This text is the results of a collaboration with TjekDet, Denmark’s fact-checking media outlet, Danish newspaper Politiken, and the Canadian Broadcasting Company.
Warning: This text discusses non-consensual sexually express content material from the beginning.
MrDeepFakes billed itself because the “largest and most user-friendly” platform for movie star deepfake pornography. The web site, which was visited hundreds of thousands of occasions each month, hosted virtually 70,000 express and typically violent movies, which had collectively been considered greater than 2.2 billion occasions.
They present principally well-known ladies whose faces have been inserted into hardcore porn with synthetic intelligence – and with out their consent.
Within the background, an energetic group of greater than 650,000 members shared recommendations on the way to generate this content material, commissioned customized deepfakes, and posted misogynistic and derogatory feedback about their victims.
Supply: MrDeepFakes
For years, the web site has been shrouded in thriller, current in a authorized gray space and concealing the identification of those that management it. Till now.
Bellingcat, in collaboration with Danish shops Tjekdet, Politiken and the Canadian Broadcasting Company (CBC), has carried out an investigation to disclose the identification of a key administrator behind MrDeepFakes.
David Do is a 36-year-old Canadian pharmacist who, primarily based on open supply info, lives an unassuming and respectable life within the suburbs exterior of Toronto. Images and movies posted on-line present him with household, pals and colleagues. The college graduate has a well-paying job in a public hospital and drives a brand new Tesla.
However Do has been residing a double life: in secret, he’s probably the most distinguished determine recognized to have had management over the administration of MrDeepFakes. He was additionally an influential member of its rising on-line group, producing his personal deepfake porn and aiding customers who need to make their very own.
On-line posts present Do is a technically minded particular person with a long-standing curiosity in creating and distributing grownup content material, and supply an perception into efforts to obfuscate his identification.
We recognized Do by cross-referencing information from large credential leaks, that are publicly obtainable by way of breach databases. A collection of burner emails, IP addresses, repeated usernames, and a singular password reveal a greater than decade-long digital path that allowed researchers to hyperlink him to MrDeepFakes.
Bellingcat, Tjekdet, Politiken and CBC have despatched Do a number of requests for remark since late March however didn’t obtain a response as of publication. Final month, the CBC hand-delivered correspondence to Do setting out the findings of this investigation, however he declined to remark.
Shortly after, Do’s Fb web page and the social media accounts of some members of the family have been deleted. Do then travelled to Portugal along with his household, in response to critiques posted on Airbnb, solely returning to Canada this week.
On Sunday, the MrDeepFakes website was shut down. “A essential service supplier has terminated service completely,” a discover on the platform says. “We is not going to be relaunching. Any web site claiming that is pretend.”
CBC approached David Do once more on Monday however he refused to reply questions on his involvement with MrDeepFakes. “I don’t need to be recorded please,” he stated. “I’ve to go. I’m busy proper now.”
What’s Deepfake Porn?
Deepfake pornography is using synthetic intelligence to create non-consensual, sexually express photographs and movies. Analysis reveals that 99 per cent of victims are ladies.
Actress Jenna Ortega, singer Taylor Swift and politician Alexandria Ocasio-Cortez are amongst a few of the high-profile victims whose faces have been superimposed into hardcore pornographic content material.
However the know-how can also be getting used on people who find themselves not within the public eye.
A 2024 survey discovered that at the very least one in 9 highschool college students knew of somebody who had used AI know-how to make deepfake pornography of a classmate and The New York Instances has reported that colleges throughout the US have been coping with incidents of youngsters making deepfakes of their feminine classmates.
Adam Dodge, from EndTAB (Finish Know-how-Enabled Abuse), stated it was changing into simpler to weaponise know-how in opposition to victims. “Within the early days, regardless that AI created this chance for individuals with little-to-no technical talent to create these movies, you continue to wanted computing energy, time, supply materials and a few experience. And now you want little or no of these issues,” he stated.
“It’s actually point-and-click violence in opposition to ladies. A few of these apps solely require one picture of the goal, and also you, on the app, actually use your finger to pull the lady’s face right into a video after which simply launch it and AI does the remainder, modifying that sufferer into the picture. And then you definitely press play and it now seems that the sufferer from the picture is partaking in intercourse acts.”
Dodge stated the MrDeepFakes website had grown since 2008 and added options that have been sometimes utilized by common companies to advertise an air of legitimacy. “ It’s unimaginable and I’m incredulous that the location has been allowed to outlive this lengthy,” he informed Bellingcat.
“That is sexual violence, and it’s as dangerous as some other type of sexual violence in our opinion. I’ve talked to psychological well being professionals who work with rape and trauma survivors, and so they analogise it to a lady who’s sexually assaulted whereas unconscious or drugged, and it’s filmed, after which they’ve to observe it later.
