Tag Archives: Discord

Billions Of Public Discord Messages May Be Sold Through A Scraping Service



It’s easy to get the impression that Discord chat messages are ephemeral, especially across different public servers, where lines fly upward at near-unreadable pace. But someone claims to be catching and compiling that data and is offering packages that can track more than 600 million users across more than 14,000 servers, ArsTechnica reported.

Joseph Cox at 404 Media confirmed that Spy Pet, a service that sells access to a database of purportedly 3 billion Discord messages, offers data “credits” to customers who pay in bitcoin, ethereum, or other cryptocurrency.

Searching individual users will reveal the servers that Spy Pet can track them across, a raw and exportable table of their messages, and connected accounts, such as GitHub. Ominously, Spy Pet lists more than 86,000 other servers in which it has “no bots,” but “we know it exists.”

As Cox notes, Discord doesn’t make messages inside server channels, like blog posts or unlocked social media feeds, easy to publicly access and search But many Discord users may not expect their messages, server memberships, bans, or other data to be grabbed by a bot, compiled, and sold to anybody wishing to pin them all on a particular user.

404 Media confirmed the service’s function with multiple user examples. Private messages are not mentioned by Spy Pet and are presumably still secure.

PCMag compared to other messaging apps like Instagram or Snapchat, Discord has historically allows bots and third-party tools to proliferate on its platform. But one surveillance tool, SpyPet, is tracking Discord users across the servers they’ve joined and provides details logs of all messages sent on servers for a starting price of about $5 worth of crypto.

Regardless of SpyPet’s scope, its platform and others like it still pose obvious user privacy and safety concerns. It also goes against Discord’s Terms of Service, which states that no one can scrape Discord’s data without the company’s written permission. Unfortunately, tools like SpyPet could be used to spy on Discord friends and help stalkers, bullies, or bad actors harm existing Discord users.

“Discord is committed to protecting the privacy and data of our user,” a Discord spokesperson tells PCMag. “We are currently investigating this matter. If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. We cannot provide further comments as this is an ongoing investigation.”

Engadget reported for as little as $5 in cryptocurrency, Spy Pet lets you access data about specific users, such as which servers they participate in, what messages they’ve sent and when they joined or left voice channels. It claims to have information on an alleged 600 million users across 14,00 Discord servers and three billion messages.

As for what inspired SpyPet, its creator suggested its a classic case of doing what one enjoys and pushing personal boundaries. “I like scraping, archiving, and challenging myself,” the creator told 404 Media. “Discord is basically the holy grail of scraping, since Discord is trying absolutely everything to combat scraping.”

In my opinion, those of you who run a Discord server might want to take the time to lock it down for now, at least until Discord figures out who the scraper is and kicks them out forever.


Discord Is Finally Adding Parental Oversight



Discord is finally bringing some parental supervision to its teen-heavy locker room of a chat service, The Wall Street Journal reported.

According to The Wall Street Journal, the free messaging platform – which has long had a reputation as a Wild West for gamers – has grown to 150 million monthly active users since 2015. Two years ago, the company took steps to better police the site for child predators and block minors from seeing porn.

It stopped short of offering the kind of monitoring provided by competitors TikTok, Instagram, and Snapchat. But feedback from parents and digital-media experts led Discord to bring some new visibility to parents.

Parents can now see who their teens befriend, when they messaged friends, how many people they have called, the communities they have joined and other details. Discord isn’t meant to be used by kids under 13. Much like other social-media platforms, the company won’t share kids’ message content with parents.

“We decided not to expose message content because we want to give teens agency over their experience,” said Clint Smith, Discord’s chief legal officer, who oversees its trust and safety team.

The company also won’t offer time limits or other basic parental controls found on other platforms. (Parents can set these using built-in tools for iOS and Android.)

TechCrunch reported that Discord is introducing a new Family Center opt-in designed to make it easy for parents and guardians to learn more about who their teens are friends with and talk to on the platform, the company announced on Tuesday. The official rollout of the parental controls comes two months after Discord was seen testing the Family Center feature.

