Ensar Sahinturk, a citizen of Istanbul, Turkey, is being sued by Facebook and Instagram for operating clones of the popular social media website. The person operated at least twenty clones, including jolygram.com, imggram.com, imggram.net, finalgram.com, pikdo.net, and ingram.ws. Visitors of these sites were able to browse Instagram profiles without having an Instagram account, which violates the platform’s terms of use.
Facebook first noticed the existence of Sahinturk’s websites back in August 2017, and by 2019, the company had sent multiple 'cease and desist' letters to the man. Receiving no response and seeing the websites still up and operating as normal, the social media giant now moved forward with legal action against Sahinturk, requesting to take control of the domains, as well as the approval of $75,000 as compensation. The complaint was filed in the US District Court of California.
The clone Instagram websites were populated with user data that was more or less scraped by Sahinturk using thousands of Instagram accounts and automated scripts. The man was doing this to generate traffic and make money by serving the website visitors with advertisements. Facebook banned Sahinturk’s developer account since last year and also suspended all the accounts he used for the scrapping action, but he kept on creating new ones. In total, the man created and used 30,000 Instagram accounts for the scraping.
Through these sites, visitors were able to view Instagram Stories, images, hashtags, and location, and do so anonymously and without generating a notification to the user who posted them. Moreover, these users never accepted Instagram’s terms of use, as they should normally have to be allowed to access that data, so they basically accessed (and even downloaded) media without legal authorization. This not only harms Facebook but Instagram users as well, considering these clone sites effectively violated their privacy rights.
For example, an Instagram user may choose to block another user and make themselves “invisible” to them. This should place their profile in an “out of reach” space, not even appearing on the search results. Through the cloned sites, though, the blocked person would be able to access that profile indirectly, through the scraping accounts.
We have tested out some of Sahinturk’s clone websites, many of which are still online, by the way, and they are all returning an “error 500,” except for one. This indicates server-level problems, and frankly, we do not expect to see these sites coming back to full functionality again or to not pass to Facebook’s ownership soon.