“They haven’t any reminiscence of this occurring to them. However the easy act of watching it’s deeply traumatic and that’s what this know-how manufactures. And the permanency and the general public nature of it are the 2, I’d argue, most powerfully traumatic issues that victims typically expertise.”
Governments around the globe are scrambling to sort out the scourge of deepfake pornography, which continues to flood the web as know-how advances. In Canada, the distribution of non-consensual intimate photographs is unlawful, however this isn’t extensively utilized to deepfakes. Canadian. Prime Minister Mark Carney pledged to move a legislation criminalising the manufacturing and distribution of non-consensual deepfakes throughout his federal election marketing campaign.
Within the US, laws varies by state, with about half having legal guidelines in opposition to deepfake pornography. The US Congress final month handed the Take it Down Act, which criminalises the distribution of non-consensual deepfake pornography on the federal degree. President Donald Trump is predicted to signal the invoice into legislation.
The EU doesn’t have particular legal guidelines prohibiting deepfakes however has introduced plans to name on member states to criminalise the “non-consensual sharing of intimate photographs”, together with deepfakes. Member states is not going to enact these legal guidelines till 2027. Within the UK, it’s already an offence to share non-consensual sexually express deepfakes, and the federal government has introduced its intention to criminalise the creation of those photographs. Australia handed new legal guidelines to fight sexually express deepfakes final 12 months.
‘Faux It Until You Make It’
The identification of the particular person or individuals answerable for MrDeepFakes has been the topic of media curiosity for the reason that web site emerged within the wake of a ban on the “deepfakes” Reddit group in early 2018.
However the porn website’s internet hosting suppliers have bounced across the globe and premium memberships will be purchased with cryptocurrency, which have made it just about not possible to hint possession.
Supply: MrDeepFakes
Adam Dodge, the founding father of EndTAB (Finish Know-how-Enabled Abuse), stated MrDeepFakes was an “early adopter” of deepfake know-how that targets ladies. He stated it had advanced from a video sharing platform to a coaching floor and market for creating and buying and selling in AI-powered sexual abuse materials of each celebrities and personal people.
“Our digital world is absolutely good at empowering individuals who need to do hurt by permitting them to stay nameless whereas concurrently making it virtually not possible for victims to unmask them,” he stated.
In January, Bellingcat, in collaboration with the German YouTube channel STRG_F, examined the businesses behind two apps used for creating deepfakes that it marketed prominently on its homepage.
For this investigation, researchers carried out a forensic evaluation of the boards on MrDeepFakes’ web site. The boards are a digital market the place members fee deepfakes and commerce recommendations on making movies with the identical know-how that’s used for creating revenge porn. Members referred to victims as “bitches”and “sluts”, and a few argued that the womens’ behaviour invited the distribution of sexual content material that includes them.
Movies posted to the location are described strictly as “movie star content material”, however discussion board posts included “nudified” photographs of personal people. Members who request deepfakes of their “spouse” or “companion” have been directed to message creators privately and talk on different platforms, akin to Telegram.
A search of the boards returned two accounts for MrDeepFakes “workers members”. One joined in March 2019 and can also be listed as a “moderator”. The opposite joined in February 2018 and can also be listed as an “administrator” (two further administrator accounts, created in 2018 and 2021, weren’t listed as workers members, and one now-defunct account beforehand tagged as workers and moderator was created within the 12 months after the location was arrange).
Researchers started by analysing the profile. The dpfks bio contained little figuring out info, however an archive from 2021 reveals the account had posted 161 movies which had amassed greater than 5 million views. It earned the badge of “Verified Video Creator”.
Posts on the boards doc dpfks’ involvement as a creator and chief in the neighborhood. Archives present dpfks posted an in-depth information to utilizing software program that creates deepfake porn, revealed web site guidelines and content material pointers, marketed for volunteers to work as moderators, and gave technical recommendation to customers.
Dpfks’ posts carried the tagline: “Faux it until you make it.”
In a 2019 archive, in replies to customers on the location’s chatbox, dpfks stated they have been “devoted” to enhancing the platform. “There’s a cause why we’re the most important deepfake website. I care in regards to the group and instructing others.
“I don’t suppose different website homeowners care sufficient to make their very own deepfakes, and maintain uptodate [sic] with it. My first few deepfakes have been s**t too, the extra you make, the higher you get.”
David Do’s Hyperlinks to MrDeepFakes
Pirated Motion pictures to Deepfake Porn
David Do retains a low profile below his personal title, however photographs of him have been revealed on the social media accounts of his household and employer. He additionally seems in photographs and on the visitor record for a marriage in Ontario, and in a commencement video from college.
Do has an Airbnb account, which incorporates glowing critiques for journeys in Canada, the US and Europe. His dwelling deal with, in addition to the deal with of his mother and father’ home, have each been blurred on Google Avenue View, a privateness characteristic that’s obtainable on request.
