Remember you can trust Discord with your driver’s license for verification, I’m sure they won’t accidentally store them in a plain text open API call or anything.
Remember you can trust Discord with your driver’s license for verification, I’m sure they won’t accidentally store them in a plain text open API call or anything.
How do you “accidentally” record other people’s conversations?
If I’m reading it right, it’s kinda like how that one guy “hacked” 70,000 robot vacuums. Bad scope limits.
Game uses token to do the rich presence stuff, and instead of just getting a confirmation back, it gets everything.
So in other words rich presence shares your conversations with game makers
Not necessarily. Developers choose what permissions their authorization token has when they register it with Discord. In this case the game asked for an auth token with all permissions, so the game connects to Discord with the same access levels as your actual login.
Yeah that’s what the person before me said. I’m saying that the fact it’s possible at all is a horrible violation of privacy
There are legitimate reasons to ask for an “all permissions” token, such as setting up and using a third party client. A game is not one of the things that should be asking for that though.
In any case it sounds like a reason to actually read what the oauth login screens are actually telling you…
But the fact that you have no control (or transparency) over that matter is atrocious
By being a bad security actor when asking permission and giving permission.