Follow
Apparently, the first time you run Discord on a new machine, it opens a URL with your default browser that, if you're already logged in, also logs you into the desktop app. Without asking on either end.
Which was convenient but also creepy and feels like a security concern. Like, someone can generate a web URL that if I visit it logs them in as me? How is that safe?
(Update: After playing around a bit, it appears that it is safe, I'll explain why in a reply.)
I tried visiting the URL again without Discord running, and it redirected to a page on 127.0.0.1:6463 which failed to load. It seems Discord handles this by running a (presumably temporary) webserver on localhost. So, if someone sends me to one of those links, I'll get redirected to localhost, which will fail because I'm not running a webserver.
Still creepy.