Share this page!

Maybe Scrolly?
Mikael Thalen Profile picture
Twitter logo
Feb 20 12 tweets 7 min read
SCOOP: Tried the Truth Social beta.

But not the one Trump & his fans are testing, the one used internally by his team, which left the site publicly accessible online (again).

Registered @realDonaldTrump & found a user praising dictator Augusto Pinochet dailydot.com/debug/truth-so…
Again, this is not the mobile beta being discussed online but the internal beta that TMTG's dev team uses to find bugs before updating the app.

Found the page online in Oct. & was tipped by @WhiskeyNeon that a verification page for registrations was open. dailydot.com/debug/truth-so…
The dev team didn't disable the handle @realDonaldTrump, which Trump is currently using on the mobile app.

I was able to upload the same profile image & banner as Trump. To be clear, this would not affect Trump's account on the mobile beta.

dailydot.com/debug/truth-so…
I found all sorts of content openly posted to the publicly accessible internal beta.

Pics from devs that showed usernames & passwords as well as other identifying info (which I will obviously not be publishing).

Raises serious security questions.

dailydot.com/debug/truth-so…
I also found several moderation accounts that were used to teach Truth Social's systems how to flag banned content such as porn, images from execution videos, and racial slurs.

Interestingly, the system was also being trained how to spot pics of firearms. dailydot.com/debug/truth-so…
Another account posted memes & statements praising Chilean dictator Augusto Pinochet.

It's unclear if the account was run by a moderator attempting to teach Truth Social's systems to flag such imagery or merely a fan page from someone at TMTG.

dailydot.com/debug/truth-so…
As you may remember, after Trump announced his plans for Truth Social in Oct., a site hosting the mobile beta was quickly found. Myself as well as @drewharwell were able to register accounts for Trump & Pence.

Devs on the internal beta weren't impressed. dailydot.com/debug/truth-so…
As reported by Reuters, the Truth Social app will possibly be released tomorrow.

As of writing this thread, I’ve lost access to my account. But excited try out the app tomorrow if it does drop!

reuters.com/world/us/exclu…
Another interesting point. A moderator, whose job is to train Truth Social's systems to recognize banned content, shared posts about Jan. 6.

Does this mean TMTG is opposed to the Capitol riot or that it won't allow users to rally for similar events? dailydot.com/debug/truth-so…
Apple has begun sending out emails and notifications alerting users that Truth Social is available for download.

Once downloaded on the App Store, users are informed that Truth Social is “coming soon.”
Truth Social can now be downloaded from the Apple App Store but attempting to register an account produces an error message.
For the record, Truth Social only pulled down one domain for the internal beta site that I was able to register an account on last night.

Another domain still remains (which I won't be publishing), which shows that the site is ready for launch.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mikael Thalen

Mikael Thalen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @MikaelThalen

Mikael Thalen Profile picture
Feb 14
BREAKING: GiveSendGo, the crowdfunding website used by the Freedom Convoy, is now redirecting to the domain GiveSendGone[.]wtf.

A video from the Disney film Frozen now appears alongside a manifesto condemning the website and the Freedom Convoy.
A file allegedly containing tens of thousands of names of those who donated to the Freedom Convoy has also been leaked.

Working to verify further details.
An S3 bucket run by GiveSendGo was found to be leaking pics of drivers licenses, military IDs, passports, & other sensitive docs just days ago.

Source tells me that despite an attempted fix, the bucket was exploited again to allow the takeover of the site dailydot.com/debug/givesend…
Read 13 tweets
Mikael Thalen Profile picture
Feb 10
NEW: GiveSendGo, the crowdfunding service used by the 'Freedom Convoy,' claimed this week that it fixed a leak exposing user data.

But a security researcher has found exposed pics of credit cards, birth certificates, military IDs, SSN cards, & passports.

dailydot.com/debug/givesend…
Earlier this week TechCrunch's @zackwhittaker reported that GiveSendGo had an exposed Amazon S3 bucket containing users' private

The company appeared to fix the issue. techcrunch.com/2022/02/08/ott…
A source explained to me that GiveSendGo merely disabled the ability to view an index of the buckets' contents. The actual files themselves were still exposed.

dailydot.com/debug/givesend…
Read 7 tweets
Mikael Thalen Profile picture
Jan 21
NEW: A Capitol rioter accused of beating a cop with a baseball bat has announced a new 'free-speech' social media site from behind bars: 'Liberty Centric.'

The site promises no censorship, bans, or 'fake' fact checking. I quickly found issues.

dailydot.com/debug/capitol-…
The site was quietly launched to little attention last year by Jake Lang, an accused rioter who is currently in jail in D.C.

The site's official announcement came this week with the help of the conspiratorial blog The Gateway Pundit.

dailydot.com/debug/capitol-…
The site's Terms of Use are a single paragraph and only asks users to avoid illegal activity and to "Love God with all your Heart."

dailydot.com/debug/capitol-…
Read 5 tweets
Mikael Thalen Profile picture
Nov 6, 2021
Reviewing a trove of more than 600 hours of police helicopter surveillance footage leaked to DDoSecrets.

Footage includes video from the Dallas Police Department and the Georgia State Patrol.

wired.com/story/ddosecre…
This screenshot from leaked police helicopter surveillance video, believed to be from the Georgia State Patrol, shows how far in the cameras can zoom.

Redacted these two seemingly random individuals in this shot who were totally unaware that they were being watched. Image
Another screenshot from the more than 600 hours of helicopter surveillance video leaked to DDoSecrets.

This appears to show the Dallas Police Department canvasing a neighborhood, zooming in on a seemingly random individual sunbathing in their backyard. Image
Read 4 tweets
Mikael Thalen Profile picture
Oct 21, 2021
NEW: I spoke with the hacker who discovered that Trump's new social media platform 'TRUTH Social' was openly accessible online.

Here's how they found it: dailydot.com/debug/hacker-t…
The hacker, who asked not to be identified but claimed affiliation with the hacking collective Anonymous, first noticed the name of the company behind TRUTH Social's app: T Media Tech LLC.

dailydot.com/debug/hacker-t…
The hacker then used Shodan, a search engine that finds servers exposed to the open web, to look for any domains linked to T Media Tech LLC.

dailydot.com/debug/hacker-t…
Read 9 tweets
Mikael Thalen Profile picture
Oct 4, 2021
NEW: Hackers operating under the banner of Anonymous have announced a third data leak from the web hosting company Epik.

The leak allegedly contains more bootable disk images as well as a data backup with 'private documents' from the Texas GOP.

dailydot.com/debug/anonymou…
This latest leak comes just days after a 300GB cache containing bootable disk images of Epik's servers were released online, which exposed at least 59 API keys for services such as Twitter, Coinbase, and PayPal.

dailydot.com/debug/anonymou…
The first data leak came on Sept. 13 and exposed 180GB worth of sensitive data from Epik, including customer names, passwords, addresses, credit cards, and more.

dailydot.com/debug/epik-hac…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @MikaelThalen has new unrolls!

Check out other threads from @MikaelThalen!

Read all threads by @MikaelThalen

:(