“DeepNude AI” is not a single continuous project. The name now spans an abandoned desktop application, a decentralized class of copycat services, and a contemporary adult AI-companion platform reached through the same or a similar domain identity.

This is an independent research profile. It is not affiliated with DeepNude, Lovescape or any named service, does not endorse non-consensual imagery, and provides no instructions for creating it.

01 · Executive summary

The essential findings

Original release23 Jun 2019A desktop GAN application for Windows and Linux. Official lifetimeDaysClosed after viral exposure and widespread misuse concerns. Modern marketScaledWeb services, Telegram bots, subscriptions, credits, referrals, and APIs. Privacy postureElevated riskEspecially where real faces, voices, intimate chats, or payment identity are involved.

Core conclusion The safest interpretation is that the current deepnude.ai address is a marketing or routing entry into Lovescape—not proven evidence that Lovescape is the legal, technical, or corporate successor to the original 2019 DeepNude project.

What is reasonably supported

What is not established

02 · Identity clarification

What “DeepNude AI” can refer to

Conflating these three layers creates inaccurate claims about ownership, technology, safety, and history.

2019

The original DeepNude

A local Windows/Linux application attributed to an anonymous creator using the name “Alberto.” It used a pix2pix-style generative model to replace clothing with synthetic anatomy. It did not reveal a person’s real body.

2019–present

The “nudify” ecosystem

Cracked copies, Telegram bots, websites, mobile wrappers, white-label services, APIs, and newer diffusion-based tools. Many operators are unrelated to one another and use interchangeable domains or brand names.

Current observation

deepnude.ai / Lovescape

During this research, the domain presented Lovescape branding. Lovescape is a broader adult AI-companion and media-generation platform operated by Warmtech Ltd in Cyprus. Domain routing can change, so this is a point-in-time observation.

Names are not ownership evidence A shared keyword, redirected domain, or SEO landing page does not prove continuity of source code, personnel, company, user data, or legal responsibility. The hyphenated domain deep-nude.ai mentioned in litigation should not automatically be treated as the same operator as deepnude.ai.

03 · Current product snapshot

Lovescape as presently described

The current product is much broader than the original one-click “undressing” concept. Official pages describe a platform for fictional adult characters, relationship-style chat, and multimodal generation.[[1]](#src-1)[[2]](#src-2)

AreaWhat the platform describesAssessment
Core experienceCustom AI characters, adult-oriented chat, image generation, voice, memory, and video or animation features.Documented by vendor
PersonalizationAppearance, personality, speaking style, scenario, relationship framing, and visual style can be configured.Product strength
MemorySeparate systems store and retrieve selected conversation details so a character can maintain continuity across sessions.Requires data persistence
Media creationImages, video, voice messages, and remix/editing functions are advertised. Some pages say no external photo uploads; the homepage has described uploading a photo for remix.Public-copy conflict
Access modelPremium subscriptions, automatically renewing billing, and separate “Chips” or credits for generation. Purchased Chips are described as non-refundable; cards and cryptocurrency have been supported.Cost can exceed subscription
PublishingCharacters are described as private by default and may be made public by the user.Useful control
OperatorWarmtech Ltd, with a published address in Limassol, Cyprus.Identified EU entity

Commercial evolution

Official Lovescape blog posts show a public product presence by July 2024. A Creative Pro offering announced in August 2025 added monthly generation credits, watermark-free downloads, video features, public-character tools, voice, and referral commissions. By 2026, official content emphasized persistent AI memory and a unified chat/image/video experience.[[7]](#src-7)[[8]](#src-8)[[9]](#src-9)

Moderation policy

Lovescape’s published rules prohibit minors, childlike sexual depictions, revenge porn, non-consensual sexual content, real-person visual deepfakes, and voice cloning without verified consent. The company describes a combination of automated checks and human review.[[2]](#src-2) This is a meaningful formal safeguard, but a written policy does not by itself demonstrate how consistently edge cases are detected or enforced.

