Link

FYI for those that do not know the difference. A data scrape is not necessarily a hack. They use legal, but questionable means, to access the APIs of websites to automate massive amounts of data archiving.

Quote:The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.

“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors.

Security researchers claim that the scraped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license.

However, after the news about the data scrape went global, the author of the hack @donk_enby explained in a tweet that neither her nor others have collected any personal data that Parler users did not make public themselves.

“Only things that were available publicly via the web were archived. I don’t have you e-mail address, phone or credit card number. unless you posted it yourself on Parler,” she stated on Twitter.

The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.

Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence.

(01-12-2021 11:47 AM)bobdizole Wrote:  Link

FYI for those that do not know the difference. A data scrape is not necessarily a hack. They use legal, but questionable means, to access the APIs of websites to automate massive amounts of data archiving.

Quote:The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.

“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors.

Security researchers claim that the scraped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license.

However, after the news about the data scrape went global, the author of the hack @donk_enby explained in a tweet that neither her nor others have collected any personal data that Parler users did not make public themselves.

“Only things that were available publicly via the web were archived. I don’t have you e-mail address, phone or credit card number. unless you posted it yourself on Parler,” she stated on Twitter.

The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.

Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence.

Just have to laugh at the characterization. This is obviously a left wing outfit that wrote this. They can deny it but their use of language betrays them, as well as their zeal to get law enforcement after conservatives.

Unlike twitter, Parler is welcoming to ALL posters. They don't drive them off or ban them, unless they have committed a crime. To the far left, it may appear a "far right" site but part of that is that they don't like the idea of free speech. They don't like any outlet that lets conservative voices be heard.

(01-12-2021 12:39 PM)MileHighBronco Wrote:  

(01-12-2021 11:47 AM)bobdizole Wrote:  Link

FYI for those that do not know the difference. A data scrape is not necessarily a hack. They use legal, but questionable means, to access the APIs of websites to automate massive amounts of data archiving.

Quote:The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.

“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors.

Security researchers claim that the scraped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license.

However, after the news about the data scrape went global, the author of the hack @donk_enby explained in a tweet that neither her nor others have collected any personal data that Parler users did not make public themselves.

“Only things that were available publicly via the web were archived. I don’t have you e-mail address, phone or credit card number. unless you posted it yourself on Parler,” she stated on Twitter.

The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.

Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence.

Just have to laugh at the characterization. This is obviously a left wing outfit that wrote this. They can deny it but their use of language betrays them, as well as their zeal to get law enforcement after conservatives.

Unlike twitter, Parler is welcoming to ALL posters. They don't drive them off or ban them, unless they have committed a crime. To the far left, it may appear a "far right" site but part of that is that they don't like the idea of free speech. They don't like any outlet that lets conservative voices be heard.

I don't disagree, it's obviously a left leaning article. My point is more the abysmal security of the site is likely going to lead to some serious trouble for it's users

Quote:A key reason for her success: Parler’s site was a mess. Its public API used no authentication. When users deleted their posts, the site failed to remove the content and instead only added a delete flag to it. Oh, and each post carried a numerical ID that was incremented from the ID of the most recently published one.

The rookie code made it easy to automate the scraping, as this script used by donk_enby’s archival team demonstrates. As a result, massive numbers of posts that discussed the insurrection before, during, and after it was carried out will be preserved indefinitely so that they’re available to researchers, journalists, prosecutors, and others.

Another amateur mistake was Parler’s failure to scrub geolocations from images and videos posted online. Sites like Twitter and Google routinely remove such metadata from content posted by their users. The video files hosted on Parler, by contrast, were “raw,” meaning they still contained this information.

And once the police don't start rounding people up like these liberals want, they'll disseminate the information amongst themselves to doxx users. Cyberbullying at its finest.

(01-12-2021 12:42 PM)bobdizole Wrote:  

(01-12-2021 12:39 PM)MileHighBronco Wrote:  

(01-12-2021 11:47 AM)bobdizole Wrote:  Link

FYI for those that do not know the difference. A data scrape is not necessarily a hack. They use legal, but questionable means, to access the APIs of websites to automate massive amounts of data archiving.

Quote:The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.

“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors.

Security researchers claim that the scraped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license.

However, after the news about the data scrape went global, the author of the hack @donk_enby explained in a tweet that neither her nor others have collected any personal data that Parler users did not make public themselves.

“Only things that were available publicly via the web were archived. I don’t have you e-mail address, phone or credit card number. unless you posted it yourself on Parler,” she stated on Twitter.

The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.

Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence.

