Hacker News new | past | comments | ask | show | jobs | submit login
Pirate Bay founder thinks Parler’s inability to stay online is 'embarrassing' (vice.com)
618 points by weare138 on Jan 13, 2021 | hide | past | favorite | 593 comments



Also embarrassing:

https://www.vice.com/en/article/n7vqew/the-hacker-who-archiv...

> donk_enby had originally intended to grab data only from the day of the Capitol takeover, but found that the poor construction and security of Parler allowed her to capture, essentially, the entire website. That ended up being 56.7 terabytes of data, which included every public post on Parler, 412 million files in all—including 150 million photos and more than 1 million videos. Each of these had embedded metadata like date, time and GPS coordinates—unlike most social media sites, Parler does not strip metadata from media its users upload, which, crucially, could be useful for law enforcement and open source investigators.


Someone put together an animated heatmap of Parler photo locations along the Mall throughout the day of 1/6: https://www.reddit.com/r/dataisbeautiful/comments/kvx88n/oc_...


Even better, here are the videos along with their locations:

https://www.tommycarstensen.com/terrorism/index.html


That's hilarious. Some trumpian complaining about furniture in offices while people are homeless on the streets

https://www.tommycarstensen.com/terrorism/pQf5uxtLtxH5.mp4

Neglating to remember his president has been in charge for 4 years

The guy coughing at 1m34 too!

Rioter 1: "They just hit that dude"

Rioter 2: "Yeah because he was being a prick"

https://www.tommycarstensen.com/terrorism/4wIDySD7tKxo.mp4

18 seconds

Woman takes of mask to tell camera "It's amazing". Cameraman says "put your mask on I don't want anyone to see you"


Oh man that last one is right up there with the don’t tread on me lady getting treaded on in hilarity.


35% of the country looks at the videos and says "yeah, must be antifa"


>>Someone put together an animated heatmap of Parler photo locations along the Mall throughout the day of 1/6

Showing that people posted videos from the rally at the Monument and then went to the front of the Capitol buildings. Note that many on site participants reported there was no cell or data service at the Capital, so they were not coordinating with Parler, just reporting.

The heat map might generate hypothesis but conclusions that Parler users or demonstrators as a whole did anything other than asserting rights under the 1st amendment do not necessarily follow from the data[1].

[1]https://gist.github.com/kylemcdonald/8fdabd6526924012c1f5afe...


That graphic is interesting to me, as it illustrates what the view is like at the 3-letter-agencies control centers, who have been slurping up our data for years.


Debatable; this is low hanging fruit.

Turn off or strip EXIF data -- most sites do anyway -- and this wouldn't happen.


What I find astonishing is that—at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.

This isn’t an app that’s in widespread general use but just so happens to also have a few bad apples using it too. It’s instead almost exclusively used by what would appear to be the most radical wing of the Trump party. Almost every single person using it during that period attended Trump’s speech and/or participated (in some way, shape, or form) in an assault on the Capitol that day.


> What I find astonishing is that—at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.

These are location from pictures. Of course almost all pictures are of the riots instead of some boring random street in Washington DC.

Even people who are not part of it will take pictures simply because it is a major event and nowadays, every time something interesting happens, there are people to take pictures. You are probably going to find similar heat maps on more mainstream social networks.


> at least according to that heat map—it appears that bordering on 100% of the people using Parler in DC that day we’re part of the riot / coup / insurrection.

Are you sure it's not just a heat map of only those videos?


DC voted 93-5% for Biden. Not gonna be many native Parler users there.


OPSEC 101: blend in, don't look suspicious. By banning these communities from the regular media (Twitter, Reddit, Facebook, Instagram, ...), they need to gather via "anything goes" path where 'freedom of speech' protects their hate speech, such as bulletproof hosting. Which is expensive, and of which all traffic to/from is suspicious by default. Its essentially akin to Bitcoin mixing, or avoiding Monero.


This was exactly my take away from the heat map. If that's all the GPS coords from video taken on Parler that day than it looks to be exclusively used by those supporting/participating/sharing the riot on the US Capital.


Some people stayed just outside of the capital and didn't necessarily do anything wrong.


I mean, look how DC voted in the last election.


The same way it has since I’ve been alive. What’s your point?


that a DC citizen is exceedingly unlikely to be a Parler user unless they're an external protestor or a congressperson (or congressional staff, I guess).



Wow this is a powerful way to word it.

"Authoritarians never believe they're authoritarians, no matter how much censorship, surveillance, jingoism, & imprisonment they demand.

They tell themselves their enemies are so uniquely evil and dangerous - terrorists - that anything done in the name of fighting them is noble."


Indeed. Greenwald helped Snowden; he has the chops to see what's going on. To wit, his subsequent tweet:

Glenn Greenwald @ggreenwald Jan 11

Do you know how many of the people arrested in connection with the Capitol invasion were active users of Parler?

Zero.

The planning was largely done on Facebook. This is all a bullshit pretext for silencing competitors on ideological grounds: just the start.


That tweet seems to be incorrect.

https://twitter.com/nickmartin/status/1349277932531847174

> Hi Glenn, I'm wondering if you would be willing to delete this tweet and issue a correction both on Twitter and your newsletter since a number of the people arrested last week, including Jacob Chansley and Nicholas Ochs, were active users of Parler. Thanks!


Afaik, Greenwald was told the above by Parler CEO. Greenwald then proceeded to uncritically believe that.


They were downloading at 50 Gbps for a while

https://twitter.com/donk_enby/status/1348497204940595201

https://twitter.com/donk_enby/status/1348440720504401921

Also, auth provider (twilio?) removed Parler as a client so for a short while it was possible to create accounts without a phone number (2FA).

https://twitter.com/donk_enby/status/1348298836930867204

edit: okta, free trial, thanks: https://news.ycombinator.com/item?id=25774943


Just a note here, it wasn't Twilio.

It was a free trial of Okta that they were using for their entire userbase.

https://twitter.com/okta/status/1348191370528256002?ref_src=...


How cheap can you be to run your whole site on a trial and fail open if it doesn't work anymore?


I read that they chose to fail open when Okta dropped them in order to stay online for awhile longer.


She is probably liable for that data egress bill.

Also, how does some randomer have ten of terabytes of disk lying around?


Have you ever been to r/Datahoarder or r/Homelab?

10TB fits on one desktop drive, it's completely pedestrian


I have not. I have one 4TB HD in my machine and I've never come close to filling it!


Many people have <1TiB on their machines and are content with it.

Others, like me, have home NAS's which have 10-20TiB, and they're usually close to full.

Fewer people, but a non-zero amount, hoard data, they have 20-100TiB or even more, full on homelabs.

If you're a person collecting datadumps or running rainbow tables, you probably have such a unit. It's not even that expensive really, you can get a 24TiB Pegasus Thunderbolt raid array for <1,000 USD


It's really a matter of multimedia: video, raw format photos, music, ripped movies. That's the vast bulk of the probably 8TB or so I have.


The raw files off my D5600 are roughly 30MB each. If I took 100 photos a day, I would need +1TB every year to keep all of them. The battery is good for about 600 shots. Someone who does photography professionally can easily blow right past that on one job before accounting for their second shooter's files.


Wasn't this an ArchiveTeam Warrior project?

https://archiveteam.org/index.php?title=ArchiveTeam_Warrior

If so it's distributed among many volunteers.

But the data still has to end up somewhere... Archive.org?


the data is being processed by archive team https://www.archiveteam.org/index.php?title=Parler

Grab status: https://tracker.archiveteam.org/parler/

and will be hosted by archive.org


> some randomer

They're not a randomer, they're a person interested in data dumps.


donk_enby wants to be called she/her according to Twitter, unless you're speaking of someone else


I'm not a huge data fiend but I've got maybe ~3-4 2TB drives in my house: a Synology NAS + a spare drive.

Including old desktops and a couple of random external HDDs, I could probably hit 8-10TB easily.

And it's not like it's hard to get more. If I hit a montherlode and I need keep it, it's a 20 minute drive to Target / Best Buy / Walmart for a drive or three. Not as cheap as bulk orders off of Newegg but cost-effective enough to store these dumps.


Given the speed I’m guessing it was towards S3 so there’s plenty of terabytes.


Didn't Parler just get booted from AWS though? Seems odd it'd go right back to Amazon.


Yes probably. Wherever it is, that provider is in an interesting legal position by holding this data.

Also, I assume there is content from EU citizens in there, and so GDPR violations galore.


So people post it on Parlor themselves, it is publicly available, but it would be illegal to download for me? That does not make much sense.


If you were to scape someone's private messages from Facebook - or their private posts - and then post them online en masse ... that may or may not be illegal in Europe, but it ain't ethically white. Grey at best.


Nothing being discussed was private. It was all globally visible.


It might be illegal for you to possess such data after you were asked to destroy it, yes, at least in the EU.

The GDPR talks about "data controllers", and citizens have the right to demand such controller remove their personal data. A "data controller" in this context means you knowingly possess the data and are in the position to make decisions about it. You're not a data controller, tho, if e.g. you run some service that allows users to upload data, without your involvement and direction and also do not decide how to use such data. E.g. amazon would not be liable if people put a data dumb in their cloud (unless amazon used the data themselves, instead of just storing/hosting the data at the behest of their customers).

Even before the GDPR there have been related laws and court cases, like the case that culminated in the "right to be forgotten" based on a decision by the European Court of Justice, which may well come into play here. I also remember a case in Germany, where a women allowed her partner to take intimate pictures of her, then after the relationship ended had a court order him to destroy the material (not a revenge porn case, there was no allegation he ever shared any of those pictures), meaning it's not always about what's public.

I don't know how California's mini-GDPR compares.

Then of course there is still the avenue of copyright law if the stuff is put online. Just because a parler user gave parler the permission to distribute a certain piece of content doesn't mean that everybody else has the same permission. I'm pretty sure Parler didn't make people assign them the copyright (which isn't even possible in some jurisdictions), therefore the people who posted on parler still retain the rights to their content. They can therefore use the DMCA or other similar jurisdictions around the world to demand takedowns.


My understanding is that not all of it was public posts.

As an EU citizen, I can request that a company deletes my data. Unless this data dump is being treated as a crime scene or something, then the holders of this data will need some way to comply with these requests.

Also, now AWS (or whatever cloud provider it is) is holding content that contains racist and/or illegal content. Are they not effectively now just another Parler?


No, they're not. Holding a static, private archive is not the same thing as hosting a live, public site.


How so? Aren't people freely perusing all this data, extracting GPS metadata and reading both public and private conversations?


You cannot be more wrong with this claim, you might not had to deal with this privately or professionaly I presume in which case it is understandable. Parler is liable for taking absolutely no precaution with their users data with whom they had a terms & conditions agreement (in short: users agreed to upload their data for a specific purpose)

Now, ripping that _user_ generated data from the website this way without justified (justified = platform user agreement + legitimate interest) purpose or intent or even agreement and storing / distributing / processing it is the epitome of a GDPR transgression and borderline criminal at least in the EU (saying this as a EU citizen). They are liable. I wouldn't touch that dataset with a 10 foot pole. And I would even less brag about it on Twitter, things we do for clout I guess... :)

I have no stake in this thing, it's just to emphasize that statements like this are what get people and businesses in big trouble. Stay safe! Archive only your own data or data you gathered legitimately. Take the rest up with a lawyer or ... read the laws.


The claim I'm making is "they are not, in fact, 'just another Parler.'" You are pointing out many correct things about their potential liability and problems with holding that data! However, those things are, at most, a subset of the problems with Parler and at worst disjoint problems from Parler's problems. I stand by the argument of "a static, private data archive is not the same as a live, public web service." I did not make the argument of "there are no problems with the static, private data archive."


Agree with the legal implications. I would not go anywhere near this data.

I don’t think this relates to GDPR though. There are some exemptions for personal use which I think there are arguments this could fall into (IANAL). But my opinion is this isn’t in the spirit of GDPR.

There are many other laws that are broad enough in most countries to cover gray area scraping sadly. CFAA in the US for example. This sounds similar to the AT&T weev case.


Maybe the data compresses well and/or a lot of it is redundant (so instead of storing it raw you store it in a database and use relationships to link related pieces of data)?


That's not how you usually measure a database size.


Jesus fucking christ i thought it's just some users table but 56.7 terabytes you mofos that's some s3 egress bill!


I kind of doubt I'd pay my AWS bill if AWS banned me.


I think they’ll avoid paying whatever Amazon charges. And I don’t think Amazon will pursue it either. “How about you just let this lawsuit go and we’ll forget about that massive bill you have to pay?”


Considering Amazon built a replacement for mongodb to essentially give them the finger, I'd say it could go either way. If AWS feels like it's worth setting a precident, they may well fight tooth and nail to make them payup.


90$ per TB


Is there still no easy straightforward way in $current_year to put an absolute spend cap of say USD 0, USD 5, or USD 10 per month on Amazon.com web services or Google Cloud Platform?

I’d think I’d like to prepay a fixed dollar amount like USD 200 IF I anticipate some major event but really this is problematic for students. I just want to use the free tier. Why is this so hard?


The common excuse is "billing is heavily distributed and every product does it differently, so it's impossible to implement limits", but yeah, you're probably not the target audience.


A coworker runs a charity site (online monument for Market Garden), and because of its charity purpose, he got some free budget for Azure. He calculated that at the expected usage, that year budget was more than enough to last him a year. Until he activated some innocuous function, and suddenly it ate through his entire budget in a month, so he couldn't afford to stay on Azure anymore.


Yes. A hard cost limit isn't a hard cost limit unless they start deleting resources like databases which has its own problems. One can imagine a semi-hard cost limit that only cuts off stateless services like EC2 and data egress but AWS apparently just doesn't care enough about courting customers like the GP to implement.

I agree that there is some financial risk to using AWS although my understanding is that they're pretty forgiving of surprise bills--at least the first time.


A googler recently commented here that, in order to forgive "bigger" bills, you really need to know someone to pull some heavy strings for you - and that it doesn't happen in many cases.

This taught me to be very very careful with this stuff, and to not bet on Google or Amazon being nice to me when I am bound to mess something up at some point - because with the complexity these services carry, it's no wonder people fall into cost traps all the time.


I do use AWS S3 for storage and it's very cheap for my needs. But I do periodically think about switching to a VPS (or to Backblaze which does let you set a hard cap).

I also help out a small non-profit newspaper mostly operated by students. We're going to need some storage for an archiving project and there's no way in hell I'm going to use AWS for that.


There are also cloud storage providers that do not charge for transfer or egress, etc.

There’s one in particular I’m thinking of…


It's Wasabi S3 https://wasabi.com, and ridiculously cheap for storage.


I don't think so. It would be great though to encourage dabbling.

I am glad that my customers and company pays the bills because they can fluctuate very noticeably.

For private use I still host my own server just because the costs are fixed an I know what I am getting.


It used to be possible to do that with Google App Engine at least.


What's worse is that it costs something like $90 per TB of outbound bandwidth. That is absolute robbery and it is consistent across the cloud cartel.


You're not a customer they want.


I might be the future customer they would want, if I were able to learn with no risk of costly errors what their platform can do and how to operate it.