According to TechCrunch, Family Center has two major components: an activity dashboard accessible from Discord at any time and a weekly email summary containing information about your teen’s activity. Although parents will be able to see which Discord communities and users their teens are talking to, they won’t be able to see the contents of the conversations themselves in order to protect their privacy.

“Once your teen has accepted your connection request, the Family Center will populate with details about their activity on Discord within the last seven days,” the company wrote in a blog post. “This includes the number of users they’ve messaged or called, the number of new friends they’ve added, and how many servers they’re actively participating in. Family Center won’t contain a compete archive of activity and will only highlight activity occurring after your teen has accepted your connection request.”

WIRED reported that anyone 13 or older is allowed to sign up to Discord, and parents are right to be concerned about who their children are befriending…

As a parent, WIRED wrote, you will need to sign up for your own Discord account before you can start using Family Center. After you’ve created an account, consider talking with your child about the importance of online safety and why these security settings are important. For Family Center to work, both the parent’s and the child’s account must opt in.

Go to User Settings, and then choose Family Center. Here, your teen will need to share a time-sensitive QR code for you to scan and complete the activation process. QR codes can be regenerated, if multiple parents want to sign up for Family Center.

It seems to me that the problem I’m seeing is that Family Center must be opted into by both the teenager and the parent(s) on Discord in order for the parental/guardian involvement to work. As TechCrunch reported, Family Center will only highlight activity occurring after your teen has accepted your connection request.


Discord Cooperates In Probe Of Classified Material Breach



Instant messaging platform Discord said on Wednesday that it was cooperating with U.S. law enforcement’s investigation into a leak of secret U.S. documents that has grabbed attention around the world, Reuters reported.

According to Reuters, the statement comes as questions continue to swirl over who leaked the documents, whether they are genuine and whether the intelligence assessments are reliable. The documents, which carry markings suggesting that they are highly classified, have led to a string of stories about the war in Ukraine, protests in Israel, and how the U.S. surveils friend and foe alike.

The source of the documents is not publicly known, but reporting by the open-source investigative site Bellingcat has traced their earliest appearance to Discord, a communications platform popular with gamers.

Discord’s statement suggested it was already in touch with investigators:

“In regard to the apparent breach of classified material, we are cooperating with law enforcement,” the statement said. “As this remains an active investigation, we cannot provide further comment at this time.”

The Federal Bureau of Investigation did not immediately return a message seeking comment.

The Wall Street Journal reported that the U.S. government is treating the apparent disclosure of classified material surrounding the war in Ukraine as an insider’s leak, people familiar with the matter say, and is working to identify and apprehend a key suspect in a massive intelligence breach that exposed the challenges of safeguarding sensitive U.S. information and tested ties with some of America’s closest allies.

According to The Wall Street Journal, the bulk of the more than 60 documents, if genuine, appear to originate from the Central Intelligence Agency’s Operations Center and the Pentagon’s Joint Chiefs of Staff. Such documents are typically briefed to senior-level decision makers at the Pentagon in an environment protected from electronic surveillance and secured against leaks.

The Wall Street Journal also reported that the Federal Bureau of Investigation is using clues in the images that have circulated online in recent weeks to aid its criminal investigation, law-enforcement officials said. The Defense Department has extensive procedures around the handling of classified documents in both digital form and on paper, according to interviews with former intelligence community and Pentagon officials.

The leaked documents appear to have been printed and folded twice. In some images, there are items clearly visible in the background, including a hunting magazine, a knife, and a tube of Gorilla-brand glue. All could be clues as to how and by whom the documents came to be initially posted with a small group of individuals on Discord, a social-media outlet popularized by videogame enthusiasts where users chat about games, investing, and other topics in the mostly private, invitation-only, groups called servers.

In my opinion, it appears that someone copied classified documents. The clues mentioned by The Wall Street Journal could potentially lead to the person who not only took the classified documents, but also printed them out and published them online.


Discord Restored Its Privacy Policies After Pushback



TechRadar posted an update from Discord in which the company backtracks about its previously announced changes. From the update:

UPDATE: Discord has updated the Privacy Policy that will take effect on March 27, 2023, adding back the statements that were removed and adding the following statement: “We may build features that help users engage with voice and video content, like create or send short recordings.”

