Discord banned a mass of accounts that were part of a service that scraped and sold user data, including messages posted across servers and what voice channels they joined, 404 Media has learned. The move comes after 404 Media reported on the service, called Spy Pet, last week and verified it was selling access to genuine user messages ripped from Discord servers.

Since then, and especially over the last several days, the number of servers that Spy Pet says it collects data from has fluctuated, dropping from around 14,000 to 12,000, before eventually on Thursday reaching zero. As of Friday, the Spy Pet website is also unavailable, and Discord says it is considering legal action against the site.

  • RubberDuck
    link
    English
    647 months ago

    Locking the barn after the horse is stolen.

    • tb_
      link
      English
      217 months ago

      Better than leaving the barn wide open

        • @[email protected]
          link
          fedilink
          English
          157 months ago

          This is why they changed their API to make bots that serve too many servers (100 maybe?) become verified and go through an application process to be able to ask for the message content intent, which was part of discord bot libraries revolting for a while. But their choice was actually a pretty good middle ground. There’s very good reason to allow devs to build out and actually test the functionality on their own server or couple of servers without the giant limiting factor of getting someone from discord to evaluate every feature you might possibly add.

          If they’re doing this through regular user accounts instead, I don’t know what you expect discord to do. Public servers aren’t private. Hundreds to thousands of people can see your messages. They’re not that different than posting them in any other public forum. Technical limitations only go so far.

        • sebinspace
          link
          English
          07 months ago

          Yep. I can put together a bot in about ten minutes that silently logs everything sent.

  • @[email protected]
    link
    fedilink
    English
    38
    edit-2
    7 months ago

    If the Threadiverse gets large enough for data to be worth mining, they’re gonna be pulling off it too, if not already.

    EDIT: and as I’ve pointed out before, at least with current lemmy instances, it’s probably not that hard to get a user’s IP. I don’t know how viable it is to get that for a Discord user.

    • @[email protected]
      link
      fedilink
      English
      117 months ago

      You can’t get a Discord user’s IP address in the app itself as every interaction is proxied through Discord’s backend first.

      People do click on sketchy links and hand over their IP though, and Discord can’t do much about those situations

      • zeluko
        link
        fedilink
        2
        edit-2
        7 months ago

        Discord bots were able to get a users IP via the verification system afaik.
        And there are of course other ways to force users to do so. Its more interesting Discord themselves didnt care about these methods to ban such bots… well its Discord, not that surprising when i think about it.

        https://www.youtube.com/watch?v=d0h4QPqAwss

        • @[email protected]
          link
          fedilink
          English
          17 months ago

          Look at the update comment to that video. The bot creator did it on purpose. Nothing to do with Discord’s verification system.

          • zeluko
            link
            fedilink
            1
            edit-2
            7 months ago

            afaik thats rather about the parallel service someone had selling the data for a subscription and getting that data from restorecord’s database.
            In the video it is already suspected restorecord is in on it, and the update comment proves it.

            The problem with restorecord getting that data in the first place persists. I am not aware if Discord is tackling that issue at all e.g. making it against EULA and banning those bots.

            • @[email protected]
              link
              fedilink
              English
              17 months ago

              Yes, when you go to their site and do the verification, they were able to link your IP to your discord username via their backend. This is done outside of the Discord API.

              • zeluko
                link
                fedilink
                17 months ago

                Yeah and discord is allowing it. Thats all i am saying.
                Of course Restorecord is doing it on purpose. There are some valid reasons, but maybe Discord shouldt allow untrusted bot-developers like them to do so.

    • zelifcam
      link
      English
      6
      edit-2
      7 months ago

      deleted by creator

  • @[email protected]
    link
    fedilink
    English
    167 months ago

    I’ll be honest, the return on Bonzai Buddy was indeed on my internet distopia bingo card.

  • Jones
    link
    fedilink
    English
    1
    edit-2
    7 months ago

    The spy[.]pet domain got taken down, but soon after the developer published the same website under a new domain spying[.]pet…

    • @[email protected]
      link
      fedilink
      English
      9
      edit-2
      7 months ago

      What would you do if you found out I’ve been copying all your comments for the past week, changing them slightly, and then reposted them on a certain website without giving you any credit whatssoever?

      • @gaael
        link
        English
        -27 months ago

        Why are you so intent on giving them s**t about their licensing of their comments?
        They cause harm to no one, they feel better because doing so is relevant to them.

        I might be wrong, but your question seems asked in bad faith: I am under tbe impression that most people on lemmy servers have at least a basic understanding of the privacy and copyright infringements of the training of AI models.

        Their will to license their comment probably has little to do with the very unlikely individual actions you describe and more to do with data licensing from big corporate entities.

      • Cosmic Cleric
        link
        English
        -6
        edit-2
        7 months ago

        What would you do if you found out I’ve been copying all your comments for the past week, changing them slightly, and then reposted them on a certain website without giving you any credit whatssoever?

        It’s so weird how some people get so bent out of shape over this.

        At the end of the day, its just a fucking link.

        Anti Commercial-AI license (CC BY-NC-SA 4.0)

        • @[email protected]
          link
          fedilink
          English
          47 months ago

          So the answer is nothing. You would do nothing.

          So what’s the point of the “fucking link”?

          • @gaael
            link
            English
            -17 months ago

            And what’s the point of your comment, apart for trying to spark a controversy out of nowhere?

          • Cosmic Cleric
            link
            English
            -5
            edit-2
            7 months ago

            So the answer is nothing. You would do nothing.

            So what’s the point of the “fucking link”?

            I’m not going to repeat myself all over again. I’ve already stated elsewhere in this conversation what I would do.

            Stop being so angry, it’s just a link.

            And look, I made it even smaller, just for you…

            Anti Commercial-AI license (CC BY-NC-SA 4.0)

            • @[email protected]
              link
              fedilink
              English
              47 months ago

              Point me to where in this five comment long conversation you stated what you would do.

              You should take your own advice kiddo, seems to me the only one angry here is you.

        • @[email protected]
          link
          fedilink
          English
          27 months ago

          Because it’s embarrassing, there’s enough cringe here as it is how am I supposed to say to people ‘hey come and try out lemmy’ when they’re gong to see this sovcit Facebook mom stuff?

          • @gaael
            link
            English
            2
            edit-2
            7 months ago

            how am I supposed to say to people ‘hey come and try out lemmy’ when they’re gong to see this sovcit Facebook mom stuff?

            They’re going to read comments shilling for corpos, excusing China/Russia/Israel’s human rights violations… and a link towards an open source license at the end of someone’s comments is what you’re worried about?

          • Cosmic Cleric
            link
            English
            -3
            edit-2
            7 months ago

            Because it’s embarrassing,

            I do what’s right, and not what may or may not embarrass me.

            I’m actually embarrassed that someone else would suggest not using a Creative Commons license to its full capability.

            there’s enough cringe here as it is

            Cringe is in the eye of the beholder.

            how am I supposed to say to people ‘hey come and try out lemmy’ when they’re gong to see this sovcit Facebook mom stuff?

            Just explain to them that Lemmy is a friendly and open place, where all different types of people with different opinions and ways of thinking can converse with each other freely, without fear of being harrased/insulted.

            Anti Commercial-AI license (CC BY-NC-SA 4.0)