Free tier gives you a ton of usage across most of the services, but definitely not enough to fully host a side project. But e.g. you can use RDS (database hosting), S3, EC2, text to speech and do whatever you want in a small scale for a year. It's kind of enough to learn for certificates.

I forgot to remove NAT Gateway for a few weeks while learning bits and pieces of VPC usage and it ended up costing me 25$... what can you do.


You're probably still not that customer. You're still concerned about your own money, vs spending employers' money.


they have alerts that can email you if you are approaching a limit but i don't think you can tie that to some automated shutting down of your stuff (i might be wrong i haven't worked in aws heavily for about 2 years now... believe others with more recent exp if they comment otherwise) tbh i kind of get why it is like this, aws is a business and they are only looking for your money. responsibility for keeping your pants up at aws is on the admins.


I think you can tie alerts to automated actions that you write although I've never done so myself. Of course, that requires anticipating what could happen and what you're OK with taking down.


This is the proof to why I strip all metadata AND filename (esp. photos from camera include timestamp in filename) before uploading it to share one social medias.


Camera vendors are perfectly capable of storing a lot of metadata in the jpeg encoded image itself, in an steganographic way. If you want to really be sure, crop your image to a position that is not multiple of 8 on any direction, then scale it by a factor very close to 1, add some noise, and re-compress it again. Some steganography is yet robust to that, but only the really fancy stuff.

Anyhow, if your image shows recognizable landmarks with shadows, then it will be feasible to recover the exact point of view and the time of acquisition.


Use image pool to train a GAN, publish the GAN images instead of the real ones.


> Anyhow, if your image shows recognizable landmarks with shadows, then it will be feasible to recover the exact point of view and the time of acquisition.

With what level of accuracy? Are you claiming you can confidently assert 2020-12-21 15:12 over, say, 2020-12-22 15:15 via shadows


> confidently assert 2020-12-21 15:12 over, say, 2020-12-22 15:15 via shadows

Not at all. By visual inspection you can see whether it's the morning or the afternoon (if you know the orientation of the landmarks). I guess by image processing you could get a precision of +- 1h maybe?


How precise is a sundial? How high is the resolution of the camera? I'd imagine that on a bright sunny day with a high resolution camera showing clean sharp shadows, it'd be possible to get a precision much better than +/-1h.


Sure, I was thinking about a photo of human subjects in the foreground, with some distant buildings in the background. But if you photograph the shadow of the Eiffel tower on a clear sunny day you may be down to the precision of a couple of minutes.


But that's only if you can resolve the "which day" issue?


Oh, yes, that seems a hard problem. But with sufficient effort (cloud patterns, parked cars, other people in the image) there is still a lot of information to extract. Especially if other people were taking exim-tagged photos in the same time and place and putting them on instagram.


The arc of the sun through the sky, along with observable weather and variability in air quality could let you pin the date down with surprising accuracy. Two neighboring dates with similar weather would obviously be very hard, but even variation in cloud patterns could be enough to make an id.


The problem with that idea is that there would have to be a stenography standard and then it becomes easy to defeat.


Of course, the idea is to keep it secret; a "stenographic standard" seems absurd. If they are embedding this information, it will not be readily detectable by most people.


iOS now have an option to do this natively. But I find it bit convoluted. My go to app for stripping out metadata from photos is Exif Viewer.


My camera apps never include GPS coordinates to begin with (which is enough stripping for me, but then again I'm not part of Qanon and all that).


I'm curious where someone just gets 56.7 tb of storage that quickly.


Im more curious how someone pulls down 56 terabytes in a very short period of time without sysadmins at parler noticing. I'm surprised they didn't unintentionally DoS them.


Parler used AWS and AWS is always happy to serve any request without problems and notify you about it hours later if you decided to create usage alerts.


> and notify you about it hours later if you decided to create usage alerts

and bill you at the end of the month.

This is the crucial part: AWS will serve whatever is request. It brings them money.


Sorry for OT but what about a simple small time private AWS user like me who uses it for static hosting my blog and stuff.

Does that mean someone could request a lot of files, over and over, to increase my bill? Or is that served by some cache?

Let's say for example I host Mastodon media on S3, about 30G of unique data. Could someone use that to increase the cost of my bill?

I do of course have a budget alert set but I have to react to that alert too.


AWS can really sting you. I've completely stopped using it for private projects after receiving a $100 bill for something I accidentally provisioned through the command line.

Not only is it very easy to spend real money by accident, the web interface makes it incredibly hard to work out what you're spending money on (it took me a long time to even understand what I was paying for, and then longer still to turn it all off).

Even if you know what you're getting in to, the pricing is very misleading. A few cents an hour adds up if its running 24/7, and its never obvious whether you're in the free tier or not.

If you don't have deep pockets, be very careful with AWS.


The first thing I do at companies I join is dig through common services and tag all resources in a consistent way(ie. app=web-frontend). Then you can create resource groups and breakdown billing at an ‘application level’ through cost explorer, instead of relying on their default, very general filters. Not perfect, but it gets you 90% of the way towards understanding where your costs are.


>>tag all resources in a consistent way

It amazes me when I get pushback for that, but it's to be expected inside toxic culture corporations. I'm kinda disgusted with AWS now so I'm looking to re-tool. The dangerous defaults and concern about arbitrary or uncaring TOU enforcement should be an impetus to diversification of service provision.


AFAIK yes. This is why I never get people that use AWS. DigitalOcean or any other VPS provider for that matter gives you a flat monthly rate so you know there will never be any surprises. Why take the risk?


There are genuine architectural and cost benefits for some type of configurations. But you really need to be an expert (or team of experts) to identify those situations, then architect and configure appropriately. Where it bites people is the "AWS by default" mentality many folks have (after a decade or more of lots of positive press) without understanding what they're using or why they're using it. Many people who make these decisions are shielded from the direct impact of any cost overruns too, to there is less reason to be sensitive to that. Almost any time I've worked with orgs using AWS, any reference to cost is "an engineer is more expensive!". Which is sort of true, but there's also typically no way a company could just accidentally hire 27x more people than they budgeted for in a single day, or that a rival company could force-hire those engineers in to your company without you knowing about it, sticking you with even just a day's cost for 50 engineers, for example.


This is always a possibility so you take steps to protect yourself. If it’s a few static assets, put a CDN in front of it. You won’t be charged extra by S3 because the CDN would cache it.

If you’re hosting Mastodon, then I assume you’d take steps to ensure that only an authenticated user can access any data. And that user would also need to be authorised to access only specific data. And that authenticated and authorised user would be rate limited so they couldn’t scrape everything they have access to easily.

If you do all these things, you’ll be fine.


Most CDNs also charge for transfer.


If you search HN for aws bill https://hn.algolia.com/?query=aws+bill

there are a lot of interesting things that can go wrong.


I believe the person that pulled it down is a digital archivist. I’m sure she has plenty of storage laying around for such occasions.


> laying around

ITYM lying around, unless this is a quirk of US English. Sorry to be pedantic!


> unless this is a quirk of US English

It is indeed. Very common in colloquial speech around here.


Presumably just another s3 bucket?

Do all your transferring from an EC2 instance in the same region and it never needs to waste bandwidth going over the public internet anyway.


Or local storage. The DataHoarder subreddit where a lot of similar efforts are coordinated has a lot of info about building dense home storage on the cheap


You can get that in 5 drives from best buy these days. Not exactly a huge leap for cloud storage.


I got two 90 TB servers that I pay a small amount of peanuts per month at Hetzner to server as backup servers. As long as you stay away from the cloud, storage is dirty cheap.


AWS.

If not them because in you're worried they'd also shut you down than probably BackBlaze.

Could also just buy a bunch of fairly cheap 100 mbit unmetered boxes off OVH/Kimsufi for a total cost probably of ~$300/m.


Modern hdd's store up to 18tb.

I saw 6tb hdd's for €114 on my local site, 16tb hdd's for €370.

It's not exactly cheap, but if you're doing it for a serious project like archiving an entire politically relevant social media website, I'm sure you'll have 1-2 thousand eur lying around for a couple of hard disks


Crowdsourced. The crawling and downloading was able to be coordinated and performed by a bunch of people at the same time.


All the content was hosted on s3 and you just needed the URL's, security by obscurity.


The storage isn't that much of a deal, but I bet that was not on some cheap consumer Internet subscription as an ISP would have throttled her into oblivion after the first few TB.


work gave us google drive accounts with "unlimited" capacity


You'll find out what 'unlimited' means in SaaS speak very, very much sooner than you expect if you tried really to utilize it.


You'd be surprised. Google has a lot of storage lying around, it takes them a while to notice it being used up. I know of at least three people who on the order of petabytes of data on Google Drive.

They took action against one organisation that had multiple 10PB+ users but Google really doesn't seem to care that much about the tertiary institutes giving unlimited GDrive accounts to every data hoarder who pretends to enrol.


Not at 50TB though.


except you can only upload 750GB a day without somewhat workarounds


You can. Create multiple service accounts, add them to the Shared drives and connect the service accounts using Rclone, a CLI tool that allows you to perform I/O operations on multiple cloud storage.

Once a service account reached the limit, switch to another.


"without somewhat workarounds" sometimes I wonder about people.


> The Hacker Who Archived Parler Explains How She Did It (and What Comes Next)

I'm really glad she did that. I'm fine with all this stuff getting taken down, but it really needs to be archived somewhere for historical purposes, to help understand this moment.

Given the kind of media and political impact Trump's tweets from @theRealDonaldTrump have been, I really hope they're archived at NARA along with the @POTUS tweets. They're legit historical primary source documents.


> "I'm fine with all this stuff getting taken down"

I understand this on a visceral level, but I wish more people would look beyond that to the implications for communication on the web. This action by Amazon happens to correspond with what I think is right and just on first iteration, but what principle prevents Amazon from arsing some other group that we agree with?


> what principle prevents Amazon from arsing some other group that we agree with?

Honestly, none. It's their business and they can handle it however they want.

What you can do (and this is exactly what Kolmisoppi was suggesting) is build your platform to work without relying on other people's business.

I'm happy that companies like Amazon don't want to get associated with people who organized a failed coup. That should be the bare minimum. But there is no law which forces you to be hosted on Amazon if you want to be on the Internet. You can self-host. You can buy/rent servers in another country, where what you are doing doesn't have direct consequences which might lead people to want to get away from you. Use the blockchain, use torrent, develop your own P2P protocol. Those people just got locked out from the easy way, something they should have expected to happen (and plan for) since day one.


>build your platform to work without relying on other people's business

You can't although you can, of course, mitigate.

But are you OK with just a PWA on mobile w/o the Apple or Google stores?

And your platform is ultimately dependent on a network connection, probably CDN, domain registrar, DNS, etc. Those are a pretty high bar to get kicked off but you're not immune.

(And, yes, there are things like Tor and jumping around providers if you have a fairly lightweight web site--like most torrents--but that doesn't help you if yo have a site with many TB of data catering to unsophisticated users.)


These huge Internet companies really should be regulated. Last weeks we've seen these companies, Amazon, Google, Facebook, Twitter, Apple act like governing bodies by banning Donald Trump from their platforms and essentially shut down a business (Parlor). This is problematic because these companies have monopolistic power, not only in the US, but also internationally.


Only POTUS can silence POTUS.

POTUS has the biggest bully pulpit in the world. whitehouse.gov, daily press briefing, C-SPAN, etc.

No third party should serve as alternate bully pulpit, allowing a democratically elected leader to speak directly to their audience, bypassing the fourth estate.

I'm not saying Twitter was right to shut down POTUS. I'm saying never should have hosted POTUS in the first place. Further, no leader should be allowed to speak as a private individual.

If Twitter wants to feature POTUS, then let Twitter attend the daily presser along with all the other reporters and journalists.

Everyone is responsible for allowing this undemocratic violation of norms. Social medias are just the one that profited most.


In my opinion the internet was already seriously flawed.

This makes people talk about how they think it should work, not just how it works right now, which I think is exactly what is needed.


> what principle prevents Amazon from arsing some other group that we agree with

Personally I found Amazons response to Parler convincing: https://cdn.arstechnica.net/wp-content/uploads/2021/01/gov.u...

The question is, why should a company in Amazons situation be unable to turn off that service? As in, your question assumes that Amazon turned off Parler out of nowhere for no reason other then "we dont like them". It assumes they did not had documented reasons, documented attempts to convince Parler to comply to TOS etc.

Otherwise said, contract.


> what principle prevents Amazon from arsing some other group that we agree with?

The principle of Amazon not wanting to piss off all of their customers and several government organisations. If you're this tentative about something you explicitly agree is just, then clearly you (and millions of others) are going to react pretty harshly to Amazon unilaterally deciding, e.g., that all mentions of Belgium should get scrubbed from the platform.


>Belgium

I mean, it is the rudest word in the universe.


>> "I'm fine with all this stuff getting taken down"

> I understand this on a visceral level, but I wish more people would look beyond that to the implications for communication on the web. This action by Amazon happens to correspond with what I think is right and just on first iteration, but what principle prevents Amazon from arsing some other group that we agree with?

It's kind of predictable but still disappointing that this was the part of my comment people chose to discuss with a 43-comment thread. It was the least novel and interesting idea in it.

But to your point, there's a lot more "looking beyond" than just that. There also needs to be a lot more looking beyond rather limited fundamentalist views of free speech, which tend to abrogate other fundamental rights and be so short-sighted that they actually bring discredit to the values they try to protect.


The only principal that protects that kind of group is that we agree with it. It’s not much, but it’s something.


If only there were some principle or value that would somehow... allow us to express opinions even if others - even powerful people, or even the majority of people - disagreed with us. Some kind of inalienable right. Hmm. It is a mystery.


You can express opinions all you want, but you’re going to have to do a lot of work in order to justify compelling someone to do business with you after you say something they don’t like.

Like, amazon isn’t actually the basic infrastructure of the internet. You can build web sites and apps without involving them. So why would a law force them to do business with you?


I try not to do business with companies that censor on political grounds. I don't like politics being banned in a professional context, but I slowly see no other solution.

The political alignment of many Parler users isn't a secret and if they decide to measure skulls again, I might be in trouble. Still, I don't see them as a relevant threat at all. It is even more ridiculous as the terrorism scare.

However, the actions of SV social media sites and hosts like Amazon censoring unpopular opinions and content outweigh that danger from neo-nazis by magnitudes. These groups have absolutely no political power in the 21st century. They have more influence than a decade ago, but that is mainly due to their ability to reinforce their prosecution narrative and martyrdom.

On the internet there are calls to violence in any political group, even vegans and cat lovers. We ignore that because they aren't relevant. But if you seriously crack down on cat lovers, you might need to expect real violence.

Either there are rules and principles that are valid for everyone or there are none.

Some say people get influenced by far-right propaganda. Far-right groups think in the same way in that they believe everyone not on their side is an "NPC".

I think Dorsey and Zuckerberg handled it relatively well in the grand scheme of things. Their latest ban attempts were over the top though. I know that some people might need help instead of a Twitter account, but that is beside the point. They set the precedent for countries to suppress their opposition and for state propaganda. I think Uganda is one of the latest examples.


These are Amazon reasons for why they shut down Parler as response to Parler: https://www.courtlistener.com/recap/gov.uscourts.wawd.294664...

The reasons are not "they were too much right wing for us". They had multiple reasons, but it is not that long to read.

> On the internet there are calls to violence in any political group, even vegans and cat lovers. We ignore that because they aren't relevant. But if you seriously crack down on cat lovers, you might need to expect real violence.

And vegans and cat lowers do seriously take them down in their forums when those cross the line. And when they discuss cats and food on reddit and reddit deletes accounts of those who threaten violence, the vegans and cat lowers are happily continue to discuss cats and food.

This is bad analogy.


A vegan parler calling for the execution of meat eaters would be banned just as well, don't you think?


I have seen countless comments from vegans that said meat eaters should be butchered instead of animals. The comments didn't get deleted. An no, I did't want to complain about them, venting is healthy and without victims on the internet.


> I have seen countless comments from vegans that said meat eaters should be butchered instead of animals. The comments didn't get deleted. An no, I did't want to complain about them, venting is healthy and without victims on the internet.

That's the difference between merely saying something, and saying something with the likelihood of actually carrying it out.

Parler would still be around if there not been an mob attack on the capitol connected to it (and no legitimate fears of further mob attacks on inauguration day, etc.) If vegans actually started and organized butchering of meat eaters, I'm pretty sure the forums where they planned such things would get shut down quickly.


I didn't say anything about "forcing Amazon to do business" with me. If that's your solution, it's a non-starter.

I don't have a solution, but Amazon + Apple + Google coordinating to shut down a platform for communication - even a platform that contains expression that I strongly disagree with, I might add - is a problem that requires a solution

This is what I wish more people understood now rather than later, but at some point everyone will understand that it's a problem


If you come up with a good solution, let us know. Until then, I’m happy to support antitrust action against apple/google/amazon/facebook - but for more pressing reasons than the deplatforming of fascists attempting to overthrow a fair and free election.


> more pressing reasons than the deplatforming of fascists

Hint: it's the identical problem to deplatforming BLM or Antifa or Occupy or the Proud Boys or pick anyone you agree with that annoys powerful people. "Having the better politics" will not protect you. "Oh they're just fascists" will not protect your peoples.


But they have been doing that since forever and nobody was complaining. Here's a link to when twitter deleted 125,000 ISIS accounts [1] (and they had been monitoring for islam extremist content for much longer already). So I ask why this uproar now that they are deplatforming fascists?

[1] https://www.theguardian.com/technology/2016/feb/05/twitter-d...


I suspect the difference is more about deplatforming americans than any political view.


Except you need to replace “annoys powerful people” with “storms the seat of our government with intent to overthrow a democratic election result” I’m fine with that being the line for companies to ban a political entity. Amazon and google aren’t randomly banning BLM for protesting in cities.


Essential Utilities are governed in many places by Universal Service Directives ensuring private companies can not willy nilly choose to deny them as they see fit for commercial or other reasons.


I am familiar with that concept. Good luck arguing that aws, google play, or the app store is an essential utility.


Not all that far from it, though, are they?


Personally I'm fine with Google and Amazon doing this. AWS isnt the only web host and you can sideload apps on Android.

Apple on the other hand is a lot more murky due to their lockdown of app installs. I don't believe they should be made to host things they don't agree with but people should not be prevented form installing whatever software they want on their own hardware.

For the record I am a staunch free speech advocate but fully believe that no-one (no-company either) owes you (the royal you) a place to use your free speech on their property.


> I don't have a solution, but Amazon + Apple + Google coordinating to shut down a platform for communication - even a platform that contains expression that I strongly disagree with, I might add - is a problem that requires a solution

Did they actually coordinate [1] or just come to similar conclusions based on similar facts, in the context of the same cultural zeitgeist?

[1] e.g. Bezos, Cook, and Pichai (or subordinates) on a conference call, deciding what to do


I wouldn't describe it as coordination, but I think it's relatively safe to assume that at the very least whichever companies were slowest to react would have had their decision influenced by the earlier actions of other large companies. So there probably is somewhat of a snowball effect there.


Isn’t the solution to avoid cloud computing, stack overflow style?


How long ago was it that the 'cloud' vendors proclaimed/advertised that 'In the old days everyone had their own generator, their own well. Now just like electricity or water, you have computing on tap'. Sounds pretty much like a public utility to me and thus should be regulated as one.


Just because I describe something as essential when trying to sell it to you, doesn’t make it actually essential.

I do believe some level of internet serving access is a public utility. But i doubt that level is cloud hosting.



After reading these beautiful articles I'm sadly wondering if we've already put the golden age behind us.

I will dig a little deeper to support archive.org[1] this year. I'd love to run a mirror.

[1] https://archive.org/donate/


> but what principle prevents Amazon from arsing some other group that we agree with?

Parler had people discussing murdering Congresspeople and didn't do anything about it. No matter which faction of "what level of free speech is acceptable" one subscribes, this is never acceptable and it is no wonder that Parler got booted off.


> this is never acceptable

I want you to understand what I'm about to say. Understand it in your bones: it is unacceptable to me and to you and it is reprehensible; and beliefs that you hold dear will someday, by someone, be seen as unacceptable and reprehensible. To protect the speech of the reprehensible is to protect your own speech. That's what I would like you to understand.

David Goldberger didn't defend the rights of Nazis to march in Skokie because he is a Nazi, but to defend his (and all of our) rights.

https://www.aclu.org/issues/free-speech/rights-protesters/sk...

The people who planned actual murders and crimes must be caught and punished. But if "planning and executing crimes" is the standard by which platforms should be shut down, then Facebook also should be shut down.


> But if “planning and executing crimes” is the standard by which platforms should be shut down

Planning an executing crimes is the standard by which those doing so should be shut down. Ideally, by the actor as close as possible and able to do so with minimal collateral damage.

But a second-order platform that determines a first-order platform is systematically incapable or unwilling to do that does not act improperly in cutting service to the first order platform .


> But if "planning and executing crimes" is the standard by which platforms should be shut down, then Facebook also should be shut down.

That's fine by me tbh


Not all crimes are created equal. It is illegal to use clotheslines to dry clothes in New York City. A protest to remove the law may involve using clotheslines. Would you deplatform for that?

Note, the reason why it is illegal goes back to preventing protesters from hanging up their banners / messages. An act to legally silence opponents.


> To protect the speech of the reprehensible is to protect your own speech. That's what I would like you to understand.

Actually, even in the US there are exceptions - namedly when speech is likely to incite crimes: https://en.wikipedia.org/wiki/Imminent_lawless_action


Indeed! We weren't talking about the 1st Amendment, but let's go where you lead: speech likely to incite imminent lawless action is illegal. Courts decide if that applies. Someday you might say "Politician Y should be hung by his thumbs". Politician Y and friends try to convince a judge that you thereby incite imminent lawless action. Of course, you were just feeling passionate, and no one reasonable would believe that you meant it. Thankfully, due to strong 1A protections, the case would not proceed.

But if you wrote that on a site hosted on AWS, there is nothing in principle from Amazon taking the platform down. Politician Y calls his buddy Jeff Bezos, and fwoomp! Gone. This should be concerning.


Is that what we've learned here?

It seems more likely that we've learned that if I said that quote -- and then I personally tried to hang the politician by his thumbs and got caught because I'm a cartoonish moron. Then, when charged with attempting to hang the politician, I said "I was just joking" even though I had some hanging equipment and I was in a giant mob full of other people all chanting to hang the politician and many of us had guns and anyway I also broke into a locked building to do the hanging -- and then it came out that large swaths of the content on the same site was people making those kinds of threats, and then it came out that the site operators didn't care to remove the threats because they had a moral opposition to moderation, and then it came out that AWS had contacted the site owners many times to implore them to remove other illegal content, and then the site operators, rather than removing the content, gave press interviews where they boasted how they were invincible and didn't care if AWS took them down... then it's probable that AWS would take the content down. And this doesn't concern me at all. Lock me up, in this hypothetical, and lock up the people who enabled me.

I ran a legacy website that once got spammed. My host contacted me because one of the spam things was an ad for a website hosting stolen credit card numbers. They gave me 24 hours to take down the content. This isn't because they're censoring math and they're using their monopoly power to prevent numbers from being posted, it's because stolen credit card numbers, provided for the purposes of credit card fraud, are illegal and they didn't want to do business with me if I wasn't willing to remove the content.

And I also don't see a further problem with using the posture of the site operators + the site itself to make a judgment call about whether the content in question is an aberration or intentional. If someone posted a magnet link of pirated content in Hacker News, I wouldn't presume per se that Hacker News was a piracy website because I can facially see that the site is general purpose, and also because I can see that the site has a general moderation policy that signals it is willing to comply with legal requests. But that doesn't mean that ThePirateBay can credibly argue in court "We had no idea our site was used for piracy, and if you ban us, you have to ban Google, because they crawled us."


> But if you wrote that on a site hosted on AWS, there is nothing in principle from Amazon taking the platform down.

The 1st Amendment (and its European equivalents) usually only bind the government, not private entities.

There is nothing per se preventing you (or Parler) to build their own datacenter or use another hoster - there is no "human right" to be able to use AWS. However, what still remains is that every company has the right to refuse service to an entity that is suspected of criminal activity - and the onus is on Parler to prove they will not serve as a planning platform for criminals.


> But if you wrote that on a site hosted on AWS, there is nothing in principle from Amazon taking the platform down. Politician Y calls his buddy Jeff Bezos, and fwoomp! Gone. This should be concerning.

Why should it be concerning at all? There are a few thousand other hosting providers they can go to.

The slightly stronger argument seems to be that the people making these death threats on Parler should not have been banned from Twitter/FB in the first place. FB/Twitter have far less competition and most of their value is in the network effects they've established.

The tech giants should absolutely be broken up/more heavily regulated, but I think there are much better examples of why than Parler.


> The slightly stronger argument seems to be that the people making these death threats on Parler should not have been banned from Twitter/FB in the first place.

That's not a strong argument at all. Spouting death threats gets you arrested if you do it in public (and someone records it or calls the cops), so it should also lead to a time-limited or permanent ban from social networks.

Social networks are not a free-for-all zone.


> That's not a strong argument at all.

I don't think it's a strong argument either, I just think it's slightly stronger than the one people are trying to use for why AWS should be forced to host Parler.

> Spouting death threats gets you arrested if you do it in public (and someone records it or calls the cops), so it should also lead to a time-limited or permanent ban from social networks.

The argument from people coming out against the moderation of these threats seems to be that FB/Twitter etc. should only remove this content after receiving some sort of court order/government mandate to do so, that they shouldn't "play cop" as it were. Personally this seems like a pretty stupid take.

> Social networks are not a free-for-all zone.

Some people are arguing that the should be, that they should be treated as the equivalent of a modern town square. I don't necessarily agree with this take, but I can see why people might think that way.


> Some people are arguing that the should be, that they should be treated as the equivalent of a modern town square

A modern town square isn't a free-for-all zone either. Try to go and shout "fuck <n-word>" or raise the arm to the Nazi salute in an area where people of color live and you'll be lucky to escape with a minor beating.

Town squares are a form of societal self-preservation too - unruly elements get dealt with, either by the people themselves or by the police.


"Parler had people discussing murdering Congresspeople "

By that criterion we should immediately close down Twitter, Facebook, Reddit, ...


You missed one key difference, moderation, Parler straight up refused to remove these kinds of posts.


Parler just got ejected from the internet. Is it totally unthinkable that they would have adjusted their behaviour and moderated whatever Amazon had told them to if given, say, 2 weeks notice? They probably would have, then transitioned off AWS in an orderly fashion.

I mean, AWS basically took their business under false pretences. AWS wasn't trying to provide them a service, it was trying to kill their company.


Parler knew the terms when they signed the contract and didn't bother to adhere to them. They had months of notice. AWS did wait until Parler became completely toxic to enforce the terms, but they had lots of cause available.


Reddit has banned a lot of toxic communities over the years to avoid negative repercussions: https://en.wikipedia.org/wiki/Controversial_Reddit_communiti...

Same for Facebook and Twitter.

Parler, however, did nothing even as people went and publicly called out criminal acts happening on the platform.


What exactly is the feed Amazon was getting from Parker from that much stuff? Like it needed just as much bandwidth if not more and dedicated boxes for software to run on. It wasnt cheap, or was it?


I don't have a good source on this, but I saw $300,000/month bandied about social media the other week.


> GPS coordinates—unlike most social media sites, Parler does not strip metadata from media its users upload, which, crucially, could be useful for law enforcement

OH SHI-

This is a colossal mess up, on epic proportions.


Due to the people involved, Parler is almost certainly not a honeypot setup by the FBI, CIA, or some other government organization. However some of the details that have leaked out over the last week made me wonder how little of the site would have changed if that was the intended purpose.


Sufficiently advanced incompetence is indistinguishable from malice.


Hah, this is great. If you don't get the references, it's Hanlon's Razor ("Never attribute to malice that which is adequately explained by stupidity") plus Arthur C. Clarke's "3rd law" ("Any sufficiently advanced technology is indistinguishable from magic.")

Apparently it's called Grey's Law: https://www.urbandictionary.com/define.php?term=Grey%27s%20L...


Does that make it a "quotemanteau"?

Wait... Is that a thing? Are there more of these?


I vote for "quotemanteau" to be officially sanctioned! But I would say the specific case is merely a snowclone[0] of "any sufficiently X is indistinguishable from Y"

[0] https://en.wikipedia.org/wiki/Snowclone


It appears to have the properties of both in this case.

That is to say it's a snowclone where the substitutions come from another quote.

I guess quotemanteaus are a special kind of unique snowclone.

You could take "with great power comes great responsibility" and form the snowclone "with great X comes great Y" and then take the quote "the medium is the message" and use those in your snowclone to make the quotemanteau "with a great medium comes a great message"

Hmm... I feel like I should try concoct more of these. They're fun.


Thank you for the explanation.


More like, sufficiently advanced malice is indistinguishable from common incompetence :)


It's pretty well demonstrated that Three Letter Agencies really like enticing idiots people into fantasy situations well above their competency in order to generate terrorism convictions so it's always a possibility even if there's no demonstrable third party malicious action


And in this case there is demonstrable malicious action.


It would probably have been more secure.


this is true "female body inspector" shirt clientele though


they would have required authentication for their api calls if that was the case...

Besides that, probably not much. =)


Indeed. The level of security failure was pretty incredible. They named media serially (So, pics/1.jpg, pics/2.jpg, etc.) and did not have any validation that you were allowed to access what you were grabbing so it was literally as easy as possible to grab everything. Oh, and did I mention that private messages were also fully accessible?


So Gab's strategy (fork Mastodon) looks solid for security but they hit performance issue because Mastodon isn't made for such scale.


Mastodon scales horizontally until PostgreSQL becomes the bottleneck:

https://docs.joinmastodon.org/admin/scaling/


they needed a platform that would not need to scale before the database server becomes a bottleneck


I am convinced this was an inside job. There is simply no way someone can be this incompetent without willful intent.


Ever worked for a startup? This is what "move fast, break things" does.


This happens at established firms as often as startups.


I have but only at competent ones. Nothing this flagrantly bad.


I’ve seen not quite this bad but definitely in the same order of magnitude


I disagree, incompetance is rampant. I worked for a healthcare company who kept it's data at a Dell security center. One of their people ran a SQL script that deleted millions of billing records. They informed us later that they could not recover the data because every 24 hours they were writing over the one backup they kept. We had missed the window by a few hours.


