Malicious “nudify” websites used Google, Apple, and Discord login systems

Major tech companies including Google, Apple and Discord have enabled people to quickly sign up for malicious “undress” websites, which use AI to remove clothing from real photos, leaving victims looking “naked” without their consent. More than a dozen of these deepfake websites have been using login buttons created by the tech companies for months.

A WIRED analysis found that 16 of the largest so-called undress and “nudify” websites use the login infrastructure of Google, Apple, Discord, Twitter, Patreon and Line. The approach allows people to easily create accounts on the deepfake websites, giving them a false sense of credibility before paying for credits and generating images.

While bots and websites that take non-consensual intimate images of women and girls have existed for years, they have grown in number with the introduction of generative AI. Such “undressing” abuse is alarmingly widespread, with teenage boys reportedly taking images of their classmates. Tech companies have been slow to address the scale of the problem, critics say, with the sites appearing high in search results, paid ads promoting them on social media and apps appearing in app stores.

“This is a continuation of a trend that normalizes sexual violence against women and girls by Big Tech,” said Adam Dodge, attorney and founder of EndTAB (Ending Technology-Enabled Abuse). “Opt-in APIs are tools of convenience. We should never make sexual violence an easy act,” he said. “We should be building walls around access to these apps, and instead we’re giving people a drawbridge.”

The sign-in tools analyzed by WIRED, which are deployed via APIs and common authentication methods, allow people to use existing accounts to join the deepfake websites. Google’s sign-in system appeared on 16 websites, Discord’s on 13 and Apple’s on six. The X button appeared on three websites, while Patreon and messaging service Line both appeared on the same two websites.

WIRED is not naming the sites because they are open to abuse. Several are part of broader networks and owned by the same people or companies. The login systems were used despite tech companies generally having rules that prevent developers from using their services in ways that could harm, harass or invade people’s privacy.

When contacted by WIRED, spokespeople for Discord and Apple said they had removed developer accounts associated with their sites. Google said it would take action against developers if it found violations of its terms. Patreon said it bans accounts that allow explicit images, and Line confirmed it was investigating but said it could not comment on specific sites. X did not respond to a request for comment about how its systems are used.

In the hours after Jud Hoffman, Discord vice president of trust and safety, told WIRED that it had terminated the sites’ access to its APIs for violating its developer policies, one of the undressed sites posted in a Telegram channel that authorization via Discord was “temporarily unavailable” and said it was working to restore access. That undressing service did not respond to WIRED’s request for comment about its activities.