My friend is an exec there. After reading this thread bugged him to buy my software that would protect this vulnerability. They confirmed data/file never leaves the user’s device. Sounds pretty safe.
You do know that it’s bullshit? Unless they’re incredibly incompetent they’re lying to you. If the data never leaves the client then all the checks are client-side, which means it’s relatively easy (compared to a server side check) to bypass those checks.
Afaik the files exfiltrated were photos that the on device detection could not identify and were uploaded to verify server side. That would mean not all pictures are sent to the backend, and that corroborates why “only” 70k photos were stolen when discord has millions of users verified.
Of course you have to put your trust in a closed source system so best not to upload, but if true it’s still a far cry from openly lying about it. It’s probably explicitly stated in their ToS that they may upload the file if the verification fails client side.
My friend is an exec there. After reading this thread bugged him to buy my software that would protect this vulnerability. They confirmed data/file never leaves the user’s device. Sounds pretty safe.
You do know that it’s bullshit? Unless they’re incredibly incompetent they’re lying to you. If the data never leaves the client then all the checks are client-side, which means it’s relatively easy (compared to a server side check) to bypass those checks.
Afaik the files exfiltrated were photos that the on device detection could not identify and were uploaded to verify server side. That would mean not all pictures are sent to the backend, and that corroborates why “only” 70k photos were stolen when discord has millions of users verified.
Of course you have to put your trust in a closed source system so best not to upload, but if true it’s still a far cry from openly lying about it. It’s probably explicitly stated in their ToS that they may upload the file if the verification fails client side.
Source: Trust me bro.