You take shortcuts. Saying you’ll fix it later. Which never happens because you’re busy on the next feature that is riddled with the next set of shortcuts.

It happens.


Let me introduce you to every early stage startup in the world. Plenty of mature companies also have completely abysmal security practices


I wish I could disclose some of the incompetence I’ve encountered to persuade you otherwise. The reason there aren’t breaches like this of nearly all systems isn’t because most systems are better protected, it’s because no one’s interest (or they’re not interested for the purposes of sharing).


You'd be surprised how incompetent people can be when it comes to security. Nothing i have heard so far would really surprise me for a small startup with very rapid growth.


A career in looking at the guts of companies later I can assure that is very much possible.


A mess up if you intended to protect your users...


A different take on Parler's connection (or not) to the events of 6 Jan 2021:

https://web.archive.org/web/20210112145206/https://greenwald...


That's just, like, his opinion man.

Let's see what comes out of this data dump before getting too sanguine about loss of "free speech".


> "free speech".

On this topic, I've seen reports on Twitter and Reddit of people who don't fit Parler's "prescribed worldview" being banned.

Not so free after all.


How much free speech do you have on this site? Why don't you try agitating for violence here and see what happens.

After all, it's just speech right?


I would expect to be flagged, and then banned, and rightfully so.

I was just pointing out that Parler is nowhere near as "free" as it claims to be.


I misread your comment, my apologies.


free speech is a human right, but it's limited (in the declaration of human rights, maybe read it?!) to things that dont hurt public peace, that dont negatively impact someone else's rights, etc.


To be clear, I am not defending Parler, at all.

I was actually condemning them for not even living up to the standards they claim to profess, in addition to their other issues.


I got that now, I misunderstood you, apologies. I was just really excited to share this knowledge!


Fair enough, it's a pretty cool, not very well known piece of info!


Didn't they recently take down Trump affiliate Lin Wood's post about executing Pence?


[flagged]


I gotta say I read your comment and I immediately knew whose byline would be on the other side and I wish I could say I was wrong.


Would you mind expanding on this? Something in this article prompted you to write this, but I honestly don't see what. Can you explain it like I'm 5?


Which of the things he said are you asserting are inaccurate?


I personally don't find their ability to remain online that surprising.

The Pirate Bay and other torrent networks were built by people with a passion for building, maintaining and hacking things. People who, even without a solid CS background, would spend hours a day learning new things, developing distributed protocols, evading DNS blocks and hosting their content wherever they could to make it accessible - included the small server in their own garage if needed. And they are used by people who don't mind learning a new protocol or how to use a new client to get the content they want.

I don't see the same amount of passion for technology and hacking among the Parler users, nor its maintainers. Those who believe in conspiracy content are people characterized by a psychological tendency to take shortcuts whenever they can in order to minimize their efforts in learning and understanding new things. So when the first blocker hits they usually can't see alternative solutions, because it's not the way their brains are wired. They always expect somebody else to come up with solutions for them, and they always blame somebody else when the solution won't come. And even if they decided to migrate their content to the dark web or on a Tor network, not many people will follow them - both because they don't have the skills, and because they don't want to acquire those skills. Plus, they'd lose the "viral network effect" that they get when posting click-bait content on public networks, the new censorship-proof network will only attract a small bunch of already radicalized people.

And even if they wanted to hire some smart engineers to do the job for them, we all know that engineers tend to swing on the other opposite of the ideological spectrum. Those who have built systems for escaping REAL authoritarian censorship would rightfully feel disgusted if asked to apply their knowledge to provide a safe harbour for rednecks to vomit their conspiracy-theories-fueled hate.


> And even if they wanted to hire some smart engineers to do the job for them, we all know that engineers tend to swing on the other opposite of the ideological spectrum. Those who have built systems for escaping REAL authoritarian censorship would rightfully feel disgusted if asked to apply their knowledge to provide a safe harbour for rednecks to vomit their conspiracy-theories-fueled hate.

I'm not sure this is true. This seems to imply that nations which have copyright law are imposing authoritarian censorship on their citizens. This doesn't seem to be a pervasive idea, at least in the US.

There are proponents of information freedom who oppose copyright law. It's not clear to me that this group would oppose Parler, and in fact many I've spoken to believe they should be free to exist without censorship.

But - I am not sure they want to be associated with Parler either, out of concern for their reputation.


>This seems to imply that nations which have copyright law are imposing authoritarian censorship on their citizens.

This is exactly the point of most anti-copyright parties.


I see no contradiction.


> The Pirate Bay and other torrent networks were built by people with a passion for building

Also by people who know that what they were doing was straight-up illegal in a lot of countries, and grey-area in a lot of others. So this was a real risk.

Parler on the other hand, at its core was just a social network, and if you look at the founders/owners, they have a very disconnected interpretation of "free speech", so they were clearly thinking nothing bad could happen.


[flagged]


That saying “hey, let’s violently overthrow the government” isn’t a class of protected speech.


And also, they are being thrown off the platforms of private companies, not being censored by the government, so it's actually not a free speech issue at all.


> And even if they wanted to hire some smart engineers to do the job for them, we all know that engineers tend to swing on the other opposite of the ideological spectrum.

Do we all really know that? Some very good technical people don't have particularly strong political views or keep them separate from their job. Example: lots of ordinary devs helped build porn sites.


As a dev I feel that building a platform to share conspiracy-fueled hate is way more immoral and damaging than building a platform to host porn content. At least porn doesn't harm anybody - except maybe your hand :)


Did you read the recent NY Times pieces on PornHub?

The Children of Pornhub https://nyti.ms/33DMObR

An Uplifting Update, on the Terrible World of Pornhub https://nyti.ms/2W1aB1b


> Those who believe in conspiracy content are people characterized by a psychological tendency to take shortcuts whenever they can in order to minimize their efforts in learning and understanding new things

I dont think it is that simple. I remember reading finding that smart highly intelligent people are more attracted to conspiracy theories. The complexity of those theories and details those rely on attract them.

Also, I may be wrong here, but I remember reading that Parler was funded by some pretty rich people. If that is true, they should be able to pay for tech know how.


There is definitely a correlation between lazy thinking and believing in conspiracy theories. Mainly because conspiracy theories do not lend themselves to rigorous inquiry, almost by definition.

This is different than "intelligence." It's more about effort and rigor in thinking. It's the quality of the thought, and the willingness to question your own assumptions. And a willingness to recognize the limits of your own knowledge and understanding.


I'd be interested on information on that and how it was performed. Ive found that many of successful people who talk about conspiracies tend to be self serving. Like that Texas lawyer that brought a case of election fraud, likely to catch attention of Trump to pardon him due to his own legal problems. Others as a scaremongering technique to influence politics.

The only ones that seem to believe in them are those clearly unhinged (McAfee comes straight to mind although his seems self serving too).


A study recently published on Scientific American seems to prove that left-leaning people tend to have more gray matter in the pre-frontal cortex (i.e. the area of the brain involved in complex planning, understanding of new things and pattern detection), wwhile right-leaning people tend to have more gray matter in the amygdala (the area of the brain responsible for spotting potential danger and refuse something new if it may pose a risk to survival): https://www.scientificamerican.com/article/conservative-and-....

If that's true, and if indeed conservatives are much more likely to believe in conspiracy theories (http://www.scientificamerican.com/article/information-overlo... in conspiracy theories), then the opposite of what you state may indeed be true

Keep un mind that before a conspiracy theory turns into the perverse mind-twist of a complex theory like QAnon it ALWAYS start simple, and always simpler than reality actually looks like. It can always summarized with "those guys want to harm you, so don't even bother to look further, the explanation is easy": pure and total amygdala stimulation. Then, when they are contradicted by evidence, they put up more and more complex twists to mitigate the arise of cognitive dissonance in its followers ("I know that it looks like things don't make much sense, but you know, you have to follow the crumbs, or keep in mind that Trump is talking to you in Morse code" etc.)


There is no political profile for CS engineers.

The founder's motto was literally "Hack the planet"...

Indeed, that's not to be compared with TPB enthusiast's taste for hack and passion for CS things, but don't underestimate "right wing" techies...


I got the sense while crawling data from their API that the engineering quality is poor at Parler. Dates were represented as strings in "YYYYMMDD" format (so today would be "20210113053923") instead of UNIX timestamps, certain fields were duplicated for no reason (e.g. every object would have an identical "id" and "_id" key), counts of impressions/comments/etc would be the display strings rather than raw numbers (so "2k" or "5m"), and various moderation flags were in place like a boolean "sensitive" which was always false, even for posts that had been downvoted significantly.


Dates were represented as strings in "YYYYMMDD" format (so today would be "20210113053923") instead of UNIX timestamps

Such a representation naturally avoids the Y2K38 problem, and could go beyond Y10K. It's traditional in Windows and DOS (neither of which have the Y2K38 problem) to store timestamps as a structure of fields.

The other things you noted I agree with, however.


If they're using a javascript 53bit int representation for the seconds (or an int64_t cast down to a javascript big int) then it's a Y142711K problem, by which point the Imperium of Mankind will hopefully have settled on a more robust format.


The tech-priests will have lost the ability to fix it.


That's how we ended up with the 2038 problem!


I expect Slaanesh and friends will manage to sabotage that somehow.


You can also instantly read them which makes troubleshooting easier. I mean sure, if your shit is too slow maybe switch to less text in release mode but YAGNI.


Well, assuming they're storing the strings as ASCII, that's 98 bits - the y2k38 problem is for 32 bit integers, so a 64 bit integer would be way, way more than needed for human needs for foreseeable generations.


Doesn't seem to me like Parler will have to worry about Y2K38...


A timestamp is a timestamp. It isn't a date. If you need a date, use a proper date/time data type.


All timestamps have to start somewhere. If you want to avoid DST changes and leap seconds, you can use MJD, TAI or GPS time instead of UTC, but you might as well format it nicely so that you can see roughly at what (civil) date something happened.


ISO 8601 is a good one.


Nice that makes sense. I was unaware and found it strange when I plugged it into JavaScript's Date constructor and got an "Invalid Date" error.


This.

Plus, it's unambiguously human readable, for users, bystanders, platform developers, everyone. There's a useful usability principle in there.


Of all the things to criticise Parler's tech folks over, using ISO8601 (minus the non-digit characters) shouldn't be one.


Is ISO8601 without punctuation still ISO8601? Most log parsers I have seen would not pick up the Parker format. ex gr

https://docs.python.org/3/library/datetime.html#datetime.dat...

https://github.com/elastic/logstash/blob/v1.4.2/patterns/gro...


Yes... kind of. Per https://en.wikipedia.org/wiki/ISO_8601, there is a "basic format" without separators and an "extended format" that includes them for readability. However, a T is still required to separate the date and time in the most recent version of the standard.


ISO 8601 is pretty absurd when you actually read it. `2021-W02` and `--01-14` are valid, as is `--1013` (quick! guess what that means! and beware that `-1013` is valid too!)

Please, everyone, use a single format at all times in your systems. I don't really care what it is, though I'm fond of `2021-01-14T06:28:08Z` because it's unambiguous. But don't just say "use ISO 8601", it's far too vague and you'll inevitably have variations.


Without having read the spec...

* `2021-W02` means the second (ISO) week of 2021. Perfectly valid and used in a lot of planning.

* `--01-14` - I'm assuming this is a recurring date: every 14 Jan for every year

* `--1013` - at 1PM every 10th of the month? Guessing here

I believe ISO 8601 is a ISO codification of a DIN standard, and based on other standards processes I'm guessing some German manufacturing companies were the only ones who bothered showing up, so their internal software practices were encoded into the spec because no-one else cared..


That is such a common problem when standardizing, I've started to force my clients to have at least one person of each entity in project teams.

Often the biggest entity will end up accidentally forcing their practices, sometimes sub-optimal, to entire organizations, simply by having the manpower to show up to meetings.


Edit `--1013` is 13 Oct in any year: https://en.wikipedia.org/wiki/ISO_8601#Truncated_representat...

(`--01-14` is Jan 14 in any year, the last dash is "optional").

The "duration" (`P`) and "repetition" (`R`) syntax is also pretty wild.


RFC 3339 is a profile of ISO 8601 that is much more limited but still provides the timestamp format everybody expects when you say “ISO 8601”:

https://tools.ietf.org/html/rfc3339


Indeed, what you really want to say is "use RFC3339" (https://www.ietf.org/rfc/rfc3339.txt)


IDK the issue OP saw with using ISO over UNIX timestamps, but one reason why you might want accuracy down to the second for dates is with providing accurate relative time/date across timezones.


I think the display strings thing is because exact number of impressions etc is slightly sensitive information. The whole site was "gamed" from the start, but providing exact vote counts makes it easier for other people to game. I guess. Don't really know, but I do believe that the numbers given by reddit, for example, are exact, but fake. Fuzzed a bit. HN also hides some of this, or behaves misleadingly, your downvotes don't always count, I think.


They would display numbers less than 1000 as-is, and only start adding the "k" and "m" prefix after the 4-digit and 7-digit threshold was crossed.


But how could they maintain an accurate count? Maybe they were just persisting the user-friendly format alongside the actual count...


The endpoint of the API is probably just rounding the accurate number and returning a friendly number... or it's all bullshit anyway.


If I remember correctly mongo stores the id in “_id” and has a getter for “id” so maybe they just iterated all the keys of the model when they stringified their output


Elasticsearch, too. In either case, it looks like they're just piping raw backend responses to the API endpoint without removing unnecessary fields.


Yep, that's an indication of Elasticsearch being used (and not transforming documents to a standard representation that strips such fields).


It seems like they basically just exposed a lot of data directly, as apparently most of their APIs didn’t enforce any authentication or hide records that had been soft deleted.

Apparently the records were strictly sequential, which I don’t believe is true for Mongo which IIRC includes the node ID in part of it.


One big advantage of using string representations of dates is avoiding misunderstood timezone calculations that may or may not occur at various layers of the backend stack. The downside of course is storage space.


I think most JSON libraries encode dates in something that's closer to what Parler is doing than when you think is correct (e.g, using ISO 8601 or something)

I could see the argument for representing impressions as a string (especially if it's updated asynchronously and denormalized like that). The major downside is localization.


"We don't condone gun violence. We believe that the world needs less guns, not more of them. We believe however that these prints will stay on the internets regardless of blocks and censorship, since that's how the internets works. If there's a lunatic out there who wants to print guns to kill people, he or she will do it. With or without TPB. Better to have these prints out in the open internets (TPB) and up for peer review (the comment threads), than semi hidden in the darker parts of the internet."

-The Pirate Bay

https://thepiratebay10.org/torrent/28522986/Liberator_-_Firs...


Seems reasonable to me! If your reason for existing is that "information wants to be free" but then you start making exceptions when it conflicts with your politics, people might think your real political philosophy is "pop music wants to be free."


TPB never supported absolute free speech. I can't find it now, but they used to have a section of their site where they posted responses to media company lawyers, and they basically said they wouldn't take down anything except child porn. I'm not sure if the rules have changed in the years since.


CP is one of the very few things where mere possession is illegal. It makes sense that TPB, which is mainly against copyright and IP, would not allow it.


