crash override Profile picture
26 • she/her • Mobile RE/Data Spelunking 🌈 Meiklejohnian absolutist. free speech as in free-for-everyone.
jthomas Profile picture Gravy Trainwreck Profile picture U.S. Army Mom Profile picture Julie Profile picture 4 added to My Authors
10 Jan
There is now a Docker image you can run to help out with @archiveteam's Parler archival effort:

docker run --detach --name "at_parler" --restart always atdr.meo.ws/archiveteam/pa… --concurrent 20 NICKNAME
use watchtower to automatically check for updates to the docker image. lower the default checking threshold from 24h to 5 minutes. instructions are on the wiki.
Read 6 tweets
10 Jan
I am now crawling URLs of all videos uploaded to Parler. Sequentially from latest to oldest. VIDXXX.txt files coming up, 50k chunks, there will be 1.1M URLs total: donk.sh/06d639b2-0252-…

This may include things from deleted/private posts.
These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata.
if you have the storage space for this, this is currently the best way to help out
Read 7 tweets
9 Jan
RELEASE: Every Parler post made during the 06/01/2021 US Capitol riots. donk.sh/06d639b2-0252-… (batches of 100k URLs, for archival purposes)
I wasn't going to put this out so soon, but since AWS might now pull their hosting, the more people get started with this, the better.

Use wget-warc. Upload to archive.org.

archiveteam.org/index.php?titl…
a sample of what's in there Image
Read 8 tweets
5 Jan
Parler "Influence Network" Campaign Promoter UI (1/2) ImageImageImageImage
Parler "Influence Network" Campaign Promoter UI (2/2) ImageImageImage
Parler internal content moderation UI Image
Read 4 tweets
4 Jan
This got me curious, because root privileges aren't needed just to detect newly installed applications, so hooking play store to do this would be wild.

I took a look on the Play Store and found this "battery saver" app published by ad-tech company TappX. play.google.com/store/apps/det…
First thing I see when I decompile the app is this, which is a broadcast receiver for "com.android.vending.INSTALL_REFERRER", so unfortunately they are doing it the boring non-root way
They tried to obfuscate whatever this class is doing and where the information is being sent by encrypting all of the strings constants
Read 7 tweets
20 Nov 20
full disclosure: scraping fleets from public accounts without triggering the read notification

the endpoint is: api.twitter.com/fleets/v1/user…
for auth you just use the same leaked consumer keys from official twitter app that lets you use firehose for free: gist.github.com/shobotch/51600…

ddg api.twitter.com/auth/1/xauth_p… for how to get a token
doing this or viewing the actual fleet via "media_url_https" does not trigger the read notification.

there is a separate endpoint "/fleets/v1/mark_read" for marking things as read, but it appears to be optional :^)
Read 12 tweets