Pirate Bay founder thinks Parler’s inability to stay online is 'embarrassing'

That's hilarious. Some trumpian complaining about furniture in offices while people are homeless on the streets

https://www.tommycarstensen.com/terrorism/pQf5uxtLtxH5.mp4

Neglating to remember his president has been in charge for 4 years

The guy coughing at 1m34 too!

Rioter 1: "They just hit that dude"

Rioter 2: "Yeah because he was being a prick"

https://www.tommycarstensen.com/terrorism/4wIDySD7tKxo.mp4

18 seconds

Woman takes of mask to tell camera "It's amazing". Cameraman says "put your mask on I don't want anyone to see you"

Debatable; this is low hanging fruit.

Turn off or strip EXIF data -- most sites do anyway -- and this wouldn't happen.

> What I find astonishing is that—at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.

These are location from pictures. Of course almost all pictures are of the riots instead of some boring random street in Washington DC.

Even people who are not part of it will take pictures simply because it is a major event and nowadays, every time something interesting happens, there are people to take pictures. You are probably going to find similar heat maps on more mainstream social networks.

> at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.

Are you sure it's not just a heat map of only those videos?

OPSEC 101: blend in, don't look suspicious. By banning these communities from the regular media (Twitter, Reddit, Facebook, Instagram, ...), they need to gather via "anything goes" path where 'freedom of speech' protects their hate speech, such as bulletproof hosting. Which is expensive, and of which all traffic to/from is suspicious by default. Its essentially akin to Bitcoin mixing, or avoiding Monero.

This was exactly my take away from the heat map. If that's all the GPS coords from video taken on Parler that day than it looks to be exclusively used by those supporting/participating/sharing the riot on the US Capital.

Some people stayed just outside of the capital and didn't necessarily do anything wrong.

I mean, look how DC voted in the last election.

Wow this is a powerful way to word it.

"Authoritarians never believe they're authoritarians, no matter how much censorship, surveillance, jingoism, & imprisonment they demand.

They tell themselves their enemies are so uniquely evil and dangerous - terrorists - that anything done in the name of fighting them is noble."

Indeed. Greenwald helped Snowden; he has the chops to see what's going on. To wit, his subsequent tweet:

Glenn Greenwald @ggreenwald Jan 11

Do you know how many of the people arrested in connection with the Capitol invasion were active users of Parler?

Zero.

The planning was largely done on Facebook. This is all a bullshit pretext for silencing competitors on ideological grounds: just the start.

How cheap can you be to run your whole site on a trial and fail open if it doesn't work anymore?

Have you ever been to r/Datahoarder or r/Homelab?

10TB fits on one desktop drive, it's completely pedestrian

Wasn't this an ArchiveTeam Warrior project?

https://archiveteam.org/index.php?title=ArchiveTeam_Warrior

If so it's distributed among many volunteers.

But the data still has to end up somewhere... Archive.org?

> some randomer

They're not a randomer, they're a person interested in data dumps.

I'm not a huge data fiend but I've got maybe ~3-4 2TB drives in my house: a Synology NAS + a spare drive.

Including old desktops and a couple of random external HDDs, I could probably hit 8-10TB easily.

And it's not like it's hard to get more. If I hit a montherlode and I need keep it, it's a 20 minute drive to Target / Best Buy / Walmart for a drive or three. Not as cheap as bulk orders off of Newegg but cost-effective enough to store these dumps.

Given the speed I’m guessing it was towards S3 so there’s plenty of terabytes.

Maybe the data compresses well and/or a lot of it is redundant (so instead of storing it raw you store it in a database and use relationships to link related pieces of data)?

Considering Amazon built a replacement for mongodb to essentially give them the finger, I'd say it could go either way. If AWS feels like it's worth setting a precident, they may well fight tooth and nail to make them payup.

Is there still no easy straightforward way in $current_year to put an absolute spend cap of say USD 0, USD 5, or USD 10 per month on Amazon.com web services or Google Cloud Platform?

I’d think I’d like to prepay a fixed dollar amount like USD 200 IF I anticipate some major event but really this is problematic for students. I just want to use the free tier. Why is this so hard?

