Sean O'Brien Profile picture
Cybersecurity Prof @YaleLawSch & @Lawfare | Founder @PrivacyLabISP at @YaleISP | CTO @PanquakePpl

Jan 11, 2022, 18 tweets

Just received a response from @GETTRofficial to our @tl_eng report. Their Global Communications Director @ebonybowden has emailed and asked us to publish a series of comments from their CEO @JasonMillerinDC. So we are. 1/

This thread will address Miller’s rebuttals point-by-point. In the images attached to these tweets, when GETTR quotes our article the text appears in quotation marks. GETTR responses appear in bold type.

Read our original @tl_eng report here: 2/ talkliberation.substack.com/p/gettr-app-re…

Miller admits @GETTRofficial user data is supplied to Facebook and Google, because GETTR’s growth strategy is dependent upon feeding data to #BigTech. Miller says the info is not shared with anyone else, but it is public knowledge that Fbook & Google share data with partners. 3/

There have been myriad mainstream reports on the widespread nature of Facebook and Google’s data sharing activities. Google Analytics, which #GETTR admits to using, reserves the right to do so. 4/ support.google.com/analytics/answ…

Miller admits #GETTR is capturing user location data & discloses usage of yet another third-party service that profiles users (not mentioned in GETTR Privacy Policy or our report). Miller says they use it to "ensure true customer identity," ironically validating our reporting. 5/

Our article published evidence in a public repo of a @GETTRofficial feed loading unencrypted source content from The Republic Brief. The loading of unencrypted content & GETTR engaging in what is known as 'hotlinking' is NOT "common and responsible practice" as Miller claims. 6/

Miller again concedes to our research, confirming #GETTR is hosted on Amazon AWS & Google infrastructure - defending it as “maximum service availability and reliability,” even though @parler_app's availability and business was famously devastated by these same providers. 7/

We reported that #GETTR’s API has no validation mechanism (such as API keys). Miller ignores this & instead deflects to assuring that PII (Personally Identifiable Information) is not being exposed. This fails to address the problem we raised. 8/

Getome & @GETTRofficial domains resolve to the same servers, such as back-end admin panels. Therefore, they share infrastructure. Getome was available on Google Play at the time of our investigation (which started on Jan 7). 9/

Miller’s response clashes with his other claims in this thread re: Facebook tracking. #GETTR privacy policy doesn’t mention Deduce or MailChimp, third parties now referenced by Miller despite them not even being mentioned alongside the numerous third parties in our report. 10/

One potential vulnerability in #GETTR’s tech stack was a #SolarWinds zero-day so severe that out of ethical considerations we did not report on it. We instead notified GETTR who promised to address it "this week." 11/

Admissions by @JasonMillerinDC re: #Facebook tracking, user profiling, previously undisclosed third-party services, & dependence upon Amazon AWS & Google, definitively *prove our points.* @GETTRofficial is, by its own admission, dependent upon & in business w/ Silicon Valley. 12/

As our groundbreaking report about #GETTR begins to ricochet around the internet, it seems none other than @joerogan also has a few concerns of his own about GETTR. In particular their murky practices around user statistics & importing of Twitter data. 13/

TalkLiberation.com @tl_eng publishes articles, interviews & global news on the online issues that affect us all. Talk Liberation Investigates features deep-dive bonus content like "What are you really getting with GETTR?"

If you like this work, Subscribe (free or paid). 14/

Talk Liberation is brought to you by Panquake.com - Crowdfunded, powerful, next generation social media. Icelandic hosting with green energy (geothermal & hydroelectric) using NO #BigTech/Silicon Valley infra & collecting NO personal data. 15/ panquake.com/donate

"What are you really getting With GETTR” was written because we felt ethically compelled to acknowledge the @GETTRofficial platform’s potential for user harm.

Please help us spread the word. Thank you for reading! 16/16
talkliberation.substack.com/p/gettr-app-re…

NOTE: Some of the replies in this thread were re-posted with updated images to make sure we represent the statements by @JasonMillerinDC accurately.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling