April 19, 2026

Your lurk just got lurked

Article URL →HN comments →

Discord Read Receipts Exploit: When, How Often, How Long

No read receipts? Surprise—Discord can be “timed” and users are fuming

TLDR: A crafty Discord bug lets a shared link’s preview reveal when—and how long—you viewed a message. Commenters split between applauding the clever hack, roasting modern chat culture, and lamenting “Slack is dying” while pining for IRC, all while demanding Discord plug the privacy hole fast

Discord’s “no read receipts” vibe just hit a twist: a clever bug shows when you looked at a message—and for how long. A researcher found that by sending a link with a booby‑trapped preview image, the app’s image loader keeps retrying when it fails, creating a tell‑tale rhythm of pings that reveals your viewing time. Translation: your silent lurking isn’t so silent. Cue the comment chaos.

Privacy purists are clutching pearls, calling it a “broken promise” and demanding a fix. Others are geeking out over the craftiness, with one fan praising it as a “neat find” and a “fun writeup.” And then there’s the vibe check: one commenter deadpanned “thanks chatgpt,” turning the whole thing into a meme about modern tech explainers. Meanwhile, workplace refugees weighed in: “Slack is dying,” sighed one user, wishing someone would just bring back old‑school IRC chat. The subtext? If Discord’s becoming the office watercooler, leaks like this feel extra icky.

For the non‑techy crowd: Discord proxies images to protect your privacy, but this trick keeps the image from being cached, forcing the app to try loading it again and again—leaving a timestamp trail. It’s smart, it’s spooky, and the community is torn between applause and side‑eye. Read receipts by accident? That’s the plot twist people can’t stop talking about

Key Points

  • Discord lacks read receipts by design, but a bug in its OpenGraph image proxy can reveal viewing behavior.
  • The normal flow validates og:image and caches it via images-ext-1.discordapp.net so origins see only two requests.
  • By serving a valid image for validation and returning HTTP 500 thereafter, caching is prevented and each view hits the origin.
  • Discord’s client retries failed image loads six times with increasing delays, creating a ~20-second timing pattern.
  • A PoC app demonstrates generating tracking links and grouping sessions to infer when and how long a message was viewed.

Hottest takes

"thanks chatgpt" — antiloper
"Slack is dying... I wish someone brought IRC back" — hmokiguess
"Neat find" — tomcatfish

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.