Use image pool to train a GAN, publish the GAN images instead of the real ones.

> Anyhow, if your image shows recognizable landmarks with shadows, then it will be feasible to recover the exact point of view and the time of acquisition.

With what level of accuracy? Are you claiming you can confidently assert 2020-12-21 15:12 over, say, 2020-12-22 15:15 via shadows

The problem with that idea is that there would have to be a stenography standard and then it becomes easy to defeat.

My camera apps never include GPS coordinates to begin with (which is enough stripping for me, but then again I'm not part of Qanon and all that).

Parler used AWS and AWS is always happy to serve any request without problems and notify you about it hours later if you decided to create usage alerts.

> laying around

ITYM lying around, unless this is a quirk of US English. Sorry to be pedantic!

Presumably just another s3 bucket?

Do all your transferring from an EC2 instance in the same region and it never needs to waste bandwidth going over the public internet anyway.

> what principle prevents Amazon from arsing some other group that we agree with?

Honestly, none. It's their business and they can handle it however they want.

What you can do (and this is exactly what Kolmisoppi was suggesting) is build your platform to work without relying on other people's business.

I'm happy that companies like Amazon don't want to get associated with people who organized a failed coup. That should be the bare minimum. But there is no law which forces you to be hosted on Amazon if you want to be on the Internet. You can self-host. You can buy/rent servers in another country, where what you are doing doesn't have direct consequences which might lead people to want to get away from you. Use the blockchain, use torrent, develop your own P2P protocol. Those people just got locked out from the easy way, something they should have expected to happen (and plan for) since day one.

In my opinion the internet was already seriously flawed.

This makes people talk about how they think it should work, not just how it works right now, which I think is exactly what is needed.

> what principle prevents Amazon from arsing some other group that we agree with

Personally I found Amazons response to Parler convincing: https://cdn.arstechnica.net/wp-content/uploads/2021/01/gov.u...

The question is, why should a company in Amazons situation be unable to turn off that service? As in, your question assumes that Amazon turned off Parler out of nowhere for no reason other then "we dont like them". It assumes they did not had documented reasons, documented attempts to convince Parler to comply to TOS etc.

Otherwise said, contract.

> what principle prevents Amazon from arsing some other group that we agree with?

The principle of Amazon not wanting to piss off all of their customers and several government organisations. If you're this tentative about something you explicitly agree is just, then clearly you (and millions of others) are going to react pretty harshly to Amazon unilaterally deciding, e.g., that all mentions of Belgium should get scrubbed from the platform.

>> "I'm fine with all this stuff getting taken down"

> I understand this on a visceral level, but I wish more people would look beyond that to the implications for communication on the web. This action by Amazon happens to correspond with what I think is right and just on first iteration, but what principle prevents Amazon from arsing some other group that we agree with?

It's kind of predictable but still disappointing that this was the part of my comment people chose to discuss with a 43-comment thread. It was the least novel and interesting idea in it.

But to your point, there's a lot more "looking beyond" than just that. There also needs to be a lot more looking beyond rather limited fundamentalist views of free speech, which tend to abrogate other fundamental rights and be so short-sighted that they actually bring discredit to the values they try to protect.

The only principal that protects that kind of group is that we agree with it. It’s not much, but it’s something.

Aye. Relevant SSC:

https://slatestarcodex.com/2013/12/29/the-spirit-of-the-firs...

https://slatestarcodex.com/2017/03/24/guided-by-the-beauty-o...

> but what principle prevents Amazon from arsing some other group that we agree with?

Parler had people discussing murdering Congresspeople and didn't do anything about it. No matter which faction of "what level of free speech is acceptable" one subscribes, this is never acceptable and it is no wonder that Parler got booted off.

I see no contradiction.

That saying “hey, let’s violently overthrow the government” isn’t a class of protected speech.

Did you read the recent NY Times pieces on PornHub?

The Children of Pornhub https://nyti.ms/33DMObR

An Uplifting Update, on the Terrible World of Pornhub https://nyti.ms/2W1aB1b

The tech-priests will have lost the ability to fix it.

