Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy

A Spy Site Is Scraping Discord and Selling Users' Messages (404media.co) 49

404 Media: An online service is scraping Discord servers en masse, archiving and tracking users' messages and activity across servers including what voice channels they join, and then selling access to that data for as little as $5. Called Spy Pet, the service's creator says it scrapes more than ten thousand Discord servers, and besides selling access to anyone with cryptocurrency, is also offering the data for training AI models or to assist law enforcement agencies, according to its website.

The news is not only a brazen abuse of Discord's platform, but also highlights that Discord messages may be more susceptible to monitoring than ordinary users assume. Typically, a Discord user's activity is spread across disparate servers, with no one entity, except Discord itself, able to see what messages someone has sent across the platform more broadly. With Spy Pet, third-parties including stalkers or potentially police can look up specific users and see what messages they've posted on various servers at once. "Have you ever wondered where your friend hangs out on Discord? Tired of basic search tools like Discord.id? Look no further!" Spy Pet's website reads. It claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.

This discussion has been archived. No new comments can be posted.

A Spy Site Is Scraping Discord and Selling Users' Messages

Comments Filter:
  • Public is public (Score:5, Informative)

    by MpVpRb ( 1423381 ) on Wednesday April 17, 2024 @11:05AM (#64401536)

    ..and anyone who posts in public should not be surprised when their posts are used for all sorts of questionable stuff
    We need laws and secure methods to ensure that private stuff stays private, but public means public

    • by Xenx ( 2211586 )
      It being on Discord does not inherently make it public. Many servers are public, but not all. However, even if it's not a public server, Discord is still party to the communication and may be compelled to release it. Alternatively, stuff like this can happen.
      • It being on Discord does not inherently make it public. Many servers are public, but not all. However, even if it's not a public server, Discord is still party to the communication and may be compelled to release it. Alternatively, stuff like this can happen.

        Unless I have a contract with Discord saying that they will keep everything private, I'm going to assume all the data I send to them is public. Given the $0 I pay for their services, even if they have the worlds best security right now, I'm going to assume that they can at any point chose to make that security nonexistent when they so chose, and all of their data would become accessible by any script kiddie.

        • by Xenx ( 2211586 )
          At a practical level I agree it makes sense to treat it as public. My point, however, is that there is in fact a distinction. Ignoring that distinction is also detrimental. If only, because it could prove to be a defense if you did post something.
        • All the data you send to Discord belongs to Discord. It is not public.

      • by allo ( 1728082 )

        If the "Server" is not public, it is not scraped.

    • And copyright is copyright. Posting to Discord gives an inherent grant to Discord to make copies of your posts to actually make the service function, nobody else has the rights to distribute copies of your text. Probably why they are collecting the actual payments via crypto. So if they get challenged, they try to lie about how much money that they collected.

      • by mysidia ( 191772 )

        nobody else has the rights to distribute copies of your text

        In theory.. Only if the bit of text you are trying to control is copyrightable and the distribution is not fair use.

        Much of the chatter that happens on Discord servers would never qualify for copyright protection.

        Even if it does: enforcement is an issue. Generally you will Not have registered a copyright on your chat messages before distributing them freely - that means if you try to sue them The money damages are limited to actual damages

        • by The Cat ( 19816 )

          Any original (or otherwise eligible) work fixed in a tangible medium is copyrighted automatically under the United States Copyright Act of 1976.

          • by mysidia ( 191772 )

            Any original (or otherwise eligible) work..

            This is false, Because there are Non-copyrightable works.

            You cannot even copyright a "good morning"
            "hi there, everybody", the same for short phrases and titles, etc.

            Originality is required but is not enough. There is a threshold of both creativity and originality that have to be reached, and most one-line text messages are likely to fail.

            Also, even if it's automatically copyrighted: it must be registered promptly with the copyright office within a short time of

            • by The Cat ( 19816 )

              There is no such thing as a "non-copyrightable work."

              • That is simply not true, At least for a copyright claim that will withstand court scrutiny. As the person you replied to said, thresholds must be met. The person you replied to is wrong about copyright registration, that requirement ended in the USA in 1989 with Berne convention implementation.
                • by The Cat ( 19816 )

                  It does not become a "work" until it is copyrightable. Slapping a few words together does not constitute a "work" as it is understood in Title 17.

                  I do intellectual property for a living. Give it a rest.

