Discord Shuts Down ‘Spy Pet’ Bots That Scraped, Sold User Messages

Discord banned a mass of accounts that were part of a service that scraped and sold user data, including messages posted across servers and what voice channels they joined, 404 Media has learned. The move comes after https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages/, called Spy Pet, last week and verified it was selling access to genuine user messages ripped from Discord servers.

Since then, and especially over the last several days, the number of servers that Spy Pet says it collects data from has fluctuated, dropping from around 14,000 to 12,000, before eventually on Thursday reaching zero. As of Friday, the Spy Pet website is also unavailable, and Discord says it is considering legal action against the site.

IndianaJones,

The spy[.]pet domain got taken down, but soon after the developer published the same website under a new domain spying[.]pet…

Badeendje,
@Badeendje@lemmy.world avatar

Locking the barn after the horse is stolen.

tb_,
@tb_@lemmy.world avatar

Better than leaving the barn wide open

zeluko,

But they are leaving it open..

conciselyverbose,

This is why they changed their API to make bots that serve too many servers (100 maybe?) become verified and go through an application process to be able to ask for the message content intent, which was part of discord bot libraries revolting for a while. But their choice was actually a pretty good middle ground. There’s very good reason to allow devs to build out and actually test the functionality on their own server or couple of servers without the giant limiting factor of getting someone from discord to evaluate every feature you might possibly add.

If they’re doing this through regular user accounts instead, I don’t know what you expect discord to do. Public servers aren’t private. Hundreds to thousands of people can see your messages. They’re not that different than posting them in any other public forum. Technical limitations only go so far.

sebinspace,

Yep. I can put together a bot in about ten minutes that silently logs everything sent.

umami_wasbi,

Account walled

tal, (edited )
@tal@lemmy.today avatar

If the Threadiverse gets large enough for data to be worth mining, they’re gonna be pulling off it too, if not already.

EDIT: and as I’ve pointed out before, at least with current lemmy instances, it’s probably not that hard to get a user’s IP. I don’t know how viable it is to get that for a Discord user.

Donut,

You can’t get a Discord user’s IP address in the app itself as every interaction is proxied through Discord’s backend first.

People do click on sketchy links and hand over their IP though, and Discord can’t do much about those situations

zeluko,

Discord bots were able to get a users IP via the verification system afaik.
And there are of course other ways to force users to do so. Its more interesting Discord themselves didnt care about these methods to ban such bots.. well its Discord, not that surprising when i think about it.

https://www.youtube.com/watch?v=d0h4QPqAwss

Donut,

Look at the update comment to that video. The bot creator did it on purpose. Nothing to do with Discord’s verification system.

zeluko,

afaik thats rather about the parallel service someone had selling the data for a subscription and getting that data from restorecord's database.
In the video it is already suspected restorecord is in on it, and the update comment proves it.

The problem with restorecord getting that data in the first place persists. I am not aware if Discord is tackling that issue at all e.g. making it against EULA and banning those bots.

Donut,

Yes, when you go to their site and do the verification, they were able to link your IP to your discord username via their backend. This is done outside of the Discord API.

zeluko,

Yeah and discord is allowing it. Thats all i am saying.
Of course Restorecord is doing it on purpose. There are some valid reasons, but maybe Discord shouldt allow untrusted bot-developers like them to do so.

wildbus8979,

I’ll be honest, the return on Bonzai Buddy was indeed on my internet distopia bingo card.

CosmicCleric, (edited )
@CosmicCleric@lemmy.world avatar

404 Media should also investigate what they do with all those phone numbers they collect, as a security measure.

https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.en

TachyonTele, (edited )

What would you do if you found out I’ve been copying all your comments for the past week, changing them slightly, and then reposted them on a certain website without giving you any credit whatssoever?

gaael,

Why are you so intent on giving them s**t about their licensing of their comments?
They cause harm to no one, they feel better because doing so is relevant to them.

I might be wrong, but your question seems asked in bad faith: I am under tbe impression that most people on lemmy servers have at least a basic understanding of the privacy and copyright infringements of the training of AI models.

Their will to license their comment probably has little to do with the very unlikely individual actions you describe and more to do with data licensing from big corporate entities.

CosmicCleric, (edited )
@CosmicCleric@lemmy.world avatar

What would you do if you found out I’ve been copying all your comments for the past week, changing them slightly, and then reposted them on a certain website without giving you any credit whatssoever?

It’s so weird how some people get so bent out of shape over this.

At the end of the day, its just a fucking link.

https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.en

TachyonTele,

So the answer is nothing. You would do nothing.

So what’s the point of the “fucking link”?

gaael,

And what’s the point of your comment, apart for trying to spark a controversy out of nowhere?

CosmicCleric, (edited )
@CosmicCleric@lemmy.world avatar

So the answer is nothing. You would do nothing.

So what’s the point of the “fucking link”?

I’m not going to repeat myself all over again. I’ve already stated elsewhere in this conversation what I would do.

Stop being so angry, it’s just a link.

And look, I made it even smaller, just for you…

https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.en

TachyonTele,

Point me to where in this five comment long conversation you stated what you would do.

You should take your own advice kiddo, seems to me the only one angry here is you.

VirtualOdour,

Because it’s embarrassing, there’s enough cringe here as it is how am I supposed to say to people ‘hey come and try out lemmy’ when they’re gong to see this sovcit Facebook mom stuff?

gaael,

how am I supposed to say to people ‘hey come and try out lemmy’ when they’re gong to see this sovcit Facebook mom stuff?

They’re going to read comments shilling for corpos, excusing China/Russia/Israel’s human rights violations… and a link towards an open source license at the end of someone’s comments is what you’re worried about?

CosmicCleric, (edited )
@CosmicCleric@lemmy.world avatar

Because it’s embarrassing,

I do what’s right, and not what may or may not embarrass me.

I’m actually embarrassed that someone else would suggest not using a Creative Commons license to its full capability.

there’s enough cringe here as it is

Cringe is in the eye of the beholder.

how am I supposed to say to people ‘hey come and try out lemmy’ when they’re gong to see this sovcit Facebook mom stuff?

Just explain to them that Lemmy is a friendly and open place, where all different types of people with different opinions and ways of thinking can converse with each other freely, without fear of being harrased/insulted.

https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.en

  • All
  • Subscribed
  • Moderated
  • Favorites
  • technology@lemmy.world
  • PowerRangers
  • magazineikmin
  • InstantRegret
  • hgfsjryuu7
  • Durango
  • Youngstown
  • slotface
  • everett
  • thenastyranch
  • rosin
  • kavyap
  • khanakhh
  • mdbf
  • DreamBathrooms
  • anitta
  • vwfavf
  • ethstaker
  • tacticalgear
  • cubers
  • ngwrru68w68
  • modclub
  • cisconetworking
  • osvaldo12
  • GTA5RPClips
  • normalnudes
  • tester
  • Leos
  • provamag3
  • All magazines
    •