Major tech companies like Google, Apple, and Discord allow people to quickly log into malicious “undressing” websites that use artificial intelligence to remove clothing from real photos and make victims appear “naked” without their consent. More than a dozen of these deepfake websites have been using login buttons from the tech companies for months.
A WIRED analysis found that 16 of the largest so-called “undressing” and “nude-making” websites use the login infrastructure of Google, Apple, Discord, Twitter, Patreon and Line. This approach allows users to easily create accounts on the deepfake websites – giving them a semblance of credibility – before paying for credits and creating images.
Bots and websites that create intimate images of women and girls without consent have been around for years, but with the advent of generative AI, their numbers have increased. This type of “undressing abuse” is alarmingly widespread, with teenage boys reportedly creating images of their classmates. Critics say tech companies are slow to address the extent of the problems. The websites appear high in search results, are promoted on social media with paid ads, and apps appear in app stores.
“This is a continuation of a trend that normalizes sexual violence against women and girls by Big Tech,” says Adam Dodge, an attorney and founder of EndTAB (Ending Technology-Enabled Abuse). “Login APIs are convenient tools. We should never make sexual violence a convenient act,” he says. “We should put walls around access to these apps, and instead we're giving people a drawbridge.”
The login tools WIRED analyzed, delivered through APIs and common authentication methods, allow users to use existing accounts to log into the deepfake sites. Google's login system appeared on 16 sites, Discord's on 13, and Apple's on six. The X button was found on three sites, while Patreon's and messaging service Line's both appeared on the same two sites.
WIRED is not naming the sites because they allow for abuse. Some are part of larger networks and owned by the same people or companies. The opt-in systems were used despite the fact that tech companies generally have rules that say developers cannot use their services in ways that enable harm or harassment or violate people's privacy.
When contacted by WIRED, spokespeople for Discord and Apple said they had removed developer accounts associated with their sites. Google said it would take action against developers if it found its terms had been violated. Patreon said it bans accounts that allow the creation of explicit images, and Line confirmed it was investigating but could not comment on specific sites. X did not respond to a request for comment on how its systems are used.
In the hours after Jud Hoffman, Discord's vice president of trust and safety, told WIRED that the sites' access to the APIs had been blocked for violating developer guidelines, one of the Undress sites posted in a Telegram channel that authorization through Discord was “temporarily unavailable” and claimed it was attempting to restore access. That Undress service did not respond to WIRED's request for comment on its activities.