> donk_enby had originally intended to grab data only from the day of the Capitol takeover, but found that the poor construction and security of Parler allowed her to capture, essentially, the entire website. That ended up being 56.7 terabytes of data, which included every public post on Parler, 412 million files in all—including 150 million photos and more than 1 million videos. Each of these had embedded metadata like date, time and GPS coordinates—unlike most social media sites, Parler does not strip metadata from media its users upload, which, crucially, could be useful for law enforcement and open source investigators.
Someone put together an animated heatmap of Parler photo locations along the Mall throughout the day of 1/6: https://www.reddit.com/r/dataisbeautiful/comments/kvx88n/oc_...
Even better, here are the videos along with their locations:
That's hilarious. Some trumpian complaining about furniture in offices while people are homeless on the streets
Neglating to remember his president has been in charge for 4 years
The guy coughing at 1m34 too!
Rioter 1: "They just hit that dude"
Rioter 2: "Yeah because he was being a prick"
Woman takes of mask to tell camera "It's amazing". Cameraman says "put your mask on I don't want anyone to see you"
>>Someone put together an animated heatmap of Parler photo locations along the Mall throughout the day of 1/6
Showing that people posted videos from the rally at the Monument and then went to the front of the Capitol buildings. Note that many on site participants reported there was no cell or data service at the Capital, so they were not coordinating with Parler, just reporting.
The heat map might generate hypothesis but conclusions that Parler users or demonstrators as a whole did anything other than asserting rights under the 1st amendment do not necessarily follow from the data.
That graphic is interesting to me, as it illustrates what the view is like at the 3-letter-agencies control centers, who have been slurping up our data for years.
Debatable; this is low hanging fruit.
Turn off or strip EXIF data -- most sites do anyway -- and this wouldn't happen.
What I find astonishing is that—at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.
This isn’t an app that’s in widespread general use but just so happens to also have a few bad apples using it too. It’s instead almost exclusively used by what would appear to be the most radical wing of the Trump party. Almost every single person using it during that period attended Trump’s speech and/or participated (in some way, shape, or form) in an assault on the Capitol that day.
> What I find astonishing is that—at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.
These are location from pictures. Of course almost all pictures are of the riots instead of some boring random street in Washington DC.
Even people who are not part of it will take pictures simply because it is a major event and nowadays, every time something interesting happens, there are people to take pictures. You are probably going to find similar heat maps on more mainstream social networks.
> at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.
Are you sure it's not just a heat map of only those videos?
OPSEC 101: blend in, don't look suspicious. By banning these communities from the regular media (Twitter, Reddit, Facebook, Instagram, ...), they need to gather via "anything goes" path where 'freedom of speech' protects their hate speech, such as bulletproof hosting. Which is expensive, and of which all traffic to/from is suspicious by default. Its essentially akin to Bitcoin mixing, or avoiding Monero.
This was exactly my take away from the heat map. If that's all the GPS coords from video taken on Parler that day than it looks to be exclusively used by those supporting/participating/sharing the riot on the US Capital.
They were downloading at 50 Gbps for a while
Also, auth provider (twilio?) removed Parler as a client so for a short while it was possible to create accounts without a phone number (2FA).
edit: okta, free trial, thanks: https://news.ycombinator.com/item?id=25774943
Just a note here, it wasn't Twilio.
It was a free trial of Okta that they were using for their entire userbase.
How cheap can you be to run your whole site on a trial and fail open if it doesn't work anymore?
She is probably liable for that data egress bill.
Also, how does some randomer have ten of terabytes of disk lying around?
Have you ever been to r/Datahoarder or r/Homelab?
10TB fits on one desktop drive, it's completely pedestrian
Wasn't this an ArchiveTeam Warrior project?
If so it's distributed among many volunteers.
But the data still has to end up somewhere... Archive.org?
> some randomer
They're not a randomer, they're a person interested in data dumps.
I'm not a huge data fiend but I've got maybe ~3-4 2TB drives in my house: a Synology NAS + a spare drive.
Including old desktops and a couple of random external HDDs, I could probably hit 8-10TB easily.
