> I basically treat it as 'any member of public can now access it'.

Still remember the conversation over "mega apps"?

Based on my experience with Alipay, which was a Chinese financial focused mega app but now more like a platform of everything plus money, the idea of treating every bit information you uploaded online as public info is laughable.

Back when Alipay was really just a financial app, it make sense for it to collect private information, facial data, government issued ID etc. But now as a mega app, the "smaller app" running inside it can also request permission to read these private information if they wanted to, and since most users are idiots don't know how to read, they will just click whatever you want them to click (it really work like this, magic!).

Alipay of course pretends to have protection in place, but we all know why it's there: just to make it legally look like it's the user's fault if something went wrong -- it's not even very delicate or complex. Kinda like what the idea "(you should) treat it (things uploaded online) as 'any member of public can now access'" tries to do, blame the user, punch down, easy done.

But fundamentally, the information was provided and used in different context, user provided the information without knowing exactly how the information will be used in the future. It's a Bait-and-switch, just that simple.

Of course, Discord isn't Alipay, but that's just because they're not a mega app, yet. A much healthier mentality is ask those companies to NOT to collect these data, or refuse to use their products. For example, I've not ever uploaded my government ID photos to Discord, if some feature requires it, I just don't use that feature.