04 · Product analysis

Advantages and drawbacks

Potential advantages

Material drawbacks

05 · Privacy & security audit

Claims versus observable evidence

The table distinguishes documented controls from marketing assertions, internal contradictions, and architectural inference. It is not a penetration test or forensic audit.

Claim or controlEvidence reviewedAssessment
“Private by default”Help pages state characters, chats, and chat images are private unless the user publishes a character or content.Supported by own documentation Useful, but privacy-by-default is not the same as cryptographic confidentiality.
Chat continuity and memoryHelp and blog materials explicitly describe stored conversation history and retrieval of remembered facts across sessions.Directly documented Persistent memory necessarily implies some form of retained or derived data.
“No-log” or no persistent storageHomepage marketing has claimed prompts, media, or chats are not permanently stored unless saved, while other pages describe stored history and memory.Material conflict Retention categories, durations, backups, and deletion triggers are not explained clearly enough.
“End-to-end encryption”The homepage has referenced TLS 1.3 in transit and AES-256 at rest.Unverified terminology TLS plus storage encryption is transport/server security, not proof that the operator lacks decryption access. Server-side AI normally must process readable content; this is an architectural inference, not evidence that staff read chats.
“Only the user can access chats”A privacy help page uses exclusive-access language, while moderation policy describes human review for sensitive cases.Scope unclear The documents do not clearly state when content may be surfaced to moderators or support staff.
No real-photo uploadsSeveral 2025–2026 posts say no photo uploads, no real people, and no deepfakes. Homepage remix language has described uploading one’s own photo and changing face, outfit, style, or setting.Public-copy conflict The current feature boundary cannot be established from public materials alone.
No training or third-party sharingHomepage language has stated interactions are not used to train models and are not shared.Vendor claim No independently verified data-flow map or complete public subprocessor schedule was identified in this review.
Account/content deletionUsers can clear chats, delete characters, and request account deletion.Control exists; purge unverified Public materials do not clearly establish full deletion timing across production systems, logs, backups, and vendors.
Consent and minor protectionsWritten policy bans non-consensual real-person content, minors, childlike depictions, and unapproved likeness or voice cloning.Strong formal rule Enforcement quality, false negatives, and appeal procedures remain externally unverified.
Independent security assuranceMarketing materials have advertised controls such as two-factor authentication, penetration testing, a bug-bounty process, regular audits, and an absence of trackers. This review did not locate a publicly linked SOC 2 report, ISO 27001 certificate, independent audit report, or detailed key-management design.Not independently substantiated here Absence from this review is not proof that no private audit exists.
Practical privacy assumption Do not treat an AI-companion chat as an encrypted diary. Unless a service publishes and independently validates a true end-to-end design, assume that the operator’s systems and selected processors can technically handle content in readable form during generation, moderation, support, fraud prevention, or legal compliance.

06 · Data flow & threat model

What may pass through the system

Even without a legal name in the profile, combinations of intimate content and technical metadata can identify a person or expose highly sensitive traits.

1. User devicePrompts, chat, images, voice, account credentials, browser/device signals. 2. Front end & edgeCookies, CDN, anti-abuse systems, IP address, request metadata. 3. Application serversSession state, history, memory retrieval, job queues, support and moderation hooks. 4. Model pipelineText, image, voice, or video generation; potentially internal or third-party models. 5. Storage & processorsSaved content, logs, backups, billing, email, analytics, fraud and compliance records.

This is a generic architecture model based on the product’s advertised functions, not a verified map of Lovescape’s internal infrastructure.

Potentially sensitive content

Identity and metadata

Threats to consider

Third-party sign-in and billing metadata

WIRED found that at least 16 large nudify websites used sign-in infrastructure from major identity providers such as Google, Apple, or Discord; after inquiries, some providers terminated developer access. Single sign-on does not necessarily send an uploaded photograph to the identity provider, but it can create additional metadata linking an account, timestamp, and application.[[37]](#src-37)

Neutral billing is not anonymous billing

A generic descriptor on a bank statement can reduce casual visibility to family members or colleagues, but the bank, card network, payment processor, and service operator may still be able to associate the transaction with an account. Cryptocurrency also does not automatically provide anonymity.

