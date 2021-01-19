Parler Attempting to Come Back Online, Still Insisting The Site's Motivation Is 'Privacy' Despite Leaking Details On All Its Users
Last week, I explained my thoughts on why the Parler takedown from AWS didn't bother me that much -- considering that there were many other cloud and webhosting solutions out there. Yet Parler has quickly discovered that many other providers aren't interested in hosting the company's cesspool of garbage content either. As I pointed out, at some point, some element of that has to be on Parler for attracting such an audience of garbage-spewers. Either way, we figured the site would eventually be back up, and now it appears that it's on its way. The site put up a holding page with a few "Parlezs" (their version of tweets) from its execs and lead cheerleaders.
The site appears to be using Epik for hosting and DDoSGuard for DDoS protection. Neither of these are that surprising. Epik has built up something of a specialty in hosting the garbage, hate-filled websites no one else wants to touch. It has hosted Gab, 8chan/8kun, and The Daily Stormer among others. DDoSGuard is a somewhat sketchy Russian company that provides services to an equally sketchy group of sites -- and some terrorist groups. Brian Krebs has recently discussed how DDoSGuard may create some significant liability issues:
A review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online.
Replying to requests for comment from a CBSNews reporter following up on my Oct. 2020 story, DDoS-Guard issued a statement saying, “We observe network neutrality and are convinced that any activity not prohibited by law in our country has the right to exist.”
But experts say DDoS-Guard’s business arrangement with a Denver-based publicly traded data center firm could create legal headaches for the latter thanks to the Russian company’s support of Hamas.
Ooof. There's a lot more in Krebs' writeup.
But what struck me as most ridiculous about Parler's holding page (beyond trying to hide behind MLK Jr.'s "Letter from a Birmingham Jail" as if Parler's raging nut job userbase is somehow oppressed) is that the company is still claiming that beyond being a place for (a misunderstood concept of) "free speech," that the impetus behind the site was about "protecting privacy."
That reads:
Now seems like the right time to remind you all — both lovers and haters — why we started this platform. We believe privacy is paramount and free speech essential, especially on social media. Our aim has always been to provide a nonpartisan public square where individuals can enjoy and exercise their rights to both.
We will resolve any challenge before us and plan to welcome all of you back soon. We will not let civil discourse perish!
The "privacy is paramount" line is one that Parler really only started spewing more recently. Rebekah Mercer used a similar line when she outed herself as a co-founder of the platform and it never made any sense at all. After all, Mercer was also behind Cambridge Analytica, a company involved in what is now considered one of the biggest privacy breaches in the history of social media. The whole "privacy" claim seemed like little more than a convenient talking point to pretend that their approach was somewhat different than Facebook's or Google's.
But in the case of Parler, it's even more ridiculous. After all, this was a company that required users who wanted to get its version of "verified" to hand over their social security numbers. And, of course, before Parler shut down, a hacker was able to grab nearly the entire corpus of Parler posts, including pictures and videos that did not have location metadata stripped out. This allowed multiple reporters to find and highlight Parler users as they stormed the Capitol, exposing exactly who was raiding the Capitol and what evidence they revealed about their own activities. Indeed, it's becoming clear that law enforcement is using this data to go around arresting tons of people.
Doesn't seem that privacy protecting, after all, now does it?
Of course, much of this seems to be due to just plain old incompetence, rather than malice. Last week there was also a fascinating thread on Parler's clueless CTO, who didn't seem to understand some fairly basic things about running a large internet-scale service. That thread, by software engineer Sarah Mei is worth reading, if only to reach the conclusion, that Parler "might have done better with four ferrets in a trench coat."
So, yes, the site may be coming back, but to say that it takes privacy seriously, while asking for social security numbers, hosted on a dodgy host, with a DDoS provider best known for its Russian home-base and its willingness to provide services to terrorists and online criminals... I would suggest that anyone who thinks of Parler as supportive of privacy, do so at their own risk.
Filed Under: competition, ddos, free speech, hosting, privacy, russia
Companies: ddosguard, epik, parler
Dangerous to monitor
The decision to use Epik and DDoSGuard makes it problematic for journalists to monitor the site and document what is being posted. A number of US politicians used the site to share posts, and now Parler is doing their best to create a firewall to keep out people smart enough to stay away from the honey pot.
[ reply to this | link to this | view in chronology ]
Re: Dangerous to monitor
How so? does Epik have a sweet ass captcha that determines if you are a journalist?
