Discord is one of the few instant messaging platforms that makes it easy to forget that your chat history is recorded. Every chat message you send in a public channel can be accessed by anyone, regardless of the timeline. As a Discord user, I tend to forget that this option exists, especially when it comes to searching for individual users’ chat histories.
A new service called Spy.pet is taking full advantage of it without allowing users to opt out. Officially launched in October 2023, the platform offers users to “Explore Discord’s data with over 300 million users and still growing.”.
At the time of writing this article, the homepage of Spy.pet says that it tracks over 14,000 servers, has a history of more than 627 million users, and has nearly 4 billion logged messages in its archive. When trying to visit the website’s Request Removal page, it redirects to a video of the infamous Jonah Jameson’s “Are you serious?” scene from Spider-Man. It’s a well-known meme.
The website’s pricing page offers only cryptocurrencies as a credit purchase option. Furthermore, the page provides an “Enterprise” package, described as, “Interested in training an AI model with Discord messages? Are you a group of federal agents looking for a new source of intel? Or maybe something else?“.
All of this points to a simple conclusion: the platform’s owner doesn’t care what Discord or anyone else has to say. They’re out to make money, and having your Discord chat history removed from the platform isn’t an option.
An example of the data Spy.pet provides
I do not own cryptocurrencies, so signing up for credits isn’t something I am looking to pursue. If you are reading this and you want to dig deeper into your Discord history using this platform, consider emailing me with your results, and I will add them to this article.
The only example I could find personally was through this LowEndTalk forum post, which discusses a security breach on a hosting website. The discussion eventually led to someone needing to use Spy.pet to find a specific user’s history, and they also shared the public URL!
https://ws.spy.pet/exports/0e5815afb68386a9978a7f7956c9e38b.csvThe URL is archived in the Wayback Machine also.
The data inside the CSV file (which is hosted on Spy.pet’s servers) looks like this:
On its homepage, the owner of Spy.pet has provided a screenshot of the user interface for the platform’s dashboard. It tells us a little more,
The platform’s users can see Connected Accounts for any given Discord user, and that same screenshot also includes a preview of individual chat history, messages, and the channels in which those messages were posted.
The site has a blog that can be found on the Telegram channel. The blog only has one post (the owner is slacking, he said he’d do a monthly update!), but it reveals a few details, namely:
- The site has already been DDoS’d by someone, “The main change this month is Spy.pet getting attacked by certain individuals who really don’t want their messages archived. The first DDoS attack was on the 2nd of February, and it SUCKED.”
- The site was banned by Coinbase Commerce, “On a date unknown to me, my account at Coinbase Commerce was locked. I’m assuming this had either something to do with the same certain individuals complaining to Coinbase, or Coinbase somehow getting mad about the funds customers send.”
The situation with the platform raises numerous ethical and legal concerns, echoing issues we’ve seen with similar platforms in the past like dis.cool. The core of the problem revolves around privacy invasion and data misuse.
Legal and ethical concerns
Spy.pet’s method of operation involves using bots to infiltrate Discord servers and scrape information without the consent of the server owners or its members. This includes collecting messages and lists of server members.
Under the General Data Protection Regulation (GDPR), which applies to all entities handling the data of EU residents, there are strict guidelines about data collection, consent, and the right to erasure (“the right to be forgotten”).
Here are the relevant violations:
- Article 6 of GDPR: Legitimacy of processing personal data hinges on consent or necessity. Spy.pet’s data scraping without user consent directly contravenes this requirement.
- Article 17 of GDPR: This article provides the right for individuals to have their personal data erased on request. The website’s flippant handling of removal requests with a redirect to a meme shows not only a disregard for this law but also a disrespect for individual’s privacy concerns.
- Article 8 of GDPR: Concerns the conditions for the consent of children regarding information society services. Discord users can be as young as 13, and storing data of minors without parental consent further complicates the legal standing of spy.pet.
Beyond legality, there’s an ethical dimension to consider. The indiscriminate collection and monetization of personal data can lead to real harm, affecting people’s social lives, personal relationships, and even their mental health. The ethical principle of respect for persons—which includes respecting their autonomy and privacy—is clearly being violated here.
The information collected and sold can be used for purposes ranging from harmless to deeply malicious, including harassment, stalking, or commercial exploitation without the consent or knowledge of the individuals involved.
The response to such violations is to report the activity to the relevant data protection authorities, in this case, the GDPR enforcement bodies. Another option is to contact the website’s host provider to report abuse.
I’ve reached out to Discord to ask what they think about this and whether they have a way of shutting this website down. Once I have an answer, I will add it below.
UPDATE 4.17.24 11:27PT
A Discord spokesperson responded with, “Discord is committed to protecting the privacy and data of our users. We are currently investigating this matter. If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. We cannot provide further comments as this is an ongoing investigation.”
