Parler was poorly made. Good websites can lose data, sure, but generally it’s not dozens of TB all at once.
Perfect Timing
Parler. The website started as an attempt to regain internet-footing lost when Facebook, Twitter, and others began banning hate speech. The worst of the alt-right can’t survive without hatred, so this was a very big issue for them. The creators of Parler hoped to cash in quick and assemble a website just for them.
Regardless of what you believe politically, making websites as a reaction to other website’s actions almost never works well, especially if they want to keep that other site’s format. If the website’s creator couldn’t manage a good, testable idea, then it’s very likely they don’t fully understand what makes Facebook or Twitter tick. The knock-off’s going to have problems the original took care of ages ago.
They also don’t know why the original made the decisions they did. Websites don’t just make changes because they hate their users, they make changes because something is inefficient or broken. Maybe a feature just didn’t scale like it was supposed to, maybe the change is just to make the site more tolerable to advertisers. Inefficiencies. See VOAT: Reddit dropped those problem pages because they were creating problems, VOAT picking those guys up essentially doomed it. Reddit wouldn’t have dropped them unless they were forced to!
Security – Anyone Else Would Have Caught It
It’s important to have security pros on the team somewhere, but Parler’s founders genuinely didn’t know how poor their security was. Alternatively, they might have been so small that security wasn’t an issue until they got big.
For example, their API. The API, or the Application Programming Interface, acts as the exchange between the software of the application and the world. The API takes requests from the user to the server, and then information from the server to the user. It acts as a middleman between the front end and back end of a website. Normally, the API prevents direct access to the backend because it makes DDoSing a site harder. The more steps there are in front of a server, the harder a botnet is going to have to work to crash it. The API is also supposed to be protected by credentials, to allow access to the back-end by authorized users. This prevents content-scraping by outside forces.
It’s like the truck door in a warehouse, and only employees are allowed in. To get in, the employees need to have credentials. In Parler’s case, that truck door was left open, and the guy who downloaded the 54 TB of data just strolled right in. Anybody could have done this, at any time, given a little bit of knowledge about APIs. There was no protection! The API also controls how much information can leave the warehouse at a time, but since that wasn’t set up right either, the white-hat hacker who downloaded the information was able to do so before the site was forcibly shut down, 24 hours after Amazon’s warning.
That’s not the worst of it for the users. The EXIF data attached to scraped images alone incriminated dozens of people all by itself post-insurrection-attempt. For those of you who don’t know, EXIF data is meta-data, or data about an image that isn’t the image itself. Included in EXIF data is things like the make and model of the camera that took the picture, internal watermarks if applicable, and geotagged information unless that setting is deliberately turned off. Generally, Geotagging defaults to ‘on’, so people were posting their pictures of the Capitol riots alongside their exact physical location at the time of the picture, which was also in the EXIF data. Many websites scrub EXIF data during upload – Parler did not. Once again, this is something a security expert would have noticed.
Parler Wasn’t Even That Good at Being a Home Base
Reports say that a hacker got the info and shipped it off. He did, and many people were caught (and charged) much faster than they would have been if he hadn’t. But that wasn’t the only source of information! Allegedly, Parler did send information about violent threats to the FBI before the capitol event. Generally, websites do this to save their own skin – it passes responsibility to the guy they reported to, and it keeps them out of trouble because they acted reasonably.
Parler may have wanted to be a safe haven for the alt-right, but just like every other website has to, it had to police speech to stay out of serious legal trouble. Reactionary websites never quite seem to get this, no matter what kind of site they are. If Facebook, a well-funded company generally viewed in a positive light,is struggling to keep up with what counts as a real threat, Parler never stood a chance.
Is It Coming Back?
…Maybe.
The mass-dumping by hosting websites and App stores doesn’t mean the website is done for, it just means it’s going to take some doing to get a host. The fanbase isn’t great, the website lacks mass appeal to advertisers, and in general, it seems like they don’t have any reliable funding options, aside from donations and the sketchier ad vendors. Besides, Parler turned itself into a nuclear waste dump by letting QAnon fester into full-blown attack-planning. Again, no matter your political beliefs, big advertisers and web hosts really want peace. Anything that the government has to step into will make the hosts angry. At a bare minimum, leaving everything about the politics and optics of big hosts out of it, Parler shot itself in the foot by letting very real, actionable threats slide without bans or other content moderation.
However…
That’s not always a killing blow. Gab recently hit the news for being just like Parler. Alt-right websites, especially ones that cater to the fringe of the fringe, are worse than the hydra. Ban a website, and it comes back with the rulebook plastered in highlighter.
Sources: