Hacker Archives Every Deleted Parler Post -“Very Incriminating” UPDATE


UPDATE: FAR WORSE THAN WE THOUGHT:

By Monday, rumors were circulating on Reddit and across social media that the mass disemboweling of Parler’s data had been carried out by exploiting a security vulnerability in the site’s two-factor authentication that allowed hackers to create “millions of accounts” with administrator privileges. The truth was far simpler: Parler lacked the most basic security measures that would have prevented the automated scraping of the site’s data. It even ordered its posts by number in the site’s URLs, so that anyone could have easily, programmatically downloaded the site’s millions of posts.

Parler’s cardinal security sin is known as an insecure direct object reference, says Kenneth White, codirector of the Open Crypto Audit Project, who looked at the code of the download tool @donk_enby posted online. An IDOR occurs when a hacker can simply guess the pattern an application uses to refer to its stored data. In this case, the posts on Parler were simply listed in chronological order: Increase a value in a Parler post url by one, and you’d get the next post that appeared on the site. Parler also doesn’t require authentication to view public posts and doesn’t use any sort of “rate limiting” that would cut off anyone accessing too many posts too quickly. Together with the IDOR issue, that meant that any hacker could write a simple script to reach out to Parler’s web server and enumerate and download every message, photo, and video in the order they were posted.

‘It’s just a straight sequence, which is mind-numbing to me,” says White. “This is like a Computer Science 101 bad homework assignment, the kind of stuff that you would do when you’re first learning how web servers work. I wouldn’t even call it a rookie mistake because, as a professional, you would never write something like this.”

https://www.wired.com/story/parler-hack-data-public-posts-images-video/

We thought that by wandering over to Parler we could breathe easy with our comments.  After all we thought we would not be censored for the most part and it appeared it was going to be live and let live. No data mining. (Chuckle time)

We are in for a nasty shock.

We could fire off a comment feeling free as a twitter bird.. well a bird then. Sort of like the early days of E-Mail.

Now we find that all of our comments and videos are identifiable to us, most including our location, have been harvested from Parler.

BACK TO THE STORY:

Want to know how it works?:

“I want this to be a big middle finger to those who say hacking shouldn’t be political,” said @donk_enby, whose efforts are documented at ArchiveTeam.org. She says that the data will eventually be hosted by the Internet Archive.

Our concern with Parler should have started in November

@donk_enby told Gizmodo that she began digging into Parler after the company issued denials about an email leak unearthed by the hacktivist Kirtner, who has been credited with founding the hacker group Anonymous. @donk_enby said she was able to independently locate the same material herself at the time.

Kirtner, creator of 420chan — a.k.a. Aubrey Cottle — reported obtaining 6.3 GB of Parler user data from an unsecured AWS server in November. The leak reportedly contained passwords, photos and email addresses from several other companies as well. Parler CEO John Matze later claimed to Business Insider that the data contained only “public information” about users, which had been improperly stored by an email vendor whose contract was subsequently terminated over the leak. (This leak is separate from the debunked claim that Parler was “hacked” in late November, proof of which was determined to be fake.) –Gizmodo

Following last week’s incursion into the US Capitol building by Trump supporters and the founder of a BLM group, a researcher who goes by the Twitter handle @donk_enby got to work archiving every post from that day made on Parler – a conservative alternative to Twitter where many claim the protesters coordinated leading up to the incident which left five people dead. Enby calls the evidence “very incriminating.”

Then, after Amazon announced that they were going kill conservative Twitter rival Parler, @donk_enby began archiving posts prior to the 6th, ultimately preserving approximately 99.9% of its content, according to Gizmodo.

Hoping to create a lasting public record for future researchers to sift through, @donk_enby began by archiving the posts from that day. The scope of the project quickly broadened, however, as it became increasingly clear that Parler was on borrowed time. Apple and Google announced that Parler would be removed from their app stores because it had failed to properly moderate posts that encouraged violence and crime. The final nail in the coffin came Saturday when Amazon announced it was pulling Parler’s plug. –Gizmodo

Included in the data harvest is “original, unprocessed, raw files uploaded to Parler with all associated metadata.

