This text is the results of a collaboration with TjekDet, Denmark’s fact-checking media outlet, Danish newspaper Politiken, and the Canadian Broadcasting Company (CBC). Watch CBC’s documentary right here.
Warning: This text discusses non-consensual sexually express content material from the beginning.
MrDeepFakes billed itself because the “largest and most user-friendly” platform for superstar deepfake pornography. The web site, which was visited tens of millions of occasions each month, hosted nearly 70,000 express and typically violent movies, which had collectively been considered greater than 2.2 billion occasions.
They present largely well-known girls whose faces have been inserted into hardcore porn with synthetic intelligence – and with out their consent.
Within the background, an energetic group of greater than 650,000 members shared tips about how one can generate this content material, commissioned customized deepfakes, and posted misogynistic and derogatory feedback about their victims.
Supply: MrDeepFakes
For years, the web site has been shrouded in secrecy, current in a authorized gray space and concealing the identification of those that management it. Till now.
Bellingcat, in collaboration with Danish retailers Tjekdet, Politiken and the Canadian Broadcasting Company (CBC), has performed an investigation to disclose the identification of a key administrator behind MrDeepFakes.
David Do is a 36-year-old Canadian pharmacist who, based mostly on open supply data, lives an unassuming and respectable life within the suburbs outdoors of Toronto. Pictures and movies posted on-line present him with household, associates and colleagues. The college graduate has a well-paying job in a public hospital and drives a brand new Tesla.
However Do has been residing a double life: in secret, he’s essentially the most outstanding determine recognized to have had management over the administration of MrDeepFakes. He was additionally an influential member of its rising on-line group, producing his personal deepfake porn and helping customers who wish to make their very own.
On-line posts present Do is a technically minded particular person with a long-standing curiosity in creating and distributing grownup content material, and supply an perception into efforts to obfuscate his identification.
We recognized Do by cross-referencing information from large credential leaks, that are publicly obtainable by way of breach databases. A collection of burner emails, IP addresses, repeated usernames, and a novel password reveal a greater than decade-long digital path that allowed researchers to hyperlink him to MrDeepFakes.
Bellingcat, Tjekdet, Politiken and CBC have despatched Do a number of requests for remark since late March however didn’t obtain a response as of publication. Final month, the CBC hand-delivered correspondence to Do setting out the findings of this investigation, however he declined to remark.
Shortly after, Do’s Fb web page and the social media accounts of some members of the family had been deleted. Do then travelled to Portugal together with his household, in keeping with evaluations posted on Airbnb, solely returning to Canada this week.
On Sunday, the MrDeepFakes web site was shut down. “A crucial service supplier has terminated service completely,” a discover on the platform says. “We is not going to be relaunching. Any web site claiming that is faux.”
CBC approached David Do once more on Monday however he refused to reply questions on his involvement with MrDeepFakes. “I don’t wish to be recorded please,” he mentioned. “I’ve to go. I’m busy proper now.”
Replace: David Do is on depart from his place as a hospital pharmacist, his employer confirmed on Could 13, whereas an inside investigation is underway. Individually, the Ontario Faculty of Pharmacists has mentioned it’s “taking rapid steps to look into this matter additional and decide the mandatory actions we have to take to guard the general public”.
What’s Deepfake Porn?
Deepfake pornography is using synthetic intelligence to create non-consensual, sexually express photos and movies. Analysis exhibits that 99 per cent of victims are girls.
Actress Jenna Ortega, singer Taylor Swift and politician Alexandria Ocasio-Cortez are amongst a few of the high-profile victims whose faces have been superimposed into hardcore pornographic content material.
However the expertise can also be getting used on people who find themselves not within the public eye.
A 2024 survey discovered that no less than one in 9 highschool college students knew of somebody who had used AI expertise to make deepfake pornography of a classmate and The New York Instances has reported that colleges throughout the US had been coping with incidents of youngsters making deepfakes of their feminine classmates.
