If you use Discord, you may notice that some images are called image0.png, image0.jpg, and so on, why this happens?
No, people are not changing their pictures to image0 before posting, Discord changes the image names because of security issues, which we will see below.
Indeed, one could rename their images to image0 to cause this behavior, though that is more unlikely!
Unrestricted file upload security
The OWASP Unrestricted File Upload recommendations sum up a reason to rename files that are uploaded: The file name, being part of the metadata, could trick the system into overwriting another file, causing damage.
It lists more concerns than just critical file overwriting, but this helps us to understand why this is done by Discord and several other applications.
But that is not the reason!
If Discord was renaming because of these security concerns, all files would be getting renamed! But they are not.
If you upload a file to a friend right now, it may or may not get renamed, sometimes you will see the original file name. Why?
To summarize how images are getting renamed, check the following:
- You copied an image to your clipboard and pasted it into Discord: the image is renamed to unknown
- You uploaded an image without a name by any means: the image is renamed to unknown
- You are using an Apple device: the image is renamed to image0, if multiple images, then they are renamed to image0, image1, and so on
- You uploaded an image with a known name, on Windows or another system: The image holds its original name!
So the odd image0 behavior is caused only with some specific devices, although I cannot tell you which devices will make Discord rename the file using that pattern.
The security concerns regarding Unrestricted File Upload are taken into consideration by Discord, we just don't know how they are handling it internally.
When opening a Discord image on your browser, you will notice that the URL is long and it contains the image name, that long URL is also taking care of some security issues.
What other websites are doing?
While Discord has this confusing behavior, Facebook renames all files with their filename pattern.
If you copy the URL of a Facebook post image, you will notice that the image part of the URL, which is followed by its format, has 3 sets of big numbers separated by underscores.
The big numbers in all image URLs can help a website to achieve the following:
- Provide a unique distinct name to all images, as if two images have the same name, one will be overwritten
- Have some sort of identifier to who posted the image, just on its URL alone
But there may be different reasons why a website decides to do that.
Twitter renames their files into a different pattern as well, instead of numbers, they appear to be using a short sequence of letters.
Hopefully, this small article helped you understand the image0 filenames on Discord!
