I have used Discord Data Package websites recently (approximately a month ago), so I thought I just gave away my information (like my payment information, since I have those connected). But I am rest assured because I used the first website mentioned in the video; also worth noting the website is open source as well, and it didn't look like anything it could send information via a webhook or anything. I didn't disable my Internet in the process, so hopefully that didn't do anything particularly harmful.
5months later, still all good? if so i feel save enough to use the site aswel.
It also should be noted that to do the ethernet disabling thing effectively you also need to go to your browser settings and disable "Run in background". Because websites take advantage of the packages sent by a browser. You can send some data to a website and it will be pending until you have internet. Closing before turning the internet on just keeps the package in the "running in background" and continue to send it after you do have internet.
Another thing that should be noted is browser storage (and I do not mean cookies. There are cookies, indexedDB and even localStorage [less used because the user can see it very easily]). Servers can save something locally in your browser which doesn't require internet and when internet comes despite how late you may come back to the website (unless your browser clears data) you will still send the data. So make sure to never visit that website with internet even as a 2 second lookup.
The sites you just mentioned in the video are open source, which means you can download the source code and host it locally on your PC. Which is pretty neat IMO
hosting it in my oc is worse than giving them my msgs💀
"it is open source" means your data is (mostly) not sent to any alternative server in any form. people would not want their data to be sent, because they value freedom in their software.
there are some cases that is not true, either the author is malicious or that repository was attacked due to a dependency vulnerability
@@itzcalocalo5749 yes, you are right about that one regardless of what i said above though. you can't easily trust a random developer you've never even heard of before, can you? it all depends on your choice, and that is the point of this whole open source projects. you get to only believe what you believe in. that is also an important freedom in software imo
I think going to secret mode and turning off wifi would give you better privacy with less effort. In addition to cookies being deleted after closing the window, secret window also prevents the browser from storing stuff into web storage and IndexedDB.
That would also prevent the website from using background sync to send the data after it's been closed. Although it's worth noting that the data can still be stored in a private session, just that it'll be removed afterwards
Se
Bold of you to assume none of us care about your discord data
🚗🚙🚗
i personally mustang
i literally bentley
ford f 150 (the joke is that the original comment said "-none of us car about your-")
Didn’t realise auto correct changed my words 😅
Hey No text to speech! Thanks for making such awesome content.
Hope everyone here is having a super day and wishing everyone well!
I have your credit card information and geographical location. Thanks discord!
@@BonziBUDDY who are you ?
@@BonziBUDDY bro why still people information 😭
It's also worth noting that if you do want to be extra safe but still see this info from these sites you can go in a manually delete any sensitive data from your discord data package
No it's not gonna do anything
The data will remain but they'll just send u the data they have gotten from ur acc
Disconnecting the from the internet when using such websites is completely NOT going to keep your data safe...
If the website is using local storage then it can easily store 50MB of your most important information and send it the next time it's loaded again.
You have to clear all the data related to that website, and even then you're not 100% safe...
yea thats literally what he showed, u clearing the cookies
@@AnEnderNon Cookies aren't always the entirety of site data. There can also sometimes be network packets stored on your device for later transfer.
@@AnEnderNon Cookies are a few kB of data. Modern browsers have complete embedded databases that can store up to 50MB per site... And judging from what you just said I can easilly guess you haven't got much experience with web development...
@@shapelessed yea ur right, how do i clear this other storage
@@AnEnderNon open devtools (f12, ctrl+shift+i, right click>inspect), click on the double arrow at the top, open "application", and somewhere near the top there should be a category labelled "local storage". open it, and then right click on the website you want and select delete. same with session storage. you can also click on it to see if it's storing your data, in a very long string of ascii characters or otherwise
i have no idea if that's how you're supposed to clear it, but i'm a web developer
I noticed the second one was open source, and a person replied the first one was also open source. If you are confident enough, you can a build a version of the site locally. You could also look for some sketchy stuff inside the code. Still remember to run it with wifi disconnected, because people can add a simple POST request to a server with all of your data.
remember to be safe when using these sort of websites in general.
both of them are open source
average github chad
but you could also flood that server with garbage data if it's unsecured in that fashion.
how about Man-in-Middle attack?