Just have to laugh at the characterization. This is obviously a left wing outfit that wrote this. They can deny it but their use of language betrays them, as well as their zeal to get law enforcement after conservatives.

Unlike twitter, Parler is welcoming to ALL posters. They don't drive them off or ban them, unless they have committed a crime. To the far left, it may appear a "far right" site but part of that is that they don't like the idea of free speech. They don't like any outlet that lets conservative voices be heard.

I don't disagree, it's obviously a left leaning article. My point is more the abysmal security of the site is likely going to lead to some serious trouble for it's users

Quote:A key reason for her success: Parler’s site was a mess. Its public API used no authentication. When users deleted their posts, the site failed to remove the content and instead only added a delete flag to it. Oh, and each post carried a numerical ID that was incremented from the ID of the most recently published one.

The rookie code made it easy to automate the scraping, as this script used by donk_enby’s archival team demonstrates. As a result, massive numbers of posts that discussed the insurrection before, during, and after it was carried out will be preserved indefinitely so that they’re available to researchers, journalists, prosecutors, and others.

Another amateur mistake was Parler’s failure to scrub geolocations from images and videos posted online. Sites like Twitter and Google routinely remove such metadata from content posted by their users. The video files hosted on Parler, by contrast, were “raw,” meaning they still contained this information.

Twitter and Google sell that data.

Parler in case you want to know, are now deleting or removing posts that are deemed to be illegal including stuff that calls for violence. What you guys called censorship by Facebook and Twitter is now happening to Parler. If you noticed a lot of the stuff Facebook and Twitter took down had words that promote or incite violence. The people who complained they are being censored are the ones who are using language to incite violence. Twitter banned the Cowboys 4 Trump because the leader of that group was calling for the death of all Democrats. Calling for the death of people who have a different view of you goes way too far. Those deleted posts will bring cases for the feds to go after the people who violently stormed the capitol with 6 dead, and number of people injured including police officers. Blue lives did not matter for the far right MAGA terrorists. Trump threw the police under the bus. He only cares about himself and nobody else.

data scrape = Hack

Wgaf

(01-12-2021 01:12 PM)bullet Wrote:  

(01-12-2021 12:42 PM)bobdizole Wrote:  

(01-12-2021 12:39 PM)MileHighBronco Wrote:  

(01-12-2021 11:47 AM)bobdizole Wrote:  Link

FYI for those that do not know the difference. A data scrape is not necessarily a hack. They use legal, but questionable means, to access the APIs of websites to automate massive amounts of data archiving.

Quote:The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.

“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors.

Security researchers claim that the scraped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license.

However, after the news about the data scrape went global, the author of the hack @donk_enby explained in a tweet that neither her nor others have collected any personal data that Parler users did not make public themselves.

“Only things that were available publicly via the web were archived. I don’t have you e-mail address, phone or credit card number. unless you posted it yourself on Parler,” she stated on Twitter.

The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.

Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence.

Just have to laugh at the characterization. This is obviously a left wing outfit that wrote this. They can deny it but their use of language betrays them, as well as their zeal to get law enforcement after conservatives.

Unlike twitter, Parler is welcoming to ALL posters. They don't drive them off or ban them, unless they have committed a crime. To the far left, it may appear a "far right" site but part of that is that they don't like the idea of free speech. They don't like any outlet that lets conservative voices be heard.

I don't disagree, it's obviously a left leaning article. My point is more the abysmal security of the site is likely going to lead to some serious trouble for it's users

Quote:A key reason for her success: Parler’s site was a mess. Its public API used no authentication. When users deleted their posts, the site failed to remove the content and instead only added a delete flag to it. Oh, and each post carried a numerical ID that was incremented from the ID of the most recently published one.

The rookie code made it easy to automate the scraping, as this script used by donk_enby’s archival team demonstrates. As a result, massive numbers of posts that discussed the insurrection before, during, and after it was carried out will be preserved indefinitely so that they’re available to researchers, journalists, prosecutors, and others.

Another amateur mistake was Parler’s failure to scrub geolocations from images and videos posted online. Sites like Twitter and Google routinely remove such metadata from content posted by their users. The video files hosted on Parler, by contrast, were “raw,” meaning they still contained this information.

Twitter and Google sell that data.

At least they anonymize the data before they sell it(well they claim to). This data scrape just told the whole world everything it's users ever posted and if they shared an image or video where they took it.

Quote:Even so, White points out that Parler appears to have failed to scrub geolocation metadata from images and videos before they were posted. So while the data that hackers have pulled from the site may be public, the result is that much of that archived content also contains Parler users' detailed locations, likely revealing the GPS coordinates of many of their homes. Data artist Kyle McDonald has already created a visualization of the locations of 68,000 of the archived Parler videos.

