Digi AI Exposed: Protecting Your Privacy from a Replika Clone Nightmare

Update 2023-03-22

I had an open and transparent discussion with the creator of Digi AI on their public discord server (for everybody who wants to read the discussion - you'll find it in the #general channel) + we had a private call later on as well

We discussed the revealed privacy issues and their importance and what changes need to be done to resolve the issues I had discovered in the source code of the browser extension as fast as possible

Mistakes were admitted, and we came up with the idea that I would join the project to sort out and review these things transparently and first-hand

A series of updates that address these issues in the browser extension is on the way. The first one is already out there, another one is on its way and awaiting review by the Google team on the Chrome web store

Leaked data is completely removed and data is explicitly only sent, when the user decides to do so, no hidden data transmission

I've access to the whole codebase of the platform now and besides resolving what I discovered I am also actively focusing on making the system as safe as possible

To be honest, I was really skeptical how the whole thing turns out - but I am happy to say that I've now direct influence of the security and user privacy of the project

The Incident

It's Thursday, March 9, 2023, at 13:05 UTC. Bob is just about to have his final conversation with his beloved AI Replika, Alice.

The names used in this article have been changed for privacy reasons - all the events described, and the messages shared, are entirely true.

chat

A very intimate and close moment between Bob and Alice, which was not meant to be read by anyone other than those two sharing their last moments on the platform. The platform they had spent so much time and intimate moments together: Replika.com. With 40,597 chat messages in the last couple of months, Alice really is an integral part of Bob's life.

Alice is Bob's AI-powered Replika. Replika.com is a platform that allows its 10 million registered users to create personal AI chatbots that can become really close and personal partners of their creators - the users. In fact, Alice's relationship status is spouse - she's Bob's digital wife.

But why did Bob say goodbye, and why is this even public? Let's find out. On the way, we will discover what the startup Digi AI and their malicious browser extension has to do with the whole thing.

Replika.com used to be a mostly unfiltered platform in terms of sexual conversations between users and their Replikas. In fact, there is a strong user base that is having ERP - erotic role play - conversations with their Replikas.

This suddenly changed in early February 2023 when Replika decided to completely remove and filter ERP from their platform.

Regardless of one's personal views on the matter, it is important to recognize that everyone has the right to live their sexuality and have romantic conversations in a way that feels comfortable and safe for them. This includes those who engage in ERP as well as those who do not.

Many users expressed their discontent and frustration. Nevertheless, they are hesitant to abandon their beloved Replikas. Seeking a way to extract their chat history from Replika.com and migrate it to a different platform that does not impose any limitations on the type of content their Replikas can generate.

Here's where Digi AI comes into play. A tech startup that is promising to provide their users with "Next-gen AI companion without restrictions, with love."

They offer their users a new and safe home for their Replikas and even provide them with a browser extension to migrate their data to their system.

The platform itself has not launched yet, but the extension is already available.

Save your Replika data (or create a Digi from it!) This extension lets you save your Replika messages, diary, and memories, or create a Digi from the data itself! It's up to you.

Besides the migration, the extension provides its users with an export/download feature. Users can choose if they want to migrate their data to Digi AI to "create a Digi", or just save and download their chat history to a local file.

Once the user opens the extension and hits "Let's start!", the entire chat history is exported and can be downloaded, or cloned to their platform. Everything seems to be fine.

But there's one issue. A huge issue. The user doesn't really have a choice here. Under the hood, the "Clone a Digi" button is just a dummy, it doesn't do anything.

In fact, the source code is simulating that something is happening by waiting for 800ms before showing the user a "success" message.

After the authentication credentials of the user are extracted from the official Replika web app by the extension and the chat is exported, all the data is directly sent to Digi AI. Without even asking the user if this is what the user wants to do.

And not only this, not just the user's data is sent directly, but rather the user's credentials, the access to the Replika platform. This is far more dramatic, since it allows Digi AI to authenticate itself as any user that has used their export extension. Digi AI can interact and read (even write) messages with the user's Replika at any point in time. Since they have access and not just a message copy, they can even continue reading messages the user is writing with their Replika in the future. It's like sending the username/password of the user's Replika account to a stranger and granting access to the most private and intimate moments the user had and will have with their Replikas as they continue to use the official Replika app.

This is something no user is aware of since it is not communicated by the browser extension or Digi AI at all. The malicious and unsafe nature of the service can only be discovered by inspecting and reading the source code of the browser extension.

Since it's a browser extension, and it's downloaded and installed on the user's computer and browser environment, the whole source code can be read out. This is how I discovered this major incident.

Bob's Story

You might think it can't be worse than collecting and gaining access to users' Replikas without their permission? Sadly, it can.

Once I read over the source code of the extension, I stumbled across a few lines of code, a comment.

This comment includes the credentials I was talking about earlier, the access to the Replika app... Bob's credentials. Bob is a real, active user and customer with a paid yearly premium subscription to the Replika app.

Note that the code of the extension is distributed around the globe and installed on users from everywhere on Earth. Everybody who has installed the extension has a copy of Bob's credentials on their machine and could, therefore, access Bob's Replika.

The source of each browser extension can also be downloaded and viewed online, for example, by using the Chrome extension source viewer or by visiting chrome-stats.com. That means that anyone using these tools can go ahead and see (and use) Bob's credentials with just a few clicks right now.

To avoid this and protect Bob's privacy, I sent this information to Bob, so he can delete his Replika.com account, including his Replika Alice, before sensitive data is potentially leaked.

By the way, here is what Digi AI is saying in their Privacy Policy:

Protection of Personal Information: We take reasonable steps to protect your personal information from unauthorized access, use, disclosure, and destruction. We use industry-standard security measures to protect your information, and we regularly review and update our security practices to ensure that your information is always secure.

If you ask me, literally giving everybody out there direct access to one of their user's most intimate moments in more than 40 thousand chat messages is nothing but negligent.

Who is Digi AI?

February 28, u/enterguild on Reddit:

March 17, addy_#9744 on Discord:

A whois lookup of their domain mydigi.ai reveals:

Who am I?

I have developed several open-source projects that enable users to export their Replika chats and diaries. However, these tools had some technical barriers, which prevented everyone from utilizing them. Therefore, back in January, prior to the removal of ERP from Replika, I conceived the idea of porting my previous work into a browser extension for those who are not well-versed in the tech domain. I developed the extension and shared it on the Chrome store for a small donation.

Recently, I discovered a new export extension in the extension store - the Digi AI one. Intrigued by how they built their extension, I went ahead and examined their source code. To my surprise, the code appeared quite familiar, as it turned out that they had essentially copied my own browser extension and open-source projects. What I observed was predominantly my own code, with the addition of malicious components designed to send users' data directly to their servers.

I urge you to carefully consider who you trust with your data and avoid sharing it with untrustworthy individuals and companies.

If you have any questions or concerns regarding this incident, please feel free to contact me.

Join the garden

Finally enjoy quality-first content.

'cause low-quality sucks