@@Vysair youd need to have someone on your netwirk for that, doubt it
You are probably the most wholesome YT channel
gay
@@prizma45 Okay
"is there any risk to giving away your data?" . . . YES!
Who could have guess that 100% transparency on our recorded information, which can be sent to us at the click of a button, would lead to this!
ita required by law, they dont do it by "themself" because they "love" you" or by "transparency" reasons, its jsut marketing, they MUST provide this
Also in all the messages you ever sent, it shows your attachments with the post. Those attachments links can be opened by anyone, anywhere. Just FYI in case you use Discord for naughty naughty things
They get your IP because the entire internet has your personal info. Your IP, etc, and maybe your real name and stuff if it gets them from the ISP. So it's not scary to me.
It's how the Internet works.
@dawn swatting exists..
wait until you learn what all information is actually public record ;)
@@ITSTHEANGELGUY uh well swat dont operate here so HAH 💀💀💀💀😵😵😔☺️🤕☺️☺️🤕☺️☺️☺️😎☺️😎☺️😎😎😎😎😎😊😎😊😎😎😎😊😎😎😎😂😂😭🤣😂😂🤣🤣❤️❤️❤️😎❤️😎❤️💋💋💋🍓🍓🍓🤕💀💀💀😉😉😉😉😉😉😉😉😉😉😉😎😉😎😉😎😎😉😉😎😉😎😉📊😁😁😁📊📊📊📊😁
That's not what the video says. It warns you to be careful with sharing the package because then *other people* will have your IP address, not just Discord themselves.
@@erikkonstas Every single website you visit knows what your IP is
i got a heart attack from the title until you said ddpe androz was safe
open source does not mean 100% sure it's safe, do your research before talking
@@ginge3845 Nordin said “he can’t be 100% sure it’s safe” with dawn replying “it’s OPEN SOURCE” you come out here saying that just because it’s open source doesn’t mean it’s safe, you are clearly misunderstanding this, he can 100% sure it’s safe because he can view the source code. do your research before talking
@@user-fv2bn2jf4f because clearly you will be able to view every risk by looking at the source code once
@@ginge3845 Lol I'm pretty sure several people checked the source code, especially when dealing with a website that has the POTENTIAL to steal your data
@dawn bro the source on github can be the same as the website, or it has the "virus" removed in the "source"
I love the content and jokes, keep it up!
i like how i just subbed, and a few mins later u upload
Most people use Dynamic IP addresses or CG-NAT anyway. A simple router reboot will fix most peoples ddos issues.
So you want to be DDoS-ed?
Thankfully, cgnat isn't too common. Yeah dynamic ips are.
Ayy finally early dude! Keep up the good work ❤️
omg… thank you I was close to putting my data onto a website to see how much messages I’ve ever sent and stuff but I was hesitant, now I know 😭
The comments section is literally a cespol of 8 year olds, script kiddies and outright ignorant people saying the most stupid things posible, besting eachother in stupidity with every new entry.
people can probably use this to scam younger discord users.
this reminds me of the har file scam on roblox, where you download data that literally says your .roblosecurity code (which is a code that reminds roblox of which user is currently logged into and using the website on this pc, meaning that when somebody gets a hold of this code, roblox will think they are logged into the website with that account on that pc) , and the scammer says its something they need to either make a 3d render of your avatar or whatever else they can think of.
and if people were to use this that way, well then thats a life quickly ruined from some innocent discord user.
IP addresses aren't that bad. Anyone can basically get that on any peer to peer service. And they can maybe ddos you once, but 99% of modern routers have dynamic IP. Just turn it off for a few mins and the IP changes.
address though
That doesn't usually change your external ip address which is what's being stored, dynamic IP usually just changes the internal IP address which is only used by devices on your network and isn't seen by websites.
