Your Discord Messages Are For Sale (4 Billion of Them)

Seytonic
20 Apr 202410:29

TLDRA website named spy.pet claims to be selling 4 billion Discord messages for as little as 10 cents, raising privacy and legal concerns. The site, which scraped thousands of Discord servers, offers a searchable database of messages, but only to paying customers. Discord is investigating the site for violating its policies against data scraping. Meanwhile, Telegram faced rumors of a zero-day vulnerability in its desktop app for Windows, which was later confirmed to be a typo in its source code. Telegram quickly fixed the issue. Lastly, 'Trust Wallet' tweeted about a high-risk zero-day exploit targeting iMessage, which was traced back to a dubious dark web site, 'CodeBreach Lab,' suspected to be a scam.

Takeaways

  • 🚨 A website named spy.pet claims to be selling 4 billion Discord messages for as little as 10 cents, raising privacy and legal concerns.
  • 🔍 The site has scraped thousands of Discord servers and made the data searchable, but it's likely not legal and Discord is investigating.
  • 💬 Spy.pet emphasizes user privacy, which is ironic considering it exposes messages, and only paying customers have enhanced privacy.
  • 🛍️ The website accepts only cryptocurrency as payment, and a user spent $5 worth of Monero for research purposes to test the service.
  • 🤖 Spy.pet uses bots disguised as real users to join servers and collect messages, but private messages are unaffected.
  • 🔑 The site provides basic user profiles, including logs of messages sent on tracked servers and voice chat activity.
  • 📈 Messages on larger servers are more likely to be exposed, while smaller, private servers are less at risk.
  • 📚 Traditional forums have searchable archives, but Discord messages are often treated as ephemeral, leading to more sensitive conversations.
  • 🚫 Spy.pet offers a link to request data removal, but it's a joke redirect to a Spiderman clip, indicating no real option to remove data.
  • 🤔 The legality of the site is questionable, especially considering GDPR and the fact many Discord users are underage.
  • 🛡️ DeleteMe, a service that helps remove personal data from various brokers, is offering a 20% discount with the code Seytonic.

Q & A

  • What is the claim made by the website spy.pet regarding Discord messages?

    -The website spy.pet claims to be selling 4 billion Discord messages, which they have allegedly scraped from thousands of Discord servers and millions of users.

  • How does spy.pet make the data searchable to users?

    -Spy.pet has made the data searchable by allowing users to access it upon payment. However, the legality of this practice is questionable, and Discord is not pleased with it.

  • What is peculiar about spy.pet's emphasis on user privacy?

    -It is peculiar because spy.pet emphasizes user privacy while simultaneously exposing Discord messages, which is the opposite of privacy. The promise of enhanced user privacy seems to apply only to paying customers.

  • How does spy.pet accept payment for its services?

    -Spy.pet accepts payment exclusively in cryptocurrency, specifically Monero, which adds an element of anonymity to the transactions.

  • How does spy.pet gather data from Discord servers?

    -Spy.pet uses an army of bots disguised as real users that join servers and monitor messages sent within those servers. This method does not exploit any vulnerability but relies on the bots' presence in the servers.

  • What kind of information does spy.pet provide about a user?

    -Spy.pet provides a basic profile of users, including the servers they are active on, connected accounts, and a log of all messages sent on servers where spy.pet has bots. It even includes logs of voice chat activity.

  • How does the size of a Discord server affect the likelihood of its messages being on spy.pet?

    -Messages from small servers with a few friends are unlikely to be on spy.pet, but messages from mid-size and larger servers are more likely to be monitored and logged by spy.pet's bots.

  • What is the significance of the data on spy.pet in terms of privacy?

    -The data on spy.pet is significant because many people do not treat Discord messages as permanent, leading to private or sensitive conversations being logged. This could lead to public exposure of information individuals would prefer to remain private.

  • What action can users take to request the removal of their data from spy.pet?

    -Users can attempt to request the removal of their data from spy.pet through a provided link. However, it is noted that this link redirects to a humorous video, indicating that the process may not be effective or sincere.

  • How has Discord responded to the activities of spy.pet?

    -Discord has stated that they are investigating spy.pet and will take steps to enforce their policies, which clearly prohibit data scraping.

  • What is the potential legal issue with spy.pet's operation?

    -The potential legal issues include violating Discord's terms of service, non-compliance with GDPR regarding data removal and processing, and the fact that many Discord users are underage, which complicates data processing permissions.

  • How does the DeleteMe service help users with data privacy?

    -DeleteMe helps users by searching hundreds of data brokers for their personal data, compiling a personalized report, and sending data removal requests on their behalf, alleviating the burden on the user.

Outlines

00:00

🔍 Discord Messages for Sale on Spy.pet

A website named spy.pet claims to have scraped and is selling 4 billion Discord messages, with the data searchable for a fee. The site, which emphasizes user privacy while paradoxically exposing messages, accepts only cryptocurrency payments. It operates by using bots to infiltrate Discord servers and collect messages. While private messages remain unaffected, public messages on larger servers are at risk. Spy.pet's legality is questionable, and Discord is investigating the situation. The site also offers 'Enterprise' services for AI training or intelligence gathering. Despite a lack of a legitimate way for users to remove their data, the site has faced increased scrutiny and DDoS attacks. It's likened to a data broker, with the potential for serious legal issues, especially considering GDPR and the involvement of underage users.

