Photos shared on discord via DM can be accessed by anyone at all. They’re not password protected and it’s relatively easy to brute force* the URL of the photo if you have any other URL from that particular conversation to give you the “server” ID. Even easier if there’s a time of day you know a photo was sent because of the way a “snowflake” is generated for the image. That’s always seemed like a pretty gaping security hole to me but I never see anyone mention it.<p>* Not sure if that’s the right term when it’s not a password?