@@ArtixBTW most of the time, it does. At least in the UK, I don't know many people who have ever even been DDosed
It depends on the ISP. I am behind CGNAT so a "dynamic IP" is the only option for me
ISPs won't give you a static IP (or even a public IP, most of the time you will be behind CGNAT, depends on your ISP), it will change every x days, but you can force the change by restarting the router. I wouldn't worry about my IP being leaked, the IP location is approximate (or sometimes it's not the city you live in). What's the worst thing that could happen? DDoS? Restart your router.
discord itself is dangerous. really. I use it, for some limited servers, but man I hate it, if only there was a good alternative. Sadly it has such good user experience and popularity that everyone uses it meaning one has to make sacrifices if don't want to use it (like youtube, facebook etc.)
hows it dangerous
@@AnEnderNon this shit collects more data than facebook
Matrix is a decent alternative. Sad discord is so mainstream tho, my friends never check it when i message here.
@@sliwka7889 bro did yo uforget your bank has your data not the discord itself?
@@sliwka7889 what specific data, and how does it affect us?
Bro, these types of videos make me remember how stupid people are with their very personal information. Ignoring the fact that these packages could unearth years of dirt on you.
@dawn I forgor it's discord💀
Its just messages lmao not that deep you aren’t sending your social security number on discord if you are then that’s your fault
@dawn "your social life is probably worth nothing and a new identity is easy to make"
me when my credit card information gets leaked with my home address and full name with 50 armed men appearing at my doorstep with explosives and munitions:
😃
@dawn i can confidently say I don't have much in the bank either but I don't think my profile is an accurate way of judging it LMFAO
Oh no, anyways
Uh Oh…
It would be really bad if all your data got the wrong hands, especially if you use discord a lot
My favourite channel rn
Fr he makes pretty helpful videos
Now I know every channel you sent a message in! thanks:)
i love your new memey video style
Turning off your internet connection will not guarantee information isn't being sent anywhere. It could be saved temporarily and sent to third parties once you reconnect your PC
I was so fucking confused what the problem was until the websites came up. Like for a good half the video I was just think, "Yes, this is the information you've put on discord?"
4:36 i chuckled. Best way to censor your data with humor.
The Love you's and kisses, omg I love this channel, subbed immediately
Websites can upload your data even if your ethernet is disabled.
Data can be cached in the local store or index db and uploaded later when the website is visited again.
you are the only one who say "Anyways i love you_kiss" you are really the only one who i know who does that and i (and also everyone i think lul) love its heartwarming keep doing good stuff ur a very good ytber ❤
You could also make a virtual machine, from which you then remove internet and later when you're done just nuke the entire machine so there's 0 chance of data leak.
this is hilarious because you would be making and nuking a vm all for the purpose of not increasing your security by any amount at all
@@SafetyKitten well you would let the page load on vm, and then just remove the network adapter so there's no way any data can leave the vm
No wonder I'm here from last year. Nice video kekw
Everyone saying DDPE is open source and can be locally hosted:
I had tested this out when I came across the website, and that won't work to keep your info private. The website uses its api to lookup usernames and pfps from account ids, but the apt is just a proxy to a discord bot. The api in question is also open source, but you'll have to make your own bot.
(This might be out of date, last time I looked was at least 4 months ago)
If this application works offline I'm assuming it might be built as a PWA. PWAs have the power of queueing requests made while offline and shooting them to their destination when you're back online. If you're *really* paranoid, you should also clear your indexed db, session storage, local storage, and website cookies before going back online. Web workers too.
does just going incognito work? i wen incognito mode and im kinda paranoid
All websites can do that if your browser supports the background sync api. Although I think only chrome supports it at the moment. Neither actually have service workers though, they probably just have everything downloaded when you first load the page.