As Gizmodo notes, aside from obvious privacy implications, the archived data may serve as a “fertile hunting ground for law enforcement,” after dozens of suspects have been arrested in recent days following last week’s incident.

Of course, the data can also be used to help doxx conservatives by cancel-crusaders on the left, who go to great lengths to ruin the lives of their ideological opponents.

Before we go and sign up at the next social media upstart “Let the Buyer Beware!”

After all we would follow Trump into the fires of hell. Most of us were spared with the worse of this one.

I for one do not want to hear anymore from Parler and their spokes people. What you allowed to happen is far worse than any data mining. What say you?

H/T: Zero Hedge

Gizmodo

Everything super fine in the swamp….. would someone ask Parler about this breech?

48 Responses to “Hacker Archives Every Deleted Parler Post -“Very Incriminating” UPDATE”

  1. Aussies go full Orwellian – require ID to use social media? | BUNKERVILLE | God, Guns and Guts Comrades! Says:

    […] Hacker Archives Every Deleted Parler Post -“Very Incriminating” UPDATE […]

    Like

  2. Skip Patel Says:

    We need a substitute for Twitter…however, Parler ain’t it.

    Parler is modelled after the “Church of Scientology” and in spite of their P.R. requires the most intrusive and dangerous data handover ever attempted by a business in the USA.
    Those who have been scammed into giving up their bio metric ID’s (Required driving licenses in 48 states..all 50 in October 2021) Facial recognition (“blinking videos”?) and Social Security information, should think twice before accepting any excuses from Parler management.

    I should have warned you off of these scammers months ago…but I was having problems with my heart monitor.

    If you have any doubts about the veracity of what I am say…..say so.
    I’ll arrange some sort of conference call via Always on Watch….who I have known for ages.

    Don’t get fooled again.

    Liked by 1 person

    • bunkerville Says:

      Thanks Skip for your comment… I am so sick of the faux outrage of the executives from Parler including Bongino who is no doubt going to lose a boatload of his stash over it when they no doubt sentenced thousands of patriots to dubious legal jeopardy my revealing their comments.

      Like

  3. Hacker Archives Every Deleted Parler Post -“Very Incriminating” – Freedom Is Just Another Word… Says:

    […] Hacker Archives Every Deleted Parler Post -“Very Incriminating” […]

    Liked by 1 person

  4. Mustang Says:

    If only —

    Someone much, much smarter than I am within the GOP configuration had figured out that the American political system is a swinging pendulum … and that the swing is only a matter of time, then perhaps someone much, much smarter than I am might have begun to develop a battle plan to retain the White House, the Senate, and regain the House back, oh … around 2017.

    If only —

    Our president had spend more time winning friends and influencing people in the wealthy corporate structure, who control the media (which is a kind of monopoly conglomerate) and less time on his inane twitter campaign …

    If only —

    There had been a full press program organized by thoughtful philosophers that made a convincing argument for conservative values, rather than so much wasted time and effort on name-calling, and directed such a campaign toward the new voter demographic …

    Then —

    None of us would be concerned about the Soviet-styled takeover being shaped even as I write this. It is enough to lead one to the conclusion that we may have finally identified the true enemy of the American Republic. It is us. Mr. Franklin gave us a warning. Mr. Lincoln gave us a warning. Mr. Reagan gave us a warning. But these sage notices came so long ago, no one today remembers — and so now we must suffer yet another unlearned lesson from history.

    We are pathetic. No, really — utterly pitiable if we all know that we are being regularly tracked on our cell phones, our text messages, our credit card purchases, our unreserved banter a blogspot, WordPress, and any number social platforms … and yet continue our unrestrained use of these applications to give the government (and all of its media minions) free access to what we are thinking, what we are doing, with whom, and where … and then act as if we are shocked by such revelations.

    IMO, we owe a debt of gratitude to Bunkerville for providing us with information about what’s going on around us. We certainly do not get this information in the media — which I assume has decided that we don’t need to know it. I don’t know how many people in our country share our concerns, our fears for the Republic. All I know is that it at least appears as if no one is acting on these concerns. Perhaps this is the result of the fact that — at my position, anyway — there is little that we can do about this horrid situation. Except perhaps follow the example of Paul and Silas, who spent more time in prayer and less time friending someone on Facebook. Man made things always pass away. This once great Republic was man made.