With CP it's also that making distribution harder might disincentivise the creation of the material, so removing it everywhere could have the very real effect of saving actual children.

This might be a bit of a naive view on things, considering how some forms of content will always find ways of spreading, but it's still a very strong point to argue that it's different from content like 3D-printable pistol schematics.


It's not a strong point because you can make exactly the same argument for anything else you'd like to ban, including printable pistol schematics, anarchist cookbooks, terrorist propaganda, and so on. It's a cheap truism to say that if something is easily available this will make it more likely for people to become interested in it, will make certain people more inclined towards it, may create a market for it, and so on, than if the same thing was hard to find or not available at all. Yes, probably it will.


Who gets hurt in the process of making pistol schematics? Or in the making of terrorist propaganda?

The hard difference is: With CP, harm is done in the process of creating the material. With most other things, harm could potentially be done as a result of the content.


That wasn't your argument, though. There is no doubt that the production of CP is and should be illegal, as it involves child abuse. However, your original argument was about the possession of CP. There is a standard argument against the claim that this is a victimless crime, and that is that the children abused are harmed by the distribution of pictures that show them. I find that argument to some extent convincing, but not yours.


That is quite literally what I said though.


No, you suggested that the harm caused in the production is a reason for criminalizing possession, which is what I disagree with. I accept other reasons in this case, but not this one. Which of these positions you endorse has far-reaching consequences for the moral and legal evaluation.

It's similar with the "war on drugs" or when you want to evaluate the morality of your sneakers and clothes. Should possession of the drugs be illegal because people were harmed in their production (by e.g. drug cartels), should possession of the clothes be illegal because they were produced with child labour? I don't think so.

Edit: To make this clear, I merely replied again to clarify the difference not because I think there is a huge disagreement. This is obviously an unpleasant and contentious topic and I very much hope I don't come across as a CP apologist - I'm not, for the other reason I've mentioned.


Where did I ever imply anything should be criminalized or not?

My point is: There's a clear distinction between material that inherently causes harm in its creation and content that may lead to harm in some way.

Your extension to drugs or clothing only partially makes sense, as those can be produced without causing harm to or exploiting anybody. I view it as more similar to (knowingly) buying stolen goods.


I see your point now. That makes sense to me. Thanks for taking the patience to explain your view in detail!


> possession is illegal

AFAIK this is not an absolute, global truth. IANAL, but I do know the stance on CP (e.g. anime, ages of wedding, written-Lolita- etc differ per region. Legal and cultural).

In many countries, possession of certain books is illegal. Possession of blueprints of weapons is illegal and so on.

Point being: banning CP is still a moral choice, made by the operators of the site, not some absolute, global common baseline.


Or, more charitably: your stance on information and freedom simply isn’t absolutist.


Or more accurately is they agree on the idea of censorship. That censorship has value to them.


If you don’t mind when platforms get rid of spam, child porn, normal porn, doxxing, death threats, ISIS recruitment videos or assassination contracts, then guess what: censorship has value to you, too.


Maybe misogynistic metal and rap music too? Maybe violent music and movies and video games...

Why stop, we’re on a roll

Very likely the World would be a better place if we only had happy music, happy movies, happy art. No angry art. No angry expression.


So to be clear, you're opposed to platforms removing any of those things? Child pornography and spam should remain up? If someone doxxes you, platforms should just leave it?


No, we have legal and moral obligations when there are immediate dangers and harm.

Simple expressions are different.

Look, I wish the world were pure and good. That no one had ill intent. But we know that we cannot have good things because a very small fraction of a percentage are bad people.

I don’t like having very bad people destroying freedom for everyone else.

I believe people have a right to express unpopular even odious opinions as long as there is no threat to body and life.

Unfortunately online media like Twitter give people psychological distance as well as augment the audience for kooks.

I’m resigned to believing there is no solution to this dilemma because psychopaths will ruin it for honest but brutal dissenters as well as run of the mill dissenters.


That's absolutely a fair position to take. But you have to realize that it's moving the goalposts from your original one, which was that anything short of free speech absolutism is "censorship".

Discussions like this are frustrating, because one side frames it as though they're defending free speech from the insidious censors — except it's painfully obvious that if you push them enough, they'll admit that yes, there is some speech they're fine getting rid of. It takes a ton of effort to get back to that baseline, and the actual conversation about acceptable speech never happens.

Because if you don't support literal free speech absolutism — with child porn, spam, et al. — then you have to draw a line somewhere. By definition. And we can debate where that line should be drawn, but the debate is still between people who agree on the principle that some speech is unacceptable. Not between Team Freedom and Team Censorship.


Absolutist free speech is the _ideal_, but we don't live in an ideal world. There are bad people.

That said, unilateral one-sided censorship is not okay. It's like Red Scare Hollywood.

My point a few rungs up was that there are many other forms of expression that are notoriously violent and misogynistic but don't get flagged by these same companies. I'm not saying I want that but I'm pointing out insistencies. Doxxing is another. It's very inconsistent how that is handled.


Free speech absolutism as an ideal doesn't make sense. The whole reason the notion of free speech exists is that people should be able to say things that other people don't like. Saying that we'd be able to have free speech absolutism if only people didn't say or do X is just "X is unacceptable speech" in disguise. If you exclude "bad" speech, freedom of speech is easy!

This thread originated with a comment saying it would be ideologically inconsistent for Pirate Bay's mantra to be "information wants to be free" and still remove schematics for 3D printing guns. My point was that a non-absolutist free speech stance is not inherently contradictory.

I'm not really interested in a full-throated debate about tech giants' moderation policies right now. But since you seem to think the censorship is unilateral and one-sided, I'd invite you to search through Twitter histories and see who was speaking out about FOSTA-SESTA, or Tumblr's NSFW ban. You'll find it was opposed mostly by libertarians and leftists — while the conservatives now wailing about censorship (and, in fairness, corporate liberals) didn't make a peep.


While what you're saying is completely true, and I've been trying to get this point accross online many times, it is still concerning to me that the same philosophical literature that argues for hate speech to be limited also suggest that porn should be too. There are also arguments that there shouldn't be a constitutional right to freedom of speech at all. If these arguments are convincing, the only line of defense against them is the argument that the state (and/or the population in general) cannot be trusted to make any further restrictions - and I think that's a good argument. Similarly, in countries where speech is more limited, we can point out problems of those limitations; I think it is not a fallacy to suggest there is a slippery slope - especially in the case of governments that serve capital, be they conservative or liberal.

I'm very skeptical of the benefits of free speech. I don't think the arguments along the lines of free speech promoting truth or being beneficial to political discourse or allowing 'bad ideas' in the open to be 'disinfected' with debate are valid. But I'm even more skeptical of the state, and I do not trust it to use evidence-based methodologies. I've completely lost all faith in the whole political spectrum, particularly the left-anarchists who promote governmental and corporate censorship.


I'm not sure absolutist free speech is an ideal. Would it be ok to post private pictures taken without consent of an individual? I don't ever see that being ideal. Also 'speech' can cover a lot of things. If I make a 'speech' where I suggest that someone could perform a violent act and get financially rewarded for it - I'm clearly doing something wrong that needs to be stopped.


>No, we have legal and moral obligations when there are immediate dangers and harm.

Piratebay exists largely to circumvent the law. They therefore can't really use the law as a guideline for what to censor. They have to make active choices of what illegal content is allowed and what isn't.


IIRC when pirate bay was founded what they did was not against the law in Sweden. It was only after immense pressure from the US that it became illegal.


Platforms set the policies to fit the communities they want to build.

Twitter allows porn, YouTube, TikTok and Facebook do not

Newspaper comment sections will often moderate the word "fuck", while Facebook, YouTube and other will not

There are hundreds of dials you can tune in terms of moderation to adjust to fit the community you want to build. Apparently the Facebook moderation guide is 300+ pages long.

Parler isn't a "free speech platform" - they pretty much have a ban on porn. You'll find that most other "free speech" platforms also have hard limits (usually _stricter_ than what Twitter allow).

Try going onto thedonald and post one of the photos of Trump with Epstein, or Parler with porn, or Gab and curse Jesus[0] in a reply and see what happens

They're not free speech platforms, they're _their_ speech platforms. They have built the ultimate safe spaces for some of the worst online communities.

[0] Gab's own ToS refers to their discretion in removing content and a "God given right" https://gab.com/about/tos


You write this as a hypothetical but this exact discussion has played out on torrent sites focused on music.


Free Speech isn't a thing that applies to Internet companies, only the government and how they must deal with people who wish to speak in public forums.

Internet providers and services aren't "public forums" given their infrastructure is not a public space, but a private space they control. Whether or not someone thinks these services are "censoring" things or not isn't a real argument, again for the reason it must be a ruling authority that violates law by removing a person's speech from a given area or location, which then is censorship.

A company can't censor someone who is on their platform given the platform is owned, not ruled.


Free speech is a cultural value and a philosophy it, can apply to anyone and everyone. The first amendment of the US constitution protects the people from politicians and bureaucrats.

Just because it’s done by a private party doesn’t mean it’s not censorship.

https://www.youtube.com/watch?v=z4t6zNZ-b0A


So does that mean if I am hosting a dinner at my home on my own private property and someone starts spewing hate at people I have to let him because it's his free speech? No, I'm kicking that asshole off my property and banning him from returning.

It's the same for these tech companies. They are private companies and if you break their ToS for inciting violence or posting illegal shit then they have the right to ban you. You have freedom of speech, not freedom of consequences.


> So does that mean if I am hosting a dinner at my home on my own private property and someone starts spewing hate at people

Well, if that "private property home" is the only place where people in your surroundings can get something to eat; and if that someone "spew at others" but says something vile quietly to his friends, so that only people actively listening in on the conversation hear it, then - maybe you should not be able to police what that person says.


Again, free speech isn't a legal thing that is a right to an individual in all settings. It is baked into the constitution, but that has zero to do with dinner parties and more to how government can act when dealing with people speaking their minds.


This is a very thorny issue and my own personal views don't matter, but the views of others are indeed interesting. I was listening to an episode of The Taylor Report[0] and he was saying that no corporate platform should block speech based on its moral compass. He noted that while Twitter flagged Trump's tweets regarding the Capitol Hill protest as inciting violence, Twitter didn't flag Trump's tweets threatening nuclear violence against Iran and North Korea as incitements to violence.

[0] https://ciut.fm/shows/the-taylor-report/


Oh I agree that corporations shouldn't be able to block speech but right now constitutionally they can so what we really need is a change to the constitution. Those laws were written hundreds of years and meant to change with the times.


Your home is not infrastructure. Internet service, banking and online payments are infrastructure just like water, gas and electricity and companies shouldn't have the right to cut you off on ideological grounds or because your spew out so called hate speech.

Note I said internet service not a subscription to a social media service. Your internet provider may decline to provide you with email, hell the may even decline you to provide with you with DNS, but they sure as well can't refuse to route your packets or accept incoming connections.

Apple and Google were within their rights to cut off access to the App store, but Amazon were in the wrong because they are an infrastructure company. At the very least they were obliged to allow Parler enough time to transfer to new providers.


> gas and electricity and companies shouldn't have the right to cut you off on ideological grounds or because your spew out so called hate speech

All of us here in the US are entitled and reserve the right to do business with whom we want as long as it doesn't violate discrimination laws, which focus on race, religion and things like that - not opinion about whether there are lizard people ruling the government or that an election was "stolen" because a few people made up some good stories about it but there is no actual proof that can be viewed in person...at all.


Wrong again. Infrastructure for the most part depends on govt licensing and lends it self to monopolies or oligopolies.

When those oligopolies act in concert or along the same ideological lines what options do you have?

E.g. the authorities can seize cash from you as has happened to store owners who went to deposit it at the bank. If every bank refuses to serve you which you claim to be their right, then why do you have laws which to criminalize cash holdings if that forces you to withdraw your cash from them and hold it in the street or at your home?

One cannot criminalize large cash holdings arising from cash payments which is okay with many people while at the same time giving banks the right to deny service.


There is one electric company that serves my apartment. If I get cut off, I don’t get electricity.

On the other hand, there are a thousand different cloud providers; surely at least one would have taken Parler on as a customer. And even failing that, it’s much easier for Parler to run their own servers than it is for me to run my own power plant.


Yes but they can only cut if you off for non payment, they can't cut you of for your political views. They can't even cut you off if you use your electricity to commit crimes.


Yes, because they’re a regulated monopoly. There are quite literally zero other ways to make electricity come out of my wall sockets. That’s not the case with AWS.


FYI thepiratebay.org works too. They point to different IPs though. Are different people hosting the same synced software now? I haven't been following developments.


I'm surprised TPB hasn't been hit with the same legal problems as codeisfreespeech.com, DefDist, etc


good for them. civil rights must be defended


I wonder if that torrent is a honeypot


In contrast, Gab actually owns their own ASN and announces their own routes[1]. Much harder to deplatform. I'd expect no less from a YC alum!

[1] https://bgp.he.net/AS42651


They're only advertising to one peer. It's possible they have other peering arrangements in place they're not advertising to. Or maybe they're single homed. They also only have a single IPv4 /24 from ARIN. No IPv6. Not terribly robust or impressive.

I've never used Gab or looked at their infrastructure before. A quick look shows they're behind Cloudflare. No clue where they're actually hosted or what the infra looks like but I wouldn't be surprised if they just snatched up this /24 "because they could" and are just sitting on it.

I doubt this is where their backend actually is. Single homed isn't a great idea in the first place and if HE pulls the plug they're lights out until they can get new peering arrangements in place - which usually isn't a quick process in the best of times.


You're right that the single peer is a concern. Maybe they have others that are hidden for now, like you said?

I don't think they need more than a few IP addresses since most of their hardware could sit on a private network with only a single load balancer visible from the Internet. Also, a small ASN doesn't really need IPv6 compatibility to function, and won't for many years to come.

Since they're still using Cloudflare, it looks like multiple layers of defense. When Cloudflare eventually bans them, people will realize that it was only pointing to their own ASN and no one knows which datacenter it's in. The single peer with HE doesn't actually mean they're in an HE datacenter.


Ideally, for redundancy, you'd run in more than one datacenter. That's hard to do with only one /24; most networks won't take BGP advertisements more specific than /24, so you can't easily run half your ips at each DC. Maybe HE allows it for transit customers, but it makes the routing messier.

They could be doing anycast, but that's pretty sophisticated. They could also only advertise the /24 from one DC at a time, but that's error prone. Or maybe advertise from both and forward to the live DC over a private link/VPN.

I do see in Octoberish, they were peering with a second network, and they have second network in their IRR records. Could just be so they can use one of the DDoS filter companies that advertises your netblock, and sends you clean traffic. Can't do that (easily) if you get IPs from your transit provider and it's not a service they support.


You can still have redundancy. Basically active + backup config, where the other datacenter takes over and announces the /24 if the active goes down. They could certainly be utilizing "oob" IP connectivity to coordinate failover instead of using their own IP space.


Disclaimer: I haven't worked with IP transit in five years so this could very well be dated.

A single peer and a single IPv4 /24 (to me, at least) kind of tells the story of "Hey this might come in handy, costs a couple hundred dollars, and is just a couple of applications to fill out. Might as well." as opposed to something that's actually running in production.

