If you're concerned about the current state of privacy at Discord, request a download of all data collected from you, and watch them stalking how you interact with the app, the servers you've visited, buttons pressed...
They have a switch to turn this off, but then they say this:
> The nitty gritty: when you turn the flag off, the events are sent, but we tell our servers to not store these events. They're dropped immediately — they're not stored or processed at all. The reason that we chose to do it this way is so that when you turn it off on your desktop app it also turns off automatically on your phone - and vice-versa. This allows us to keep things the same across all of our apps and clients, across upgrades.
This is the bigger concern. Their efforts at privacy between users is basically a joke and between users and bots its basically non-existent.
Lots of talk with respect to user privacy and discord, overlooks the distinction between a users privacy as a discord user (User <-> Discord) as opposed to the users privacy when communicating on discord (Discord User <-> Discord User or Discord User <-> Discord Bot)
They do Bluetooth, which by proxy gives location access, block VPNs and ban your accounts if you ever try to sign in with one or anonymisers, require a phone number non-VOIP, collect virtually every interaction way past what normal analytics would do and send them via the same or a similar route to prevent route-based adblock.
Desktop client also continually scans running processes.
That rather depends on your usage pattern, I expect. Twitter has similar inconsistent reports, and I can confirm personally that I was suddenly asked for one as soon as I tried to post anything; I believe I also had something like that happen with Discord, but I don't remember as clearly.
Not that it's necessarily malicious in intent—requiring “extra verification” only on suspected misuse isn't entirely unreasonable, and that's awfully hard to distinguish from things like targeted privacy attacks—but it would be nice to establish this sort of thing as common knowledge, especially since I imagine the chaff of “huh? no they don't” is only to their benefit.
Every major discord server (if you are not just strictly in DM with friends or make your own with friends) requires phone verification with virtually no exceptions.
Using any form of datacentre IP or anonymiser requires phone verification randomly within a few minutes or hours of starting interaction [regardless of server].
We do not record all your processes and send them to our servers.
We watch the process list for 3 reasons.
Detect games to show on your status message. You can turn this off anytime in the privacy tab of settings.
Detect games to hook the overlay into if it is enabled.
Detect games run as administrator to warn that Push to talk won't work.
You cannot disable the scanning as the 3rd reason is always required.
If you use the overlay we send information about your DirectX and GPU to our metrics server to track success rate of the overlay as we test it and improve it. We will probably stop sending this to our server as soon as overlay moves out of the experimental phase.
Nothing else is ever saved to disk or sent over the network.
Also the IP address you listed is an address of one of our US East voice servers which has no relation to our primary data center. Nothing is sent over it that would involve games. Our primary IPs (where we send your status) would be something else. Whatever data you saw being sent continuously was probably related to voice chat."
It kinda can only go upwards from there.