Some background, for those who arenât familiar with the situation:
Lethys is the creator of a popular FFXIV-centric Discord bot called Ser Aymeric. Itâs admittedly a very useful bot, and is popular because of itâs feature-set.
Lethys is obsessed with harassing individuals he sees as his enemies.
Lethys has leveraged the popularity of his bot to secretly surveil individuals he has grudges with in the past.
I worked on Ser Aymeric directly and had access to the code. All of my information is first hand knowledge. Lethys brought me on to work on Aymericâs dashboard administration interface.
I was asked to hold off releasing this information until after Discord did an investigation. I am uncertain whatever came of that investigation, so either it never happened, or Discord doesnât understand the ramifications of this situation.
Lethys has two spying capabilities built into Ser Aymeric:
The first was built in Version 1 of the bot, specifically to spy on Lethysâ rival Lux and his XIV Male Mods Discord server. Itâs known as the âsecret hâ function (command ?h), and was able to dump the last 1000 lines of chat from any channel Aymeric is present in. He specifically built it to spy on XIV Male Modsâ private admin channel to see what they were saying. He was obsessed with them as a rival server to Lethysâ Gayorzea community. This function could have been used to export the text of any channel on any server that Ser Aymeric was present in, but XIV Male Mods was the only one Iâm aware of it being used against.
For Version 2, much of the bot was rewritten, but rather than making things better, he grew the spyware capabilities.
It was during the V2 rewrite that Lethys brought me on to work on the administrative back-end for the rewrite, which is why I had access to the code. Despite his claims in the past, I was listed as a developer on the credits and homepage ever so briefly.
Version 2 logs every message by every user in every channel that Ser Aymeric has read permissions to. It stores them in a MongoDB (a type of database software) collection called âmessagesâ. These records (referred to as JSON objects) represent all message sent, across all the servers Aymeric is present in. They are plain text, unencrypted and personally identifiable. Lethys could query them on a per-server, per-channel or per-user level.
In his privacy policy he claims this logging is for the âquotesâ feature, but it goes far beyond that. This is all messages, whether or not someone has invoked a quote command or not. Everything.
This is a look into the live production database Ser Aymeric is running off of, using MongoDB. Youâll notice a âmessagesâ collection containing a large number of objects.
An example of one of the objects inside the âmessagesâ collection. This represents a message someone shared. Every single message that is shared in a channel that Ser Aymeric has read access to is logged and stored, regardless of if they have been quoted, deleted, or whatever the case may be. Everything. In spite of what the author claims or states in their privacy policy.
Here is another example. This shows how easy it is to query down to a specific user, channel or server level. In this case itâs my own Discord ID. This was posted in a private administrative channel that although Aymeric had read access to, had no reason to be logging whatsoever.
Here is a live shot of that same message, inside a closed admin channel. The message ID is 617875866122190859, channel ID is 480809457056743424, server ID is 179321234046058497 and author ID is, again my own, 62310340079128576. This mirrors exactly what is in the live database on Ser Aymeric.
So, the long and short of it is, a known sexual predator with a history of harassing his victims and those he has grudges against has a wildly popular Discord bot which enables him to see what anyone is saying without their knowledge on any server, to be aware of what servers they are present in, what channels they have permissions to, and more.
Let the scale of that sink in. At the time of this writing itâs on 18,372 servers, and monitoring 1,210,120 users who are completely unaware. Itâs gobbling up every message across every Discord server itâs present in, collecting private information without peopleâs consent or knowledge, readable by him, and no way to delete it. It is not even remotely GDPR compliant, in spite of Lethysâ being a citizen of the United Kingdom. Itâs a gross invasion of privacy.
Every server that has Ser Aymeric present in it is unwittingly enabling Lethys to continue to spy and harass his victims. Do not use this bot. Do not trust Lethys with you or your friends information. You will learn, as I did, that he is not someone you should put your trust in.
-
Some have claimed it would be impossible to process every single
message that Aymeric has access to. Thatâs simply not true. Aymeric, like
all bots, *has* to process every message in a channel it has read access
to. How else do you think it would know you used one of itâs commands?
As
far as storing those messages, Lethys recently updated his privacy
policy to admit that yes, he does really do that. The reason the
database doesnât swell to an unmanageable size is because he runs a
process to occasionally wipe out old messages from the live database â
however, old messages are still saved in backups. I do not know how often
he runs this processed, but I would expect he gives it a pretty wide
clearance, as once those messages are out of the live database they
canât be quoted or referenced for deletion/edit auditing features. So
what, 60, 90 days? Iâm not sure. In any event, even when the live
database is trimmed for performance, your data is never really gone, and
is conceivably retrievable by him from backups.
A 30, 60 or 90
day allowance is plenty of time for him to readily go back and read
messages from people heâs taken issue with, though. Iâm not sure Iâd be comfortable with anyone reading a rolling 30 day history of my text messages to the people I care about, with access to more if they were really curious.
-
Also, just to get this out of the way, because people keep declaring Iâm full of shit, yes, I did work on the bot:
Update: In light of my tweets, a new version of Ser Aymeric has recently been released advertising itself as âsecureâ because it encrypts these messages. This is literally impossible to do from a cryptography standpoint, as I explain here. Message history and quoting is impossible to do with an encrypted database. Aymeric is no more secure from Lethysâ spying than it ever has been, and Iâve nothing to indicate that Lethys has spontaneously developed a moral compass.
-
Update: People have in the past faulted me for conflating Lethysâ personal issues with the security concerns of the bot, but I strongly believe the two are inseparable.
The âsecret hâ function outlines the developerâs state of mind: we can abuse this and use it to our advantage, and they did. The many, many stories on Twitter and elsewhere from people who have been harassed by Lethysâ speak to his character and trustworthiness. Years of personal experience seeing just how unbalanced Lethys informed my opinion on how he might use the bot.
V2â˛s logging functions are not inherently evil, the problem is, in the wrong hands, they can be abused. âsecret hâ demonstrates that they HAVE abused this power in the past, so how are we to trust them now with even more power? We canât. You shouldnât. That is what Iâm saying. You put your trust in the developer to do the right thing with your data by using their bot. And this developer is not trustworthy.
thealmightykurama reblogged this from richeater
emmrakul liked this
fggamer-reds reblogged this from arayan-ffxiv
sandrock liked this
velacity reblogged this from richeater
gobliinoid reblogged this from eorzean-capitalist
ipsen reblogged this from metroidprime2-echoes eocb reblogged this from phendrift
swampyswan liked this 
retrobotic reblogged this from oreowiskers phendrift reblogged this from metroidprime2-echoes
cass-cc liked this poorlittlemexicanboi reblogged this from metroidprime2-echoes
vforvalenxa liked this
v-mos reblogged this from metroidprime2-echoes oreowiskers liked this
blueirisfox liked this
futzingbarton liked this
prismwaves liked this
omtivi liked this