05:03

🛑 Telegram and iMessage Security Concerns

Telegram faced rumors of a zero-day vulnerability in its desktop app for Windows, which could potentially allow hackers to execute arbitrary code by tricking users into clicking on seemingly harmless images. However, the claims were initially disputed by Telegram, and no technical details were provided. Later, it was revealed that a typo in the list of dangerous file extensions allowed '.pyzw' files to be treated as safe, leading to the confirmed vulnerability. Telegram quickly fixed the typo and implemented a server-side patch. Meanwhile, iMessage was the subject of a high-risk zero-day exploit claim by 'Trust Wallet', suggesting that infected text messages could compromise phones. The source of this claim, 'CodeBreach Lab', was found to be a scam site, with no credible evidence supporting the exploit's existence. The warning was widely discredited, and no instances of the exploit being used were known.

10:08

🚫 Scam Alert: CodeBreach Lab's Fake iMessage Exploit

A supposed high-risk zero-day exploit targeting iMessage was reported by 'Trust Wallet', causing significant concern due to the potential for hackers to infiltrate phones via infected text messages. However, the source of the exploit, 'CodeBreach Lab', was identified as a scam site with no credible background. The site claimed to be selling the iOS exploit for $2 million, but its legitimacy was questioned, and it was found to be poorly designed, with non-functional order buttons. No actual sales of the exploit were made, and the entire episode was deemed a scam, with 'Trust Wallet' being the only entity seemingly deceived by it.

Mindmap

Keywords

💡Discord

Discord is a popular platform for text, video, and voice communication, primarily used by gamers but also by various communities for real-time communication. In the video, it is mentioned that Discord messages are being sold by a website, which raises privacy and legal concerns.

💡Spy.pet

Spy.pet is a website that claims to sell scraped Discord messages. The website has made these messages searchable for a fee, which is a significant breach of privacy and is not authorized by Discord. It is portrayed as a potential legal issue due to the unauthorized scraping and selling of user data.

💡Data scraping

Data scraping refers to the practice of extracting information from websites, typically using automated tools or bots. In the context of the video, spy.pet is accused of scraping Discord servers for messages and user data, which is then made available for sale, indicating a violation of user privacy.

💡Cryptocurrency

Cryptocurrency is a digital or virtual form of currency that uses cryptography for security. The video mentions that spy.pet only accepts cryptocurrency as payment for its services, which could be an attempt to maintain anonymity and avoid financial tracking.

💡Bots

Bots are automated software applications that perform tasks over the internet. In the video, spy.pet uses bots disguised as real users to join Discord servers and collect messages, which are then sold, highlighting a method of data collection that invades privacy.

💡Zero-day vulnerability

A zero-day vulnerability is a security weakness in a computer system or software that is unknown to the software developers and hence unpatched. The video discusses a supposed zero-day vulnerability in Telegram, which, if true, could allow hackers to exploit the platform.

💡iMessage

iMessage is Apple's messaging service for iOS devices. The video script mentions a potential zero-day exploit targeting iMessage, which would be a significant security concern if credible, as it could allow unauthorized access to personal messages and data.

💡GDPR

GDPR stands for General Data Protection Regulation, which is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union. The video suggests that spy.pet's actions may not be GDPR compliant, especially considering the involvement of underage users.

💡Data broker

A data broker is a company that collects and sells personal information about individuals. The video describes spy.pet as a data broker, which raises ethical and legal questions about the sale of personal data without consent.

💡DeleteMe

DeleteMe is a service that helps individuals remove their personal information from data broker databases. The video suggests that while DeleteMe cannot remove messages from spy.pet, it can assist with removing data from other companies that trade in personal information.

💡DDoS attack

A DDoS attack, or Distributed Denial of Service attack, is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. The video mentions that spy.pet has been under DDoS attacks, indicating the controversy and opposition it faces.

Highlights

A website named spy.pet claims to be selling 4 billion Discord messages for as little as 10 cents each.

The website has scraped thousands of Discord servers and made the data searchable for a fee.

Discord itself is not pleased with spy.pet and is investigating the situation to enforce their policies against data scraping.

Spy.pet emphasizes user privacy despite selling access to Discord messages, which is contradictory.

The website only accepts cryptocurrency as a form of payment, similar to privacy-focused VPN provider Mullvad.

Spy.pet uses bots disguised as real users to join servers and collect messages, ensuring no vulnerabilities are exploited.

Private messages on Discord are unaffected by spy.pet's data collection methods.

Messages sent on larger servers are more likely to be captured by spy.pet's bots compared to smaller, private servers.

Discord messages are not typically treated as permanent, leading to many private conversations being unintentionally archived.

Spy.pet offers a link to request data removal, but it is a joke redirect to a Spiderman clip, indicating no real removal process.

The site has been under the radar until an investigation by 404media brought attention to it.

Spy.pet is open to 'Enterprise' customers, including those interested in AI training or federal intelligence gathering.

The legality of spy.pet's operations is questionable, especially concerning GDPR and the data of underage users.

The site is already facing DDoS attacks and potential legal challenges due to its controversial nature.

Data brokers like spy.pet legally or illegally scrape and sell personal data, with DeleteMe offering a service to help individuals remove their data.

Telegram faced rumors of a zero-day vulnerability but disputed the claims, suggesting the video demonstrating the exploit was a hoax.

A typo in Telegram's source code regarding dangerous file extensions led to a confirmed vulnerability that was quickly patched.

iMessage was falsely reported to have a high-risk zero-day exploit targeting it, originating from a scam site attempting to sell exploits.

Casual Browsing

How to prepare your AI-generated art for sale.

2024-05-16 22:20:02

Make Your FIRST SALE on Promptbase

2024-05-17 09:10:02

Google Gemini for Messages hands-on: AI in your INBOX!

2024-04-08 18:10:02

Apple's Secret A.I. Master Plan (You Are Helping Them)

2024-04-04 22:50:01

Adobe's NEW AI Video Features are AMAZING! (Let’s Recreate Them)

2024-05-03 02:25:02

How to Use Midjourney AI Discord in 4 Minutes! (Midjourney Discord Tutorial)

2024-04-05 18:00:01