Adam Dodge, from EndTAB (Finish Know-how-Enabled Abuse), mentioned it was turning into simpler to weaponise expertise in opposition to victims. “Within the early days, regardless that AI created this chance for folks with little-to-no technical talent to create these movies, you continue to wanted computing energy, time, supply materials and a few experience. And now you want little or no of these issues,” he mentioned.
“It’s actually point-and-click violence in opposition to girls. A few of these apps solely require one photograph of the goal, and also you, on the app, actually use your finger to pull the girl’s face right into a video after which simply launch it and AI does the remainder, enhancing that sufferer into the photograph. And you then press play and it now seems that the sufferer from the photograph is partaking in intercourse acts.”
Dodge mentioned the MrDeepFakes web site had grown since 2008 and added options that had been sometimes utilized by common companies to advertise an air of legitimacy. “ It’s unbelievable and I’m incredulous that the location has been allowed to outlive this lengthy,” he informed Bellingcat.
“That is sexual violence, and it’s as dangerous as every other type of sexual violence in our opinion. I’ve talked to psychological well being professionals who work with rape and trauma survivors, they usually analogise it to a lady who’s sexually assaulted whereas unconscious or drugged, and it’s filmed, after which they’ve to observe it later.
“They don’t have any reminiscence of this taking place to them. However the easy act of watching it’s deeply traumatic and that’s what this expertise manufactures. And the permanency and the general public nature of it are the 2, I’d argue, most powerfully traumatic issues that victims usually expertise.”
Governments world wide are scrambling to deal with the scourge of deepfake pornography, which continues to flood the web as expertise advances. In Canada, the distribution of non-consensual intimate photos is against the law, however this isn’t broadly utilized to deepfakes. Canadian. Prime Minister Mark Carney pledged to move a regulation criminalising the manufacturing and distribution of non-consensual deepfakes throughout his federal election marketing campaign.
Within the US, laws varies by state, with about half having legal guidelines in opposition to deepfake pornography. The US Congress final month handed the Take it Down Act, which criminalises the distribution of non-consensual deepfake pornography on the federal degree. President Donald Trump is predicted to signal the invoice into regulation.
The EU doesn’t have particular legal guidelines prohibiting deepfakes however has introduced plans to name on member states to criminalise the “non-consensual sharing of intimate photos”, together with deepfakes. Member states is not going to enact these legal guidelines till 2027. Within the UK, it’s already an offence to share non-consensual sexually express deepfakes, and the federal government has introduced its intention to criminalise the creation of those photos. Australia handed new legal guidelines to fight sexually express deepfakes final yr.
‘Faux It Until You Make It’
The identification of the particular person or folks in command of MrDeepFakes has been the topic of media curiosity for the reason that web site emerged within the wake of a ban on the “deepfakes” Reddit group in early 2018.
However the porn web site’s internet hosting suppliers have bounced across the globe and premium memberships may be purchased with cryptocurrency, which have made it just about not possible to hint possession.
Supply: MrDeepFakes
Adam Dodge, the founding father of EndTAB (Finish Know-how-Enabled Abuse), mentioned MrDeepFakes was an “early adopter” of deepfake expertise that targets girls. He mentioned it had developed from a video sharing platform to a coaching floor and market for creating and buying and selling in AI-powered sexual abuse materials of each celebrities and personal people.
“Our digital world is absolutely good at empowering individuals who wish to do hurt by permitting them to stay nameless whereas concurrently making it nearly not possible for victims to unmask them,” he mentioned.
In January, Bellingcat, in collaboration with the German YouTube channel STRG_F, examined the businesses behind two apps used for creating deepfakes that it marketed prominently on its homepage.
For this investigation, researchers performed a forensic evaluation of the boards on MrDeepFakes’ web site. The boards are a digital market the place members fee deepfakes and commerce tips about making movies with the identical expertise that’s used for creating revenge porn.
Movies posted to the tube web site are described strictly as “superstar content material”, however discussion board posts included “nudified” photos of personal people. Discussion board members referred to victims as “bitches”and “sluts”, and a few argued that the womens’ behaviour invited the distribution of sexual content material that includes them. Customers who requested deepfakes of their “spouse” or “companion” had been directed to message creators privately and talk on different platforms, similar to Telegram.
A search of the boards returned two accounts for MrDeepFakes “workers members”. One joined in March 2019 and can also be listed as a “moderator”. The opposite joined in February 2018 and can also be listed as an “administrator” (two extra administrator accounts, created in 2018 and 2021, weren’t listed as workers members, and one now-defunct account beforehand tagged as workers and moderator was created within the yr after the location was arrange).
Due to this fact, the main target of this investigation was the oldest account within the boards, with a consumer ID of “1” within the supply code, which was additionally the one profile discovered to carry the joint titles of workers member and administrator. The long-time deal with utilized by this account was “dpfks”.
Researchers started by analysing the profile. The dpfks bio contained little figuring out data, however an archive from 2021 exhibits the account had posted 161 movies which had amassed greater than 5 million views. It earned the badge of “Verified Video Creator”.
Discussion board posts doc dpfks’ involvement as a creator and chief in the neighborhood. Archives present dpfks posted an in-depth information to utilizing software program that creates deepfake porn, revealed web site guidelines and content material tips, marketed for volunteers to work as moderators, and gave technical recommendation to customers.
Dpfks’ posts carried the tagline: “Faux it until you make it.”
In a 2019 archive, in replies to customers on the location’s chatbox, dpfks mentioned they had been “devoted” to enhancing the platform. “There’s a purpose why we’re the most important deepfake web site. I care concerning the group and instructing others.
“I don’t suppose different web site house owners care sufficient to make their very own deepfakes, and preserve uptodate [sic] with it. My first few deepfakes had been s**t too, the extra you make, the higher you get.”
David Do’s Hyperlinks to MrDeepFakes
Pirated Motion pictures to Deepfake Porn
David Do retains a low profile underneath his personal title, however pictures of him have been revealed on the social media accounts of his household and employer. He additionally seems in pictures and on the visitor record for a marriage in Ontario, and in a commencement video from college.
Do’s Airbnb profile displayed glowing evaluations for journeys in Canada, the US and Europe (Do and his companion’s Airbnb accounts had been deleted after CBC approached him on Monday). His residence handle, in addition to the handle of his dad and mom’ home, have each been blurred on Google Road View, a privateness characteristic that’s obtainable on request.
Within the late 2000s, whereas finding out at college, Do was concerned within the creation of Xinoa (xinoa.internet), a warez discussion board. Do’s private Hotmail handle, which incorporates his full title, is seen in supply code as an admin contact for the location, archives from 2008 present.
The profile web page “ddo” is tagged because the “Root Admin” and “Xinoa Proprietor”, and lists a date of start matching that of Do. The profile contains obtain hyperlinks to tv exhibits, considered one of which was accompanied by a remark about “examination week” in 2009, when Do was finding out at college. This username can also be much like Do’s Instagram profile (“ddo.jpg”), a hyperlink to which was included within the bio part of his Fb account underneath the title “Doh Dave”. Each social media accounts have been deleted.
An account on an web advertising discussion board was registered utilizing a Xinoa administrator electronic mail handle, breach information exhibits. That account was linked to an IP handle owned by the College of Waterloo, the place Do earned levels in biomedical science in 2010 and pharmacy in 2014, in keeping with Rocketreach.
The 2015 Ashley Madison information breach exhibits consumer “ddo88” registered on the relationship web site with Do’s Hotmail handle and was listed as an “hooked up male looking for females” in Toronto. They described themselves as being of Asian ethnicity, 173 cm tall and weighing 66 kg. The breached profile was linked to a Toronto-based handle and likewise contained a date of start, which matches Do’s start date in public data.
Xinoa would turn into the springboard for a extra subtle operation.
In February 2018, when Do was working as a pharmacist, Reddit banned its nearly 90,000-strong deepfakes group after introducing new guidelines prohibiting “involuntary pornography”. In the identical week, MrDeepFakes’ predecessor web site dpfks.com was launched, in keeping with an archived changelog.
An evaluation of the now-defunct area exhibits the 2 websites share Google analytics tags and back-end software program – in addition to a discussion board admin who used the deal with “dpfks”. Archives from 2018 and 2019 present the 2 websites redirecting or linking to one another. In a since-deleted MrDeepFakes’ discussion board put up, dpfks confirms the hyperlink between the 2 websites and guarantees the brand new platform is “right here to remain”.
“MrDeepFakes.com was previously dpfks.com and we opened our doorways shortly after the Reddit ban,” the 2018 put up mentioned. “I do know becoming a member of a brand new discussion board or group appears like beginning contemporary, and beginning over, however the group is small, and all of the vital gamers will stick collectively. I promise to maintain this group operating so long as I can, in order that the deepfake group doesn’t need to scramble and relocate once more.”
Later in 2018, in a put up on Voat, a defunct on-line message board much like Reddit, dpfks mentioned they “personal and run” MrDeepFakes. In response to a different consumer, dpfks refers to their life outdoors of working a porn web site. “I simply received residence from my day job,” the put up mentioned, “now again to this!” A few of dpfks’ earliest posts on Voat had been deepfake movies of web personalities and actresses. Considered one of dpfks’ first posts on the MrDeepFakes’ boards was a hyperlink to a deepfake video of online game streamer Pokimane.
Different targets included the American politician Alexandria Ocasio-Cortez, for whom dpfks shared a folder containing greater than 6,000 photos that could possibly be used to create deepfake pornography. Earlier than it shut down this week, MrDeepFakes hosted 125 graphic movies tagged with Ocasio-Cortez that had collectively acquired greater than 5.3 million views. After discovering she had been transposed right into a deepfake porn video final yr, Ocasio-Cortez informed Rolling Stone that “digitizing violent humiliation” was akin to bodily rape and sexual assault.
One other goal of dpfks was American YouTube character Gibi_ASMR, who gained reputation on-line together with her ASMR (Autonomous Sensory Meridian Response) movies. Dpfks created and shared pornographic deepfakes of the YouTuber on the MrDeepFakes boards. In a press release revealed by EqualityNow in 2021, she mentioned: “They’re operating this enterprise, profiting off my face doing one thing that I didn’t consent to, like my struggling is your livelihood. It made me actually mad, however once more, there was nothing I may achieve this I simply needed to depart it.”
In 2018, dpfks posted a two minute deepfake video of an Academy Award-winning American actress with the outline: “[Name omitted] doesn’t do porn, however on this faux video she is totally bare together with her legs unfold within the air. Watch her face … whereas she struggles to take it.”
Discussion board posts underneath varied aliases match these present in breaches linked to Do or the MrDeepFakes Gmail handle. They present this consumer was troubleshooting platform points, recruiting designers, writers, builders and search engine optimisation specialists, and soliciting offshore providers.
The username “AznRico” was generally related to Do’s electronic mail account and could possibly be discovered throughout a number of postings on-line. In 2009, years earlier than MrDeepFakes was launched, this now-banned consumer posted to an web advertising discussion board discussing on-line money-making strategies, together with the monetisation of video site visitors.
AznRico additionally posted on an auto lighting discussion board in 2009 to ask for recommendation about fixing headlights for a automobile in Canada – a 2006 Mitsubishi Lancer Ralliart. In one other thread on the identical discussion board, AznRico uploaded a number of photos of the automobile, considered one of which was archived and contained metadata indicating that it was captured on a Sony Ericsson K850i.
In 2008, on a separate discussion board, AznRico mentioned he had this mannequin telephone and posted about troubleshooting the machine (that discussion board was topic to a knowledge breach exposing David Do’s private Hotmail handle and distinctive password).
Public data obtained by CBC affirm that Do’s father is the registered proprietor of a purple 2006 Mitsubishi Lancer Ralliart. Whereas Do’s dad and mom’ home is now blurred on Google Maps, the automobile is seen within the driveway in two photos from 2009, and in Apple Maps imagery from 2019. CBC confirmed the automobile was nonetheless on the home final week.