If you want to be paranoid and aren't just using a private tab for some reason, you should also make sure to clear any background sync requests in the application tab. Maybe while script execution is paused just in case. But there shouldn't be any there if it's safe.
@@cocomolk Yes. That's the easiest way if you want to remove all the data
@@hedgehog125 thankyouu
how do you clear all of that
Have an alt account that you don't use and nobody knows and use it to just buy nitro and gift it to your main
With no interactions with any server or messages is much more unlikely to get your data stolen
nitro gifts in some countrys are more expensive than normal buying for example me
i live in poland normal nitro costs 5$ but gift costs 10$ so its not worth it
@@neksiaak Are you sure you're not confusing 2 different Nitro plans?
@@erikkonstas nope, he's right. discord added regional pricing like months ago, from 10usd it became 4usd for my country, but gifting still costs 10usd.
@@neksiaak i think that’s to prevent abuse since or else people from Poland would just start selling nitro gifts for cheaper because it’s cheaper for them to buy it
The real question is why need a browser when you can have an open source application in code only, run the application from your IDE and and do everything locally without even needing the browser. The application should be coded to write any data or setting files in a folder you specify with the proper permissions.
You can do that.
It would be worse if someone successfully hacked one of those Discord Pakage websites and leak all the info. Who knows maybe one day someone comes at my door claim to be one of my Discord Friends. That's messed up.
If they don't collect the data then they can't hack shit
one way to be safe is to download the website from the creator and host it on docker
The whole point of those websites is that they never receive anything, all of the processing is done on your computer.
@@Elian504 If someone gets access to the website's server that may no longer be true
@dawn time 0: Person A gets access to the website's server.
time 1: Person B uploads their data on the website
Now A has B's data
why am i seeing this AFTER i requested my data package
fr
@@ivantillsdaughterI feel you guys
BRO DID ANYTHING BAD HAPPE TO YOU…bc I’m losing my mind rn
@@ivantillsdaughter did anything bad happen..I’m stressing over here
@@z0mbiebrat622 nah
I like how there’s no text to speech in your videos.
4:25 yaay davinci btw are you using fusion often?
i requested my data only to find dms from specific people i unfriended and dont have the tag for and i cant even find them
i have discord running 24/7 on my second monitor 😭😘 ILY2 again
Love how you showed you cutting out the boring part, please shor your editing self again!
I'm kinda curious to see the network requests on those sites. You can see all of them in the developer tools, and even if your internet is off, they'll still appear there as failed requests.
hello 5b central person
hello bitmoji person
Well look at em yourself, nothing preventing u, there's prolly only image requests tho
thankyou for kiss at end :)
just to say, i once decided to check my settings if i wanted to change anything and i saw the request my data thing, i didnt think much of it and i didnt think it was dangerous or anything but i left it since i thought "im fine for now, i'll prob do it later in the future or smth" but glad i saw this vid!
yes because somebody is going to read through my absolute brain dead dms with people over the past 3 years to find some random dudes address
How do you get your tabs so neat and compact @ 1:23 , my internet explorer looks like a mess literally every single folder I have ever created just displays under "This PC"
That might be the folder history setting. You can turn off File Explorer displaying recently used folders by selecting the three dots in the top right, selecting options, and then at the bottom of the General tab, disabling "Show frequently used folders" if you're using Windows 11; then it'll only show pinned folders on the left. Sorry if you're using Windows 10 though, I forgot if it's different on there.
@@MetalAlec I appreciate the comment, I use windows 10 but it motivated me to try to find a fix knowing it was specifically called folder history.. I went into View -> Options -> Folder options and turned off the thing at the bottom under navigation pane that said "All Folders", thank god I can actually see things more compactly now
That desktop background comes with Linux Manjaro.
