With the recent raft of vulnerabilities such as Spectre/Meltdown and Rowhammer, there's an argument to be made that maybe, just maybe, running "untrusted" code on the same physical machine as "trusted" code is fundamentally insecure. Not just because of those particular vulnerabilities, but because they all seem to point to some sort of axiom - when two pieces of code share physical state (CPU, RAM etc), you cannot ever be 100% certain that they do not affect each other in some subtle way. And even if the hardware itself was perfect, it's not like you can practically prove all the code on a modern machine correct and flawless.
So maybe, instead of trying to somehow make it safe to run untrusted software on our machines, we should focus on making sure all the code that runs on our machines is trusted - not in the sense of "proved correct", but in the sense of "written without malicious intent". If you regard Discord scanning your processes as an unacceptable invasion of privacy, and it bothers you that there's no way to turn that off, perhaps avoiding Discord is a better solution than trying to sandbox it.
We could just put all our personal data on some non-networked machine with minimal software installed. But data like that wouldn't really be much use for anything. The data is already being shared over the Internet. People just want the data to stay in the right context: financial details shared with a bank shouldn't find its way onto Facebook or a random game company.
Using a separate computer for each counterparty would be more secure, but again not very convenient.
So maybe, instead of trying to somehow make it safe to run untrusted software on our machines, we should focus on making sure all the code that runs on our machines is trusted - not in the sense of "proved correct", but in the sense of "written without malicious intent". If you regard Discord scanning your processes as an unacceptable invasion of privacy, and it bothers you that there's no way to turn that off, perhaps avoiding Discord is a better solution than trying to sandbox it.