Just received a response from @GETTRofficial to our @tl_eng report. Their Global Communications Director @ebonybowden has emailed and asked us to publish a series of comments from their CEO @JasonMillerinDC. So we are. 1/
This thread will address Miller’s rebuttals point-by-point. In the images attached to these tweets, when GETTR quotes our article the text appears in quotation marks. GETTR responses appear in bold type.
Miller admits @GETTRofficial user data is supplied to Facebook and Google, because GETTR’s growth strategy is dependent upon feeding data to #BigTech. Miller says the info is not shared with anyone else, but it is public knowledge that Fbook & Google share data with partners. 3/
There have been myriad mainstream reports on the widespread nature of Facebook and Google’s data sharing activities. Google Analytics, which #GETTR admits to using, reserves the right to do so. 4/ support.google.com/analytics/answ…
Miller admits #GETTR is capturing user location data & discloses usage of yet another third-party service that profiles users (not mentioned in GETTR Privacy Policy or our report). Miller says they use it to "ensure true customer identity," ironically validating our reporting. 5/
Our article published evidence in a public repo of a @GETTRofficial feed loading unencrypted source content from The Republic Brief. The loading of unencrypted content & GETTR engaging in what is known as 'hotlinking' is NOT "common and responsible practice" as Miller claims. 6/
Miller again concedes to our research, confirming #GETTR is hosted on Amazon AWS & Google infrastructure - defending it as “maximum service availability and reliability,” even though @parler_app's availability and business was famously devastated by these same providers. 7/
We reported that #GETTR’s API has no validation mechanism (such as API keys). Miller ignores this & instead deflects to assuring that PII (Personally Identifiable Information) is not being exposed. This fails to address the problem we raised. 8/
Getome & @GETTRofficial domains resolve to the same servers, such as back-end admin panels. Therefore, they share infrastructure. Getome was available on Google Play at the time of our investigation (which started on Jan 7). 9/
Miller’s response clashes with his other claims in this thread re: Facebook tracking. #GETTR privacy policy doesn’t mention Deduce or MailChimp, third parties now referenced by Miller despite them not even being mentioned alongside the numerous third parties in our report. 10/
One potential vulnerability in #GETTR’s tech stack was a #SolarWinds zero-day so severe that out of ethical considerations we did not report on it. We instead notified GETTR who promised to address it "this week." 11/
Admissions by @JasonMillerinDC re: #Facebook tracking, user profiling, previously undisclosed third-party services, & dependence upon Amazon AWS & Google, definitively *prove our points.* @GETTRofficial is, by its own admission, dependent upon & in business w/ Silicon Valley. 12/
As our groundbreaking report about #GETTR begins to ricochet around the internet, it seems none other than @joerogan also has a few concerns of his own about GETTR. In particular their murky practices around user statistics & importing of Twitter data. 13/
TalkLiberation.com@tl_eng publishes articles, interviews & global news on the online issues that affect us all. Talk Liberation Investigates features deep-dive bonus content like "What are you really getting with GETTR?"
If you like this work, Subscribe (free or paid). 14/
Talk Liberation is brought to you by Panquake.com - Crowdfunded, powerful, next generation social media. Icelandic hosting with green energy (geothermal & hydroelectric) using NO #BigTech/Silicon Valley infra & collecting NO personal data. 15/ panquake.com/donate
"What are you really getting With GETTR” was written because we felt ethically compelled to acknowledge the @GETTRofficial platform’s potential for user harm.
In addition to the issues @Suzi3D points out, it's important to highlight a few differences that separate the arch + design of Panquake.com from networks like GETTER and Parler. Short thread.
First, we're taking #decentralization seriously. Panquake.com conversations are committed to a blockchain record which will be shared around the world. Users on the network will communicate and verify each other using peer-to-peer methods and strong encryption.
Second, the Panquake.com network is built upon #respect and empowerment for users. We're making sure your data lives on your device(s), and don't collect or store the kind of sensitive information that has already been breached from GETTR and Parler, not even email.
I spent an hour last night analyzing the #IowaCaucasDisaster app that VICE reported on. There's nothing outwardly terrible from a privacy and security standpoint at first glance, but it may be worth digging more. Thread. 1/ vice.com/en_us/article/…
The app is seemingly clean from malware and tracker SDKs, although there is some Google and Facebook code when I disassemble the classes.dex file. Exodus Scan output below (I had to use the CLI because the app is not in Google Play). 2/
Here's the output from VirusTotal, which also includes the app permissions from the Android manifest. Did they actually use the camera and fingerprint reader? 3/ virustotal.com/gui/file/70fa1…