While there is more autonomy with your own ASN and the resulting infrastructure there's also the obvious and required information leakage that comes as a result. Compared to being able to hide everything behind billions of essentially ephemeral addresses inside of a Cloudflare, AWS, etc at best (worst?) they've got a maximum of 256 easily discovered static IP addresses that Anonymous or any other DDoSer can readily point their bots at to obliterate.

I'm not familiar with DDoS mitigation equipment or products that HE has in place but I doubt they'd be able to as smoothly or economically absorb some of the large targeted attacks we've seen pointed at Google, AWS, Cloudflare, etc.

If Gab does decide to start multi-homing they would then need to coordinate DDoS mitigation across multiple providers and/or utilize some of the products from companies that specialize in layer 3+ DDoS scrubbing and clean return. This is all because anyone can just go grab all of their current IPs from the latest route announcement and bury them in anything from layer 3 to 7.

It gets very complicated and very expensive very quickly compared to how fast, cheap, and easy hiding your HTTPS stuff behind a CDN is. That's why everyone just does that.

If they're using their own ASN which transit providers they have and which datacenters they're in doesn't matter - all of their routes would be publicly announced and any reasonably competent attacker would configure their tool to pull the most recent route announcements from any number of looking glasses and update the bots. The internet will do what it does and happily route the legitimate and illegitimate traffic to any number of providers and datacenters worldwide.

At their (apparent) size and scale using their own IPs and their own ASN (both under their own corporate name) completely defeats the purpose of using a CDN, load balancer, DDoS mitigation service, etc and just doesn't make any sense.

To your point: on the modern Internet if you're banned from Cloudflare, Amazon, Google, and Azure (maybe a few others) even IF you can get hosted somehow/somewhere your next concern is going to be a DDoS. From what I know anyone large enough to handle a modern day DDoS probably won't do business with you either -or- will happily forward you a massive (six figures, easily) per-incident invoice and then probably give you the boot anyway.

I don't have any personal experience hosting controversial web properties but there are some HUGE technical, social, and political differences between The Pirate Bay and Gab, Parler, etc that the article fails to address.

EDIT: Above I describe receiving a per-attack invoice with DDoS mitigation companies. That's not actually how it works. I could get into it further but those costs are a rough ballpark.


I know Gab uses this domain registrar and hosting company called Epik but no clue how exactly how much of Gab's infra is handled by Epik.

https://en.wikipedia.org/wiki/Epik_(company)

https://www.epik.com


I set up an account this evening and it’s unusable due to loading times. They’ve added 1.7m in 4 days which may explain it. Be interesting to see how long it takes them to scale


I've been impressed by Gab


What puts me off Gab and Parler is that the vast majority are those alienated or banned from other platforms for the same reason, for the most part they all think the same way and the topic of conversation is almost exclusively political. Gab has some interesting groups which slightly mitigates this.


Gab is #537 highest traffic website in the US, up from #647 yesterday.

https://www.alexa.com/siteinfo/gab.com#section_traffic

I agree with you about the political agitation but I would say its becoming less of an issue on Gab. Parler was quite toxic. However, I prefer MSN messenger style chatrooms, so I use Telegram mostly which has now reached 500 million daily active users.

These platforms aren't just filled with people banned from facebook anymore, and will become less political as time goes on


It used to be that Parler was clean-ish and Gab was "problematic". Interesting that you think this swapped.


parler is owned by partisan media personalities such as dan bongino now. gab is political, but more so in terms of ideas and values. parler is explicitly, aggressively, partisan political from what i can see. I don't use either platform


I’m not as optimistic as your last prediction, unless Twitter and facebook start eating their own and that Sparks a more diverse range of points of view coming on board. I also think that in terms of interests, people joining these platforms will always have politics as number 1


If they get large quantities of Gen-X and baby boomers to move from FB to Gab, I think that will kill FB.

When they open up digital marketing on a platform thats less saturated, that will be the real test though. If Gab can do digital marketing decently corporations will start paying them money and stop criticising them so openly.


Scott Alexander put it well in Neutral vs. Conservative[1]:

"if you’re against witch-hunts, and you promise to found your own little utopian community where witch-hunts will never happen, your new society will end up consisting of approximately three principled civil libertarians and seven zillion witches."

[1] https://slatestarcodex.com/2017/05/01/neutral-vs-conservativ...


This piece may be the single most intelligent thing I have read all week (though this perhaps does not speak well of my usual information sources...). :)

I feel like one of the defects in most of our discourse these days (from any position, on any subject) is an almost complete disregard for trying to understand opposing views (and even a lack of concern that ones assumptions about the opposition might not be entirely correct).


Why? Seems like the level of discussion is not all that far away from the level on Parler.


Or on Twitter, or facebook

Curiosity, exchange of views, diversifying the news and information I’m exposed to, follow some people I am interested in hearing from, respect for censorship stance. These are the first that spring to mind


They had to do that because they got kicked off of everywhere else.

And sadly Andrew Torba was kicked out of YC because of his politics (however YC tries to spin it).


No big deal to run your own ASN, especially when your provider only has two companies advertising upstream. Both of those companies are providing Epik their network.

Epik runs a wide variety of hate filled content purveyors. Wouldn't be a horribly difficult thing to advertise their routes on BGP and black hole their asses.

I remember this happening by accident to Cox Cable.


But sad to think that YC spawned someone like him as well.


Parler decided not to buy their own hardware and rent their own rack space. Plenty of other unpopular websites have figured it out.


You don't even need to do that. The actual key to running an extremist / subversive / hate / unpopular website is NOT connecting the site to any in-person activities. As long as your website is just some text floating out there in the network there is a lot of wiggle room. Sure, companies like Google or WordPress will ban you if they don't like you, but you can still get service from Cloudflare, major web hosts, or domain registration without jumping through a bunch of hoops.


Tbf, I don't think Parler ever saw itself as extremist. Obviously it was used by extremists, but as I've seen mentioned in other threads lately: When you create an alternative platform from the mainstream, the people who join it are either idealists, or are the people who were banned from the mainstream platforms. And if you don't have the resources to moderate those extremists (or foolishly choose not to), the extremists take over.


I do not know if it was the original intention of the founders, but you can't ignore that the people who are/were funding it are influential far-right figures.


When you say "far-right" I think you mean "moderate conservative."


The Mercers??! Rebecca Mercer?


Ok, so to you, it seems obvious and accepted that Rebecca Mercer is far-right.

However, traditionally, the terms "far-right" and "far-left" have been reserved for people who believe violent government coup is a legitimate means to an end.

And lately, people have taken to calling more moderate conservatives "far-right" and "nazis" as a way to delegitimize their opinions, and make them sound beyond-the-pale.


Ideologically far right doesn't mean 'racists take over capitol hill'.

AOC could be considered fairly 'far left' she's not exactly a radical.

To the OP's point, I think Parler was trying to legit be an alternative where they didn't have Jack Dorsey in charge, but I'm doubtful if they were actually looking for the holocaust denying crowd.

I suggest probably their comfort zone would have been 'Fox News'.


If by "moderate conservative" you mean the type of people who also fund a site like Breitbart. I think we're pretty safe in calling them "far-right".


I'm sorry if this comes across sounding harsh, as I don't know you at all, but your comment sounds like the opinion of someone in a lefty filter bubble.

Where I'm from, "far-left" and "far-right" means "people who think violence is a legitimate means to enact their ideology."

So that includes Nazis, the KKK, and communist revolutionaries. It does not include Rebecca Mercer or Breitbart.

Check out this data: [1]. Breitbart is only a smidge more conservative than Fox News, and Fox News is the #1 watched cable news channel in the country. That is called "mainstream." Presumably, the "far-right" would be "far" beyond the mainstream.

[1] https://www.adfontesmedia.com/interactive-media-bias-chart-2...


Are they though? Maybe I just lack some knowledge but it seems there's a trend where these definitions are shifting so that right become far right, and sometimes even people who would have been left are suddenly being called right.

That said I don't know much about these particular people.


Strange I have the feeling it's quite the opposite. The "progressive" democrats would just be center-right in my country (Germany).


They seem to be comfortably in the progressive group in terms on their politics, if not always their rhetorics which sometimes seems calculated to appeal to center or right wing voters. But you can pretty much completely disregard what anyone in politics says and just go by what they do.


The CEO literally was personally banning anyone who posted anything left-wing, and yet claims that he's for "free speech". It's laughable.

If he wasn't cynically cashing in, then he's not a very deep thinker either.

https://www.forbes.com/sites/abrambrown/2020/06/27/parlers-f...

They literally welcomed pro-saudi comment farms to their service as well:

“The nationalist movement of the Kingdom of Saudi Arabia has made it known that big tech is censoring them at rates we have never experienced in the United States,” Parler wrote in a post on its own account on the site. “Let us welcome them as we all fight for our rights together.”

Reminder: Saudi crown prince, Mohammad bin Salman, ordered the assassination of a US journalist not that long ago. So, in a sense, Parler is really the social network of choice for dictators and extremists.

https://www.reuters.com/article/us-twitter-saudi-politics/un...


Parler is also financially backed by the Mercer family, who are conservative mega-donors and right wing political activists.

https://www.reuters.com/article/parler-funding-mercer/social...


Saudi watanjies joining the fray? That's a complete tragicomedy now.


Twitter is also the service of choice of US Presidents who order drone strikes against innocents abroad.


"The moral of the story is: if you’re against witch-hunts, and you promise to found your own little utopian community where witch-hunts will never happen, your new society will end up consisting of approximately three principled civil libertarians and seven zillion witches. It will be a terrible place to live even if witch-hunts are genuinely wrong." - Scott Alexander [0]

[0] https://slatestarcodex.com/2017/05/01/neutral-vs-conservativ...


Took me a while to get around to reading & finishing this, but this is a phenomenal article that could have exactly predicted what happened with Parler, and describes the current polarization in the US far better than I could. Thank you for sharing


Or pick a host that that doesn’t care. They exist both in America and abroad. If Gab and 8kun can stay up, so can Parler.

They planned poorly, that’s their fault.


> As long as your website is just some text floating out there in the network there is a lot of wiggle room.

What does this even mean? Text has to be stored in some physical location, or set of locations.


I think what parent meant was not to say "arrive at this location at this time and do this criminal thing", but I could be reading it wrong.


I read it as, if it's just text and all anon, there's always wiggle room. Once you start allowing video and photo uploads, and real names, then your liability increases exponentially.


I think he's referencing Flash


I appreciate businesses like Cloudflare that stay neutral and just provide their service.

I don't want to have to think about the political beliefs of a CEO before deciding to use a service.


Not expressing an opinion on this either way, but I wouldn't say they're completely neutral: https://blog.cloudflare.com/why-we-terminated-daily-stormer/


The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology.

That just shows how dangerous the "if you're not against us, you're with us" mentality can be.


Cloudflare has been quite neutral for now, but there are communities of people who daily devote themselves to harassing everyone from Cloudflare's support team to the mayor of Sammamish, WA (where Epik, one of Gab's webhosts, is headquartered) to try to get Gab deplatformed[1].

I can only imagine how many of these emails per day Cloudflare's support team is deleting.

[1] https://www.reddit.com/r/GabWatch/


This entire comment thread can be asterisked with “for now”.

GoDaddy kicked off AR15.com with no reason at all, they were fine with the content... until the moment they weren’t.

The problem has always been a TOS that is selectively and interpretively enforced. It’s just popular this week.

> I don't want to have to think about the political beliefs of a CEO before deciding to use a service.

ffs no joke! I was embarrassed for what Expensify did, and if my company used that service we would have dropped them in a hot second. IDK why “we’ll stfu and do our job” isn’t the default anymore.


> GoDaddy kicked off AR15.com with no reason at all

No, not no reason at all: "In response to content complaints on the ar15.com website, our team investigated and discovered content on the site that both promotes and encourages violence. As a result, we informed the site yesterday that they have 24 hours to move the domain to another registrar, as they have violated our terms of service," GoDaddy told the Washington Examiner.

FWIW, ar15.com is hosted on AWS. GoDaddy was just the domain registrar. I gather ar15.com was temporarily removed from the GTLD name servers because they didn't move to a new registrar quickly enough.


Shut the fuck up and do our job hasn't really worked well once the capitol was attacked, those people were organizing in public in many social media platforms (not just Parler!) and people working at those social media companies shut the fuck up and did their job. And then that happened.

Are you saying that staying silent is the answer once you have people organizing to take down the government? How will your business operate once the government is down?

There has to have some limits somewhere. Yes we don't want everything to be political but obviously, there is a line somewhere, wouldn't you agree?


> Are you saying that staying silent is the answer once you have people organizing to take down the government? How will your business operate once the government is down?

Let's dispatch with the second one first. Even if you bulldozed the entire city of DC and everyone who works there was permanently relocated to the North Pole by Santa Claus to make toys for little children forever, there would still be a government because there is a constitutional process for electing or hiring some other people to do it.

So what should platforms do about this? That's too narrow a question. It's what should society do about this? Step one, arrest the people breaking the law. Violence and calls for violence are illegal. At which point it's not clear that we even need a step two, because then the relevant people are in jail.


> At which point it's not clear that we even need a step two, because then the relevant people are in jail.

I know the US has the biggest prison population in the world, but you can't keep these people in prison for life. They will be released from jail at some point and start spreading their ideology again.

I hate to pull a godwin, but "let's throw the insurrectionists in jail and that's the end of that" hasn't worked out well historically. Let's just hope none of them writes a book while doing their time.


> I know the US has the biggest prison population in the world, but you can't keep these people in prison for life.

I think murdering a police officer is a capital offense. You don't get back out of jail after that one.

But even for the people committing less violence than that, and who in turn eventually get released, they only stay released if they stay non-violent. Otherwise they're right back to jail.

> I hate to pull a godwin, but "let's throw the insurrectionists in jail and that's the end of that" hasn't worked out well historically. Let's just hope none of them writes a book while doing their time.

So now we're abandoning even the premise of free speech?

If people are engaged in violence you put them in jail. If people are non-violently saying dumb things and you don't agree with them, you say your thing too.


> But even for the people committing less violence than that, and who in turn eventually get released, they only stay released if they stay non-violent. Otherwise they're right back to jail.

I am of the opinion that we should prevent violent insurrection rather than waiting for it to happen and then responding with jail time.

> So now we're abandoning even the premise of free speech?

Where did I say that? I'm not saying we should prevent all book publishing, but you do understand what historical precedence I was referring to right?

> If people are engaged in violence you put them in jail. If people are non-violently saying dumb things and you don't agree with them, you say your thing too.

If the dumb thing they're saying is that all politicians are satan worshipers and pedophiles, then it doesn't matter what "thing" I have to say to them.


> I am of the opinion that we should prevent violent insurrection rather than waiting for it to happen and then responding with jail time.

Responding with jail time is how you prevent it, through deterrence.

> I'm not saying we should prevent all book publishing, but you do understand what historical precedence I was referring to right?

Presumably the unconstitutional Son of Sam laws?

> If the dumb thing they're saying is that all politicians are satan worshipers and pedophiles, then it doesn't matter what "thing" I have to say to them.

I disagree. There are still things you can say and do to black pill the crazies.

