Yellow Flag 😷 @WPalant@infosec.exchange

@varx Interesting, yes. Maybe they got more data out after all – what I have is on Twitter from when the whole thing was still in progress.

@varx Archive Team themselves say 30 TB, I’m not sure where the various higher numbers come from. Not that it makes much difference…

Just realized that the Twitter server responds with “400 Bad Request” here. That’s IMHO a very unconventional way of saying: “Your request is fine but I don’t like the client you are using.”

I’ve looked through the available info and everything adds up. Yes, it seems that activists managed to archive at least 30TB of #Parler data. It’s now safe to use the past tense when speaking about Parler. Even ignoring the technical difficulties, there is no coming back from that.

I must say, for a “free speech” platform Parler had quite a lot of moderators (note: that’s not a full list). Maybe it wasn’t “free speech” after all but “only speech we like”? https://gist.github.com/d0nk/ef4e58645d3250851491e4550cb16e29

This means: all messages and videos have been downloaded in a crowdsourced fashion, via publicly available Docker images. Even presumably deleted messages were still in the database. And people’s driver license images that they used to get the “Verified Citizen” status.

This gets even bigger. If https://www.reddit.com/r/ParlerWatch/comments/kuqvs3/all_parler_user_data_is_being_downloaded_as_we/giu04o6/ is legit (and so far everything matches up), Twilio dropping Parler made them implement a work-around that left accounts wide open for takeover. Like: admin accounts. So people have been using that to scrape all “private” data.

@fabiscafe No, it doesn’t. It’s built on the latest ESR branch of Gecko. That’s at most seven versions behind Firefox and same as Tor Browser.

Hi #Twitter, this “browser” is the current Thunderbird release, a mail and RSS client. Its capabilities are no different from Firefox 78. How about you detect Gecko rather than detecting Firefox?

Better yet, do feature detection instead of UA sniffing: https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent

The story is developing, now it’s not merely AWS. Parler lost Twilio who they used to implement 2FA, they’ve been dropped by their email provider and pretty much all other third-party providers. As @sarahmei@twitter.com points out, this will be major hurdle for them. https://twitter.com/sarahmei/status/1348367076616929281

@PresGas It isn’t only AWS now, pretty much every other company severed their ties to them. Good luck pulling this off without being able to rely on any third party.

Very nice explanation of Parler being kicked off Amazon Web Services and what this means now. AFACT, everything is correct. Parler promises to be back online by Tuesday but I also consider that highly unlikely.

https://twitter.com/QuinnyPig/status/1348116976019771392

@whonose123 So far, booting the previous kernel always worked for me.

Every now and then, #Ubuntu for some reason will stop removing old kernels automatically. These fill up the /boot partition then and cause trouble. Found a support article on that, it seems that no linux-* packages should be marked as manually installed. https://help.ubuntu.com/community/RemoveOldKernels#Manual_Maintenance

Somehow it’s easier to create an SVG icon myself than to figure out attribution for the existing ones in a browser extension. I am very grateful for #Ionicons that are available under a regular MIT license. Too bad they don’t have everything I need.

https://ionicons.com/

@lx Mozilla’s you mean? Yes, it’s against policies and shouldn’t be there. That’s why Mozilla used to pre-moderate all add-ons some years ago. Then they switched to post-moderation which quite expectedly turned into no moderation for most add-ons.

I reported it of course, just to see whether their official reporting process works.

So, somebody published a #Firefox add-on that does only one thing: open a new tab with the author’s website (which no longer exists). More than two years and ten 1-star reviews later, that add-on is still on #Mozilla Add-ons and has >400 users. Yeah, moderation works…

I got #PfP migrated to #Vue 3. It’s an extremely ungrateful job, nobody is going to notice a difference. The code got slightly simpler and more consistent. Also, one weird bug gone – but probably a dozen new ones added that I didn’t notice yet.

https://github.com/palant/pfp/commit/911a3dfefac5bc2ee7ff48235ecda2aeb1e5186a

For reference: this is most likely my own fault, for keeping Vue as an external script which is opaque to Rollup. I guess that I’ll need to figure out better ways of bundling it.