Deletion in the interface is not proof of erasure

Removing a chat, character, or image from the user interface may delete the primary object while leaving temporary copies, security logs, content hashes, moderation records, cached objects, job metadata, backups, or legally retained billing information. A trustworthy deletion claim should define retention periods, backup expiry, subprocessors, and exceptions.

07 · Scenario assessment

Privacy and harm risk matrix

ScenarioRiskWhy
Wholly fictional adult characters; no personal detailsMediumThe service still receives account, device, behavioral, and payment data, but no identifiable person is directly depicted.
Intimate chat containing real-life detailsMedium–HighConversation history may reveal sexuality, relationships, health, location, trauma, or identity clues.
Uploading one’s own face, body, or voiceHighBiometric-like media can be copied, leaked, repurposed, or connected to an identity.
Uploading another consenting adult’s mediaVery HighThe uploader may not control downstream retention, processor access, or later withdrawal of consent.
Real person without explicit, documented consentUnacceptableCreates severe consent, privacy, reputational, platform-policy, civil, and potentially criminal exposure.
Any minor or minor-looking sexual contentCriticalPotential child sexual abuse material and child-safety violations; never upload, generate, possess, or distribute it.

08 · The original project

DeepNude in 2019

The original application was notable less for inventing fake sexual imagery than for making it automatic, fast, and accessible to users with no editing skill.

How it worked

Reporting described a modified pix2pix-style generative adversarial network trained on more than 10,000 images of nude women. A user supplied a clothed photograph, and the software generated a synthetic approximation of uncovered anatomy based on pose and visual cues.[[10]](#src-10)

It did not “see through” clothing. The output was fabricated and could contain major anatomical errors or visual artifacts. It performed best on relatively clear, front-facing photographs and was designed primarily for women; male inputs could receive female anatomy.

Product model

It was released for Windows and Linux around 23 June 2019. A free version added a large watermark; a roughly US$50 paid version used a smaller “FAKE” label. Processing was reported to take around 30 seconds on a typical computer.[[10]](#src-10)

The application’s automation sharply lowered the cost of sexualized image abuse: a task that once required manual editing skill could be attempted in seconds.

Why it was shut down

After Motherboard’s report triggered intense global attention, demand overwhelmed the project and public criticism focused on non-consensual use. The developer announced the shutdown on 27 June 2019, saying the probability of misuse had become too high.[[11]](#src-11) Sensity later estimated that the site had received more than 500,000 visits and the application roughly 95,000 downloads before closure; those figures are research-company estimates rather than official audited totals.[[15]](#src-15) The official service disappeared, but copies, cracks, and reconstructed components continued circulating.[[12]](#src-12)[[13]](#src-13)

The first enduring lesson Closing a central website does not recover models already downloaded, remove derived code, revoke copied weights, delete outputs, or prevent third parties from rebuilding the same workflow.

09 · Historical timeline

From a desktop app to an industry

Public launch

DeepNude appears as a Windows/Linux desktop application attributed to the pseudonymous “Alberto.” Its central innovation is automated, synthetic nudification of photographs.

