Music Bots Under Attack

First they came for the Music Bots, and I did not care...

The current time is not a good one for Discord's most popular type of bot, music bots. Back in August, the first domino fell, as the legendary "dabBot" shut off for the last time, starting a wave of controversy in itself. Citing fear over "legal action", dabBot caretaker FLOWER#0001 ultimately disabled the bot, which was in over 300,000 guilds at the time and served thousands of audio streams.

"@everyone: dabbot has been offline for the past months because we're not willing to risk legal action from the music industry as dabbot illegally streams copyrighted content. dabbot will not be coming back because of this risk. thank you for using dabbot over the past years." - FLOWER # 0001
FLOWER#0001 makes an official stance on shutting down the dabbing bot.

Concerns over legal action targeting music bots may seem unjustified to an outsider, but those in the know recognize just how severe the potential legal consequences for music bots could be. Per the 1984 Digital Millenium Copyright Act, otherwise known as DMCA, restreaming copyrighted content without permission is punishable by a several hundred thousand dollar fine per infraction, alongside a hefty prison sentence for repeat offenders. Bot developers running these music bots might not realize it, but every individual song streamed accounts for one copyright infringement – meaning, these bot developers could be breaking the law several thousand times per day.

Thus far, YouTube, the primary source for music bot media, has not chosen to pursue legal action, nor report the activities to copyright holders. That does not mean that YouTube has been entirely benign in the issue, though. On the contrary, YouTube has begun imposing strict rate-limiting (analogous to the bread-lines used in socialist states such as Venezuela) on bots querying YouTube's servers for video metadata. The developer of the popular bot "FredBoat" has written about this issue, dubbing the rate-limit a "blockade."

We reached out to fre_d, developer of the "FredBoat" for a first-reported-here update on how he intends to resolve the issue:

Yeah, I'm thinking we'll just up the hyper-fredding [sic] on the servers and reboot the router.

When asked what "hyper-fredding" referred to, fre_d declined to comment.

Other bot developers have looked into more creative solutions to avoiding the ratelimit, such as using "IPv6" addresses. We did some research into what an "IPv6" address is, and it turns out, it just means the internet packets (think of these like packets of mustard, just with internet bits-and-bobs in them) are about six times wider than normal – allowing them to brute force their way through YouTube's rate limiting engine.

While many bot developers have not found success using the wider packets, has been informed by an anonymous source that the developer of the bot "Vexera" is looking into a bypass technique using even wider packets. We tried reaching out to the developer of the Vexera bot directly for feedback, but he was not willing to answer at this time, claiming worries for personal safety.

"Yeah, some guy called Rice or something has been threatening me with images of ducks... he keeps saying he's going to send me to Zimbabwe if I don't let him in on the secret. I don't really want to talk about it right now" - Luke, developer of "Vexera"

With most Discord bots relying on third-party APIs, we hope that the "YouTube blockade" is not just the first in a number of incoming blocks. This series will be updated as more information becomes available.