Parler Taken Offline.

Billing itself as a “Free Speech Social Network” – the hive of racists, fascists, and those calling for violence has been taken offline, here’s how.

If you search google for “Parler” you still get the cached results from the now defunct social network for “free speech” that was an online organizational rallying point for many of the fascists and racists who gathered in Washington, D.C. on January 6th. Continued calls for violence in DC and in state capitals around the country against capitol buildings, government officials, anti-hate organizations like Black Lives Matter, or anyone else classified by the vicious thugs as “ANTIFA” on the platform; led Amazon Web Services (AWS) to cancel the service contract made with Parler.

Many other service providers have followed suit, leaving Parler unable to give its users a platform. Parler chief executive John Matze told Fox News that “every vendor from text message services to email providers to our lawyers all ditched us too.” Due to the negligence of the designers and coders who worked for the company, users’ data was available for anti-fascists, hackers, and adroit investigators to download for later use.

Casual internet use has become a mindless exercise, it’s unusual to put thought into the nuts and bolts of how a website works. What is ostensibly a simple tool for people to post words and pictures hides a plethora of modules, services, and customizations coming together to make the site. Much of what modern coders do pulls bits and pieces of existing code libraries together to achieve the end result they desire. There are often hundreds of thousands of hours poured into these individual modules that can be used for free or as part of a service model by sites like Parler to implement their features without having to spend the time needed to develop these things themselves.

Parler was created on a budget, meaning they used service models to provide things like the login and authentication control of users. The loss of this key service on Friday (1/8), by service provider Twilio, should have taken Parler offline at that point. However, in an effort to keep the site and app online, the coders responsible for Parler simply changed the code of the site allowing people to register new accounts without authenticating their email addresses, instead of stopping authentication and locking their users out. Activists were able to register new accounts without any feedback from the now by-passed system.

Activists were able to read the implementation of the hobbled authentication system and determine how different parts of the website worked. Most importantly they were able to determine that whenever a user uploaded a file, the site’s file system named the file with sequential number and stored it in a single location. The site’s administration module used a simple marker to change what it showed in the user’s web browser, if they were a site-wide admin or a regular user.

The newly made accounts had access to all of the content that had ever been uploaded to the site, including parleys (messages on the site), video, images, user profiles, user information, and user level administration and group moderation rights. Essentially any information that any Parler user had ever posted to the site was available. Activists downloaded all data, including “deleted” posts, that had been uploaded to the site and managed to collect 99% of what had been on the site (over 70 TB worth) in the time between when the authentication service was taken offline and the time that Amazon Web Services stopped servicing the account.

Some of the most crucial information gathered and submitted to law enforcement was the verified identity program ran by Parler called “Real Citizen” on their app. To be a verified “Real Citizen,” Parler users had to upload photos of their government issued photo ID along with their social security number, and this information was kept on Parler’s servers associated with the account it verified. As Parler allowed an element of anonymity by not having real names for accounts or requiring users to identify their real location or associations, this mountain of information will be invaluable in connecting those who posted the most violent messages and instigations with their real identities.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s