Official shutdown

The developer closes the project after viral attention, server overload, and overwhelming concern about non-consensual abuse.[[11]](#src-11)

Copies escape control

Cracked versions, watermark-removal modifications, torrents, repositories, and partial reimplementations circulate. GitHub and Discord remove some associated material, while fake downloads also distribute malware.[[12]](#src-12)[[13]](#src-13)[[14]](#src-14)

Alleged license sale

Sensity later reported that the license was sold to an anonymous buyer for US$30,000. Public documentary evidence confirming the transaction was not identified, so it should be treated as a research-company report rather than settled fact.[[15]](#src-15)

Telegram delivery model

Users no longer needed to install software. Bots accepted photographs and returned generated results through Telegram. A Sensity investigation counted approximately 104,852 publicly visible targeted images and about 101,080 members in the ecosystem it studied; self-reported user data suggested roughly 70% of targets were private individuals, and some depicted people who appeared underage. Private outputs meant the true total could have been higher.[[15]](#src-15)

Cloud SaaS and partner networks

Web platforms added server-side generation, credits, subscriptions, referrals, cryptocurrency, partner sites, and wholesale output access. Wired documented a high-traffic unnamed platform with a broad partner ecosystem; it should not be assumed to be the same operator as any separately named service.[[16]](#src-16)

High-traffic examples emerge

DeepSukebe became a widely reported example of a cloud nudifier, drawing political calls for a ban. Its history should be kept separate from Wired’s unnamed 2021 case unless ownership evidence is produced.[[17]](#src-17)

Diffusion models accelerate scale

Newer systems use diffusion, inpainting, pose control, text prompting, and improved face consistency. Graphika identified 34 major providers with more than 24 million unique visitors in September 2023, a 2,000% rise in referral spam during the year, and at least one million users across 52 Telegram groups.[[18]](#src-18)

Regulatory enforcement expands

San Francisco’s City Attorney sued operators of 16 heavily visited services, alleging more than 200 million combined visits in the first half of 2024. These were allegations in litigation, not final findings against every defendant.[[19]](#src-19)

Companion platforms converge with adult generation

Lovescape’s public history is visible by July 2024. It expands into paid creator tools, memory, video, voice, and public character ecosystems—closer to a multimodal adult companion platform than the original single-purpose app.[[7]](#src-7)[[8]](#src-8)

Platform and regulator action

Meta sues an alleged operator behind CrushAI; Ofcom fines the operator of Undress.cc; Italian authorities restrict ClothOff; and San Francisco reports that ten of the sixteen sites in its case are shut or inaccessible.[[21]](#src-21)[[22]](#src-22)[[24]](#src-24)[[20]](#src-20)

Stricter takedown and transparency duties

U.S. TAKE IT DOWN Act enforcement begins in May 2026. Major EU AI Act transparency obligations are scheduled to apply generally from 2 August 2026. Lovescape also faces public scrutiny over a promotional surge on X and young-looking imagery posted by some promoters; the company denies encouraging spam or bots and says such material is prohibited and reviewed.[[29]](#src-29)[[27]](#src-27)[[6]](#src-6)

10 · Comparable projects and cases

What similar services reveal

Each case illustrates a different structural problem: decentralization, opaque ownership, advertising distribution, weak age assurance, emotional-data sensitivity, or difficulty enforcing shutdowns across borders.

Telegram botsDecentralized

Automation without a single operator

Bot interfaces, payment channels, model servers, and promotional groups can be controlled by different participants. Removing one bot does not necessarily remove the model, user base, private outputs, payment route, or distribution channels. Sensity’s 2020 study showed how quickly ordinary people—not only celebrities—became targets.[[15]](#src-15)

DeepSukebeCloud service

Industrialization of the workflow

Widely reported in 2021 as a high-traffic online nudifier, DeepSukebe represented the shift from local software to server-side generation. Cloud delivery made access easier and allowed monetization through credits, subscriptions, and cryptocurrency. It should not be conflated with other unnamed operators without proof.[[17]](#src-17)

ClothOffSchool abuse cases

Real-world harm and opaque ownership

The Guardian linked use of the service to incidents involving schoolgirls in Spain and New Jersey, reporting bullying, blackmail, panic attacks, and school avoidance. Its investigation traced infrastructure and business links to Belarus and Russia; named parties denied involvement, and the service claimed minors could not be processed. Italy’s data-protection authority later imposed an urgent restriction for Italian users.[[23]](#src-23)[[24]](#src-24)

CrushAIAdvertising ecosystem

Mainstream distribution and ad evasion

Meta filed a 2025 lawsuit in Hong Kong against Joy Timeline HK Ltd, which Meta identified as the entity behind CrushAI. Meta alleged that advertisers used new accounts, domains, and neutral creative to bypass review after removals. These are allegations by the plaintiff, not adjudicated findings.[[21]](#src-21)

Undress.ccCompleted penalty

Age assurance and geographic blocking

Ofcom fined Itai Tech Ltd £50,000 for failing to introduce sufficiently effective age checks and £5,000 for information failures. The service blocked UK IP addresses, paid the fine, and Ofcom closed the investigation in January 2026 while maintaining monitoring. A geoblock does not prove global closure or deletion of historic data.[[22]](#src-22)

ReplikaCompanion analogue

Why chat history can be as sensitive as imagery

Replika is not a nudifier, but it is a close analogue for persistent AI companionship. Italy’s regulator imposed a €5 million fine in 2025 over legal-basis, privacy-information, and age-verification failures. The case shows that disclosures about sexuality, loneliness, health, relationships, and crisis can make conversational data exceptionally sensitive.[[25]](#src-25)

Category-level safety evidence

A 2025–2026 academic study evaluated 16 AI-character platforms using 5,000 questions across 16 safety categories and reported substantially higher unsafe-response rates than general-purpose baseline models. The study is useful evidence of systemic risk in the companion category, but it should not be misrepresented as a full security or privacy audit of Lovescape itself.[[26]](#src-26)

11 · Search visibility

Why deepnude.ai may be difficult to find in Google

There is no public evidence in this review of one confirmed, site-specific manual ban. Several mechanisms can produce the same practical result.

Explicit-content classification

Google SafeSearch can filter explicit pages, images, and links. Filtering may be enabled by the user, account age, Family Link, an employer, a school, or a network administrator.[[30]](#src-30)

Demotion for abusive sexual imagery

Google says it removes non-consensual explicit fake content on valid requests and can demote sites receiving significant volumes of valid removals. It also announced ranking changes that reduced exposure to explicit deepfake results for affected name searches.[[30]](#src-30)[[31]](#src-31)

Domain reuse or redirection

If deepnude.ai routes to a different brand, Google may prefer the destination or another canonical URL rather than showing the old domain identity as a separate result.[[33]](#src-33)

Indexing directives

A site owner can use noindex, access restrictions, or other crawl/index controls. This was not confirmed for the domain in this review, so it is a possible technical explanation—not an established fact.[[32]](#src-32)

Most likely combined explanation Explicit-content filtering, category-level demotion, and the domain’s apparent reuse or routing to another brand can jointly make it hard to discover. The absence of a result alone does not prove a manual penalty. A query such as site:deepnude.ai can be a useful clue, but Google warns that the site: operator is not a complete inventory of indexed URLs.[[38]](#src-38)

12 · Legal and regulatory landscape

Consent is the central legal fault line

Rules differ by country, and this is not legal advice. The strongest recurring pattern is that creating, sharing, hosting, or failing to remove non-consensual intimate deepfakes can trigger privacy, civil, platform, regulatory, and criminal consequences.

Netherlands and GDPR

The Dutch Data Protection Authority states that making or sharing sexual images of someone without consent is prohibited and can also engage GDPR obligations. A “purely personal or household” exception is narrow and does not cover broader publication or circulation.[[27]](#src-27)

EU Directive 2024/1385

The directive requires Member States to criminalize specified forms of making intimate or sexually manipulated material public without consent, including AI-altered content that appears to depict an identifiable person in explicit activity and is likely to cause serious harm.[[28]](#src-28)

EU AI Act

Article 50 establishes transparency duties for synthetic outputs and deepfakes. The main relevant obligations are scheduled to apply generally from 2 August 2026, after this report’s 11 July 2026 update date. Providers must support machine-readable marking, and deployers must disclose AI generation or manipulation, with tailored treatment for artistic or fictional works.[[29]](#src-29)