And it's not like it's hard to get more. If I hit a montherlode and I need keep it, it's a 20 minute drive to Target / Best Buy / Walmart for a drive or three. Not as cheap as bulk orders off of Newegg but cost-effective enough to store these dumps.
> GPS coordinates—unlike most social media sites, Parler does not strip metadata from media its users upload, which, crucially, could be useful for law enforcement
This is a colossal mess up, on epic proportions.
Due to the people involved, Parler is almost certainly not a honeypot setup by the FBI, CIA, or some other government organization. However some of the details that have leaked out over the last week made me wonder how little of the site would have changed if that was the intended purpose.
Sufficiently advanced incompetence is indistinguishable from malice.
It's pretty well demonstrated that Three Letter Agencies really like enticing idiots people into fantasy situations well above their competency in order to generate terrorism convictions so it's always a possibility even if there's no demonstrable third party malicious action
It would probably have been more secure.
this is true "female body inspector" shirt clientele though
Indeed. The level of security failure was pretty incredible. They named media serially (So, pics/1.jpg, pics/2.jpg, etc.) and did not have any validation that you were allowed to access what you were grabbing so it was literally as easy as possible to grab everything. Oh, and did I mention that private messages were also fully accessible?
So Gab's strategy (fork Mastodon) looks solid for security but they hit performance issue because Mastodon isn't made for such scale.
I am convinced this was an inside job. There is simply no way someone can be this incompetent without willful intent.
A mess up if you intended to protect your users...
Jesus fucking christ i thought it's just some users table but 56.7 terabytes you mofos that's some s3 egress bill!
I kind of doubt I'd pay my AWS bill if AWS banned me.
I think they’ll avoid paying whatever Amazon charges. And I don’t think Amazon will pursue it either. “How about you just let this lawsuit go and we’ll forget about that massive bill you have to pay?”
Considering Amazon built a replacement for mongodb to essentially give them the finger, I'd say it could go either way. If AWS feels like it's worth setting a precident, they may well fight tooth and nail to make them payup.
90$ per TB
Is there still no easy straightforward way in $current_year to put an absolute spend cap of say USD 0, USD 5, or USD 10 per month on Amazon.com web services or Google Cloud Platform?
I’d think I’d like to prepay a fixed dollar amount like USD 200 IF I anticipate some major event but really this is problematic for students. I just want to use the free tier. Why is this so hard?
I personally don't find their ability to remain online that surprising.
The Pirate Bay and other torrent networks were built by people with a passion for building, maintaining and hacking things. People who, even without a solid CS background, would spend hours a day learning new things, developing distributed protocols, evading DNS blocks and hosting their content wherever they could to make it accessible - included the small server in their own garage if needed. And they are used by people who don't mind learning a new protocol or how to use a new client to get the content they want.
I don't see the same amount of passion for technology and hacking among the Parler users, nor its maintainers. Those who believe in conspiracy content are people characterized by a psychological tendency to take shortcuts whenever they can in order to minimize their efforts in learning and understanding new things. So when the first blocker hits they usually can't see alternative solutions, because it's not the way their brains are wired. They always expect somebody else to come up with solutions for them, and they always blame somebody else when the solution won't come. And even if they decided to migrate their content to the dark web or on a Tor network, not many people will follow them - both because they don't have the skills, and because they don't want to acquire those skills. Plus, they'd lose the "viral network effect" that they get when posting click-bait content on public networks, the new censorship-proof network will only attract a small bunch of already radicalized people.
And even if they wanted to hire some smart engineers to do the job for them, we all know that engineers tend to swing on the other opposite of the ideological spectrum. Those who have built systems for escaping REAL authoritarian censorship would rightfully feel disgusted if asked to apply their knowledge to provide a safe harbour for rednecks to vomit their conspiracy-theories-fueled hate.
> The Pirate Bay and other torrent networks were built by people with a passion for building
Also by people who know that what they were doing was straight-up illegal in a lot of countries, and grey-area in a lot of others. So this was a real risk.
