What Can We Learn From the Parler Crisis
I won’t complain about the exodus of the right-wing from Twitter, Facebook and other social media over the past few months. (The fewer people sharing messages in support of an armed uprising or babysitting the Nazis on my social media, the better.) But the fact that many of these people fled to the free speech social network Parler created a learning opportunity even for us. more judicious, especially now that security has become a real security nightmare.
Here’s a rundown of the current chaos: Over the weekend, Apple, Google and Amazon Web Services announced that they are removing Parler from their app stores / servers. In the meantime, the researcher started archiving all messages (“conversations”) ever made in Parler before his failure, including deleted / deleted messages, because Parler’s internal configuration is terrible. Accounts vary in the amount and type of information mined, as this tweet from @donk_enby , the operation’s architect, shows:
The aforementioned Reddit post , which was voted on by quite a few, suggests that Parler himself was hacked. The attackers allegedly could create all sorts of administrative accounts on the service and, as a result, collect every bit of information ever uploaded to Parler, including scanned images of users’ driver’s licenses and any social security numbers they provided.
I have not seen these claims confirmed anywhere else, so I am not going to conclusively claim that Parler was hacked and everyone who used it is SOL. However, such a post should scare anyone who has ever signed up for the service. And it makes me think about everything that Parler’s many failures can teach us.
The fact that an application exists does not mean that it is secure.
This should be taken for granted, but it is also probably the best security advice I can give to anyone, regardless of their technology background: the apps you find on the Google Play Store or Apple App Store are generally safe as they are, probably not loaded with malware that will ruin your phone and / or your life. However, this does not mean that you can or should blindly trust an application simply because it can be downloaded from the official store. These companies receive many applications for applications, and their teams do not review or use each one for several weeks to get a feel for their security and privacy practices. They just can’t. In most cases, automated systems check for malware and other dangerous code.
This is why you will regularly read reports of malicious apps downloaded by the millions – for example, apps that try to hide the fact that using them requires you to purchase an ultra-expensive subscription (after which the apps still offer only limited functionality.). In this case, neither Apple nor Google have much control over what Parler does with the content posted on its service. Sure, they could blame the app for vague public safety and privacy statements, but generally speaking, this is something that is more likely to happen after a problem has occurred than when the app is first launched.
In other words, Parler’s mere existence in the app store does not mean that he was ever reliable or secure. As many of its users are now finding out, one cannot always believe in the correctness of data processing practices in a company.
Anonymity on social networks is worth its weight in gold
A lot of my friends lately have taken the “pick a fictitious name on Facebook and remove all identifying information” route, which is great. This does not greatly affect the data that Facebook already stores about you on its servers, but it is much more difficult for others – colleagues, acquaintances and random people – to find you and make friends with you.
If you are joining a new social network and you do not need to provide real personally identifiable information, then do not. There is no reason to give your real name unless required. Don’t post your location. Don’t talk publicly about your job (and don’t mention where you work). Hell, I would even upload a test photo and then upload it to see if said social network deletes EXIF data on my behalf. (Even so, you can never guess; it might be worth anonymizing the photos and then uploading them to the service, rather than uploading them directly.)
In short, why give up information about yourself if you don’t need it? Save this for LinkedIn where it matters. Where it doesn’t exist, be who you want to be, not yourself.
Stop trolling
Keep in mind that your online activities, even if they are anonymous, can have an unpleasant effect on real people at the other end of your anger. Telling someone to “kill yourself” on the net is not a yell into the void; you are talking to a real person, and your words may actually induce him to think about causing some kind of bodily harm. You never know when a person’s tipping point will come, so don’t worry about fighting strangers.
In an ideal world, most of us would generally avoid intense political discussions on social media – politics tend to be the most trusted source of comment wars lately, at least in my Facebook feeds. Unfortunately, I don’t see this happening, although I have yet to meet anyone who is convinced of the other side’s argument through a sharply worded Facebook comment.
Parler, a cesspool for right-wing fanatics, is the perfect example of some of the worst social media out there; The site’s reluctance to contain aggressive user rhetoric is what led to its ban by Amazon, Google and Apple. However, we cannot trust Twitter, Facebook or YouTube to do the cleaning for us; all we can truly be held accountable for is our own actions (and the correct use of the “ report ” function when we encounter other people who cannot act correctly on the network). Again, social media may not be a place for protracted debates over controversial topics; This is definitely not a place to gather with like-minded people and threaten.