United States: TAKE IT DOWN Act

Signed on 19 May 2025, the Act covers non-consensual intimate imagery including digital forgeries. FTC enforcement began in May 2026. Covered platforms must provide notice-and-removal procedures and, after a valid request, remove specified content and known identical copies within the statutory timeframe.[[34]](#src-34)[[35]](#src-35)

United Kingdom

Ofcom’s Undress.cc action demonstrates that age assurance and child-access controls can be enforced even where the operator is abroad. Blocking one country’s IP addresses can be part of compliance but does not establish global shutdown or data erasure.[[22]](#src-22)

Platform rules

Lovescape’s own policy prohibits real-person likeness or voice cloning without consent, non-consensual sexual content, and minors. Uploading a partner, colleague, celebrity, acquaintance, or stranger without documented authorization would therefore create policy risk even before applicable law is considered.[[2]](#src-2)

Absolute red line Never create, upload, possess, request, or distribute sexual content involving a minor or a person who appears to be a minor. Never use a real adult’s likeness or voice for sexual content without explicit, informed, and verifiable consent.

13 · Cybersecurity and fraud

The search for clones creates a second risk

DeepNude’s name has repeatedly been used as bait for malware. In 2019, fake cracked downloads were reported to distribute the Qulab information stealer.[[14]](#src-14) In 2024, Silent Push reported that the FIN7 threat group used at least seven fake adult-AI generator sites to lure users into downloading malicious software, with potential follow-on theft, remote access, or ransomware risk.[[36]](#src-36)

High-risk downloads

“Cracked” desktop apps, APKs, browser extensions, model bundles, and installers from forums or ads may contain stealers or remote-access tools.

Credential exposure

Malware may steal saved passwords, session cookies, crypto-wallet data, browser history, files, screenshots, and authentication tokens.

Extortion potential

Attackers can combine interest in adult content with stolen identity data to create a powerful blackmail or phishing narrative, even where no generated image exists.

Security rule Do not install a “DeepNude” desktop program, APK, extension, or crack discovered through advertising, Telegram, a forum, a torrent, or an unofficial repository. A web page can also be malicious, but executables materially increase the potential impact.

14 · Risk reduction

Minimum safeguards for fictional-only use

These steps reduce exposure but do not turn a sensitive adult AI service into a zero-risk environment.

Content boundaries

Account and payment controls

Privacy assumptions

Software hygiene

15 · Final assessment

Overall verdict

Highprivacy sensitivity

More capable than the 2019 app, but not demonstrably private by design

The present Lovescape product is a sophisticated adult AI platform rather than a simple one-click nudifier. Its integrated media tools, character customization, private-by-default settings, identified EU operator, and formal consent rules are meaningful advantages.

However, its public privacy story contains unresolved contradictions about logging, memory, external uploads, exclusive chat access, and moderation. Encryption-at-rest and TLS do not establish true end-to-end confidentiality, while public proof of independent security assurance and complete retention practices remains limited.

For fictional adult characters

Potentially usable with strict data minimization and an acceptance of medium privacy risk.

For one’s own identifiable media

High-risk because faces, bodies, and voices are durable identifiers and breach impact is severe.

For any other real person

Do not use without explicit, informed, documented consent; non-consensual sexualization is unacceptable.

Historical conclusion The DeepNude story is not the growth of one startup. It is a sequence: local GAN app → leaked copies → Telegram bots → cloud SaaS → APIs and referral networks → diffusion-based tools → multimodal adult companions. The recurring lesson is that brand names, domains, and “instant deletion” promises are weak substitutes for verifiable ownership, retention rules, independent audits, and consent-by-design.

16 · Methodology & limitations

How to read this report

Evidence hierarchy

Official laws, regulator decisions, platform policies, and first-party documentation were preferred for current rules and product claims. Independent journalism and academic or civil-society research were used for historical events, industry scale, and alleged conduct. Lawsuit allegations are labeled as allegations.

