Good morning to everyone who has no fear that a nation-state actor has seized evidence of criminal activities from their parler account.


hmm, wonder if the asshats at parler are going to notify their users that there has been a serious data breach as is required under the GDPR...they only have a few days to comply iirc

Show thread

@djsundog however they were complying with the request part, it was incredibly easy to download all data they have on a user

@kemonine archiveteam scraped them before they went down and got ~70TB of data, including unredacted exif data and, from what I'm hearing, photo IDs

@djsundog holy crap ; how'd archive team get that kind of data? IIRC they skew to only publicly accessible info and link webs

@kemonine @djsundog My understanding of the reporting is that Archive Team wasn't involved as such - it was just their software that was being used to scrape the data.

Apparently the attackers created lots of admin accounts that were then used to access whatever was reachable to those.

@kemonine They were booted by their authentication service, and apparently some of their backend wasn't prepared to deal with the failure modes resulting from that. From what I've read, the password reset function just accepted any new password, which was used to gain initial access to an account with admin privileges.


@djsundog that would require possession of a soul and/or a conscience, of which I suspect they have neither

@djsundog GDPR only applies to countries in the EU though, doesn't it?
Btw fun, unrelated fact: I play in a band called Sun Dog

@Schwadoodle I think it applies to EU residents rather than companies, but I am neither and could be wrong.

(and that's awesome! Do y'all have any recordings online?)

@djsundog My impression is that it's companies but I'm not sure either.

We have precisely one recording on Spotify and YouTube. It should appear if you search for "Gnoll's Lament". It's kind of D&D-inspired proto-metal/doom

@Schwadoodle @djsundog It applies to companies and similar organizations doing business with EU citizens. How enforceable that is is another question, I guess they don't have offices in the EU.

@Schwadoodle @djsundog the UK is continuing to abide by something effectively the same as GDPR even after Brexit which is one positive

@Schwadoodle @djsundog
the way I understand it, if you handle data of data subjects who reside in the EU, the #GDPR applies to you:

Where is this coming from? I haven't see any reports on a hack.


Omg this Parler downloading thing.

I am just now waking up and reading about it and this is awesome.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!