Within the late 2000s, whereas learning at college, Do was concerned within the creation of Xinoa (xinoa.internet), a warez discussion board. Do’s private Hotmail deal with, which incorporates his full title, is seen in supply code as an admin contact for the location, archives from 2008 present.
The profile web page “ddo” is tagged because the “Root Admin” and “Xinoa Proprietor”, and lists a date of delivery matching that of Do. The profile contains obtain hyperlinks to tv reveals, one among which was accompanied by a remark about “examination week” in 2009, when Do was learning at college. This username can also be just like Do’s Instagram profile (“ddo.jpg”), a hyperlink to which was included within the bio part of his Fb account below the title “Doh Dave”. Each social media accounts have been deleted.
An account on an web advertising discussion board was registered utilizing a Xinoa administrator electronic mail deal with, breach information reveals. That account was linked to an IP deal with owned by the College of Waterloo, the place Do earned levels in biomedical science in 2010 and pharmacy in 2014, in response to Rocketreach.
The 2015 Ashley Madison information breach reveals person “ddo88” registered on the relationship website with Do’s Hotmail deal with and was listed as an “connected male in search of females” in Toronto. They described themselves as being of Asian ethnicity, 173 cm tall and weighing 66 kg. The breached profile was linked to a Toronto-based deal with and likewise contained a date of delivery, which matches Do’s delivery date in public information.
Xinoa would grow to be the springboard for a extra refined operation.
In February 2018, when Do was working as a pharmacist, Reddit banned its virtually 90,000-strong deepfakes group after introducing new guidelines prohibiting “involuntary pornography”. In the identical week, MrDeepFakes’ predecessor website dpfks.com was launched, in response to an archived changelog.
An evaluation of the now-defunct area reveals the 2 websites share Google analytics tags and back-end software program – in addition to a discussion board admin who used the deal with “dpfks”. Archives from 2018 and 2019 present the 2 websites redirecting or linking to one another.
In a since-deleted MrDeepFakes’ discussion board publish, “dpfks” confirms the hyperlink between the 2 websites and guarantees the brand new platform is “right here to remain”. “MrDeepFakes.com was previously dpfks.com and we opened our doorways shortly after the Reddit ban,” the 2018 publish stated.
“I do know becoming a member of a brand new discussion board or group seems like beginning recent, and beginning over, however the group is small, and all of the essential gamers will stick collectively. I promise to maintain this group operating so long as I can, in order that the deepfake group doesn’t need to scramble and relocate once more.”
Later in 2018, in a publish on Voat, a defunct on-line message board just like Reddit, dpfks stated they “personal and run” MrDeepFakes. In response to a different person, dpfks refers to their life exterior of working a porn web site. “I simply acquired dwelling from my day job,” the publish stated, “now again to this!” A few of dpfks’ earliest posts on Voat have been deepfake movies of web personalities and actresses.
One among dpfks’ first posts on the MrDeepFakes’ boards was a hyperlink to a deepfake video of online game streamer Pokimane. “This was my first deepfake,” dfpks wrote. Different targets included the American politician Alexandria Ocasio-Cortez, for whom dpfks shared a folder containing greater than 6,000 photographs that might be used to create deepfake pornography. After discovering she had been transposed right into a deepfake porn video final 12 months, Ocasio-Cortez informed Rolling Stone that “digitizing violent humiliation” was akin to bodily rape and sexual assault.
One other goal of dpfks was American YouTube persona Gibi_ASMR, who gained recognition on-line together with her ASMR (Autonomous Sensory Meridian Response) movies. Dpfks created and shared pornographic deepfakes of the YouTuber on the MrDeepFakes boards. In a press release revealed by EqualityNow in 2021, she stated: “They’re operating this enterprise, profiting off my face doing one thing that I didn’t consent to, like my struggling is your livelihood. It made me actually mad, however once more, there was nothing I might achieve this I simply needed to go away it.”
In 2018, dpfks posted a two minute deepfake video of an Academy Award-winning American actress with the outline: “[Name omitted] doesn’t do porn, however on this pretend video she is totally bare together with her legs unfold within the air. Watch her face … whereas she struggles to take it.”
Discussion board posts below varied aliases match these present in breaches linked to Do or the MrDeepFakes Gmail deal with. They present this person was troubleshooting platform points, recruiting designers, writers, builders and search engine optimisation specialists, and soliciting offshore providers.
The username “AznRico” was generally related to Do’s electronic mail account and might be discovered throughout a number of postings on-line. In 2009, years earlier than MrDeepFakes was launched, this now-banned person posted to an web advertising discussion board discussing on-line money-making methods, together with the monetisation of video site visitors.