Parler on the other hand, at its core was just a social network, and if you look at the founders/owners, they have a very disconnected interpretation of "free speech", so they were clearly thinking nothing bad could happen.
disconnected interpretation of "free speech"
Oh yeah whats that comrad?
That saying “hey, let’s violently overthrow the government” isn’t a class of protected speech.
> And even if they wanted to hire some smart engineers to do the job for them, we all know that engineers tend to swing on the other opposite of the ideological spectrum. Those who have built systems for escaping REAL authoritarian censorship would rightfully feel disgusted if asked to apply their knowledge to provide a safe harbour for rednecks to vomit their conspiracy-theories-fueled hate.
I'm not sure this is true. This seems to imply that nations which have copyright law are imposing authoritarian censorship on their citizens. This doesn't seem to be a pervasive idea, at least in the US.
There are proponents of information freedom who oppose copyright law. It's not clear to me that this group would oppose Parler, and in fact many I've spoken to believe they should be free to exist without censorship.
But - I am not sure they want to be associated with Parler either, out of concern for their reputation.
>This seems to imply that nations which have copyright law are imposing authoritarian censorship on their citizens.
This is exactly the point of most anti-copyright parties.
I see no contradiction.
> And even if they wanted to hire some smart engineers to do the job for them, we all know that engineers tend to swing on the other opposite of the ideological spectrum.
Do we all really know that? Some very good technical people don't have particularly strong political views or keep them separate from their job. Example: lots of ordinary devs helped build porn sites.
As a dev I feel that building a platform to share conspiracy-fueled hate is way more immoral and damaging than building a platform to host porn content. At least porn doesn't harm anybody - except maybe your hand :)
> Those who believe in conspiracy content are people characterized by a psychological tendency to take shortcuts whenever they can in order to minimize their efforts in learning and understanding new things
I dont think it is that simple. I remember reading finding that smart highly intelligent people are more attracted to conspiracy theories. The complexity of those theories and details those rely on attract them.
Also, I may be wrong here, but I remember reading that Parler was funded by some pretty rich people. If that is true, they should be able to pay for tech know how.
There is definitely a correlation between lazy thinking and believing in conspiracy theories. Mainly because conspiracy theories do not lend themselves to rigorous inquiry, almost by definition.
This is different than "intelligence." It's more about effort and rigor in thinking. It's the quality of the thought, and the willingness to question your own assumptions. And a willingness to recognize the limits of your own knowledge and understanding.
A study recently published on Scientific American seems to prove that left-leaning people tend to have more gray matter in the pre-frontal cortex (i.e. the area of the brain involved in complex planning, understanding of new things and pattern detection), wwhile right-leaning people tend to have more gray matter in the amygdala (the area of the brain responsible for spotting potential danger and refuse something new if it may pose a risk to survival): https://www.scientificamerican.com/article/conservative-and-....
If that's true, and if indeed conservatives are much more likely to believe in conspiracy theories (http://www.scientificamerican.com/article/information-overlo... in conspiracy theories), then the opposite of what you state may indeed be true
Keep un mind that before a conspiracy theory turns into the perverse mind-twist of a complex theory like QAnon it ALWAYS start simple, and always simpler than reality actually looks like. It can always summarized with "those guys want to harm you, so don't even bother to look further, the explanation is easy": pure and total amygdala stimulation. Then, when they are contradicted by evidence, they put up more and more complex twists to mitigate the arise of cognitive dissonance in its followers ("I know that it looks like things don't make much sense, but you know, you have to follow the crumbs, or keep in mind that Trump is talking to you in Morse code" etc.)
I'd be interested on information on that and how it was performed. Ive found that many of successful people who talk about conspiracies tend to be self serving. Like that Texas lawyer that brought a case of election fraud, likely to catch attention of Trump to pardon him due to his own legal problems. Others as a scaremongering technique to influence politics.
The only ones that seem to believe in them are those clearly unhinged (McAfee comes straight to mind although his seems self serving too).
