A security researcher said she has scraped and is archiving 99 percent of Parler’s public posts, as the social-media network goes offline following suspensions from Amazon, Apple and Google.
Archived content includes public posts from the social-media site. These posts reportedly included Parler video URLs made up of raw video files with associated embedded metadata – and precise GPS coordinates of where the videos were taken, sparking privacy concerns about the service’s data collection.
The researcher behind the archival effort, who goes by @donk_enby on Twitter, told Threatpost that no private information was disclosed as part of the effort – all archived posts were already publicly available via the web.
Parler, which launched in 2018 and markets itself as a “free speech social network,” has a significant user base of supporters of Donald Trump, conservatives and right-wing extremists. As of November, the site had 10 million total users.
The Jan. 6 storming of the U.S. Capitol building led to several U.S. tech giants cracking down on the service, including Apple and Google banning the app from their respective app marketplaces. That’s because several organizations, including the Atlantic Council, have called out Parler for not moderating its “town square,” allowing users to publicizing the protest for weeks.
Meanwhile, Amazon reportedly informed Parler it was removing it from its web hosting service on Sunday night, essentially stripping it of the infrastructure it relies on to operate. Parler for its part on Monday filed a complaint against Amazon, alleging that it was kicked off for political and anti-competitive reasons.
On the heels of the Capitol riot, @donk_enby on Jan. 6 began to archive the posts. With Sunday’s news of Amazon stripping Parler from its web hosting service, she ramped up her efforts, saying on Twitter she was crawling 1.1 million Parler video URLs and calling for others to join in on the effort.
Contrary to various reports circulating on Reddit and other internet forums, there is no evidence that Parler was actually hacked; according to reports, @donk_enby was able to reverse-engineer the Parler iOS app, in order to discover a web address that the application uses internally to retrieve data.
This scraped data is slowly being fed into the Internet Archive (archive.org), a non-profit digital library of internet websites, @donk_enby told Threatpost. While no public data is currently available, “things will be available in a more accessible form later,” tweeted @donk_enby.
She said on Twitter that the effort was akin to “a bunch of people running into a burning building trying to grab as many things as we can” and “people can do whatever they want with it.” As of Jan. 10, she estimated the total size of scraped data to be around 80 terabytes.
On Monday, @donk_enby dispelled rumors posted on Reddit forums that said that private data had been scraped as part of the archival effort, reiterating that only content publicly available via the web is being archived. Data such as email addresses, phone numbers, private messages or credit-card numbers were not affected (unless they were publicly posted), she said.
However, that public data – including the GPS coordinates from the image metadata – could pose a privacy concern when it comes to what Parler was collecting from its users. Previously, the service has come under fire for asking users for their Social Security numbers and photo-ID images in order to become a verified account on the platform.
Chris Vickery, director of cyber risk research with UpGuard, told Threatpost many services remove this metadata when images and videos are uploaded to their site. Because Parler kept this metadata in, it reveals data attached to user phones, including GPS coordinates or phone models.
“Parler was not a bastion of security,” he told Threatpost.
Threatpost has reached out to Parler for further commentary and has not yet heard back.
“There might be legal impact for particular Parler users, but there’s also an increased privacy and security risk,” security professional John Opdenakker told Threatpost. “Because of the location data and other (meta) data that now becomes easily retrievable about Parler users, it’s simple to identify, locate them and reconstruct their whereabouts. This particular information could also be abused, for instance in online attacks against Parler users.”
Overall, Opdenakker stressed the incident is an important reminder that everything people put on the internet stays on the internet – even when a service is shut down.
“The fact that you no longer see particular content online doesn’t mean per se that the data is effectively deleted,” Opdenakker told Threatpost.
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar – Jan. 20, 2 p.m. ET.