    But then —

    What do I really know … about anything?

    Liked by 5 people

    • bunkerville Says:

      What I found particularly disturbing is how willing, apparently, millions were willing to pick up stakes and follow Trump off the cliff. This was a special kind of rope a dope. You needed to add your personal info to be “blessed” to comment… Yes, we all know deep down that all our info is being kept at the Utah Data Center curtesy of the CIA…. but this?
      This was like a child porn site, set up by the Feds…everyone flushed with the excitement of the moment was lured in to make comments right on the edge or more.
      Now they will be punished. The FBI is no doubt combing through them as we speak. Et tu Brute?

      Liked by 4 people

    • kidme37 Says:

      Geeezix Mustang, Nobody’s perfect 🙂

      Liked by 3 people

    • Mustang Says:

      “ … Already long ago, from when we sold our vote to no man, the People have abdicated our duties; for the People who once upon a time handed out military command, high civil office, legions — everything, now restrains itself and anxiously hopes for just two things: bread and circuses.”

      —Juvenal c. 140 A.D.

      Liked by 2 people

  5. geeez2014 Says:

    I don’t quite follow what this is saying Parler did……….perhaps they archived to show later they had NOT inspired insurrection, etc if taken to court? Man, compared to allowing the Ayatollah and others to spew their hate, I’d say Parler didn’t do much wrong….but maybe I’m not grasping this whole thing.
    Actually, I wish I didn’t…. Did you hear now they’re suggesting Cruz and Hawley should be denied FLYING on commercial planes? ARE WE NUTS?

    Liked by 2 people

  6. Adrienne Says:

    WordPress just hassled the hell out of me to get to comments and likes. Arrrrgh

    I’ve never trusted any of the socialist media sites and post nothing personal. My blog has more personal than I like too. And I’ve known about Parler and not trusted them since the get go. I’m exploring options since it’s just a matter of time before Blogger goes sideways.

    I keep telling people to have written (pen and paper) backups of everything and keep it in a safe place. Delete everything from your computer (I know it’s not gone, as in gone-gone, but it’s the best we can do.) I’m also exploring more secure email options like Proton.

    The cloud? Never!!

    Liked by 3 people

  7. Always On Watch Says:

    Beyond disheartening!

    Liked by 2 people

  8. Sparky Says:

    Well, let them try to get to me. Many will be taking a dirt nap if they get too close. And internet threats are like pissing in the wind. They’re gonna get wet. I’ve already had things deleted and been banned. Gee, whiz, what children. I kept right on living, smiling with my friends and enjoying myself like always.
    God showed me something this morning in Acts. Please pray Acts 4:31 concerning January 20th. God can shift the atmosphere to His bidding and His will for His glory just like He did for the Apostle Paul & Silas while they were unjustly imprisoned. May it please our loving LORD to save us, but even if not, we still give Him the glory.
    Sending Love & Prayers To All My Patriot Friends xx

    Liked by 6 people

  9. kidme37 Says:

    I always figured safe, uncensored alternatives to the ones we all know were traps. Like Ted Bundy suggesting to the cops that they show pedophile and snuff movies and check out who shows up.
    Anyway, I haven’t used any of it. This would include TOR and probably those untraceable VPN’s. Isn’t it hilarious that you have to pay for some of this stuff? Like paying have a listening device put in your home sold by the people who censor you all day. Le Sigh.

    But I head Paler even wanted your drivers license #. Geeezus.

    Liked by 3 people

  10. peter3nj Says:

    Seriously folks, bi-partisan politics are in the dustbin of history as is this guy’s occupation…..

    Liked by 4 people

  11. markone1blog Says:

    Didn’t Section 230 protections apply to Parler (just as Twitter cannot be charged for the Antifa material still up on their platform)? How could anything be “incriminating” if Section 230 protections apply?

    Like

  12. Ed Bonderenka Says:

    There is no privacy on the internet.
    Very little in meatspace.
    Act accordingly.

    Liked by 8 people


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: