this post was submitted on 27 Apr 2024
270 points (97.9% liked)

Technology

59187 readers
1991 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Discord banned a mass of accounts that were part of a service that scraped and sold user data, including messages posted across servers and what voice channels they joined, 404 Media has learned. The move comes after 404 Media reported on the service, called Spy Pet, last week and verified it was selling access to genuine user messages ripped from Discord servers.

Since then, and especially over the last several days, the number of servers that Spy Pet says it collects data from has fluctuated, dropping from around 14,000 to 12,000, before eventually on Thursday reaching zero. As of Friday, the Spy Pet website is also unavailable, and Discord says it is considering legal action against the site.

all 27 comments
sorted by: hot top controversial new old
[–] [email protected] 64 points 6 months ago (1 children)

Locking the barn after the horse is stolen.

[–] [email protected] 21 points 6 months ago (1 children)

Better than leaving the barn wide open

[–] [email protected] 9 points 6 months ago (2 children)

But they are leaving it open..

[–] [email protected] 15 points 6 months ago

This is why they changed their API to make bots that serve too many servers (100 maybe?) become verified and go through an application process to be able to ask for the message content intent, which was part of discord bot libraries revolting for a while. But their choice was actually a pretty good middle ground. There's very good reason to allow devs to build out and actually test the functionality on their own server or couple of servers without the giant limiting factor of getting someone from discord to evaluate every feature you might possibly add.

If they're doing this through regular user accounts instead, I don't know what you expect discord to do. Public servers aren't private. Hundreds to thousands of people can see your messages. They're not that different than posting them in any other public forum. Technical limitations only go so far.

[–] [email protected] 0 points 6 months ago

Yep. I can put together a bot in about ten minutes that silently logs everything sent.

[–] [email protected] 38 points 6 months ago* (last edited 6 months ago) (2 children)

If the Threadiverse gets large enough for data to be worth mining, they're gonna be pulling off it too, if not already.

EDIT: and as I've pointed out before, at least with current lemmy instances, it's probably not that hard to get a user's IP. I don't know how viable it is to get that for a Discord user.

[–] [email protected] 11 points 6 months ago (1 children)

You can't get a Discord user's IP address in the app itself as every interaction is proxied through Discord's backend first.

People do click on sketchy links and hand over their IP though, and Discord can't do much about those situations

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

Discord bots were able to get a users IP via the verification system afaik.
And there are of course other ways to force users to do so. Its more interesting Discord themselves didnt care about these methods to ban such bots.. well its Discord, not that surprising when i think about it.

https://www.youtube.com/watch?v=d0h4QPqAwss

[–] [email protected] 1 points 6 months ago (1 children)

Look at the update comment to that video. The bot creator did it on purpose. Nothing to do with Discord's verification system.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

afaik thats rather about the parallel service someone had selling the data for a subscription and getting that data from restorecord's database.
In the video it is already suspected restorecord is in on it, and the update comment proves it.

The problem with restorecord getting that data in the first place persists. I am not aware if Discord is tackling that issue at all e.g. making it against EULA and banning those bots.

[–] [email protected] 1 points 6 months ago (1 children)

Yes, when you go to their site and do the verification, they were able to link your IP to your discord username via their backend. This is done outside of the Discord API.

[–] [email protected] 1 points 6 months ago

Yeah and discord is allowing it. Thats all i am saying.
Of course Restorecord is doing it on purpose. There are some valid reasons, but maybe Discord shouldt allow untrusted bot-developers like them to do so.

[–] [email protected] 16 points 6 months ago

I'll be honest, the return on Bonzai Buddy was indeed on my internet distopia bingo card.

[–] [email protected] 2 points 6 months ago

Account walled

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

The spy[.]pet domain got taken down, but soon after the developer published the same website under a new domain spying[.]pet...

[–] [email protected] 0 points 6 months ago* (last edited 6 months ago) (1 children)

404 Media should also investigate what they do with all those phone numbers they collect, as a security measure.

~Anti~ ~Commercial-AI~ ~license~ ~(CC~ ~BY-NC-SA~ ~4.0)~

[–] [email protected] 9 points 6 months ago* (last edited 6 months ago) (2 children)

What would you do if you found out I've been copying all your comments for the past week, changing them slightly, and then reposted them on a certain website without giving you any credit whatssoever?

[–] [email protected] -2 points 6 months ago

Why are you so intent on giving them s**t about their licensing of their comments?
They cause harm to no one, they feel better because doing so is relevant to them.

I might be wrong, but your question seems asked in bad faith: I am under tbe impression that most people on lemmy servers have at least a basic understanding of the privacy and copyright infringements of the training of AI models.

Their will to license their comment probably has little to do with the very unlikely individual actions you describe and more to do with data licensing from big corporate entities.