Its Been A Bad Week for Parler and it is Only Monday

First Apple and Google removed the Parler app from both of their app stores.

Then Amazon kicked them off Amazon’s AWS platform for violating their terms of service.

That would seem like a problem for most companies, but that was the good part of their week.

Yesterday a security researcher who goes by the nickname “crash override” said that she was “crawling URLs for all videos uploaded to Parler”. About a million of them. Including ones that may have been deleted or marked private.

In total, about 70 terabytes of users’ posts was compromised.

And indexed and made public by the researcher.

This includes videos made and uploaded during the riot.

Which can be tied to the Parler user’s ID, IP address, etc.

Which if they were inside the Capitol during the riot …

But that is not all.

Parler’s CEO said that many of it’s vendors have decided that Parler’s money is not worth the reputational damage of being associated with them. Actually, he didn’t say that. He said “every vendor from text message services to email providers to our lawyers all ditched us too”. You draw your own conclusion. Credit: The Independent

Apparently Parler encouraged people to upload their drivers license to get a verified person badge. Not great if the videos show you participating in a felony.

The researcher said that her plan is to archive every single post from the day of the riot. I am sure that the thousands of FBI personnel working on the case will appreciate her thoughtfulness. Credit: Gizmodo

The response of one Parler user was “It would be a pity if someone with explosives training were to pay a visit to some AWS Data Centers – the location of which are public knowledge.”

This is the “party of law and order”.

As of the writing of this post, if you try to go to Parler’s web site you get a site not found message.

Parler has filed a lawsuit against Amazon and is trying to get a TRO.

Reports say that the researcher was able to exploit a bug in Parler’s API. This is not a big surprise as APIs are notoriously difficult to make secure.

From what I understand, Parler has some deep pocketed investors, but will they be willing to pony up more money after this? And will users come back after their privacy was destroyed? All of this remains to be seen.

Suffice it to say, this story will be in the news for a while and if I were someone who posted anything on Parler, I would be nervous the next time there is a knock on your door.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code