Skip to content

Trackers

Jump to bottom
Khafra edited this page Jan 12, 2020 · 2 revisions

Trackers

/api/science

Notes:

  • Not used often (only seen in Discord email verification mails).
  • Has no other purpose than to secretly track.
  • You can block it in an Ad-blocker without consequence.
<img height="1" src="https://discordapp.com/api/science/165445892457889792/28278d4e-a7b5-46ea-a1f4-2ca39b15dffb.gif?properties=eyJlbWFpbF90eXBlIjogInVzZXJfdmVyaWZ5X2VtYWlsIn0%3D" width="1"/>

A typical request is seen in an email's HTML as viewed above.

Breaking down the URL:

  • https://discordapp.com/api/science/ is the base.
  • 165445892457889792 is the account's ID, otherwise known as a snowflake.
  • 28278d4e-a7b5-46ea-a1f4-2ca39b15dffb.gif is a 1x1 pixel gif called a Web beacon. The (assumed) intent is to track when a user opens the email, but could have other uses. This could be inserted by the email provider, but is hosted by Discord.
  • The search parameter in the URL, properties, is a base64 encoded string. When decoded, it is a seemingly useless bit of information; the purpose of the email. Assumed usage is that it is intended to track user activity, as Discord uses tracking strings often.
{ email_type: "user_verify_email" }

/api/v6/science

Notes:

  • This URL is tricky; it is sent when a user completes an action (changing servers, sending messages, etc.). It holds lots of information that can be personally-identifiable.
  • It has no purpose other than to track. Blocking it does not cause any issues.
  • You can block it in an Ad-blocker without consequence.

Two different types of requests sending different information.

Takeaways:

  • The request sends data to Discord from your device, including an assumed unique user id that can personally identify an account.
  • This endpoint tracks dates of actions ("events"), the action name, and type. Among this, it also sends your token to the server in plaintext.
  • It can include different sets of data, including IPs of a user and user events.

http://url####.discordapp.com/wf/open

Notes:

  • Insecure.
  • Cannot be blocked without limiting functionality.
  • Base URL is used multiple times in a single verification email. Other email types have not been checked.
<img alt="" border="0" height="1" src="http://url7195.discordapp.com/wf/open?upn=8PliU0eG####-2BPpx41EKdzQZ2####-2B669hQWfHBj6rrwNJK5####-2B0AOctUxxskohlZiO8uPUZvVQewaJztD9Qr####-2B1QywfmTGxIf9####-2BVl6rYvmXFIZtV71YiOT59OSmQt4zUVI6J####-2BZ4####-2FhAh1nDGou2wAHjJlqehOBKbh6BEdmNgrHdRWsxf7Dmk7WUTATpnBQCfVFIS6HvBoj8Mh6####-2BeG9K5cNNnS7ww0wY0GaD0uK####" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;" width="1">

Some parameters have been replaced with # as the information is unknown to us.

Takeaways:

  • Another Web beacon with a similar URL as the actual verification URL (sometimes the URL is different).
  • It has no purpose other than to track, once again.
  • The CSS is set with !important to keep it secretive.
Clone this wiki locally