That's how we ended up with the 2038 problem!

I expect Slaanesh and friends will manage to sabotage that somehow.

All timestamps have to start somewhere. If you want to avoid DST changes and leap seconds, you can use MJD, TAI or GPS time instead of UTC, but you might as well format it nicely so that you can see roughly at what (civil) date something happened.

Yes... kind of. Per https://en.wikipedia.org/wiki/ISO_8601, there is a "basic format" without separators and an "extended format" that includes them for readability. However, a T is still required to separate the date and time in the most recent version of the standard.

But how could they maintain an accurate count? Maybe they were just persisting the user-friendly format alongside the actual count...

Yep, that's an indication of Elasticsearch being used (and not transforming documents to a standard representation that strips such fields).

CP is one of the very few things where mere possession is illegal. It makes sense that TPB, which is mainly against copyright and IP, would not allow it.

Or more accurately is they agree on the idea of censorship. That censorship has value to them.

Free Speech isn't a thing that applies to Internet companies, only the government and how they must deal with people who wish to speak in public forums.

Internet providers and services aren't "public forums" given their infrastructure is not a public space, but a private space they control. Whether or not someone thinks these services are "censoring" things or not isn't a real argument, again for the reason it must be a ruling authority that violates law by removing a person's speech from a given area or location, which then is censorship.

A company can't censor someone who is on their platform given the platform is owned, not ruled.

Ideally, for redundancy, you'd run in more than one datacenter. That's hard to do with only one /24; most networks won't take BGP advertisements more specific than /24, so you can't easily run half your ips at each DC. Maybe HE allows it for transit customers, but it makes the routing messier.

They could be doing anycast, but that's pretty sophisticated. They could also only advertise the /24 from one DC at a time, but that's error prone. Or maybe advertise from both and forward to the live DC over a private link/VPN.

I do see in Octoberish, they were peering with a second network, and they have second network in their IRR records. Could just be so they can use one of the DDoS filter companies that advertises your netblock, and sends you clean traffic. Can't do that (easily) if you get IPs from your transit provider and it's not a service they support.

Disclaimer: I haven't worked with IP transit in five years so this could very well be dated.

A single peer and a single IPv4 /24 (to me, at least) kind of tells the story of "Hey this might come in handy, costs a couple hundred dollars, and is just a couple of applications to fill out. Might as well." as opposed to something that's actually running in production.

While there is more autonomy with your own ASN and the resulting infrastructure there's also the obvious and required information leakage that comes as a result. Compared to being able to hide everything behind billions of essentially ephemeral addresses inside of a Cloudflare, AWS, etc at best (worst?) they've got a maximum of 256 easily discovered static IP addresses that Anonymous or any other DDoSer can readily point their bots at to obliterate.

I'm not familiar with DDoS mitigation equipment or products that HE has in place but I doubt they'd be able to as smoothly or economically absorb some of the large targeted attacks we've seen pointed at Google, AWS, Cloudflare, etc.

If Gab does decide to start multi-homing they would then need to coordinate DDoS mitigation across multiple providers and/or utilize some of the products from companies that specialize in layer 3+ DDoS scrubbing and clean return. This is all because anyone can just go grab all of their current IPs from the latest route announcement and bury them in anything from layer 3 to 7.

It gets very complicated and very expensive very quickly compared to how fast, cheap, and easy hiding your HTTPS stuff behind a CDN is. That's why everyone just does that.

If they're using their own ASN which transit providers they have and which datacenters they're in doesn't matter - all of their routes would be publicly announced and any reasonably competent attacker would configure their tool to pull the most recent route announcements from any number of looking glasses and update the bots. The internet will do what it does and happily route the legitimate and illegitimate traffic to any number of providers and datacenters worldwide.

At their (apparent) size and scale using their own IPs and their own ASN (both under their own corporate name) completely defeats the purpose of using a CDN, load balancer, DDoS mitigation service, etc and just doesn't make any sense.