I got the sense while crawling data from their API that the engineering quality is poor at Parler. Dates were represented as strings in "YYYYMMDD" format (so today would be "20210113053923") instead of UNIX timestamps, certain fields were duplicated for no reason (e.g. every object would have an identical "id" and "_id" key), counts of impressions/comments/etc would be the display strings rather than raw numbers (so "2k" or "5m"), and various moderation flags were in place like a boolean "sensitive" which was always false, even for posts that had been downvoted significantly.
Dates were represented as strings in "YYYYMMDD" format (so today would be "20210113053923") instead of UNIX timestamps
Such a representation naturally avoids the Y2K38 problem, and could go beyond Y10K. It's traditional in Windows and DOS (neither of which have the Y2K38 problem) to store timestamps as a structure of fields.
The other things you noted I agree with, however.
The tech-priests will have lost the ability to fix it.
That's how we ended up with the 2038 problem!
I expect Slaanesh and friends will manage to sabotage that somehow.
You can also instantly read them which makes troubleshooting easier. I mean sure, if your shit is too slow maybe switch to less text in release mode but YAGNI.
Well, assuming they're storing the strings as ASCII, that's 98 bits - the y2k38 problem is for 32 bit integers, so a 64 bit integer would be way, way more than needed for human needs for foreseeable generations.
Doesn't seem to me like Parler will have to worry about Y2K38...
Of all the things to criticise Parler's tech folks over, using ISO8601 (minus the non-digit characters) shouldn't be one.
Is ISO8601 without punctuation still ISO8601? Most log parsers I have seen would not pick up the Parker format. ex gr
Yes... kind of. Per https://en.wikipedia.org/wiki/ISO_8601, there is a "basic format" without separators and an "extended format" that includes them for readability. However, a T is still required to separate the date and time in the most recent version of the standard.
IDK the issue OP saw with using ISO over UNIX timestamps, but one reason why you might want accuracy down to the second for dates is with providing accurate relative time/date across timezones.
I think the display strings thing is because exact number of impressions etc is slightly sensitive information. The whole site was "gamed" from the start, but providing exact vote counts makes it easier for other people to game. I guess. Don't really know, but I do believe that the numbers given by reddit, for example, are exact, but fake. Fuzzed a bit. HN also hides some of this, or behaves misleadingly, your downvotes don't always count, I think.
They would display numbers less than 1000 as-is, and only start adding the "k" and "m" prefix after the 4-digit and 7-digit threshold was crossed.
But how could they maintain an accurate count? Maybe they were just persisting the user-friendly format alongside the actual count...
If I remember correctly mongo stores the id in “_id” and has a getter for “id” so maybe they just iterated all the keys of the model when they stringified their output
Elasticsearch, too. In either case, it looks like they're just piping raw backend responses to the API endpoint without removing unnecessary fields.
Yep, that's an indication of Elasticsearch being used (and not transforming documents to a standard representation that strips such fields).
"We don't condone gun violence. We believe that the world needs less guns, not more of them. We believe however that these prints will stay on the internets regardless of blocks and censorship, since that's how the internets works. If there's a lunatic out there who wants to print guns to kill people, he or she will do it. With or without TPB. Better to have these prints out in the open internets (TPB) and up for peer review (the comment threads), than semi hidden in the darker parts of the internet."
-The Pirate Bay
Seems reasonable to me! If your reason for existing is that "information wants to be free" but then you start making exceptions when it conflicts with your politics, people might think your real political philosophy is "pop music wants to be free."
Or, more charitably: your stance on information and freedom simply isn’t absolutist.
Or more accurately is they agree on the idea of censorship. That censorship has value to them.
Free Speech isn't a thing that applies to Internet companies, only the government and how they must deal with people who wish to speak in public forums.
Internet providers and services aren't "public forums" given their infrastructure is not a public space, but a private space they control. Whether or not someone thinks these services are "censoring" things or not isn't a real argument, again for the reason it must be a ruling authority that violates law by removing a person's speech from a given area or location, which then is censorship.
A company can't censor someone who is on their platform given the platform is owned, not ruled.
TPB never supported absolute free speech. I can't find it now, but they used to have a section of their site where they posted responses to media company lawyers, and they basically said they wouldn't take down anything except child porn. I'm not sure if the rules have changed in the years since.
