Back

Discord saves deleted images to your filesystem

  • General
  • by Jacob Riggs
  • 08-05-2023
Your vote is:
4.90 of 92 votes

This post outlines a security issue with Discord due to how it handles deletion records and localised caching for media posted in shared channels.

The issue

Media posted in Discord channels is written to the filesystem of every channel participant, even if that media is deleted from the channel immediately after being posted. It's important to note that this form of caching is a common practice and typically employed to facilitate quicker loading of content. However, the fact that Discord allows for the deletion of channel posts without any clear evidence of the deletion may present a potential vector for attack that I think all Discord users should be mindful of.

In an extreme hypothetical scenario, consider if a malicious party was to post indencent images of children or bomb-making plans to a wide-audience Discord channel, then immediately delete the posted images and proceed to file an anonymous report to law enforcement agencies alleging the participants in the channel have copies of that data stored on their filesystems. Whilst some might consider this attack unlikely, the possibility remains, particularly if your threat-model includes state actors with a desire to get their hands on your devices.

Finding your Discord cache

  1. Open File Explorer and navigate to %AppData%/discord/Cache/Cache_Data

    Discord Cache Path

    Discord Cache Folder

  2. Right-click in the window and navigate to Open in Terminal

    Open in Terminal

  3. Rename all files in the folder to use the .png extension by running the command:
    Get-ChildItem -Path "$env:APPDATA/discord/Cache/Cache_Data" -File | ForEach-Object {Rename-Item $_.FullName -NewName "$($_.BaseName).png"}

    Rename Files to .png in PowerShell

    Files renamed to extension .png

Unfortunately, Discord's lack of configuration options adds to this issue. At the time of this blog post, there are no settings present within the application that allows for cache control. My recommendation is simply to be careful what Discord channels you choose to participate in.

Alternatively, you can also opt to employ the use of a Windows Task Scheduler to automatically run a PowerShell script that deletes the folder every 24 hours. Whilst this doesn't solve the problem, it may offer some assurance that cached media won't persist forever. This approach of course also doesn't prevent forensic recovery.


Set up a task scheduler to auto-delete your Discord cache

  1. Open a notepad file and paste this command into it Remove-Item -Path "$env:APPDATA/discord/Cache/Cache_Data" -Recurse -Force
  2. Save the file somewhere you won't lose it, such as to your Documents folder, and rename it to use the .ps1 file extension (such as discord-cache-deletion.ps1).
  3. Open the Windows Task Scheduler by searching for Task Scheduler in the start menu.
  4. Navigate to Task Scheduler in the start menu.
  5. Click on Create Basic Task in the pane on the right side of the window and then add a name and description for the task.

    Create Basic Task

    Task Name and Description

  6. Configure the Trigger conditions to run Daily

    Trigger Daily

  7. In the Action step, select Start a program

    Trigger Daily

    In the Program/script field enter powershell.exe and in the Add arguments field, enter the file path -ExecutionPolicy Bypass -File "C:/[YOUR_ACCOUNT_NAME]/Documents/discord-cache-deletion.ps1"

    Task Arguments

  8. Click Finish to save the task.

    Finish the Scheduled Task

ABOUT THE AUTHOR

Jacob Riggs

Jacob Riggs is a Security Lead based in the UK with almost a decade of experience working to improve the cyber security of media and third sector organisations. His contributions focus on expanding encryption tools, promoting crypto-anarchist philosophy, and pioneering projects centred on leveraging cryptography to protect the privacy and political freedoms of others.

E3FE 4B44 56F5 69BE 76C1 E169 E3C7 0A52 9AEF DB6F


Subscribe to my Blog


I agree with the Privacy Policy terms.
Loading...
.