[ reply to this | link to this | view in chronology ]
Re: Re: Dangerous to monitor
Probably not, but if they continue to require a photo ID and track movements then everybody using the site has to balance their privacy concerns with the desire to access the site.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Dangerous to monitor
“Photo ID and track movement”
So instead of journalist some black hat accidentally finds a way in and has access to everything?
[ reply to this | link to this | view in chronology ]
Journalists and black hats
Black-hat work seems to make more money than journalism, white-hat work or police work. I suspect that whatever resources journalists and police have, black-hats do as well.
At any rate investigators (journalist and otherwise) are already finding ways to get themselves on Parler and report what they see and what kind of mischief can be made.
[ reply to this | link to this | view in chronology ]
Re: Journalists and black hats
"Black-hat work seems to make more money than journalism, white-hat work or police work."
Well, sure. Real journalism and actual police work are rare enough that you only have to pay a handful of people anyway, and white hats spend half their lives fighting off legal action from the people they helped locate potential company-killing security errors.
[ reply to this | link to this | view in chronology ]
Real journalism and actual police work
I suspect there's enough of both to go around, at least hire those who are doing it.
And yes, it's troubling that corporations seem glad to pay their lawyers to sue white-hats rather than paying their (meager) fee and some technicians to bolster their security. That's not encouraging at all.
If I infer from you correctly that it would be better if real journalists, real police detectives and real white-hats all got better compensation for their efforts so that black-hatting wasn't as tempting, I entirely agree.
[ reply to this | link to this | view in chronology ]
Re: Real journalism and actual police work
Yes, the world would certainly be a better place if those people were compensated better, along with care workers and teachers, rather than trust fund managers and the military industrial complex. Although, sadly, it's not just about money. The rot with law enforcement goes far beyond what a simple pay rise for decent public servants would fix, and the press's need to value celebrity gossip and damaging propaganda over investigative journalism will be a tough nut to crack even when such a thing is more commonplace.
As someone whose job it is partially to protect from and repair damage from the black hats, it would be nice if there were less of them. But they're not the biggest problem facing the world, by a long shot.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Dangerous to monitor
"if they continue to require a photo ID and track movements then everybody using the site has to balance their privacy concerns with the desire to access the site"
Somehow I don't think that anyone dumb enough to have agreed to provide that information the first time around, used that toxic mess of a site and then liked it enough to go through all that again is the most logical thinker you'll ever encounter.
Unless QAnon include Parler in their new round of enemies they're making up as we speak, they're probably fine.
[ reply to this | link to this | view in chronology ]
Facts & truth!
It's not like facts & truth is paramount with the #45 crowd. So saying "privacy is paramount" while it's not anywhere close to accurate comes as no surprise. Just say it over & over & their people believe regardless of evidence or that lack thereof.
[ reply to this | link to this | view in chronology ]
So the horrendously coded Parler is getting into bed with sketchy Russian cybersecurity companies, huh? I bet the right wing celebrities are feeling pretty good about giving their drivers license and other personal information to them right about now. Enjoy the identity theft, racists!
[ reply to this | link to this | view in chronology ]
Re:
You're assuming that anyone would want to steal their identities. But that would mean pretending to be these people. Might be a big assumption - even thieves have some scruples.
[ reply to this | link to this | view in chronology ]
Stealing Parler identities
If those identities come with credit card information, they could start porn sites. (When my identity was stolen by hackers in Ukraine, they used my credit card to rent hosting space for a porn website.)
Hacktivists might empty bank accounts and credit cards into laundering sites and forwarded into hate-watch and poverty relief charities, if we want to go full cyberpunk.
[ reply to this | link to this | view in chronology ]
Re: Re:
"You're assuming that anyone would want to steal their identities"
While the cliche is that Trump supported are dirt-eating rednecks, a surprisingly and depressingly reasonable number of them seem to have failed upwards like their hero. The question is how many of them have money left after funnelling millions to Trump's "legal fund" (i.e. his pockets).
[ reply to this | link to this | view in chronology ]
Hamas has graduated from "Terrorist group"
Hamas has graduated from terrorist group to political faction that sometimes uses terrorist methods. And while it has plenty of policies that I don't like, it gives a modicum of representation to peoples that are regarded as non-persons by the international community, especially those who are allies to Israel.
Hamas has a military wing. The US engages in drone strikes and targeted killings which remain without question in the realm of terrorism and may have a higher civilian casualty count than Hamas (The Afghanistan drone strike campaign averaged 40,000 civilian deaths a year. But it's ebbing and the Pakistanian program is in full swing. I don't have any numbers for Hamas.)
And the US Federal government is teeming with MAGA and QAnon adherents who hold and base policy on counterfactual claims.