"This is as bad as it gets," White says. "It's gross incompetence on the part of Parler. They marketed themselves as a private, secure, unmoderated platform, and instead it's comedy hour."

Quote:arler's cardinal security sin is known as an insecure direct object reference, says Kenneth White, codirector of the Open Crypto Audit Project, who looked at the code of the download tool @donk_enby posted online. An IDOR occurs when a hacker can simply guess the pattern an application uses to refer to its stored data. In this case, the posts on Parler were simply listed in chronological order: Increase a value in a Parler post url by one, and you'd get the next post that appeared on the site. Parler also doesn't require authentication to view public posts and doesn't use any sort of "rate limiting" that would cut off anyone accessing too many posts too quickly. Together with the IDOR issue, that meant that any hacker could write a simple script to reach out to Parler's web server and enumerate and download every message, photo, and video in the order they were posted.

"It's just a straight sequence, which is mind-numbing to me," says White. "This is like a Computer Science 101 bad homework assignment, the kind of stuff that you would do when you're first learning how web servers work. I wouldn't even call it a rookie mistake because, as a professional, you would never write something like this."

Services like Twitter, by contrast, randomize the URLs of posts so they can't be guessed. And while they offer APIs that give developers access to tweets en masse, they carefully restrict access to those APIs. By contrast, Parler had no authentication for an API that offered access to all its public contents, says Josh Rickard, a security engineer for security firm Swimlane. "Honestly it seemed like an oversight, or just laziness," says Rickard, who says he analyzed Parler's security architecture in a personal capacity. "They didn’t think about how big they were going to get, so they didn’t do this properly."

This is almost as bad the time a large restaurant chain started selling e-gift cards....in numerical order

(01-12-2021 01:16 PM)DavidSt Wrote:  Parler in case you want to know, are now deleting or removing posts that are deemed to be illegal including stuff that calls for violence. What you guys called censorship by Facebook and Twitter is now happening to Parler. If you noticed a lot of the stuff Facebook and Twitter took down had words that promote or incite violence. The people who complained they are being censored are the ones who are using language to incite violence. Twitter banned the Cowboys 4 Trump because the leader of that group was calling for the death of all Democrats. Calling for the death of people who have a different view of you goes way too far. Those deleted posts will bring cases for the feds to go after the people who violently stormed the capitol with 6 dead, and number of people injured including police officers. Blue lives did not matter for the far right MAGA terrorists. Trump threw the police under the bus. He only cares about himself and nobody else.

Blah, blah, blah. How did Twitter handle Kathy Griffin posting a picture of her holding Trump's severed head? Oh right, they called that "free speech." Fakebook also refused to flag that as incitement of violence.

And your BLM/Anqueefa buddies have left a lot more than 6 dead. Do you call them terrorists? Nah, you'd bend the knee and kiss their @ss if they showed up at your doorstep telling you to submit to them.

(01-12-2021 01:28 PM)No2rdame Wrote:  

(01-12-2021 01:16 PM)DavidSt Wrote:  Parler in case you want to know, are now deleting or removing posts that are deemed to be illegal including stuff that calls for violence. What you guys called censorship by Facebook and Twitter is now happening to Parler. If you noticed a lot of the stuff Facebook and Twitter took down had words that promote or incite violence. The people who complained they are being censored are the ones who are using language to incite violence. Twitter banned the Cowboys 4 Trump because the leader of that group was calling for the death of all Democrats. Calling for the death of people who have a different view of you goes way too far. Those deleted posts will bring cases for the feds to go after the people who violently stormed the capitol with 6 dead, and number of people injured including police officers. Blue lives did not matter for the far right MAGA terrorists. Trump threw the police under the bus. He only cares about himself and nobody else.

Blah, blah, blah. How did Twitter handle Kathy Griffin posting a picture of her holding Trump's severed head? Oh right, they called that "free speech." Fakebook also refused to flag that as incitement of violence.

And your BLM/Anqueefa buddies have left a lot more than 6 dead. Do you call them terrorists? Nah, you'd bend the knee and kiss their @ss if they showed up at your doorstep telling you to submit to them.

lulz, ok, I'm going to start using that term, primarily because it is so fitting.

Quote:The researcher, who asked to be referred to by her Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence. According to the Atlantic Council’s Digital Forensic Research Lab, among other sources, Parler is one of a several apps used by the insurrections to coordinate their breach of the Capitol, in a plan to overturn the 2020 election results and keep Donald Trump in power.

https://gizmodo.com/every-deleted-parler...1846032466

doesn't the twitters have a policy against spreading information that was acquired via "hacking"?