I am very glad that I stumbled upon your video
People bein to paranoid, no shit the privacy package is going to contain your IP and Payment info, thats the whole point when they send you EVERYTHING THEY KNOW ABOUT YOU
don't open up the "attachments" tab on discordpackage, it will fill up your ram and possibly crash the entire web browser
yoo another da vinci resolve enjoyer
Just goes to show that Discord just like every other company doesn't give a shit about ur privacy no matter how many times they claim they do, I'm glad I didn't spend a DIME on nitro tho.
With all due respect, how does this video in particular show it? These sites aren't something discord can control.
If these websites can only make your data human readable, what's the point in using it? You have options such as building a local one and hosting it safely, or getting it from someone who made an open source one.
DiscordPackage is on github. So you can should be able to look through the code.
1:29 Me personally, I wouldn't take that disrespect.
It's a Polish guy! 0:12
That`s one of the many reasons I don`t like to use Discord. People think they "have a Discord Server", actually, they have no shit. I have my own hosted TeamSpeak 3 Dedicated Server running off my OWN PHISICALLY Server with SSL Certificate
Noooo they need to fix this asap. Do you have any idea how easy Discord is to hack without 2FA? You can steal someone's Discord account with a damn QR code or an image. Discord is a dangerous program.
Remember to delete the data package off your hard drive once your done looking at it, as anyone with access to your computer could look through it!
if someone has access to your computer i think they already have everything anyway...
@@fog- literally exactly lol
if someone has a backdoor into your pc, its really just as simple as looking at your browser information
@@blzrL i mean, someone could have a physical access to your computer so no
And you should use file recovery software to delete it permanently (if it works this way idk tbf)
@@NnLd and YOU think that a file with your DISCORD DATA is the biggest issue with someone having physical access to your computer? not EVERYTHING ELSE which will have that sensitive data and more?
Thanks for this valuable info that I will most certainly not to steal people info
The color of the mirror is green.
Or just remove the sensitive information from the json?
if you are paranoid about your data, just delete system32 and uninstall windows after viewing your data package.
Thanks to the new staff team they could care less about security
wow who'd have thought personal data would be personal data. the only way people can get this info is it you give it to them so if you are super paranoid then just don't and if you are extra paranoid then just dont give your info to discord its self. 2FA can suck it, not giving my mobile number to some chat app with dubious backgrounds.
There Is Life Outside Your Apartment
Your discord data package is private. It's only dangerous if you share it. The package itself isn't innately dangerous
5:18 nah i don't believe you there is no world outside
why isn't there an offline application for reading the data like this?
Now I want to know what was in the part he cut out of the video… ;-;
Clear the cookies :'D
There is an other method too to store your data. It's a variable called "localStorage", and it persists if you close the page.
I used it few days ago and I was scared by the thumbnail of this video
Discord saves your data 💀
@@Zappy-ray777 I know it saves my data, I was scared of the text on the thumbnail
@AdamDappy69 Used it few times and nothing happened
for once my package is dangerous, so let it be please
Someone rats your computer with a file, Changes your Email, Requests data to their email, Your online life: 🚮
If someone rats your PC there are a lot more efficient ways to get your information without going through your discord data package.
@@NoTextToSpeech running a "rat" file its self is grabbing the information as maybe your trying to imply, yes. most basic knowledge 😊
This is like a revenge plan
if you are privacy person you don't use discord
hey man just wondering do u use the free version of davinci relsolve
If you go to inspect element then click network, you'll be able to see all the requests.
if your really scared of it dont download the discord package at all. also don't download the discord package over wifi that is not your own.
As an amateur enthusiast interested in security, this video is still gives horribly bad advice from my point of view. One should NEVER use the data export feature UNLESS they have actual privacy/legal concerns, want to REQUEST FULL DELETION, or can ONLY restore some of their data in this way. Why? Please let me explain.
Imagine the worst-case scenario: an attacker got hold of the package file. This is NOT just about your own safety. What if your friend sent you some sensitive information and that piece of data got included in the package? Not to mention other than getting your financial credentials stolen, attackers can also build a detailed profile of your behavior to launch further attacks against you, your family, your friends, or anyone who shares some level of connection with you. If an attacker has your phone number and somehow knows that you work for a decently sized company, they may be able to perform precise spear attacks against your workspace, using YOU as the entry point to gain the initial access. If you are prone to the temptation of sharing everything in your life online, I bet you cannot even withstand the most primitive, outdated form of social engineering snipes. (In other words, if an air rifle pellet goes right through your vest, how do you convince me that it's capable of stopping a 5.56 FMJ rifle round?)
Therefore, do NOT upload ANYTHING like these onto ANY third-party websites or share it with ANYONE. Items marked as "optional" in this video are NOT optional at all. You should NOT even do whatever leads to you having to decide whether you should perform the "optional" tasks or not. Why? At a certain point, the website may seem benign, but it's ALWAYS subject to changes you have absolutely NO control of. There are plenty of instances in which previously innocent apps became malicious and started causing all sorts of crazy mayhem to profit from their well-built user base. Not to mention this kind of service would probably be a major target for attackers to aim at. What if I, as an attacker, can just compromise the web server and inject malicious JavaScript snippets that send everything to my collection?
Furthermore, having almost all your sensitive data packed up in a zip file lingering around your user directory is still a really REALLY bad idea. An attacker with access to your local account can just grab it and run. Token grabbers disguised as games are bad enough, and having a gold mine using a constant filename "package.zip" under your download directory is just making attackers' lives easier. Even if it's not under a fixed path, a fast scan through all zip files can still reveal the package contents due to its distinct signature structure.
Why would it still matter if an attacker had compromised your devices? After all, they can just use the token to get everything, isn't it? For financial credentials, well, yeah; but for full chat logs? Not so much. Maybe they could still use the token to crawl through everything you have, however, doing so would likely trigger the alarms from either Discord or Cloudflare. Discord is now infested with grab-and-run malware written in Python or Node.js, with both of the variants having extremely low detection rates due to the nature of how Python and JavaScript codes are stored.
Anyway, if you really REALLY want to get some clicks out of your Discord analytics, write a Python script to parse the zip file yourself. And after you finished computing the statistics, delete all the copies of the data package you have made. You get clicks on your social (probably) and also learned how to code in Python. It's a much better deal!
I nearly had a heart attack, but it was relieving to learn androz2091 is safe
Pls talk about why discord can't recover your account if suddenly you lost your 2fa or the buck up codes
theres a reason why i always disable "Request data" and all of the other "Discord may use data" shit
whats the no no folder for? hm
I'm surprised that people think discord is safe.
Alternatively, you can just go into your files to delete/change compromising information before uploading
2:22 theres more to that by the way, people usually upload to the hosted website, and well.... that guy that hosts that and made that thing is really not a trustworthy person, he is a shady person i would say, so i wouldnt even be surprised if he stores all packages ever uploaded there, I HAVE NO IDEA ON WHY YOU EVEN SAID ITS TRUSTWORTHY, IT IS NOT!!
hopefully people start being smart and stop uploading their data to a sketchy projects made by shady people, and rather use a trustworthy alternative and selfhost it just in case
anyone that had any longer encounter or sort of a "friendship" with that guy who made the project mentioned in the video probably knows what im talking about :)
Discord also violates the GDPR law "right to be forgotten"
When you "delete" your account, they just change your name to deleted account#???.
They keep all of your data.
If any of you know how to get discord to delete your data, please tell me.
Discord is a company based in the us, so unfortunately they have no requirement or obligation to delete the data they have collected about you. You could try emailing them to remove it, however only if they're feeling generous, and it's likely they will not allow you to continue using their services once it is gone, since they need that data for discord to function on the user end.
@@midnightMoonlight09 they do have the obligation if they operate in the EU, which they do.
Send them an email - account deletion doesn't in itself require complete erasure, but an email specifying a GDPR data removal request does.
...I guess it's a good thing I never knew about that feature. Then again, it's not like I would've cared about that feature anyways.