Share this page!
26 • she/her • Mobile RE/Data Spelunking 🌈 Meiklejohnian absolutist. free speech as in free-for-everyone.
4 added to My Authors
Add to My Authors
There is now a Docker image you can run to help out with
's Parler archival effort:
docker run --detach --name "at_parler" --restart always
--concurrent 20 NICKNAME
use watchtower to automatically check for updates to the docker image. lower the default checking threshold from 24h to 5 minutes. instructions are on the wiki.
Read 6 tweets
I am now crawling URLs of all videos uploaded to Parler. Sequentially from latest to oldest. VIDXXX.txt files coming up, 50k chunks, there will be 1.1M URLs total:
This may include things from deleted/private posts.
These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata.
if you have the storage space for this, this is currently the best way to help out
Read 7 tweets
RELEASE: Every Parler post made during the 06/01/2021 US Capitol riots.
(batches of 100k URLs, for archival purposes)
I wasn't going to put this out so soon, but since AWS might now pull their hosting, the more people get started with this, the better.
Use wget-warc. Upload to
a sample of what's in there
Read 8 tweets
Parler "Influence Network" Campaign Promoter UI (1/2)
Parler "Influence Network" Campaign Promoter UI (2/2)
Parler internal content moderation UI
Read 4 tweets
This got me curious, because root privileges aren't needed just to detect newly installed applications, so hooking play store to do this would be wild.
I took a look on the Play Store and found this "battery saver" app published by ad-tech company TappX.
First thing I see when I decompile the app is this, which is a broadcast receiver for "
.vending.INSTALL_REFERRER", so unfortunately they are doing it the boring non-root way
They tried to obfuscate whatever this class is doing and where the information is being sent by encrypting all of the strings constants
Read 7 tweets
20 Nov 20
full disclosure: scraping fleets from public accounts without triggering the read notification
the endpoint is:
for auth you just use the same leaked consumer keys from official twitter app that lets you use firehose for free:
for how to get a token
doing this or viewing the actual fleet via "media_url_https" does not trigger the read notification.
there is a separate endpoint "/fleets/v1/mark_read" for marking things as read, but it appears to be optional :^)
Read 12 tweets