Stop sharing personal data that no one needs
I respect that Parler tried to link the accounts to real information, namely, if you needed a verified social media account, you had to scan your driver’s license or passport. I sincerely believe that every social network should have some way of linking a user account to data that is difficult to reproduce, such as a personal phone number or work email address. It is important to be able to prevent people from creating more than 20 anonymous accounts in order to harass others, even after their main account (s) are locked.
However, this is a double-edged sword: I am absolutely stunned that someone would agree to provide scanned images of something as personal as their driver’s license, passport, or social security number to a service they know nothing about. Never, never do this. This information may only be needed by organizations such as your bank that have verifiable procedures to protect your personal information.
This advice couldn’t be more robust, but it is obvious that some people have gotten out of their minds with caution when registering with Parler . So, I’ll be blunt: don’t share your Social Security number unless you fully trust the organization you provide it to. Do not scan your driver’s license or passport when you are asked about it, if you’re not quite sure who will have this information and how they are going to use / store.
You should never give up on this kind of information, unless it is clear that it is critical to the service you provide – perhaps if asked by your tax officer, and certainly not by social media . Don’t share personal information when requested by a third-party app you’re trying out for the first time, and consider the reputation of the app or service making the request. I’d be more comfortable with TurboTax asking for sensitive information to complete my annual tax return than David’s 2021 Tax Assistant, who just joined the App Store a week ago.
Nobody has a “right” to digital access
The First Amendment has nothing to do with private industry. Facebook can say right now that it doesn’t like the color blue, and every post associated with blue on its service can be removed without violating anyone’s freedom of expression guarantee.
If you don’t like the way a private person controls speech, that’s perfectly fine. You are not allowed to use Facebook on your terms, and the First Amendment does not guarantee you the right to do whatever you want when a private company provides the service. (And the First Amendment doesn’t let you do whatever you want to do, period – all that “screaming fire in a crowded theater.”)
The first amendment is as beautifully written as it is (presumably) easy to understand:
“Congress does not pass any laws regarding the establishment of religion or prohibiting the free exercise of religion; or restriction of freedom of speech or press; or the right of people to assemble peacefully and ask the government to redress their grievances. “
Nothing in it suggests that tech companies should allow any speech about their services; they can provide a platform for public speaking, but they don’t just become government agencies. They have the right to limit what their services say in any way they want. If you don’t like it, you can use another service that allows you to pour out however you like. (Relatedly, companies are under no obligation to provide social media services if they don’t want to.)
Plus, you don’t have a God-given right to a social media account, period, and your First Amendment rights aren’t violated if you act like a jerk on Twitter and get banned. Again, this is a private business: if Twitter decides that what you post violates its rules, it can remove you from the service; the social network is not obliged to you access .
In fact, this is the First Amendment, which explicitly prohibits the government from taking action in such cases. Organizations like Twitter are allowed to control their platforms as they see fit, without government intervention. If this enforcement is aimed at you, then it is the First Amendment that makes your case completely contentious, not the other way around.
Spelling matters
I enjoyed watching the Parlor app soar to the top of the Google Play Store this weekend. This is Parlor with the letter “o”, not Parler with the letter “e”. While these are both social media apps, the latter is full of far-right extremists. The first is a “communication app” that has been around for ten years, although not many people actually use or know about it.
While this sounds silly, it is a helpful reminder that you should always check if the application being downloaded is the application you are about to download. Nothing bad will happen to you if you download Parlor instead of Parler from the Google Play Store, but I see a future where the unofficial Parler app is distributed on the internet, which is unpublished when downloaded to your device (since you cannot install it from the app store) , will infect you with malware.
Spelling matters. Search matters. Do not install apps on your device unless you have triple checked that they are legitimate versions of the exact app you want to install. If you are unsure or cannot check if this is the case, do not install them.
Back to the previous point, just because an app is on the official app store doesn’t mean it’s legal. It is also possible that a wannabe app is not thoroughly reviewed, reported, or removed before you are tricked into installing it. Check the app’s publication dates, reviews, descriptions and screenshots before downloading. Do a quick web search to make sure the link you are using actually points to the official version of the app. Visit the developer’s website and use their links, not the ones sent to you in a message or email. And if in doubt, don’t download the app . Don’t subscribe to the app. Don’t pay for the app. And definitely don’t send sensitive personal information to the app.