I did more research into the Parler dump. What probably happened was not so much a "hack", but this: When Twilio/Okta shut them down, they just disabled email/phone verification to create an account. This means anyone could directly create huge amounts of accounts via their API.

Someone also found out that fetching Parler posts could be done by enumerating IDs (e.g 1, 2, 3) instead of random IDs that can't be guessed. Unclear if this was via the ordinary API endpoint, or that they found a separate one by monitoring app network traffic.
So you combine these two things and you can create a script to scrape all the posts on the entire platform, using a lot of different accounts to avoid suspicion. Anyone could download and run this script to spread it out over many IP addresses as well.
What I'm still not sure about is whether deleted (meaning flagged as deleted, it's common that services never actually delete data) posts could be fetched without any special handling.
The verdict: The people who wrote Parler are fucking amateurs.
This Reddit comment is a good, and from what it seems, correct, summary: https://t.co/SfJQFQQG2h
Using sequential IDs was supported because the Parler API had an endpoint to convert them to the UUIDs used to fetch posts. Easy to find endpoint via network monitoring, and didn't require any special authentication. 🤦
Here's that specific function in @donk_enby library parler-tricks: https://t.co/kKQT2KCac1
It also seems like they did not have any kind of rate-limiting. This just gets better and better.

More from Internet

🚨 🦮 Seven ways to test for accessibility using only what is already in browser developer tools of Chromium browsers https://t.co/C7kdbigHGE

@MSEdgeDev @EdgeDevTools @ChromiumDev
#tools #accessibility #browsers
Also, a thread: 👇🏼


Issues pane, powered by @webhintio, listing accessibility issues with explanations why these are problems, links to more info and direct links to the tools where to fix the problem.
https://t.co/4K5RynHhbg


The inspect element overlay showing accessibility relevant information of the element, including contrast information, ARIA name, role and if it can be focused via keyboard.


Colour picker with contrast information offering colours that are AA/AAA compliant. You can also see compliant colours indicated by a line on the colour patch.
Note: the current algorithm fails to take font weight into consideration, that's why there will be a new one.


Vision deficit ("colour blindness") emulation. You can see what your product looks like for different visitors.
https://t.co/bxj1vySCAb

You May Also Like

Ivor Cummins has been wrong (or lying) almost entirely throughout this pandemic and got paid handsomly for it.

He has been wrong (or lying) so often that it will be nearly impossible for me to track every grift, lie, deceit, manipulation he has pulled. I will use...


... other sources who have been trying to shine on light on this grifter (as I have tried to do, time and again:


Example #1: "Still not seeing Sweden signal versus Denmark really"... There it was (Images attached).
19 to 80 is an over 300% difference.

Tweet: https://t.co/36FnYnsRT9


Example #2 - "Yes, I'm comparing the Noridcs / No, you cannot compare the Nordics."

I wonder why...

Tweets: https://t.co/XLfoX4rpck / https://t.co/vjE1ctLU5x


Example #3 - "I'm only looking at what makes the data fit in my favour" a.k.a moving the goalposts.

Tweets: https://t.co/vcDpTu3qyj / https://t.co/CA3N6hC2Lq