AznRico additionally posted on an auto lighting discussion board in 2009 to ask for recommendation about fixing headlights for a automobile in Canada – a 2006 Mitsubishi Lancer Ralliart. In one other thread on the identical discussion board, AznRico uploaded a number of photographs of the automobile, one among which was archived and contained metadata indicating that it was captured on a Sony Ericsson K850i.
In 2009, on a separate discussion board, AznRico stated he had this mannequin cellphone and posted about troubleshooting the system (that discussion board was topic to an information breach exposing David Do’s private Hotmail deal with and distinctive password).
Public information obtained by CBC verify that Do’s father is the registered proprietor of a pink 2006 Mitsubishi Lancer Ralliart. Whereas Do’s mother and father’ home is now blurred on Google Maps, the automobile is seen within the driveway in two photographs from 2009, and in Apple Maps imagery from 2019. CBC confirmed the automobile was nonetheless on the home final week.
In 2011, on a freelance job board, AznRico requested for assist constructing a video streaming plugin. This profile additionally listed that the person was primarily based in the identical Ontario metropolis the place Do’s mother and father’ house is situated. In 2018 – the identical 12 months MrDeepFakes was launched – AznRico requested for recommendation to repair gradual load occasions on their porn website, which they stated acquired about 15,000 to twenty,000 guests a day. Breach information reveals this account was linked to Do’s private Hotmail deal with.
In a single discussion board publish from January 2020, person “dj01039” complains that PayPal had restricted their “stealth account”, which was used to “promote digital items” (PayPal was intermittently obtainable as a cost choice on MrDeepFakes). The username dj01039 matches the abbreviation of an electronic mail deal with (davidjames01039@gmail.com) that was linked to a PayPal donation button on MrDeepFakes in December 2019.
In June 2020, on one other discussion board, a person with the identical alias (who later modified it to “ac2124”) stated their stealth account had been completely closed and needed to find out about entrance firms that might settle for funds on their behalf. The person described themself because the “webmaster of an grownup tube website” who takes a reduce from creators who publish authentic porn movies, and likewise earns income from operating advertisements. By December 2020, ac2124 posted that their web site was incomes between $4,000 and $7,000 a month.
Breach information additionally hyperlinks the MrDeepFakes Gmail to an account on help boards for Kernel Video Sharing (KVS), a industrial content material administration system, the place person “mongoose657” (previously dj01039) sought assist managing a video tube website. The discussions, from 2021 to 2024, have been in step with backend points encountered when operating a big web site: storage options, ticket system failures, and outsourcing growth work.
On the grownup webmaster discussion board GoFuckYourself.com in 2020, dpfks (subsequently modified to “mjmango”) enquired about nameless debit playing cards, which have been marketed as permitting customers to withdraw money or pay for purchases anonymously. In 2021, mjmango responded to a different person’s enquiry about the way to monetise tube websites.
In one other discussion board, ac2124 enquired about international locations to type an offshore firm and expressed concern about “know your buyer” checks, that are utilized by the banking sector to substantiate the identification of their clients. In a 2020 publish, ac2124 stated they’d determined to make a “dummy website/entrance” for his or her grownup website and enquired about on-line cost processing and “protected funds storage”.
In 2022, ac2124 sought recommendation for a Canadian citizen who operates an “grownup area of interest web site” and requested about “an organization setup that focuses on privateness”. The publish stated: “At a naked minimal, this particular person shouldn’t be listed on any public registrar (as director, shareholder, UBO, and so on). Open to utilizing nominees, opening trusts, and so on. What are some setups, or jurisdictions that needs to be seemed into?” This person additionally requested particularly about organising an organization within the British Virgin Islands or Cayman Islands, each secrecy jurisdictions.
In late 2023, mjmango left optimistic suggestions for an grownup graphic designer under a publish from the designer containing a MrDeepFakes brand. “Bought one other brand just lately. As at all times nice communication and allowed a number of re-edits,” the remark stated. In March 2024, ac2124 posted about delays accessing a service that creates a “proxy” for a “high-risk web site” so it may well course of transactions from the net cost processor, Stripe.
In April 2024, Dutch outlet Algemeen Dagblad (AD) reportedly made contact with the proprietor of MrDeepFakes, who was anonymised of their subsequent reporting. AD reported that this particular person claimed to have offered the web site, however didn’t present any proof to help this declare. Our investigation couldn’t verify whether or not the location was ever offered, and in that case when.
David Do didn’t reply to a number of requests for remark about his involvement with MrDeepFakes.
Ross Higgins, Connor Plunkett, Beau Donelly, George Katz, Kolina Koltai and Galen Reich contributed to this text.
Bellingcat is a non-profit and the power to hold out our work depends on the sort help of particular person donors. If you want to help our work, you are able to do so right here. You may also subscribe to our Patreon channel right here. Subscribe to our E-newsletter and observe us on Bluesky right here and Mastodon right here.
