Sean O'Brien Profile picture
Jan 11, 2022 18 tweets 13 min read Read on X
Just received a response from @GETTRofficial to our @tl_eng report. Their Global Communications Director @ebonybowden has emailed and asked us to publish a series of comments from their CEO @JasonMillerinDC. So we are. 1/
This thread will address Miller’s rebuttals point-by-point. In the images attached to these tweets, when GETTR quotes our article the text appears in quotation marks. GETTR responses appear in bold type.

Read our original @tl_eng report here: 2/ talkliberation.substack.com/p/gettr-app-re…
Miller admits @GETTRofficial user data is supplied to Facebook and Google, because GETTR’s growth strategy is dependent upon feeding data to #BigTech. Miller says the info is not shared with anyone else, but it is public knowledge that Fbook & Google share data with partners. 3/
There have been myriad mainstream reports on the widespread nature of Facebook and Google’s data sharing activities. Google Analytics, which #GETTR admits to using, reserves the right to do so. 4/ support.google.com/analytics/answ…
Miller admits #GETTR is capturing user location data & discloses usage of yet another third-party service that profiles users (not mentioned in GETTR Privacy Policy or our report). Miller says they use it to "ensure true customer identity," ironically validating our reporting. 5/
Our article published evidence in a public repo of a @GETTRofficial feed loading unencrypted source content from The Republic Brief. The loading of unencrypted content & GETTR engaging in what is known as 'hotlinking' is NOT "common and responsible practice" as Miller claims. 6/
Miller again concedes to our research, confirming #GETTR is hosted on Amazon AWS & Google infrastructure - defending it as “maximum service availability and reliability,” even though @parler_app's availability and business was famously devastated by these same providers. 7/
We reported that #GETTR’s API has no validation mechanism (such as API keys). Miller ignores this & instead deflects to assuring that PII (Personally Identifiable Information) is not being exposed. This fails to address the problem we raised. 8/
Getome & @GETTRofficial domains resolve to the same servers, such as back-end admin panels. Therefore, they share infrastructure. Getome was available on Google Play at the time of our investigation (which started on Jan 7). 9/
Miller’s response clashes with his other claims in this thread re: Facebook tracking. #GETTR privacy policy doesn’t mention Deduce or MailChimp, third parties now referenced by Miller despite them not even being mentioned alongside the numerous third parties in our report. 10/
One potential vulnerability in #GETTR’s tech stack was a #SolarWinds zero-day so severe that out of ethical considerations we did not report on it. We instead notified GETTR who promised to address it "this week." 11/
Admissions by @JasonMillerinDC re: #Facebook tracking, user profiling, previously undisclosed third-party services, & dependence upon Amazon AWS & Google, definitively *prove our points.* @GETTRofficial is, by its own admission, dependent upon & in business w/ Silicon Valley. 12/
As our groundbreaking report about #GETTR begins to ricochet around the internet, it seems none other than @joerogan also has a few concerns of his own about GETTR. In particular their murky practices around user statistics & importing of Twitter data. 13/
TalkLiberation.com @tl_eng publishes articles, interviews & global news on the online issues that affect us all. Talk Liberation Investigates features deep-dive bonus content like "What are you really getting with GETTR?"

If you like this work, Subscribe (free or paid). 14/
Talk Liberation is brought to you by Panquake.com - Crowdfunded, powerful, next generation social media. Icelandic hosting with green energy (geothermal & hydroelectric) using NO #BigTech/Silicon Valley infra & collecting NO personal data. 15/ panquake.com/donate
"What are you really getting With GETTR” was written because we felt ethically compelled to acknowledge the @GETTRofficial platform’s potential for user harm.

Please help us spread the word. Thank you for reading! 16/16
talkliberation.substack.com/p/gettr-app-re…
NOTE: Some of the replies in this thread were re-posted with updated images to make sure we represent the statements by @JasonMillerinDC accurately.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sean O'Brien

Sean O'Brien Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @seanodiggity

Jan 2, 2022
In addition to the issues @Suzi3D points out, it's important to highlight a few differences that separate the arch + design of Panquake.com from networks like GETTER and Parler. Short thread.
First, we're taking #decentralization seriously. Panquake.com conversations are committed to a blockchain record which will be shared around the world. Users on the network will communicate and verify each other using peer-to-peer methods and strong encryption.
Second, the Panquake.com network is built upon #respect and empowerment for users. We're making sure your data lives on your device(s), and don't collect or store the kind of sensitive information that has already been breached from GETTR and Parler, not even email.
Read 8 tweets
Feb 5, 2020
I spent an hour last night analyzing the #IowaCaucasDisaster app that VICE reported on. There's nothing outwardly terrible from a privacy and security standpoint at first glance, but it may be worth digging more. Thread. 1/
vice.com/en_us/article/…
The app is seemingly clean from malware and tracker SDKs, although there is some Google and Facebook code when I disassemble the classes.dex file. Exodus Scan output below (I had to use the CLI because the app is not in Google Play). 2/
Here's the output from VirusTotal, which also includes the app permissions from the Android manifest. Did they actually use the camera and fingerprint reader? 3/ virustotal.com/gui/file/70fa1…
Read 21 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(