To your point: on the modern Internet if you're banned from Cloudflare, Amazon, Google, and Azure (maybe a few others) even IF you can get hosted somehow/somewhere your next concern is going to be a DDoS. From what I know anyone large enough to handle a modern day DDoS probably won't do business with you either -or- will happily forward you a massive (six figures, easily) per-incident invoice and then probably give you the boot anyway.

I don't have any personal experience hosting controversial web properties but there are some HUGE technical, social, and political differences between The Pirate Bay and Gab, Parler, etc that the article fails to address.

EDIT: Above I describe receiving a per-attack invoice with DDoS mitigation companies. That's not actually how it works. I could get into it further but those costs are a rough ballpark.

What puts me off Gab and Parler is that the vast majority are those alienated or banned from other platforms for the same reason, for the most part they all think the same way and the topic of conversation is almost exclusively political. Gab has some interesting groups which slightly mitigates this.

Why? Seems like the level of discussion is not all that far away from the level on Parler.

I do not know if it was the original intention of the founders, but you can't ignore that the people who are/were funding it are influential far-right figures.

The CEO literally was personally banning anyone who posted anything left-wing, and yet claims that he's for "free speech". It's laughable.

If he wasn't cynically cashing in, then he's not a very deep thinker either.

https://www.forbes.com/sites/abrambrown/2020/06/27/parlers-f...

They literally welcomed pro-saudi comment farms to their service as well:

“The nationalist movement of the Kingdom of Saudi Arabia has made it known that big tech is censoring them at rates we have never experienced in the United States,” Parler wrote in a post on its own account on the site. “Let us welcome them as we all fight for our rights together.”

Reminder: Saudi crown prince, Mohammad bin Salman, ordered the assassination of a US journalist not that long ago. So, in a sense, Parler is really the social network of choice for dictators and extremists.

https://www.reuters.com/article/us-twitter-saudi-politics/un...

"The moral of the story is: if you’re against witch-hunts, and you promise to found your own little utopian community where witch-hunts will never happen, your new society will end up consisting of approximately three principled civil libertarians and seven zillion witches. It will be a terrible place to live even if witch-hunts are genuinely wrong." - Scott Alexander [0]

[0] https://slatestarcodex.com/2017/05/01/neutral-vs-conservativ...

I think what parent meant was not to say "arrive at this location at this time and do this criminal thing", but I could be reading it wrong.

I read it as, if it's just text and all anon, there's always wiggle room. Once you start allowing video and photo uploads, and real names, then your liability increases exponentially.

I think he's referencing Flash

Not expressing an opinion on this either way, but I wouldn't say they're completely neutral: https://blog.cloudflare.com/why-we-terminated-daily-stormer/

Cloudflare has been quite neutral for now, but there are communities of people who daily devote themselves to harassing everyone from Cloudflare's support team to the mayor of Sammamish, WA (where Epik, one of Gab's webhosts, is headquartered) to try to get Gab deplatformed[1].

I can only imagine how many of these emails per day Cloudflare's support team is deleting.

[1] https://www.reddit.com/r/GabWatch/

This entire comment thread can be asterisked with “for now”.

GoDaddy kicked off AR15.com with no reason at all, they were fine with the content... until the moment they weren’t.

The problem has always been a TOS that is selectively and interpretively enforced. It’s just popular this week.

> I don't want to have to think about the political beliefs of a CEO before deciding to use a service.

ffs no joke! I was embarrassed for what Expensify did, and if my company used that service we would have dropped them in a hot second. IDK why “we’ll stfu and do our job” isn’t the default anymore.

Anyone can say whatever they want on the Internet, but if your violence words become violent deeds you’re at risk of being dropped. So - don’t be violent.

I think basically don’t use your platform to plan an insurrection and you should be fine. As soon as you start being used as the platform where violence is being organized all bets are off.

You must decouple in person interactions from site content. So you can have a site filled with philosophy, historical analysis, generalized activism tips, technical information, etc but not a site that directly facilitates in person meetups or calls to action or plans real world activities.

Yes, it's as easy as those two commands, unless you want people to actually receive your emails.

Perhaps Parler did not realize that being aligned with conservatism was grounds for deplatforming. I am sure they will learn as will the whole world.

