Published January 20, 2021
I was intrigued by some of the stories around the shutdown of right-wing nazi friendly social media site Parler.
Not so much the cascading shutdown of access to the Internet. Similar fates happened to sites like The Daily Stormer and others. There’s no “free speech” issue here, of course. Private internet providers can have whatever customers they want.
What was intriguing was the effort by 3rd parties to exfiltrate ALL of the data on Parler. It happened between the announcement by AWS that they were going to terminate Parler’s hosting and Sunday when the shutdown actually happened. During that time, 3rd party a group of dedicated tech people managed to copy off every video and message from the site.
This wouldn’t normally be possible.
Two things were helpfully discovered about Parler. Unlike any mature social media site, every “post” on Parler was numbered sequentially. What that is helpful is it means you can take the URL for any given post and know the URL that came before and came after it. It’s then easy to write a program which will generate URLs for all of the posts on Parler. And download them.
Including videos. Possibly including “deleted” material. Including all of the material from January 6th.
The other helpful feature of Parler is they don’t limit how fast you can make these requests.
This enabled the effort of exfiltrating the Parler data easy because the job could be shared among arbitrary numbers of people all over the internet. They estimate at some points they were pulling data off at the rate of 50GB a second.
Overall they retrieved 56TB of data. The goal is to make a searchable archive that can be used by different people for different reasons. Journalistic research, law enforcement access, malicious doxing. The hacker who spearheaded the effort describes themselves as basically an anarcho socialist.
To me the success of this completely exposes as a lie Parler’s CEO’s claim that they were shut down because the big tech companies were scared of competition. Parler was no competition. At best they had about 4M users and an amateur level design that had never been battle tested or hardened in the way Twitter and others had over their many years of existence.
Sequential post IDs and no rate limiting of service are both amateur level design errors and indicate they had never really been tested and so didn’t need to be fixed previously. Plus one could ponder if they were able to get “only the best people” to develop Parler.
Ultimately it’s a convenient way to track down folks who really wanted to flaunt being on the wrong side of history. Since of course one of the benefits of Trump has been to expose many people for what they really are. There hanv’t been a lot of benefits but this one is handy.
Anyway, I wanted to jot down notes about the “attach” such as it was. These articles are decent on the topic and match up with what the hacker themselves said about their work on Twitter.
https://www.wired.com/story/parler-hack-data-public-posts-images-video/