        • I think you have to look at what is being done with the data en masse to determine whether it is fair use. Say for example, a large body of the training data for a language model came from Discord messages. This makes even the small chatter an important part of the overall value of the text. Essentially, the resulting model is a derivative work. Your individual damages might be low, but as a group, they are large.

    • We have laws and standards covering everything from health-care to finance, food preparation and health care. Just because we can anticipate this kind of behavior does not mean we have to accept unfettered surveillance for profit.

    • by gaws ( 10083464 )

      This is why you should *always* chat on invite-only servers.

  • Assumptions (Score:2, Insightful)

    by Anonymous Coward

    The news is not only a brazen abuse of Discord's platform, but also highlights that Discord messages may be more susceptible to monitoring than ordinary users assume.

    You can only tell people "Everything is 100% public and stored for eternity" so many times and so plainly worded before this is no longer an "assumption" but "intentionally willful ignorance"

    Discord is not more susceptible to monitoring than they should be.
    They aren't even more susceptible than users assume.
    Those willfully ignorant people are what is susceptible, and no change to discord will effect that.

    Those people need changed. Assuming you want the problem fixed that is.
    If we stop allowing these people

    • by will4 ( 7250692 )

      I am going to round out my comments with a few assumptions for longer term thinking and direction finding. Sometimes rain comes in sheets like copy paper produced reports of sharks breaching the ocean surface temperature rising yet cooled by the polar icing found on mom's 85th birthday cake of soap not too sudsy or with a decent foam on top of a pint of bitter roots dug by werner our three-legged pig eating not just oranges but some light foamed concrete sealing the gaps between foundation of robotics used

    • by allo ( 1728082 )

      > no change to discord will effect that.
      Local-only logs would affect that.

  • This guy better be in a non-extraditing country. He's quickly made many enemies, some of whom are rich.
    • Lawsuit? Yes, I'm sure that the courts will treat their blatant violation of a TOS as a capital crime. /eyeroll
      • Beyond the TOS, there are actual laws that might apply to this situation.

        First thing that comes to mind? Depending on the method used, it might fall afoul of the The Computer Fraud and Abuse Act. Not all Discord messages are public, and if some technical abuse was involved in accessing messages in an unauthorized manner (peeking into DMs, servers you've not actually joined, etc) then that could be grounds for criminal prosecution.

        =Smidge=

        • If that is the case, the it should really be on Discord to remunerate their users for the obvious exploits.

        • It's always funny how people jump to, "LAWSUIT!" whenever something like this comes up, and immediately mentions some law or rule why a lawsuit should happen, while at the same time bragging how much software, movies, and music they steal and saying the company and/or artist can suck it.

          Consistency would be nice, but I know that's too much to expect from people who think they're being edgy and whatnot.

        • by mysidia ( 191772 )

          It's probably a Cybercriminal gang with a Botnet methinks.

          That means their MO can potentially include running bots on stolen Discord accounts, Or malware on compromised Discord users' devices to mine all the servers those users happened to be a member of.

          Note how they only accept cryptocurrency payments and their Mail hostname DNS infrastructure use Switzerland-registered names.

          The website is fronted by a service named Cloudflare that is Infamous net-wide for signing up the most questionable of websites;

  • by King_TJ ( 85913 ) on Wednesday April 17, 2024 @11:18AM (#64401574) Journal

    The problem I see with these types of services are that they undermine the concept of a reasonable expectation of anonymity. We all know that the owners of a given web site/service will have the ability to pull up and view everything we ever said or did on the platform. But that's generally not a concern, unless someone is intent on doing blatantly illegal things on the service. (All things considered, I lean towards the assumption that a person so interested in a social media communications tool that they'd make it their life's work to build/run one is NOT the type who'd disrespect my ability to speak freely under a pseudonym/handle and stay generally anonymous.)

    If they let others violate the terms of service with data-scraping bots and so on? Their platform becomes a hostile environment.

    A lot of people have reasons to compartmentalize their lives and not let just anyone know about everything they say/do/believe in.

    Just last week, I was at a flea market with a friend of mine. We both put together a single booth so we could try to sell some things. My friend knew the guy who ran the whole thing, but only discovered via a neighbor that he lived right down the block from her. She tried to say something to him about that while they were talking about their pets and other small talk. He immediately started walking away, ignoring her as he went to talk to someone else. We both found that odd but assumed he got distracted or something. After it was ending and we were packing things up, he came back by to apologize but said he really didn't want anyone there to figure out where he lived. He had too many problems in the past with vendors who didn't know boundaries and would come knocking on his door at midnight to try to sign up for a vendor space, or to try to demand he exchange an item he sold them at one, etc.