Now, sometimes the only thing you can do to convince them is to do something, because just saying "no you're wrong" isn't much of an argument. Whereas, say, arresting and prosecuting everyone involved with Jeffrey Epstein would satisfy a lot more people that there isn't a vast international conspiracy of pedophile Satanist cannibals, as compared to the presumably truer situation in which a lot of powerful people were involved a major statutory rape and prostitution debacle and yet thus far have escaped prosecution.


> Presumably the unconstitutional Son of Sam laws?

I am not, I am referring to a historical example where a bunch of insurrectionists were thrown in jail and it was not an effective deterrent.

> Whereas, say, arresting and prosecuting everyone involved with Jeffrey Epstein would satisfy a lot more people

You really think that arresting and prosecuting Trump, among others, would satisfy the people who stormed the capitol to keep him in power?


Belgium was without a government for years. No one really cared

I think its possible to think of a world where dc simply goes on vacation and the rest of the country is just fine.


Someone doesn't understand how parliamentary systems and caretaker governments work...


I get your point, but technically Trump ia current goverment ;)


> This entire comment thread can be asterisked with “for now”.

Which is true but its also important to not jump the gun so people can give coherent arguments for/against currents events.

Take Amazon for example, there is significant internal pressure to run the company based on a specific set of (for lack of a better word) progressive values but at the same time there is also a big part of the company that is customer focused and puts themselves in their shoes to try and deliver results and the politics of the day is just noise to them. Who will win in a few years time ? Can't say and the future is still unwritten.


This sounds like double speak. Can you elaborate?


Anyone can say whatever they want on the Internet, but if your violence words become violent deeds you’re at risk of being dropped. So - don’t be violent.


I hope the platforms remember this line of thought the next time US is going to bomb a country


I think basically don’t use your platform to plan an insurrection and you should be fine. As soon as you start being used as the platform where violence is being organized all bets are off.


So... are you talking about Twitter and Facebook?

Your comment is short sighted and shows a possibly too eager willingness to accept the media and big tech narrative at completely face value. What if you are wrong?

At one point saying “We shouldn’t own slaves”, or “the Indian has rights to the land they live on”, or “women should be allowed to vote”, or “no taxation without representation” were all insurrectionist comments.

How do you propose we only stop “the wrong” insurrections? We should probably ask you first.


> At one point saying “We shouldn’t own slaves”, or “the Indian has rights to the land they live on”, or “women should be allowed to vote”, or “no taxation without representation” were all insurrectionist comments.

Uh, I don't know what you think "insurrectionist" means, but those are definitely not what it means. Actually, one of those comments was actually the law of the land at the time, as adjudicated by the Supreme Court--it was merely a popular politician who said that the Supreme Court had no actual power to enforce its will against him and did it anyways.

In the interest of pedantry, it's worth pointing out that the anti-slavery comments weren't the ones made by the insurrectionists, and even in the states that seceded, the unwillingness of Northerners to uphold the Fugitive Slave Act was arguably the more pressing threat, since it is highly unlikely that the federal government would have been enable to effect mandatory abolition on unwilling states but removing any codes enforcing the return of runaway slaves would have been well within its remit. That said, there was one notable abolitionist who provides half the cases in US history of people tried for treason against an individual state.


You must decouple in person interactions from site content. So you can have a site filled with philosophy, historical analysis, generalized activism tips, technical information, etc but not a site that directly facilitates in person meetups or calls to action or plans real world activities.


My guess is they won't struggle too much to get the site itself back online (they at least claim it was "bare metal", so charitably just containers), but replacing the email service providers and other authentication / SaaSy bits will be a challenge.


I'm curious about how they'll handle SMS. I once worked for a place that self hosted a message gateway by co-locating a bunch of cellphones alongside their servers. It worked but probably wouldn't scale for their purposes. Our setup also assumed that customers were in the same country as the servers.


Email service providers?

What’s that?

sudo apt install postfix

Configure DMARC and SPF and you’re fine.


Yes, it's as easy as those two commands, unless you want people to actually receive your emails.


It is not that simple yes, however it is not too hard, especially if you are mostly only sending to registered users. It is lot harder to setup a dc and get ISPs to peer with you than setup the app itself.


Do you have some resource to share on this simple set up?


There are one or two projects like postal[1] or mailbox[2] that make it much easier than it was before.

[1] https://github.com/postalhq/postal

[2] https://github.com/mail-in-a-box/mailinabox


There are ToS at Colo facilities also, renting rack space isn't foolproof either.


For a few thousand dollars a month I operate my own servers in n>1 physical locations with different companies and different transit providers.

I figured it out. Pirate Bay figured it out. Any company that genuinely cares about eliminating SPOFs has figured it out.


Perhaps Parler did not realize that being aligned with conservatism was grounds for deplatforming. I am sure they will learn as will the whole world.


Let's hope so! The more we diversify our social media consumption as a society the better off we all are. Well, other than Jack and Mark.


Honestly, I think they'd be happier too. They'd have less money and power, sure, but they'd also get less death threats, and a lot of the world (including world leaders) would hate them a little less.

I don't think they would care if Facebook and Twitter were each 1/10 the size of what they are today -- they'd still be billionaires and the companies would still be mind-boggling huge. They only care that the companies are much larger than competitors.


I didn't read Dorsey's actual tweets, but here's what the Guardian said about them:

>Dorsey underscored in his tweets a need for a new “open decentralized standard for social media”.

https://www.theguardian.com/technology/2021/jan/13/trump-twi...


He's been talking about this for a while.

> Twitter is funding a small independent team of up to five open source architects, engineers, and designers to develop an open and decentralized standard for social media. The goal is for Twitter to ultimately be a client of this standard.

https://twitter.com/jack/status/1204766078468911106


I was not aware that "Remember the photographs from inside your home while you slept? Yes, that close. You will die a sudden death!", "We are going to fight a civil was on the 20th", "we need to start systematically assassinating #liberal leaders", or "shoot the police that protect these shitbag senators" were conservative political opinions.


I'm not sure I like the world where conservatives are making bed-fellows with pedophiles and ISIS.

Over this last week, I've talked to people who have un-ironically argued that companies should not be allowed to moderate content... even if that content is illegal!

It's like a whole section of the population is just learning for the first time that the internet is real life and it's not the wild-west it was in the 90s.


"A platform for the deplatformed" was basically their only marketing pitch. They (should of) knew.


Fortunately being aligned with conservatism isn't grounds for deplatforming, as can be seen by the literal millions of conservatives on twitter who haven't been deplatformed. It's easy: you have a discussion about your political beliefs without telling the other person you're going to murder them for disagreeing with you.


Seriously. I laugh whenever someone cries about widespread censorship of the right. The most lucrative media career right now is to be an outspoken conservative. There are probably thousands of such pundits/journalists/analysts/bloggers/podcast hosts/commentators on pretty much every medium, and they all seem to be talking non-stop.

Similar to how every mainstream comedian is persecuted and telling "unfiltered" jokes that they supposedly aren't allowed to anymore, and they'll totally get into trouble for it later.


Can we please move on from the assertion and justification of the very real censorship push on the grounds that "they all deserved it" by claiming that all the people deplatformed were "telling the other person you're going to murder them for disagreeing with you"?

This is an intellectually dishonest take at best. I won't speculate on the other end of the spectrum.

I for one am disgusted at how servile about censorship readers of HN have been lately just because it was their percieved enemy who was being attacked, without understanding that this will be applied to $notenemy later. I've frequently complained about the state of "too many MBAs and not enough hackers" here but fuck the last few months really brought that out. Starting to wish I knew if there is a hn where the more anti-authoritarian types hung out.


The commenter claimed being conservative and no other attribute/thing was a sufficient condition to be deplatformed. That is an absurdly large claim and requires absurdly large evidence. You can go on twitter right now and find conservative opinions, including the opinions of those from Fox news, the most watched news channel in America.


“Fortunately criticizing Putin isn't grounds for being assassinated, as can be seen by the literal millions of people in Russia who haven't been murdered yet. It's easy: be nobody and have a discussion about your political beliefs in the kitchen with only close relatives.”

All well known recent deplatforming cases were done on a flimsy grounds for off-platform activities. They are very hard to defend.


Again, plenty of other unpopular websites have figured it out.

Parler just didn’t care.


https://prq.se/?p=colo Famous for starting the pirate bay, they're still in action and pretty much specifically provide freedom of speech hosting. I think it plays in the game the Parler investors wanted to play that they got shutdown and can't get back online. Fuels the "we've been censored" angle.


there's plenty of big colocation and hosting companies in Russia.


Which will not provide you service unless you give them Russian phone number and scan of your Russian passport.


Parler was backed by very deep pockets with existing international connections. They could afford to purchase the necessary Russian friends to make this happen.


The CEO is married to a Russian so that isn't a problem.


Sites like stormfront manage to stay up, despite being way older and arguably more extreme.


If there's ever a "capitol riot" sized event linked back to those sites, their BCPs will be put to the test as well.


plenty of far right European terrorist attacks have been linked directly to stormfront, including the attack by Anders Breivik.


Road map for hater sites:

1. Fire up servers in Russia.

2. Learn rsync.

3. Profit.


If you do social media, of any kind, you can't really rely to heavily on cloud providers. I know, Snapshot is a massive Google customer, but that means that they need to be rather careful.

Facebook and Twitter couldn't exist on AWS, unless Amazon chooses to enforce their rules very selectively. There is a ton of hate speech on Facebook, which is not censored, moderated and which clearly violate all sort of rule. Much of it is due to the language of the users not necessarily being English, or another major language. However, regardless of the language, the content can still easily be in violation of an AWS terms of service (and often Facebooks own).

If Facebook had been an AWS, Azure or GCP customer, they would have been shutdown long ago... Well they wouldn't, because the rules wouldn't really apply to them. I honestly don't care about Parler, Amazon has every right to shut of their service, they decide what customers they want on their platform. What I do care about, is that terms of service, rules for allowed speech is applied fairly and equally.


Obviously Parler didn't consider censorship as part of their threat model, while TPB necessarily had to. Moreover, I'm pretty sure TPB has gone down here and there, probably for weeks at a time. I don't think Parler's problems threat model is that bad; just maybe don't depend on companies that are liable to peer pressure. In the worst case you just get hosting from someone who isn't going to dump you because of social pressure (even going out of country if you must).


TPB had a much greater threat to them. They were even threatened by domain registrars.

How could you say TPB didn't consider censorship? What is a DMCA takedown if not censorship?


> How could you say TPB didn't consider censorship?

They didn't say that. They say in the first sentence that TPB had to consider censorship


I suppose one advantage Pirate Bay had was that they set out doing something illegal, whereas Parler probably didn't even consider the possibility that they would have to fight to stay online.

Apple has tightened the rules around forums lately, I don't think they required moderation when Parler started.

The other thing is of course that Pirate Bay was started by hard core computer nerds, not business people.


TPB also has the advantage of age. Their last decade has been quite stable but back in the day they would regularly go down and people would make all sorts of witty comments questioning the competence of the operators. It took them a lot of work to get where they are and they also had/have a different scaling curve than a social network.


Don't forget the raid. On a hunch one of the admins was able to make a copy of the entire database and bring it back online shortly afterwards; if he had not, they'd've had to revive it with no content, and it probably would have died out / been overtaken by some other one.


Just by looking at how easily their entire db was downloaded, wouldn’t be surprise they hacked most things together and hardcoded a lot of stuff to work with AWS


If I recall, that wasn't the DB of Parler, but of their wordpress blog.

It's still sloppy, but it's not on the same level.


IIRC, one of the poor design choices was making their resource URLs (videos, pictures, etc) sequential - this reduces the effort of crawling everything down to a 'for' loop; no need to get the actual "db" for references. As a bonus, those media resources were not stripped of metadata (EXIF data in images was present)


And if it was indeed 70 TB downloaded and they were serving it off AWS, they're getting at least a $5600 bill as a last fuck you on their way out, just for that single download.

If you have enemies on the Internet, having anything on one of the cloud providers that charge an arm and a leg for traffic seems like asking for a financial DDoS.


... like this website? ;P I honestly don't see anything wrong with that design: permissions should be honored--and Parler did something really wrong here that caused people to be able to gain admin status from them--but, past that, if someone wants to download the whole site why not let them?


This website doesn't do private messages an such. Every comment and post is public. However, on social networks where you do have that function, a user might have a legit reason to want a video to be private.

When you have media that is private, if the numbering is sequential, it is easy to figure out what you can't see vs what doesn't exist. Using random IDs means that someone looking from the outside cannot reliably figure out how much content is hosted and check for private data on that service.

A secondary issue is that having an auto-increment in your database is a recipe for having really slow HA options and you can't scale hard either because it's fundamentally hard to sync auto-increments between multiple nodes that don't leave gaps in the ID namespace or are really slow.


Knowing how much data is private isn't a useful quantity? If it were per-user I would agree. Honestly, even knowing "a private video was posted at such and such time" for a website like Twitter isn't a big deal (and this is good, because Twitter also uses an auto-increment key for all of their posts, or at least used to until not that long ago if somehow they recently stopped).

(FWIW, Facebook actually used auto-increment keys for a long long time for their users. I don't remember when they stopped, but before they did they went through a long period of manual ID range allocation.)


Twitter uses Snowflakes, simialr to FB and other services. They scale better than manual ID range allocation and don't entirely behave like auto-increment. The big part is that it can contain gaps. So there is no way to tell if an ID doesn't exist because you lack access or because it was skipped over.


There is nothing wrong with this on its own. The real flaw was not stripping the exif data. Although I guess sequential IDs did enable an easier attack on the real flaw.


> Embarrassing

The site not being online may be embarrassing from a risk management standpoint, but the app being censored from Apple Store and Google Play Store prevents them from having a meaningful presence ever again anyway.


> but the app being censored from Apple Store and Google Play Store prevents them from having a meaningful presence ever again anyway

Right, like OnlyFans has no meaningful presence


People are already conditioned to need a web browser to view adult content, and if you are an adult content platform, your competitors are also missing from app store as well.

This doesn't work out the same for social media. Doubly so because a social media platform benefits from integrations like notifications which are missing from iOS Safari.


Perhaps. I’ve been using Twitter and FB exclusively via iOS Safari for a year or two and I’m not sure I’m missing anything important


You miss App icon on share sheet. Maybe Web Share Target API solves this situation but I don't know Apple want to implement it.

https://bugs.webkit.org/show_bug.cgi?id=194593


That's like saying PC gamers are conditioned to using windows. They're not "conditioned" to anything, people go where the thing they want is.


And if they want it bad enough they'll start going somewhere new. Which is why most of the synthetic recreational drug crowd learned how to use tor and gets their product delivered in a little bubble wrap envelope that says "agricultural chemicals" on it.


Why not just use a web app? I don’t have the Twitter app installed because the web app does everything I need.


They have a Progressive Web App, which should be able to be loaded up and a home screen shortcut just like any app would. But it's not straight forward for Android (Parler users were trying to explain how to do it to each other with hilarious results), and I believe on Apple it can't be done.

There have been called for regulating how Apple and Google protect their app stores after Parler was pulled, but I don't think that's the solution. The solution is getting them to integrate PWAs into their ecosystem. They don't want to, because it draws from their app store revenue.


If parler users believe it is important to them and to society as they say... what's the problem with just opening up a web browser and going to parler.com anyway? That's too big a burden for something so vitally important to it's users?