A Discord spokesperson contacted TechRadar to provide the following statement: “Discord is committed to protecting the privacy and data of our users. There has not been a change in Discord’s position on how we store or record the contents of video or voice channels. We recognize that when we recently issued adjusted language in our Privacy Policy, we inadvertently caused confusion among our users. To be clear, nothing has changed and we have reinserted the language back into our Privacy Policy, along with some additional clarifying information.”

“The recently announced AI features use OpenAI technology. That said, OpenAI may not use Discord user data to train its general models. Like other Discord products, these features can only store and use information as described in our Privacy Policy, and they do not record, store, or use any voice or video call content from users.”

“We respect the intellectual property of others, and expect everyone who uses Discord to do the same. We have a thorough Copyright and Intellectual Property policy, and we take these concerns seriously.”

In addition TechRadar reported, the spokesperson asserts that if Discord’s policy “ever changes, we will disclose that to our users in advance of any implementation.”

Previously, Discord appeared to have updated some of the information in their “Information you provide to us” section. Originally, a portion of the “Content you create” section said: (in part) “We generally do not store the contents of video of voice calls or channels. If we were to change that in the future (for example, to facilitate content moderation), we would disclose that to you in advance. We also don’t store streaming content when you share your screen, but we do retain the thumbnail cover image for a short period of time.”

Sometime later, Discord changed the “Content you create” section to: “This includes any content that you upload to the service. For example, you may write messages or posts (including drafts), send voice messages, create custom emojis, create short recordings of GoLive activity, or upload and share files through the services. This also includes your profile information and the information you provide when you create servers.”

It was that change that caused many people to have concerns that their content would be used by Discord’s AI bots. I honestly considered removing my art from Discord. It is good that Discord clarified things a little bit – for example, stating that “OpenAI may not use Discord user data to train its general models.”

That said, when a company pulls shenanigans like Discord did – I find it difficult to trust them with my artwork. If you feel that way as well, one thing you can do is get on Discord and look for “Privacy & Safety”. It opens to a section where you can turn off Discord’s ability to use your data, and to track screen reader usage.


Discord Quietly Removed Privacy Policies – Then Added Bad Ones



Last week, Discord announced new AI features powered by Midjourney’s image generator and chatbot technology powered by OpenAI, the makers of ChatGPT. The company’s existing chatbot, named Clyde, is now super-charged with artificially intelligent language parsing capabilities and there are other fun features.

Those features appeared to come at a cost: in the fine print of the company’s privacy policy, Discord made subtle changes that disturbed users. It revoked promises not to collect data about screen recording and voice and video chats. One day after getting called out, though, Discord undid those changes, Gizmodo reported.

TechRadar reported that a Discord spokesperson contacted TechRadar to provide the following statement: “Discord is committed to protecting the privacy and data of our users. There has not been a change in Discord’s position on how we store or record the contents of video or voice channels. We recognize that when we recently adjusted language in our Privacy Policy, we inadvertently caused confusion among our users. To be clear, nothing has changed and we have reinserted the language back into our Privacy Policy, along with some additional clarifying information.”

Discord continued: “The recently-announced AI features use OpenAI technology. That said, OpenAI may not use Discord user data to train its general models. Like other Discord products, these features can only store and use information as described in our Privacy Policy, and they do not record, store, or use any voice or video content from users.”

According to TechRadar, the biggest issue with this AI integration is the fact that it comes bundled with very deliberate changes to Discord’s privacy policy. The previous privacy policy, which is still in effect until March 26, 2023, had two important statements under the “The information we collect” section.

The first states that “We generally do not store the contents of video or voice calls or channels” and the second is “We also don’t store streaming content when you share your screen”

But, TechRadar reported, when you check the new privacy policy, which is set to take effect on March 27, 2023, both those statements as well as the one claiming that “if we were to change that in the future (for example, to facilitate content moderation), we would disclose that to you in advance,” are now completely wiped.

