An Absurdly Basic Bug Let Anyone Grab All of Parler’s Data
The social media platform Parler rose to prominence as an outlet for free speech. In practice, it became a haven for disinformation, hate speech, and calls for violence, the sort of content generally blocked on more mainstream platforms like Twitter and Facebook. It’s fair to say, though, that by “free speech” the site’s creators didn’t mean that anyone could freely download every message, photo, and video posted to the site, including sensitive geolocation data. But a very basic bug in Parler’s architecture nonetheless seems to have made it all to easy to do just that.
Late Sunday night, Parler went offline after Amazon Web Services cut off hosting for the social media outlet, a decision that followed the site’s use as a tool to plan and coordinate an insurrectionist, pro-Trump mob’s invasion of the US Capitol building last week. In the days and hours before that shutdown, a group of hackers scrambled to download and archive the site, uploading dozens of terabytes of Parler data to the Internet Archive. One pseudonymous hacker who led the effort and goes only by the twitter handle @donk_enby told Gizmodo that the the group had successfully archived “99 percent” of the site’s public contents, which she said includes a trove of “very incriminating” evidence of who participated in the Capitol raid and how.