By now, you may have heard of the hacker who says she scraped 99 percent of posts from Parler, the Twitter-wannabe site used by Trump supporters to help organize last Wednesday’s violent insurrection on Capitol Hill. What you may not know yet is the abysmal coding and security that made the scraping so easy.
A key reason for her success: Parler’s site was a mess. Its public API used no authentication. When users deleted their posts, the site failed to remove the content and instead only added a delete flag to it. Oh, and each post carried a numerical ID that was incremented from the ID of the most recently published one.
Another amateur mistake was Parler’s failure to scrub geolocations from images and videos posted online. Sites like Twitter and Google routinely remove such metadata from content posted by their users. The video files hosted on Parler, by contrast, were “raw,” meaning they still contained this information.