If you employ Discord, beware: Your activity – both in public messages and voice channels – may have been intercepted and sold online for as little as $5.
404Media initially broke this story, reporting that a web service called Spy Pet was browsing over 10,000 servers across Discord. The huge amount of data collected from this activity is used for many purposes: Spy Pet sells it for as little as $5 via cryptocurrency (including Bitcoin, Ethereum or Monero) to anyone who wants it, but especially to people involved in law enforcement and organizations wanting to train AI systems.
According to the report, Spy Pet essentially transforms the fragmented Discord platform, where users can post to thousands of servers of their choosing, into an uncomplicated way to target a single user’s activity. Anyone who pays can decide where and where you post, in one convenient place. In compact, it’s not good.
404Media tested Spy Pet and found that it works as advertised. While the outlet cannot confirm Spy Pet’s claims of having data from over 14,000 servers, 600 million users, and 3 billion messages, it was able to successfully purchase data from the service. Apparently you can find a specific user for about 10 cents. (I guess that’s all we’re worth.)
Spy Pet has data from many different servers, from gaming communities such as Minecraft, Among usAND Runic landscape-thematic services for cryptocurrency servers. That said, 404Media reports that many of the tens of thousands of servers listed here contain no data at all and do not seem likely to be taken down.
The modern problem of privacy on the Internet
This is obviously a stern violation of user privacy, but it’s a complicated story. First of all, Spy Pet doesn’t actually download direct messages: Your private messages between other Discord users are protected, they’re just messages you’ve posted to the servers themselves.
Here’s where things get tricky: these messages aren’t necessarily private. Anyone who joins the server will be able to see everything you post and will be able to download the data themselves. Theoretically, if someone was part of every Discord server you were dynamic on, they could conduct a sort of scraping of your spy pet. It would be strange of them, but they could do it.
What Spy Pet does goes beyond that: it scratches So a lot of data and allowing you to check all your activity for cryptocurrency pennies. Plus they sell it to sources you never consented to. Law enforcement probably doesn’t care about your activity on Discord, but you didn’t expect cops to be scrutinizing your Minecraft memes. The same goes for AI companies: I wouldn’t want my Discord data being used to train AI models, even if those companies run out of internet on which to train their systems.
What you can do to protect your data on Discord
Unfortunately, there’s not much you can do with the data once it’s downloaded: Spy Pet doesn’t seem interested in deleting your data from its servers if it’s there.
However, in the future, keep an eye out for bots that want to join your Discord channels. It appears that Spy Pet scraped all this data first. It’s not always uncomplicated as this Reddit thread explains: Some bots do not advertise themselves as such, but appear as modern accounts with no identifying information or profile picture and will silently remain in the feed to scrape data. Better protected than sorry: shady lurkers.
If you have control over the server, consider taking some privacy actions, such as: setting the server to privateOr changing verification settings for the server. These changes won’t guarantee privacy, but they will facilitate keep bots out of your channels.
While it may not seem as public as Twitter, assume that everything you post on Discord will be perceptible to anyone. This is a really good rule of thumb for anything that isn’t end-to-end encrypted, but also for anything you post or send online. Even in the safest situations, nothing on the Internet is foolproof and someone, somewhere, can see what you said. If you join a Discord server, keep this in mind before you start posting.