CP is one of the very few things where mere possession is illegal. It makes sense that TPB, which is mainly against copyright and IP, would not allow it.
FYI thepiratebay.org works too. They point to different IPs though. Are different people hosting the same synced software now? I haven't been following developments.
I'm surprised TPB hasn't been hit with the same legal problems as codeisfreespeech.com, DefDist, etc
In contrast, Gab actually owns their own ASN and announces their own routes. Much harder to deplatform. I'd expect no less from a YC alum!
They're only advertising to one peer. It's possible they have other peering arrangements in place they're not advertising to. Or maybe they're single homed. They also only have a single IPv4 /24 from ARIN. No IPv6. Not terribly robust or impressive.
I've never used Gab or looked at their infrastructure before. A quick look shows they're behind Cloudflare. No clue where they're actually hosted or what the infra looks like but I wouldn't be surprised if they just snatched up this /24 "because they could" and are just sitting on it.
I doubt this is where their backend actually is. Single homed isn't a great idea in the first place and if HE pulls the plug they're lights out until they can get new peering arrangements in place - which usually isn't a quick process in the best of times.
You're right that the single peer is a concern. Maybe they have others that are hidden for now, like you said?
I don't think they need more than a few IP addresses since most of their hardware could sit on a private network with only a single load balancer visible from the Internet. Also, a small ASN doesn't really need IPv6 compatibility to function, and won't for many years to come.
Since they're still using Cloudflare, it looks like multiple layers of defense. When Cloudflare eventually bans them, people will realize that it was only pointing to their own ASN and no one knows which datacenter it's in. The single peer with HE doesn't actually mean they're in an HE datacenter.
Ideally, for redundancy, you'd run in more than one datacenter. That's hard to do with only one /24; most networks won't take BGP advertisements more specific than /24, so you can't easily run half your ips at each DC. Maybe HE allows it for transit customers, but it makes the routing messier.
They could be doing anycast, but that's pretty sophisticated. They could also only advertise the /24 from one DC at a time, but that's error prone. Or maybe advertise from both and forward to the live DC over a private link/VPN.
I do see in Octoberish, they were peering with a second network, and they have second network in their IRR records. Could just be so they can use one of the DDoS filter companies that advertises your netblock, and sends you clean traffic. Can't do that (easily) if you get IPs from your transit provider and it's not a service they support.
Disclaimer: I haven't worked with IP transit in five years so this could very well be dated.
A single peer and a single IPv4 /24 (to me, at least) kind of tells the story of "Hey this might come in handy, costs a couple hundred dollars, and is just a couple of applications to fill out. Might as well." as opposed to something that's actually running in production.
While there is more autonomy with your own ASN and the resulting infrastructure there's also the obvious and required information leakage that comes as a result. Compared to being able to hide everything behind billions of essentially ephemeral addresses inside of a Cloudflare, AWS, etc at best (worst?) they've got a maximum of 256 easily discovered static IP addresses that Anonymous or any other DDoSer can readily point their bots at to obliterate.
I'm not familiar with DDoS mitigation equipment or products that HE has in place but I doubt they'd be able to as smoothly or economically absorb some of the large targeted attacks we've seen pointed at Google, AWS, Cloudflare, etc.
If Gab does decide to start multi-homing they would then need to coordinate DDoS mitigation across multiple providers and/or utilize some of the products from companies that specialize in layer 3+ DDoS scrubbing and clean return. This is all because anyone can just go grab all of their current IPs from the latest route announcement and bury them in anything from layer 3 to 7.
It gets very complicated and very expensive very quickly compared to how fast, cheap, and easy hiding your HTTPS stuff behind a CDN is. That's why everyone just does that.
If they're using their own ASN which transit providers they have and which datacenters they're in doesn't matter - all of their routes would be publicly announced and any reasonably competent attacker would configure their tool to pull the most recent route announcements from any number of looking glasses and update the bots. The internet will do what it does and happily route the legitimate and illegitimate traffic to any number of providers and datacenters worldwide.