Discord appears to have changed it to the following: “Content you create: This includes any content you upload to the service. For example, maybe you write messages or posts (including drafts), send voice messages, create custom emojis, create short recordings of GoLive activity, or upload and share files through the services. This also includes your profile information and the information you provide when you create servers.”

In addition, TechRadar reported that it could be possible for Discord to let its AI bots engage in rampant art theft by stealing the art creators have already posted on Discord. This, alone, makes me want to remove all the art I’ve posted there.


Phishing Scam in Discord Separates People from their NFTs



I’ve seen people on Twitter, who are into cryptocurrency and who have those hexagon shaped avatars (that they had to pay for), praise the blockchain. There appears to be a widely held concept that the blockchain is safe because it cannot be changed.

Some of those people, who are in NFT focused Discords learned a lesson the hard way. Vice reported that the Discords of multiple NFT projects were hacked as part of a phishing scam to trick users into handing over their digital jpegs. This included the Discords for Bored Ape Yacht Club, Nyoki, Shamanz, Doodles, and Kaiju Kingz all of which were targeted.

Scammers put phishing posts into those Discords. According to Vice, the goal of the hack was to trick people into clicking on a link to “mint” a fake NFT by sending ETH and in some instances an NFT to wrap into a token. Motherboard viewed a message to that effect in a Discord that had a compromised bot.

Those who responded to the phishing post – in the hopes of being able to “mint” an NFT (that turned out to be fake) were unaware that they had fallen for a scam.

Vice provided the following explanation in their article:

Two wallet addresses have been tied to the hacks, now labeled Fake_Phishing5519 and Fake_Phishing5520 on blockchain explorer Etherscan. At least one Mutant Ape Yacht Club NFT (a BAYC spinoff by developer Yuga Labs) was stolen and quickly sold by the 5519 wallet, which sent 19.85 ETH to the 5520 wallet.

The second wallet sent 61 ETH ($211,000) to mixing service Tornado Cash early Friday morning. The latest transaction is a transfer of ETH to a previously inactive wallet that then sent the same sum to an incredibly active wallet currently sitting on 1,447 ETH ($5 million), 6 million Tether coins ($6 million), and an assortment of other tokens.

The blockchain itself might be secure. Unfortunately, there will always be people who fall for an enticing phishing scam. Those unfortunate people won’t get their cryptocurrency or NFTs back.


Discord Banned More than 2,000 Extremist Groups



Discord is a group-chat app that is often used by people who enjoy playing video games with their friends who live far away. I use Discord to play Dungeons & Dragons with my friends, and have used it to talk to people while playing Diablo III. Unfortunately, it appears that a lot of terrible people had been using Discord for nefarious reasons. Discord has rightfully banned them.

Discord provided a lot of information in their Transparency Report which covers July through December of 2020. There is a pie chart that shows user reports by category. Harassment was the largest category, with 132,817 reports. This was followed by Cybercrime (42,588) and NSFW (33,106).

NPR reported that Discord removed more than 2,000 communities dedicated to extremism and other violent content in the second half of last year. NPR noted that the enforcement actions by Discord come at a time when Microsoft is (reportedly) in talks to acquire Discord for $10 billion.

Discord’s transparency report points out that it has invested in resources that enable it to proactively detect and remove the highest-harm groups from their platform. This includes many categories including: Exploitative Content, and Violent Extremist groups.

We also worked in the second half of 2020 to take action against militarized movements like the “Boogaloo Boys” and dangerous conspiratorial groups like QAnon. We continue to believe there is no place on Discord for groups organizing around hate, violence, or extremist ideologies.

Discord’s Trust & Safety team removed 1,504 servers for Violent Extremism in the second half of 2020. That is nearly a 93% increase from the first half of the year. According to Discord, the increase can be attributed to the expansion of their anti-extremism efforts as well as growing trends in the online extremism space.

One of the online trends Discord observed in that period of time was the growth of QAnon. Discord adjusted their efforts to address that movement and removed 334 QAnon-related servers.

Personally, I’m happy that Discord has been making efforts to remove violent extremism and conspiracy theories. Some of the Discords that I am connected to, and participate in, are open to anyone who wants to join. Knowing that Discord has been actively removing bad actors from its service makes me feel safer using it.