This creepy Twitter bot could be spying on you right now

The first thing you notice about @FFD8FFDB is its inscrutability. But it’s the next thing you’ll notice that will really get to you.

Every few minutes, the Twitter bot tweets a grainy, context-free picture accompanied by a line of strangely formatted gibberish.

It’s only after you start digging into the how the bot actually works that it becomes clear the project is built on a profoundly disquieting foundation—highlighting one of the major privacy loopholes in the modern telecommunication infrastructure. 

Here’s how it works: The software behind @FFD8FFDB scans the Internet for webcams whose operators have left them unsecured, capturing screenshots from the feeds, and then tweets them.

The bot is the work of Derek Arnold, a Minneapolis-based Web developer. While @FFD8FFDB teaches an important lesson about privacy, Arnold said he created the bot primarily as an exercise in aesthetics. 

“Mostly I wanted to use a somewhat predictable, but unreliable imagery source (unsecured public network cameras) as the basis for some fun with video filtering,” Arnold explained in an email to the Daily Dot. He compiles the list of unsecured cameras “using some network tools” to find cameras that are linked to business Internet networks.

Arnold personally selects the cameras himself, which he does to ensure the bot isn’t tweeting out images that are too revealing of strangers’ personal lives. “I went this route because, while there are many lists of cameras available online … my goal wasn’t titillation,” he said. Whenever he comes across cameras broadcasting from people’s homes, he immediately blocks them from the bot’s list of source cameras.

“I tended to lean on cameras that are in outdoors, public or business settings rather than in people’s homes, which was fairly easy since I chose not to scan residential ISP blocks,” Arnold said.

The resulting images, which Arnold processes through video filters to give a processed and washed-out look, generally out show deserted or near-deserted office streetscapes and office building interiors mixed in with windows into places like ski resorts and slot racing tracks. Most of the spaces portrayed are desolate, but some do have unsuspecting human subjects.

Arnold noted that there are many places online to easily locate webcams that are available to anyone with an Internet connection. One of those avenues is called Shodan, a search engine launched in 2009 that allows users to identity hundreds of millions of different Internet-connected devices, from people’s home routers to traffic signals to, yes, even webcams.

The operators of many webcams haven’t bothered to turn on any security features, meaning anyone who can find an unsecured device’s IP address is able to gain access to it.

In a talk at the 2012 Defcon cybersecurity conference in Las Vegas, cybersecurity researcher Dan Tentler explained how he used Shodan to access the controls that would allow him to potentially do things like defrost a Danish hockey rink or switch off a French hydroelectric plant.

In a blog post about the @FFD8FFDB project, Arnold explained that the aesthetic of the captured images trump the security implications the bot puts on display.

“Once you see past the titillation of the intrusion, some of the vantage points have a composure of their own,” Arnold wrote. “The camera installer’s motives are unknown to me, but can be inferred. Sometimes it’s a public camera, used promotionally, so the scene feels composed and ideal.

“Other times the camera’s purpose is security, in which case the angles are harsher, the composition worse,” he continued. “The owner has crammed the device into some dusty corner, competing for space with cobwebs and condoms. But even the harshness of this viewpoint provides an aesthetic perspective. This view feels dystopian, and the hammer strikes a wire in ourselves and our personal impression of the world.”

Arnold noted that he hasn’t received much pushback for the bot potentially violating anyone’s privacy.

“I’ve only had a couple of people confounded by it, but I don’t think people are primarily creeped out,” he said. “Maybe they are, but I’d say most people that interact with it or me tend to say positive things, as I think they get that it’s more of an aesthetic endeavor without any lofty ideals or lessons to learn from it.”

While it wasn’t Arnold’s primary goal to highlight the insecurity of many webcams, he admits that its inherent voyeurism does have a point. “Obviously one of the things that makes this project a little fun is that it’s slightly transgressive,” Arnold said, “but I wouldn’t call that the primary goal.”

H/T Quartz | Photo by Hustvedt/Wikimedia Commons (CC BY-SA 3.0)

Aaron Sankin

Aaron Sankin

Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.