This article is more than 1 year old
Parler games: Social network for internet rejects sues Amazon Web Services for pulling plug on hosting
And no, Parler wasn't hacked either. Its public posts were simply scraped
Updated Parler, which advertised itself as a place where you can "speak freely and express yourself openly, without fear of being 'deplatformed' for your views," sued Amazon Web Services (AWS) on Monday for deplatforming the site.
On Saturday, AWS suspended Parler's account, based on the social network's role as a medium through which last week's attempted pro-Trump insurrection at the US Capitol was coordinated. In a letter to Parler, AWS said it could not provide service to a company unable to identify and remove content that incites violence. Because AWS provided Parler's hosting infrastructure, Parler – a haven primarily for far-right netizens banned or ostracized from other platforms – went offline and remains unavailable.
AWS's suspension, which took effect at 23:59 PST (07:59 UTC) on Sunday, followed Apple's removal of Parler's iOS client app from the App Store and Google's removal of Parler's Android client app from Google Play on Friday.
In its complaint, filed in a US district court in Seattle, Washington, Parler points out that on Friday, one of the top trending tweets was "Hang Mike Pence," but AWS has made no effort to suspend Twitter's hosting account.
"AWS’s decision to effectively terminate Parler’s account is apparently motivated by political animus," the complaint contends. "It is also apparently designed to reduce competition in the microblogging services market to the benefit of Twitter."
Twitter on Saturday did remove those tweets; Parler's inability or unwillingness to remove such content is the reason cited by Amazon, Apple, and Google for banning the social media service.
Social network Parler dumped by AWS, says it prepared for this by only using bare metalREAD MORE
The lawsuit [PDF] claims AWS, in conjunction with Twitter, has violated the Sherman Antitrust Act and has separately violated its contract by failing to provide a 30-day notice before terminating service.
AWS did not immediately respond to a request for comment.
The AWS Customer Agreement states that the web giant may terminate service immediately if a client's or client's customer's usage of its service poses a security risk, could adversely impact its services or other customers services, could subject AWS to liability, or could be fraudulent. The AWS Terms of Service allow the company to suspend service if prohibited content is not removed within two business days.
Websites that support hate speech have weathered similar abandonment in the past. Gab, another social network known for courting extremists, was booted off GoDaddy in 2018 and now runs its own servers. Neo-nazi site The Daily Stormer, after being booted from Cloudflare in 2017, has had to change web hosts several times and currently relies on an .su domain overseen by a Russian registrar.
Parler is seeking a temporary restraining order to undo the shutdown, noting in its lawsuit that efforts to arrange alternative hosting have failed. "Doing so is the equivalent of pulling the plug on a hospital patient on life support," the company says in its complaint. "It will kill Parler’s business - at the very time it is set to skyrocket."
In December, CNN reported that Parler usage had declined to 2.3m daily active users from a peak of 2.9m around the time of the 2020 election in November. The company's court filing anticipates more signups thanks to Twitter's ban of President Trump.
In a Sunday interview on Fox News, John Matze, CEO of the Nevada-based outfit, did not sound optimistic about reviving its relationship with AWS. "At this point, we may even have to go as far as buying and building our own data centers and buying up our own servers to get back on the internet."
The ban, he said, would harm the company's business and its ability to raise capital. "This is really, really devastating what they did," he said.
For what it's worth, the speech and videos posted to Parler – including threats and conspiracy theories – continue to be freely available, thanks to the archiving efforts of security researchers. ®
Updated to add
In response to Parler’s legal filing, the judge hearing the case said she cannot issue a temporary restraining order against AWS because Parler neglected to serve AWS with its lawsuit. The judge ordered Parler to do so before 1700 PST today. AWS has until 1700 PST on January 12, 2021, to respond, and Parler has until noon the following day to reply.
Meanwhile, an Amazon spokesperson has been in touch to say: “There is no merit to these claims. AWS provides technology and services to customers across the political spectrum, and we respect Parler’s right to determine for itself what content it will allow.
"However, it is clear that there is significant content on Parler that encourages and incites violence against others, and that Parler is unable or unwilling to promptly identify and remove this content, which is a violation of our terms of service. We made our concerns known to Parler over a number of weeks and during that time we saw a significant increase in this type of dangerous content, not a decrease, which led to our suspension of their services Sunday evening."
No, Parler was not hacked
A viral and now-deleted Reddit post that on Sunday claimed Parler had been hacked, and that users' private messages and other personal info had been harvested for public leaking, is basically not true.
Said post was written by someone who claimed to have heard from a friend with "technical" skills who explained how Parler had been broken into, and the prose used a garbled mix of IT terms, from Twilio APIs being abused to magic SETI-like Docker containers. It had a whole "my uncle works for Nintendo" vibe to it. The post, for instance, referenced a Twilio press release that "accidentally" spilled the beans on Parler's security, but no such press release exists.
As what appears to be the lead hacktivist archiving Parler’s public contents explained today, all that’s going on is common-or-garden scraping of publicly available posts – or what was available until AWS pulled the plug on Parler's hosting on Sunday night. The process of scraping the site was containerized, and a Dockerfile shared, for anyone who wanted to grab a copy of the 70TB-odd of hosted data for themselves.
It was discovered that it's trivial to enumerate public posts, videos, and images shared on Parler, allowing them to be downloaded en masse. That’s it. There was no collection of Parler users’ private messages, credit card details, or government-issued photo IDs. (Netizens can submit their IDs to Parler to verify their identities and gain so-called Parler citizen status.) Those gleefully looking forward to the leaking of private information, doxxing of Parler users, and targeting of employers and family members, should remember that this sort of unauthorized disclosure is illegal in most Western jurisdictions.
In a statement on Monday, Twilio said it had told Parler on Friday it was withdrawing its multi-factor authentication services from the social network due to a breach of its terms and conditions. Parler had, we're told, preemptively stopped using Twilio's APIs before that plug was pulled.
As for the now-scraped pictures and videos posted publicly by Parler users, well, if they uploaded files with identifying metadata and geographic co-ordinates embedded, more fool them. It appears Parler did not strip this information from uploaded files.
Additional reporting by Gareth Corfield