    • Absolutely right: people want to compartmentalize. That said, we also need to know that a bit of research can see through it. Pseudohanonymity, with the emphasis on "pseudo"
    • by e3m4n ( 947977 )
      Must be some crazy CA town or something. In the midwest most people know better than to bang on someone’s door at midnight. Thats a quick way to be staring down the barrel of a shotgun or rifle. Meanwhile, while being held at gunpoint till the police come to haul you away for trespassing and possibly terroristic threatening (who knows what threats you allegedly made) the homeowner is free to fuck with you by pretending to completely unstable, talking to the voices in your head, and ask you to get on y
      • by King_TJ ( 85913 )

        Actually? This was in the midwest -- and in a part of town where yes, I'd be worried myself about banging on someone's door at midnight, expecting they might have a gun.

        So apparently you just give people too much credit for having some sense!

    • by EvilSS ( 557649 )
      It's always going to be a arms race and usually the scrapers win anyway. I don't like it either but if you are posting on public Discord servers/channels, you have to expect it to be exploitable by third parties.
    • Cool story but I don't see how this is any different. In the real world you're less anonymous than you think, but people just don't care who you are. At least on Discord you can maintain an anonymous persona. If you're really worried, don't use the same account for your different activities.

      In public, you really should assume you're being recorded at any time, regardless of whether someone posted a sign that says "no recording."

    • by mysidia ( 191772 )

      Discord needs to find a way to block this..

      I believe the proper method for that would be legal process.

      If Discord can't identify whose doing it, then they can serve a lawsuit by public notice. They can allege any valid claim that would Entitle them to an injunction if true. Whatever person is running the service would then be required to come forward and File papers that include their Name and contact information in order to make a defense. If whoever is running the service DOES NOT Identify them

  • I use IRC!

    • These IRC clones like Discord and Slack are so incredibly broken. We've had the technology to chat online for decades, and the visually impaired have been using screen readers and braille with IRC since the beginning. With Discord and Slack, it is much more cumbersome to navigate with a screen reader. Since it is ultimately a web app. The ability to also do voice chat is nice, but for us old farts we don't really want to talk on what amounts to a chaotic party line.

      I feel like both IRC and Jabber/XMPP misse

      • by allo ( 1728082 )

        You can create much of this experience with clients like Converse.js. In "Inverse" mode it looks like a team chat like Slack and XMPP rooms have (possibly long) channel descriptions. There are also ways to make users join default rooms, such that an XMPP-Server could organize users in "servers" and channels. Features like "stickers" are also already specified and implemented by some clients and others could be added if needed.

        Matrix has "spaces" that act like Discord "servers" but it also has the problem of

        • Heck of a business to be in. Make a service that has been available for free in some form or another for decades. And then compete with dozens if not hundreds of other startups and open source projects. Maybe I should sell of the few shares of WORK (Slack) that I have.

          We have had jabberd setup at work for about 15 years. But a few years ago, my work decided to pay for both Slack and Teams. Teams is sort of free, but not everyone actually wanted MS Office so it was only free in our IT department's weird fant

  • Okay, so now just need to come up with something novel that can get scraped, trained into the AI, and will bork the AI. ;-)

  • ooohhhh. I'm on Discord now. Its super duper private where all us Maga types can for sure discuss our next insurrections and stuff like which canned food lasts the longest and how to make bullets and who to kidnap and decapitate ... in COMPLETE PRIVACY. Nobody will ever know!!

    Discord would never umm montetize or ummm sell our data for AI training or ummm.. just give data to Homeland via API.
    NO. Discord would never do that to their wtf? 600 Million users?! (that a couple of PanaMax ships full of unhappy peop
  • It's hard to know whether this is something harmless or a sign of a serious design flaw in Discord without more information.

    If this company is just assuming that Dumbledore32168 is the same user on server A and server B, then either:

    • users chose to use the same name on every server with the expectation that people from other servers would recognize them, in which case there's really no problem at all, or
    • some servers don't allow you to set your username, in which case that's a real problem, and a good rea
  • Is it "a spy site" because it's called "Spy Pet?" Because if so, that's not very sneaky.
  • by PPH ( 736903 ) on Wednesday April 17, 2024 @06:30PM (#64402958)

    ... where you harvest your training data [wikipedia.org]. Particularly once the trolls have discovered where you are getting it.

  • I always hated how Discord keeps all messages forever. Even WhatsApp keeps the chatlogs locally on your device.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...