At their (apparent) size and scale using their own IPs and their own ASN (both under their own corporate name) completely defeats the purpose of using a CDN, load balancer, DDoS mitigation service, etc and just doesn't make any sense.
To your point: on the modern Internet if you're banned from Cloudflare, Amazon, Google, and Azure (maybe a few others) even IF you can get hosted somehow/somewhere your next concern is going to be a DDoS. From what I know anyone large enough to handle a modern day DDoS probably won't do business with you either -or- will happily forward you a massive (six figures, easily) per-incident invoice and then probably give you the boot anyway.
I don't have any personal experience hosting controversial web properties but there are some HUGE technical, social, and political differences between The Pirate Bay and Gab, Parler, etc that the article fails to address.
EDIT: Above I describe receiving a per-attack invoice with DDoS mitigation companies. That's not actually how it works. I could get into it further but those costs are a rough ballpark.
I set up an account this evening and it’s unusable due to loading times. They’ve added 1.7m in 4 days which may explain it. Be interesting to see how long it takes them to scale
I've been impressed by Gab
What puts me off Gab and Parler is that the vast majority are those alienated or banned from other platforms for the same reason, for the most part they all think the same way and the topic of conversation is almost exclusively political. Gab has some interesting groups which slightly mitigates this.
Why? Seems like the level of discussion is not all that far away from the level on Parler.
They had to do that because they got kicked off of everywhere else.
And sadly Andrew Torba was kicked out of YC because of his politics (however YC tries to spin it).
No big deal to run your own ASN, especially when your provider only has two companies advertising upstream. Both of those companies are providing Epik their network.
Epik runs a wide variety of hate filled content purveyors. Wouldn't be a horribly difficult thing to advertise their routes on BGP and black hole their asses.
I remember this happening by accident to Cox Cable.
Parler decided not to buy their own hardware and rent their own rack space. Plenty of other unpopular websites have figured it out.
You don't even need to do that. The actual key to running an extremist / subversive / hate / unpopular website is NOT connecting the site to any in-person activities. As long as your website is just some text floating out there in the network there is a lot of wiggle room. Sure, companies like Google or WordPress will ban you if they don't like you, but you can still get service from Cloudflare, major web hosts, or domain registration without jumping through a bunch of hoops.
Tbf, I don't think Parler ever saw itself as extremist. Obviously it was used by extremists, but as I've seen mentioned in other threads lately: When you create an alternative platform from the mainstream, the people who join it are either idealists, or are the people who were banned from the mainstream platforms. And if you don't have the resources to moderate those extremists (or foolishly choose not to), the extremists take over.
I do not know if it was the original intention of the founders, but you can't ignore that the people who are/were funding it are influential far-right figures.
The CEO literally was personally banning anyone who posted anything left-wing, and yet claims that he's for "free speech". It's laughable.
If he wasn't cynically cashing in, then he's not a very deep thinker either.
They literally welcomed pro-saudi comment farms to their service as well:
“The nationalist movement of the Kingdom of Saudi Arabia has made it known that big tech is censoring them at rates we have never experienced in the United States,” Parler wrote in a post on its own account on the site. “Let us welcome them as we all fight for our rights together.”
Reminder: Saudi crown prince, Mohammad bin Salman, ordered the assassination of a US journalist not that long ago. So, in a sense, Parler is really the social network of choice for dictators and extremists.
"The moral of the story is: if you’re against witch-hunts, and you promise to found your own little utopian community where witch-hunts will never happen, your new society will end up consisting of approximately three principled civil libertarians and seven zillion witches. It will be a terrible place to live even if witch-hunts are genuinely wrong." - Scott Alexander 
Or pick a host that that doesn’t care. They exist both in America and abroad. If Gab and 8kun can stay up, so can Parler.
They planned poorly, that’s their fault.
> As long as your website is just some text floating out there in the network there is a lot of wiggle room.
What does this even mean? Text has to be stored in some physical location, or set of locations.
I think what parent meant was not to say "arrive at this location at this time and do this criminal thing", but I could be reading it wrong.
I read it as, if it's just text and all anon, there's always wiggle room. Once you start allowing video and photo uploads, and real names, then your liability increases exponentially.