In 2011, on a freelance job board, AznRico requested for assist constructing a video streaming plugin. This profile additionally listed that the consumer was based mostly in the identical Ontario metropolis the place Do’s dad and mom’ house is situated. In 2018 – the identical yr MrDeepFakes was launched – AznRico requested for recommendation to repair gradual load occasions on their porn web site, which they mentioned acquired about 15,000 to twenty,000 guests a day. Breach information exhibits this account was linked to Do’s private Hotmail handle.
In a single discussion board put up from January 2020, consumer “dj01039” complains that PayPal had restricted their “stealth account”, which was used to “promote digital items” (PayPal was intermittently obtainable as a cost choice on MrDeepFakes). The username dj01039 matches the abbreviation of an electronic mail handle (davidjames01039@gmail.com) that was linked to a PayPal donation button on MrDeepFakes in December 2019.
In June 2020, on one other discussion board, a consumer with the identical alias (who later modified it to “ac2124”) mentioned their stealth account had been completely closed and needed to learn about entrance firms that would settle for funds on their behalf. The consumer described themself because the “webmaster of an grownup tube web site” who takes a minimize from creators who put up authentic porn movies, and likewise earns income from operating advertisements. By December 2020, ac2124 mentioned their web site was incomes between $4,000 and $7,000 a month.
Breach information additionally hyperlinks the MrDeepFakes Gmail to an account on assist boards for Kernel Video Sharing (KVS), a industrial content material administration system, the place consumer “mongoose657” (previously dj01039) sought assist managing a video tube web site. The discussions, from 2021 to 2024, had been in keeping with backend points encountered when operating a big web site: storage options, ticket system failures, and outsourcing growth work.
On the grownup webmaster discussion board GoFuckYourself.com in 2020, dpfks (subsequently modified to “mjmango”) enquired about nameless debit playing cards, which had been marketed as permitting customers to withdraw money or pay for purchases anonymously. In 2021, mjmango responded to a different consumer’s enquiry about how one can monetise tube websites.
In one other discussion board, ac2124 enquired about nations to kind an offshore firm and expressed concern about “know your buyer” checks, that are utilized by the banking sector to substantiate the identification of their prospects. In a 2020 put up, ac2124 mentioned that they had determined to make a “dummy web site/entrance” for his or her grownup web site and enquired about on-line cost processing and “secure funds storage”.
In 2022, ac2124 sought recommendation for a Canadian citizen who operates an “grownup area of interest web site” and requested about “an organization setup that focuses on privateness”. The put up mentioned: “At a naked minimal, this particular person shouldn’t be listed on any public registrar (as director, shareholder, UBO, and so forth). Open to utilizing nominees, opening trusts, and so forth. What are some setups, or jurisdictions that needs to be seemed into?” This consumer additionally requested particularly about establishing an organization within the British Virgin Islands or Cayman Islands, each secrecy jurisdictions.
In late 2023, mjmango left constructive suggestions for an grownup graphic designer beneath a put up from the designer containing a MrDeepFakes emblem. “Bought one other emblem not too long ago. As at all times nice communication and allowed a number of re-edits,” the remark mentioned. In March 2024, ac2124 posted about delays accessing a service that creates a “proxy” for a “high-risk web site” so it could possibly course of transactions from the web cost processor, Stripe.
In April 2024, Dutch outlet Algemeen Dagblad (AD) reportedly made contact with the proprietor of MrDeepFakes, who was anonymised of their subsequent reporting. AD reported that this particular person claimed to have bought the web site, however didn’t present any proof to assist this declare. Our investigation couldn’t affirm whether or not the location was ever bought, and in that case when.
David Do didn’t reply to a number of requests for remark about his involvement with MrDeepFakes.
Correction: This story initially mentioned the AznRico put up concerning the K850i telephone was from 2009, when it was 2008. The article was up to date on Could 8 to mirror this.
Ross Higgins, Connor Plunkett, Beau Donelly, George Katz, Kolina Koltai and Galen Reich contributed to this text.
Bellingcat is a non-profit and the flexibility to hold out our work depends on the type assist of particular person donors. If you want to assist our work, you are able to do so right here. You may also subscribe to our Patreon channel right here. Subscribe to our Publication and comply with us on Bluesky right here and Mastodon right here.
