Discord developers have blocked many accounts associated with the Spy Pet service, which attracted media attention last week. The service collects and sells user data, including messages left by people on different servers and logs of connections to voice channels.
Last week, journalists from 404 Media published the results of an investigation into the Spy Pet service, which tracks and archives billions of messages on public Discord servers. The service sells access to data for as little as $5, allowing it to track over 600 million users on more than 14,000 servers.
Advertisement
Searching for a specific user allows you to find out on which servers Spy Pet noticed this person, and also provides the client with an exportable table of all messages of the user (including the server name, timestamp and content of the message itself); logs with information about when a person joined and left specific voice channels on the server; as well as data about associated accounts, for example on GitHub. Even worse, the researchers personally verified the service’s functionality by testing several users through it at once.
As it now reports 404 Media, since then the number of servers from which Spy Pet is able to collect data first decreased to 12,000, and last Thursday it reached zero. On Friday, the Spy Pet website went offline altogether, and Discord representatives told reporters that they were considering legal action against the resource's operators.
“Our security team thoroughly investigated this activity and identified some accounts that we believe may be associated with the Spy.pet website. These accounts were subsequently suspended,” Discord said.
The company added that Spy Pet functioned thanks to self-botsthat is, bots that use regular user accounts to join servers.
It is worth noting that Discord knew about the existence of the Spy Pet service at least since February of this year, and the company did not explain why measures began to be taken only now, after information about Spy Pet appeared in the media.
Advertisement
“Scrapping our services and self-botting is a violation of our Terms of Service and Community Guidelines. In addition to blocking the associated accounts, we are considering taking appropriate legal action,” Discord officials said.
It is also worth noting that after the publication of the original investigation, journalists discovered that Spy Pet may be associated with the Kiwi Farms website, which is known as a gathering place for all kinds of trolls and stalkers. In particular, a user under the nickname Spy Pet uploaded several dumps of messages received from Spy Pet to Kiwi Farms.
Representatives from Discord told the publication that all of the scraping accounts appeared to belong to one person, who is indeed an active member of Kiwi Farms.
At the same time, the administrator of Spy Pet himself assured that he does not want his tool “to be used for stalking.” He then implemented an opt-out mechanism on the site that supposedly allows a specific Discord user to be removed from searches.
When Discord developers started banning Spy Pet bots, a banner appeared on the service’s website saying that “Spy.pet is having problems.” The author wrote that he managed to restore about 20% of the bots, and he promised to deal with the rest later.
Shortly after this, the Spy Pet administrator announced in his Telegram channel that the project's domain was blocked, but he planned to create a backup one. At the same time, the administrator assured journalists that the blocking of the domain had nothing to do with the actions of Discord, and the counter of servers available for Spy Pet was reset to zero due to the fact that he had to rewrite part of the project. However, the author of the project admitted that Discord did indeed ban a number of his bots.