Security News

Parler data scraped and archived by online activists

Emma McGowan, 11 January 2021

Here's what online activists were up to before right-wing social network Parler was taken offline

A hacker who has asked to be called by her Twitter handle, @donk_enby, has scraped and archived data from the social network Parler, which bills itself as the “premier free speech social network.” Parler was a major meeting and planning place for people planning the deadly storming of the US Capitol last week. It was removed from the Apple App Store, Google Play Store, and Amazon Web Services (AWS) for violating those companies’ terms of service, shortly after the violent insurrection.

The scrape includes profile data, user information, videos (including geolocation of some), deleted posts, and information about who had admin rights for certain groups. It also includes information collected by the network for its “Verified Parler Citizen” program — similar to the “blue check” used for verified users on more mainstream social media sites — which included government issued IDs.

In a tweet on January 11, @donk_enby clarified that “only things that were available publicly via the web were archived. i don't have you [sic] e-mail address, phone or credit card number. unless you posted it yourself on parler.”

According to her tweets, @donk_enby was in the process of scraping Parler on January 9 when it was announced that AWS would stop hosting the network on the morning of January 11. At that point, she doubled down on her efforts and recruited other hackers to help her get everything archived before the network was taken down.

“For the journalists DMing me to ask, in non-technical terms, I'd describe the current Parler archival situation as ‘a bunch of people running into a burning building trying to grab as many things as we can,’” she tweeted.

The task was made easier when Twilio, a popular cloud communications platform, dropped Parler on January 10. This made phone verification and two-factor authentication on Parler impossible, allowing hacktivists to easily create profiles in order to get access to the network.

@donk_enby describes herself as a “Meiklejohnian absolutist” in her Twitter profile. Alexander Meiklejohn was a free speech advocate in the late 19th and early 20th centuries who believed that the First Amendment guarantees the right to open discussion of all issues — including unpopular viewpoints. He argued that free expression was essential for self-governance, a tenant of American democracy. On January 11, @donk_enby tweeted “what I’ve done is the opposite of censorship.”

Speaking with Gizmodo about the scrape, @donk_enby said that she wanted this move to be “a big middle finger to those who say hacking shouldn’t be political.”

Unless Parler manages to quickly migrate their network to a new platform (which is not likely, according to a Twitter thread from Duckbill Group’s Corey Quinn), this may be the last hack of their data. But it’s certainly not the first: Aubry Cottle, the founder of 420chan and the hacktivist group Anonymous, discovered 6.3 GB of data that reportedly contained passwords, photos, and email addresses of users back in November 2020. The site has been criticized almost from inception for its less-than-robust security practices.

While the data is now off of the Parler network, it technically hasn’t been “exposed,” because the information that @donk_enby scraped was posted publicly to the site. Parler calls itself “the neutral town square” and had 15 million members before it was taken down: It’s impossible to be “private” in a room of 15 million people. It’s a good reminder that all spaces online -- no matter how “private” they may feel -- can ultimately be public. 

However, Parler users who are concerned about other information being made public can take the usual security measures: change your passwords, enable two-factor authentication everywhere you can, and turn off geolocation on your photos moving forward. These moves won’t affect any data that has already been exposed but will help protect you moving forward.