Limits

This is an open-source review, not a code audit, penetration test, legal opinion, or forensic examination of backend infrastructure. Product pages, routing, policies, prices, and features can change. A point-in-time observation of deepnude.ai presenting Lovescape does not prove permanent ownership or technical lineage.

17 · Sources

Reference list

Links were selected for direct relevance. External pages may change after publication.

Lovescape and current product documentation
  1. Lovescape — homepage and product presentationlovescape.com
  2. Lovescape Moderation & Ethics Policyhelp.lovescape.com — policy
  3. Lovescape AI limitations, consistency, and privacyhelp.lovescape.com — privacy and limitations
  4. Managing, editing, sharing, and deleting charactershelp.lovescape.com — character controls
  5. Lovescape Premium Membershiphelp.lovescape.com — subscription and billing
  6. Cybernews — Lovescape promotional surge on Xcybernews.com
  7. Lovescape — How to Create an AI Girlfriend (5 July 2024)lovescape.com/blog
  8. Lovescape launches Creative Pro (4 August 2025)lovescape.com/blog
  9. Lovescape — memory and no-external-upload statements (June 2026)Memory article — 19 June 2026 Grok Imagine / adult AI video article — 29 June 2026
Original DeepNude and industry history
  1. VICE / Motherboard — original DeepNude investigationvice.com
  2. The Verge — DeepNude shuts downtheverge.com
  3. The Verge — copies remain accessible after shutdowntheverge.com
  4. The Register — GitHub and Discord removalstheregister.com
  5. BleepingComputer — malware disguised as DeepNude downloadsbleepingcomputer.com
  6. Sensity — Automating Image Abuse (PDF)Sensity report mirror
  7. WIRED — the commercial deepfake-nude ecosystemwired.com
  8. AI Business — political calls to ban DeepSukebeaibusiness.com
  9. Graphika — A Revealing Picture (2023)graphika.com
Enforcement, similar projects, and academic research
  1. San Francisco City Attorney — lawsuit against 16 services (2024)sf.gov
  2. San Francisco City Attorney — ten sites shut or inaccessible (2025)sf.gov
  3. Meta — legal action against alleged CrushAI operatorabout.fb.com
  4. Ofcom — Undress.cc fine and investigation outcomeofcom.org.uk — fine ofcom.org.uk — investigation record
  5. The Guardian — ClothOff investigationtheguardian.com
  6. Italian Data Protection Authority — urgent restriction on ClothOffgaranteprivacy.it
  7. European Data Protection Board — Italian fine against Replika operatoredpb.europa.eu
  8. Character Safety Bench: Evaluating Safety of AI Character Platformsarxiv.org
Law, search visibility, and cybersecurity
  1. Dutch Data Protection Authority — deepfakes and sexual imagesautoriteitpersoonsgegevens.nl
  2. EU Directive 2024/1385 on violence against women and domestic violenceeur-lex.europa.eu
  3. EU Artificial Intelligence Act — Regulation (EU) 2024/1689eur-lex.europa.eu
  4. Google Search — explicit-content and SafeSearch guidancedevelopers.google.com
  5. Google — ranking changes for explicit deepfake contentblog.google
  6. Google Search — blocking indexing with noindexdevelopers.google.com
  7. Google Search — canonical and duplicate URL consolidationdevelopers.google.com
  8. White House — TAKE IT DOWN Act signed into lawwhitehouse.gov
  9. FTC — complying with the TAKE IT DOWN Actftc.gov
  10. Silent Push — FIN7 adult-AI generator malware luressilentpush.com
  11. WIRED — major sign-in providers used by nudify websiteswired.com
  12. Google Search — limitations of the site: search operatordevelopers.google.com

Publication note: Updated 11 July 2026. The report summarizes public information and the point-in-time domain behavior observed during research. It is educational, not legal, medical, or cybersecurity advice. No explicit imagery is included.