[ reply to this | link to this | view in chronology ]
Re: Hamas has graduated from "Terrorist group"
Dangit, I submitted accidentally.
Between MAGA and Hamas, the former may actually be the greater terrorist threat.
[ reply to this | link to this | view in chronology ]
Re: Hamas has graduated from "Terrorist group"
The FBI should put MAGA & QAnon on the Gangs hotlist instead of calling them terrorists. Then they can have a taste of what they want for others!
[ reply to this | link to this | view in chronology ]
Re: Re: Hamas has graduated from "Terrorist group"
So they take revenge later? You are out of your mind!
[ reply to this | link to this | view in chronology ]
Gangs in the United States
Another opportunity to plug the You're Wrong About podcast. In the episode on Gangs, Michael Hobbes deconstructs the notions we have about street gangs, which had -- in the minds of law enforcement and news media -- developed an Antifa-like reputation in the nineties as a pervasive well-armed threat that dominates municipal centers. (Gangs picked up the bogeyman mantle dropped by the serial killers of the seventies and eighties, and later taken up by the Islamist terrorists of the aughts.)
One question was how a street gang can be a pack of uncivilized feral teens who cannot be negotiated with, except through violence and yet is simultaneously a global syndicate vertically stacked producers and distributors of drugs, with prostitution, booking and hit jobs on the side.
Amusingly, the Saints Row series of video games capitalized on the notion that street kids wearing gang colors could elevate themselves to international celebrity with armies of homies and fleets of gunships by sheer force of will and street-cred.
Oversight reviews of collected dossiers on street gangs by Violent Gang Task Forces (The FBI has one) revealed they have about as much actual data on youth groups and drug supply networks as Heinrich Kramer did regarding witches when he wrote the Malleus Maleficarum. These reports were less about understanding the street-teen gang-member as demonizing him so he could be easily dispatched.
So at the point that even when Wikipedia has an article on Juggalo gangs, I'm skeptical -- pending evidence -- that it's anything more than either a) ICP fans who might also have other gang identities or motives to engage in gang behavior† or b) ICP fans who are driven by more common reasons to resort to crime (drug withdrawal will do it).
† Gangs often form as an ad hoc neighborhood watch, especially when another gang is shaking a community down. Since the 1990s, the most common gang to move into a town and cause trouble has been: law enforcement.
[ reply to this | link to this | view in chronology ]
Re: Hamas has graduated from "Terrorist group"
"The Afghanistan drone strike campaign averaged 40,000 civilian deaths a year"
Meh, Trump managed 10x that number of Americans in less than a year
[ reply to this | link to this | view in chronology ]
Privacy???
Why do people think Parler is privacy focused when it is fully funded by the same investor who fully funded Cambridge Analytica? "Parler is privacy focused" should replace "military intelligence" as the de facto example of oxymoron.
[ reply to this | link to this | view in chronology ]
Re: Privacy???
Any non SSA who requires SSN is not concerned about your security.
[ reply to this | link to this | view in chronology ]
Re: Privacy???
"Why do people think Parler is privacy focused when it is fully funded by the same investor who fully funded Cambridge Analytica?"
Because they're stupid enough to be in Parler's target audience?
[ reply to this | link to this | view in chronology ]
Public Information
If users upload video or photographs that contain metadata, that's a choice of the user, not the platform. It's like complaining that a bot crawled your website and saw all the stuff.
[ reply to this | link to this | view in chronology ]
Re: Public Information
Yeah, but the platform chose to do two stupid, stupid things: (1) not strip location metadata from photos and videos and (2) setup its system so that someone could scrape the entire site by proceeding one increment at a time.
[ reply to this | link to this | view in chronology ]
Re: Public Information
"If users upload video or photographs that contain metadata, that's a choice of the user, not the platform"
Most platforms won't store that data, if for nothing else because they usually convert them to a format that's preferable to the platform, which will usually strip metadata in the process.
"It's like complaining that a bot crawled your website and saw all the stuff."
Strangely, that seems to be what happened here (someone noticed a flaw in their APIs and wrote a script that pulled all the data down). But, still, users should have a reasonable expection of basic security on the site.
Oh, and you're making the basic mistake of assuming that Parler's target audience would even know what metadata is, let alone how to remove it. There is no evidence they're close to being that aware of how things work.
[ reply to this | link to this | view in chronology ]
Run by the CIA?
Wouldn't that be perfect?
[ reply to this | link to this | view in chronology ]
'We here at Parler care about your privacy... pay absolutely no attention to our backers, our host, or our DDOS protection company, we pinky-promise they care too.'
[ reply to this | link to this | view in chronology ]
