04-12-2025, 01:09 PM
Internet-scraping outfit Spy.pet claims to have harvested more than four billion public messages made by nearly 620 million users on more than 14,000 Discord chat servers – and is selling access to this trove.
The service (for a lack of a better word) has been active since November 2023, vacuuming up user and server activity without any sign of an opt-out. Yes, all the info is already public in a way – Discord is kinda like IRC on steroids – and it's a reminder that it's not impossible to gather up all this chatter using bots for various purposes (if not surveillance then training AI models.)
The website presents the data it's collected in several ways. Each known user has a profile, which contains all known aliases, pronouns, connected accounts to other platforms such as Steam and GitHub, Discord servers joined, and public messages. If you wanted to quite literally spy on a Discord user or users, Spy.pet lets you do that, for a fee.
Indeed perusing the privacy-smashing website's database isn't free. Users have to buy credits to look up profiles, access archives of conversations, and search for servers without having to sit through a cool-down time. Each credit costs one cent, and as a user profile costs ten credits to access (seven for cached profiles), it costs just a tenth of a dollar to look someone up. Of course, Spy.pet only takes cryptocurrency for payments.
There is also a special "enterprise" option that requires contact with the site owner. "Interested in training an AI model with Discord messages? Are you a group of federal agents looking for a new source of intel? Or maybe something else? We've got you covered," is how Spy.pet bills its top-tier program.
It seems Spy.pet used to take donations via a Coinbase link, but this no longer works. This is apparently because Coinbase banned Spy.pet from operating on its platform, according to Spy.pet's lone blog post.
The same post also says the website was DDoS'ed throughout February, though the owner apparently shrugged it off. "All of these attacks caused minimal damage to myself personally or the website in general," the operator said. "All of this effort caused only 50 minutes of downtime. That's it."
As a side note, the footer of Spy.pet has some interesting content, such as a link to a video of TempleOS developer Terry Davis dancing, a "Transparency" page that just says the word "transparency," and a link to the "Request Removal" page that actually just plays the meme clip of newspaper editor J. Jonah Jameson laughing at Peter Parker in the 2004 movie Spider-Man 2.
Speaking of which, Spy.pet has a potentially interesting interpretation of the European Union's General Data Protection Regulation (GDPR), as pointed out by the Stack Diary blog this week. Spy.pet may want to review at least three aspects of GDPR: Articles 6, 8, and 17, which are the rules on consensual data tracking, parental consent for data tracking of minors, and the "right to be forgotten," or being able to ask for personal data to be deleted.
The US FTC also doesn't take the harvesting and selling of children's data lightly, as it just opened a lawsuit against Meta in November on this topic.
We've reached out to Discord and Spy.pet and we'll update you if we get a statement from either or both. ®
Updated to add at 2330 UTC
Discord has told us it is probing Spy.pet to see if any action needs to be taken against the chat-harvesting service.
"Discord is committed to protecting the privacy and data of our users. We are currently investigating this matter," a spokesperson for the app maker told The Register.
"If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. We cannot provide further comments as this is an ongoing investigation."
![[Image: 128.gif]](https://external-content.duckduckgo.com/iu/?u=https://i.ibb.co/hJ2HmDxK/128.gif)