I think he's referencing Flash
I appreciate businesses like Cloudflare that stay neutral and just provide their service.
I don't want to have to think about the political beliefs of a CEO before deciding to use a service.
Not expressing an opinion on this either way, but I wouldn't say they're completely neutral: https://blog.cloudflare.com/why-we-terminated-daily-stormer/
Cloudflare has been quite neutral for now, but there are communities of people who daily devote themselves to harassing everyone from Cloudflare's support team to the mayor of Sammamish, WA (where Epik, one of Gab's webhosts, is headquartered) to try to get Gab deplatformed.
I can only imagine how many of these emails per day Cloudflare's support team is deleting.
This entire comment thread can be asterisked with “for now”.
GoDaddy kicked off AR15.com with no reason at all, they were fine with the content... until the moment they weren’t.
The problem has always been a TOS that is selectively and interpretively enforced. It’s just popular this week.
> I don't want to have to think about the political beliefs of a CEO before deciding to use a service.
ffs no joke! I was embarrassed for what Expensify did, and if my company used that service we would have dropped them in a hot second. IDK why “we’ll stfu and do our job” isn’t the default anymore.
My guess is they won't struggle too much to get the site itself back online (they at least claim it was "bare metal", so charitably just containers), but replacing the email service providers and other authentication / SaaSy bits will be a challenge.
I'm curious about how they'll handle SMS. I once worked for a place that self hosted a message gateway by co-locating a bunch of cellphones alongside their servers. It worked but probably wouldn't scale for their purposes. Our setup also assumed that customers were in the same country as the servers.
Email service providers?
sudo apt install postfix
Configure DMARC and SPF and you’re fine.
Yes, it's as easy as those two commands, unless you want people to actually receive your emails.
There are ToS at Colo facilities also, renting rack space isn't foolproof either.
For a few thousand dollars a month I operate my own servers in n>1 physical locations with different companies and different transit providers.
I figured it out. Pirate Bay figured it out. Any company that genuinely cares about eliminating SPOFs has figured it out.
Perhaps Parler did not realize that being aligned with conservatism was grounds for deplatforming. I am sure they will learn as will the whole world.
Again, plenty of other unpopular websites have figured it out.
Parler just didn’t care.
https://prq.se/?p=colo Famous for starting the pirate bay, they're still in action and pretty much specifically provide freedom of speech hosting. I think it plays in the game the Parler investors wanted to play that they got shutdown and can't get back online. Fuels the "we've been censored" angle.
there's plenty of big colocation and hosting companies in Russia.
Which will not provide you service unless you give them Russian phone number and scan of your Russian passport.
Road map for hater sites:
1. Fire up servers in Russia.
2. Learn rsync.
I suppose one advantage Pirate Bay had was that they set out doing something illegal, whereas Parler probably didn't even consider the possibility that they would have to fight to stay online.
Apple has tightened the rules around forums lately, I don't think they required moderation when Parler started.
The other thing is of course that Pirate Bay was started by hard core computer nerds, not business people.
TPB also has the advantage of age. Their last decade has been quite stable but back in the day they would regularly go down and people would make all sorts of witty comments questioning the competence of the operators. It took them a lot of work to get where they are and they also had/have a different scaling curve than a social network.
Don't forget the raid. On a hunch one of the admins was able to make a copy of the entire database and bring it back online shortly afterwards; if he had not, they'd've had to revive it with no content, and it probably would have died out / been overtaken by some other one.
Obviously Parler didn't consider censorship as part of their threat model, while TPB necessarily had to. Moreover, I'm pretty sure TPB has gone down here and there, probably for weeks at a time. I don't think Parler's problems threat model is that bad; just maybe don't depend on companies that are liable to peer pressure. In the worst case you just get hosting from someone who isn't going to dump you because of social pressure (even going out of country if you must).
TPB had a much greater threat to them. They were even threatened by domain registrars.
How could you say TPB didn't consider censorship? What is a DMCA takedown if not censorship?
> How could you say TPB didn't consider censorship?
They didn't say that. They say in the first sentence that TPB had to consider censorship
Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.