Which will not provide you service unless you give them Russian phone number and scan of your Russian passport.

If there's ever a "capitol riot" sized event linked back to those sites, their BCPs will be put to the test as well.

And if it was indeed 70 TB downloaded and they were serving it off AWS, they're getting at least a $5600 bill as a last fuck you on their way out, just for that single download.

If you have enemies on the Internet, having anything on one of the cloud providers that charge an arm and a leg for traffic seems like asking for a financial DDoS.

... like this website? ;P I honestly don't see anything wrong with that design: permissions should be honored--and Parler did something really wrong here that caused people to be able to gain admin status from them--but, past that, if someone wants to download the whole site why not let them?

There is nothing wrong with this on its own. The real flaw was not stripping the exif data. Although I guess sequential IDs did enable an easier attack on the real flaw.

Perhaps. I’ve been using Twitter and FB exclusively via iOS Safari for a year or two and I’m not sure I’m missing anything important

That's like saying PC gamers are conditioned to using windows. They're not "conditioned" to anything, people go where the thing they want is.

If parler users believe it is important to them and to society as they say... what's the problem with just opening up a web browser and going to parler.com anyway? That's too big a burden for something so vitally important to it's users?

I mean, don't get me wrong, I get that there are issues with corporate monopoly control of communication. And there are some things that will only work well as an app, not as a web page. But... parler really isn't one of them? Oh no we have to go to a bookmark in a browser instead of having an app or even an icon on a homepage... seems like a weird complaint when they are also saying access to parler is so vitally important. What's the big deal? I mostly access facebook and twitter this way on my android phone already.

You just Open Safari, go to your web page you want, click the share icon, and "Add to Home Screen" for iOS.

> I believe on Apple it can't be done

You're incorrect.

> They don't want to, because it draws from their app store revenue.

One word: Regulation. Easy to regulate Big Tech through laws. But incoming administration in US isn't going to take it seriously given that Big Tech did exactly what they wanted.

But they can be easily tamed if other countries do it. If European Union, UK and India regulate Big Tech their dominance is over. They don't have any presence in China anyways. US is no longer that hot a market for online and ecommerce (even though monetarily US dominates as of now but that won't be the case the next decade).

iOS has had PWA support for longer than Android has (or at least "add to home screen", additional configuration via a manifest came much later).

The solution is to get trillion-dollar companies to do something they don’t want to?

How are you going to do that without regulation?

Until Apple decides to update Safari to block it.

Linode and Digital Ocean docs also are leagues ahead of AWS. They cover a lot of stuff. I didn’t even know what fail2ban was when one of my VPS’s got hacked. Went through all their docs, they cover a lot and really helped me understand how much I didn’t know while at the same time providing guides on getting up to speed.

AWS won’t tell you about those things because they sell you security, so you remain a dumbass about those things indefinitely.

... what else do you really need?

A proper database.

:)

I've been telling people for ages that, even if they want to use a pre-built solution, they should at least set up the base systems a few times to get a better felling for them and.

Premise of AWS for me: reasonably priced (not cheap!) linux VM, close to the backbone, essentially total control of the VM, easy provisioning of new disk storage when required (i.e. EC2 with a smidgeon of EBS)

The rest of it? I think I understand why some systems need/want it, but no thanks.

S3 is not that hard to replace. There are plenty of services like backblaze which provide S3 Api. You can spin up your own service with something like minio.

Getting S3 reliability or availablity is lot harder ofcourse, but most apps don't need that.

Sure if your users can use crypto and tor you can stay open for a few years... but that isn't the same problem.

I don't know what do you mean really, what do you think Amazon uses for their clouds, Windows 95?

AWS is a suite of services. One of those is EC2, which is just virtual servers hosted by Amazon/AWS. A virtual server is no different than a physical server from the perspective of the guest operating system, regardless of if it is Linux or not. Linux is just the software running on the server, it has nothing to do with ownership. The only way "running on AWS" is problematic is if you tied yourself to their non-generic services like ECS or Beanstalk.

tl/dr: building on AWS and building on Linux are not mutually exclusive. One represents hardware the other software.