I mean, don't get me wrong, I get that there are issues with corporate monopoly control of communication. And there are some things that will only work well as an app, not as a web page. But... parler really isn't one of them? Oh no we have to go to a bookmark in a browser instead of having an app or even an icon on a homepage... seems like a weird complaint when they are also saying access to parler is so vitally important. What's the big deal? I mostly access facebook and twitter this way on my android phone already.


This is such a weird line of assertion that I wonder if you'd apply it in any other context.

The problem doesn't just exist for dedicated Parler die-hards. The problem exists for Parler trying to become a compelling platform at all among everyone else. And that problem exists for all Parler users including all the would-be users and all people trying to develop a following on Parler.

> Oh no we have to go to a bookmark in a browser instead of having an app or even an icon on a homepage

Sure, not a problem for Parler die-hards. Massive shortcoming for everyone else. iOS users can't even receive notifications from a website. Parler's target audience isn't just the people willing to jump through hoops. If you're someone trying to create content on Parler, your target audience isn't just people willing to remember to check their mobile browser every once in a while when every other app (incl Twitter) gives them real notifications.

You're saying that these obstacles either don't matter or they're inconsequential as long as your product is good, and you're sorely mistaken. You don't want to be lacking a notification system as a fledgling social media platform. Just consider how every time someone receives a "X replied to you" notification and returns to the app, how that enriches the entire platform.


Yes, i would and have. In my own participation in (left) political organizing, I don't believe that we can rely on corporations to make it convenient for us, and say so. To be sure, the corporations convenience/inconvenience matters. But the inconvenience of having to access the thing in a browser instead of an app??? This seems like nothing to me.

The site actually getting shut down entirely is of course a lot more significant, I see much more of a point there. It's complaining about "oh no it's just so hard to access it via a web browser instead of an app" that seems ridiculous to me -- if you are organizing against the system -- and it's pretty clear to me that's what parler was doing; I am opposed to the politics they were doing it from, but not to organizing against the system -- you should expect and prepare for attempts to suppress. If "oh no we have to access in a web browser instead of an app" is all you get, you are doing great.


> You don't want to be lacking a notification system as a fledgling social media platform. Just consider how every time someone receives a "X replied to you" notification and returns to the app, how that enriches the entire platform.

HN seems to have done fine without it :)

ps. please don't tell me that I am too dumb to find out how to turn them on.


You just Open Safari, go to your web page you want, click the share icon, and "Add to Home Screen" for iOS.


> I believe on Apple it can't be done

You're incorrect.


> They don't want to, because it draws from their app store revenue.

One word: Regulation. Easy to regulate Big Tech through laws. But incoming administration in US isn't going to take it seriously given that Big Tech did exactly what they wanted.

But they can be easily tamed if other countries do it. If European Union, UK and India regulate Big Tech their dominance is over. They don't have any presence in China anyways. US is no longer that hot a market for online and ecommerce (even though monetarily US dominates as of now but that won't be the case the next decade).


iOS has had PWA support for longer than Android has (or at least "add to home screen", additional configuration via a manifest came much later).


The solution is to get trillion-dollar companies to do something they don’t want to?

How are you going to do that without regulation?


Most non techies rather use apps in my experience, but I may be wrong.


Not having an app does not mean that the mobile interface doesn't work.


you mean through the browser?


Until Apple decides to update Safari to block it.


Please point out which websites have been blocked in browsers.


Interestingly, at least Google doesn't seem to actually just their Safe Browsing list; not sure why.


At this point - do you really think Apple is above this?


This is not a good argument, please go back to the drawing board.

You are making the extraordinary claim, so you are the one that needs to provide evidence.

No browser vendor has blocked any sites in the way you are describing. Not Firefox, Chrome, Safari, or IE. At best, you'll get a warning when you are about to hit a malware site, but that's about it. You can click right past it.

So no, what you are saying is ridiculous, and you should really feel uniformed and silly for suggesting it was likely.


> No browser vendor has blocked any sites in the way you are describing.

Chrome and Safari both use Google's "Safe Browsing Database" which outright blocks phishing scam sites. How long until this is expanded to "hate sites" because they "aren't safe"?


They just gave millions of people a reason to investigate rooting their devices.


You don't need to root your device to install an .apk. It's all about friction. The harder you make it for people to do something, the less people will do it. It's always a very effective strategy.


I've been telling developers for years if you build your infrastructure on top of tons of 3rd party services like Google Cloud or AWS then you basically don't own it, and can be shut down any day, against your will.

Web companies should build on "Linux" only, as their base platform, so they own everything above that. I was a fan of Parler but building on AWS was a huge mistake, and they should have realized they were "owned" from day one.

And to any other CEO/CTO making the same mistake: "Beware, you do not have control over your company."


It isn't just getting kicked off the platform that you should worry about. You have zero control of long term pricing. Developers sometimes even develop without doing any math on what the services they are using cost in year one. Ask people how often they have already had to go back and rework code and shutdown servers because the bills coming in were out of control. The myth that you can just migrate if costs go crazy is completely nuts.


Initially when I saw the EC2 micro prices I was like "wow that's a fraction of a cent" but then you multiply it 750 times in a month like oh...


It is increasingly, vanishingly hard to not use the big three cloud services. Mainly because any platform or tool you might use is _also_ hosted on these clouds.


You can build on Java + SpringBoot + MySQL + Linux + Docker Compose, then what else do you really need?

I mean there's tons of technology stacks to choose from, but people get lazy and take the easy way out rather than learning to scale servers themselves.

Get on Linode. It's base on Linux instances. If you build on Linux you are "free" and not "owned"


Linode and Digital Ocean docs also are leagues ahead of AWS. They cover a lot of stuff. I didn’t even know what fail2ban was when one of my VPS’s got hacked. Went through all their docs, they cover a lot and really helped me understand how much I didn’t know while at the same time providing guides on getting up to speed.

AWS won’t tell you about those things because they sell you security, so you remain a dumbass about those things indefinitely.


Exactly right. lol.


If you are doing ssh config properly, then you don’t need fail2ban or its ilk.


Fail2ban protects more services running on a server than just SSH.


... what else do you really need?

A proper database.

:)


There's a lot of DBs to choose from: MongoDB, MySQL, PostgreSQL. What you want to avoid is anything from Amazon or Google ANY other similar service.


Is that supposed to be a dig against MySQL, or did you just miss that in the list?


Looks like you misspelled "NoSQL" :)


Most everything I develop is in .NET and will run comfortably in Nginx, IIS, or an Azure App Service Resource.

It's not that hard.

In my experience most developers just inherit the infrastructure and even the base project from someone else. They've never stood up a server or configure anything from scratch so they have no idea what they're doing.


I've been telling people for ages that, even if they want to use a pre-built solution, they should at least set up the base systems a few times to get a better felling for them and.


that logic is a vicious cycle


Why can’t they just backup regularly and redeploy somewhere? Isn’t it as easy as backing up a DB and restoring?


If you restrict yourself to only the set of AWS functionality that is common to all hosting providers, you can do that.

But not only is that very hard to do, it basically negates the premise of AWS in general. There are also lots of areas that you can’t do this, such as IAM and network rules, so you have to build an abstraction on top of it that’ll work with open source tools on a separate host.


Premise of AWS for me: reasonably priced (not cheap!) linux VM, close to the backbone, essentially total control of the VM, easy provisioning of new disk storage when required (i.e. EC2 with a smidgeon of EBS)

The rest of it? I think I understand why some systems need/want it, but no thanks.


Depends on what you’re doing.

At the scale $EMPLOYER works at, AWS built in services are key. Things like DynamoDB global tables are extremely hard to run on your own, and things similar to AuroraDB and Kinesis can be run on your own but they take up a lot of personnel hours better spent focusing on product. We could probably eliminate those services and self-run, but it would be an extremely unwise usage of company time and money.

But we also run services in multiple continents with the need to handle clients doing silly things like getting into airplanes and flying into another continent. Your situation might not benefit as much from AWS specific services, so YMMV.


> We could probably eliminate those services and self-run, but it would be an extremely unwise usage of company time and money.

Unless $EMPLOYER was Parler ...


More precisely, we could do it, but it would probably take years and the result would be inferior to what we have today.


When you build on top of "linux", yes. However, many cloud services are built on top of S3 or App Engine or other proprietary services.

This means that they can only be run on that provider.

They can be faster to develop, at the risk of not being able to move later.


S3 is not that hard to replace. There are plenty of services like backblaze which provide S3 Api. You can spin up your own service with something like minio.

Getting S3 reliability or availablity is lot harder ofcourse, but most apps don't need that.


They don't even need their own backups anymore.


Linux doesn't help here. You can have your own servers, but then ISP can shut you down and Mastercard and Visa will ban you from the online economy at will ...


If Silk Road (and its spawn) manage to stay online until the government shuts them down then these more-legal companies can surely find a way.


Sure if your users can use crypto and tor you can stay open for a few years... but that isn't the same problem.


Linux is much better than relying on proprietary services. Nobody said Linux solves all the other problems in the world. lol.


I don't know what do you mean really, what do you think Amazon uses for their clouds, Windows 95?


according to parler they did what you suggest


Parler used AWS. I suggested avoid AWS. What am I missing. I might be missing something.


AWS is a suite of services. One of those is EC2, which is just virtual servers hosted by Amazon/AWS. A virtual server is no different than a physical server from the perspective of the guest operating system, regardless of if it is Linux or not. Linux is just the software running on the server, it has nothing to do with ownership. The only way "running on AWS" is problematic is if you tied yourself to their non-generic services like ECS or Beanstalk.

tl/dr: building on AWS and building on Linux are not mutually exclusive. One represents hardware the other software.


We used AWS and EC2 at my last job so I've done about 4 years worth of what you're describing. Definitely if you use Amazon as your way of getting a Linux instance that's fine, because then you can just move to Linode or any other hosting service because Linux is the one thing they all support.

When I say don't use "AWS" I should've been more clear I'm talking about their proprietary stuff. Basically you should be able to run on a plain Linux as your base.


Parler didn’t use any proprietary AWS services.


The Parler CEO initially said they would be offline for a whole week, in order to “rebuild from scratch”.


I wonder what the engineering quality and opsec was at facebook, a year or two after the Zuck built it to steal people's cell numbers.


4 years after Facebook allowed the general public to join, the engineers created a PHP transpiler called "HipHop" which in itself, I would suggest, shows competence, engineering talent and a good understanding of PHP - the language that Facebook was at that point written in.

https://en.wikipedia.org/wiki/HipHop_for_PHP


I think what's (only just) more embarrasing is the fact they didn't strip GPS metadata from uploaded photos, like everyone else has been doing for the past... fifteen or so years?


Of all the interesting points brought up by this article, my favorite part was the link to the Pirate Bay's launch of a submarine to host its servers.

...dated April 1.


Unpopular opinion: it is not bad, it is just normal average modern startup attitude. Let's put everything into cloud, use Spanner or Aurora for data, Firebase for user mgmt, throw together bunch of lambdas and voila, we are in business.

And I am not being judgemental, because this approach is working 95 times of 100, and most of startups are dying anyway before they hit the wall of vendor lock.


It is not universally bad for all companies. It does however show their incompetence when they try to build an alt-right platform by hosting it on AWS and distributing it on Google's and Apple's app stores.

Either way, I think it's for the best that they are technically inept.


To be fair, I think it's a lot easier to think in terms of decentralization when the tech you work with (p2p) is decentralized by design.

I imagine Parler to be something that was iteratively worked on, where their most recent challenge has been in scaling their service. I also suspect that they have been working towards returning their initial investment - it was likely accepted that Parler might just be temporary anyway.

Regarding the security, it is appalling. Generally the website feels like they have one good dev working in the background - it doesn't feel like an entire team working on this 24/7. It certainly doesn't feel like there is some review process. Hopefully they fix the security before bringing it back online.

What seems crazy to me is that Parler have not been able to setup at least one server to provide a static page to explain why they are offline and what the next steps are (from their perspective). At least parler.com points to 127.0.0.1 I guess.


Ironic the article is in Vice considering one of its founders (Gavin McInnes) also founded the Proud Boys.


But if he left vice 13 years ago citing "creative differences" and founded the PBs eight years after that is it really irony? Or just a simple case for reading between the lines?


I spent some time trying to figure out Gavin McInnes the other day. I had a very hard time separating conviction and sarcasm.


Well he was in a band called Anal Chinook.


Perhaps the most embarrassing thing about Parler besides the fact it was deplatformed so easily is that it was built on WordPress. And don't get me wrong, I love and use WordPress often, but to build such a large social media platform on-top of it? That just reeks of amateur.


There is a part of me that thinks this was always Parlers aim (or at least an acceptable outcome). The whole point of parler was to cry about censorship while engaging in censorship. Now it's been shut down, all the more reason to cry...


>As one of the original co-founders of The Pirate Bay, Peter Sunde Kolmisoppi knows a little something about keeping controversial services online. Kolmisoppi and his colleagues spent decades battling a global coalition of corporations, governments, and law enforcement agencies intent on wiping the file sharing website from the face of the internet. Unsuccessfully.

This implies that he was unsuccessful. As we all know, he was not


But Parler is not built by pirates and street kids. It is built by establishment republicans with billionaire backing.

They are not used to be thrown out on the street.


Parler was, at the end of the day, a somewhat amateurish Twitter clone whose essential growth hack was that they decided to serve as a kind of ban evasion mechanism for Twitter. They had virtually no organic growth of their own, they worked by accepting the banned castoffs from another service and promising not to do any moderation.

And then we had a historical incident of political violence perpetrated by the same demographic. Move fast and break things indeed.

But "staying online" isn't the Parler goal. Matze wanted to run an internet giant, not keep a seedy right wing reactionary forum alive. I mean, 4chan and 8kun already fill that market.

He's just going to pack it up, keep his head down, and try not to get sued (or charged).


Not sure why the downvotes. This essentially is the same as my take. This is the inevitable result of pushing your brand as "no content moderation" but not actually having any skills or plans on what to do when it eventually caught up with them.

Anyone familiar with 4chan knows that some of the earliest content that was banned on the platform include childporn and organizing raids/doxxing. If you read the terms of service, you'll see that content is still banned (even if not uniformly enforced).

The fact that parler couldn't muster even 4chan levels of moderation shows you that they really had no comprehension of the content creators they would be courting with their service.


Since when is "not enough moderation" grounds for terminating hosting? Amazon does a terrible job of moderating their own catalog and reviews. Should their ASNs be blackholed?

You can read the comments on any given CNN article, and see racist statements. Should CNN reporters be barred from attending press conferences?


It is grounds for terminating hosting when AWS has repeatedly asked you to remove said content AND they've offered to help you migrate you off of AWS.

See court filings - https://www.courtlistener.com/recap/gov.uscourts.wawd.294664...

Or for specific sections, see https://twitter.com/questauthority/status/134916216569825280...


I was skimming through it and couldn't really find any smoking gun about them missing any hard deadlines for content removal. If you take a site like Reddit, it can take days before all violent / threatening language is removed from a given thread. A lot of the content AWS uses as exhibits is borderline, so its not as simple as approve some auto filter. I am assuming Parler just took on the scale of weeks to months to fail to remove some bad stuff but it would great to see that in writing to confirm.


It would be foolish of Amazon’s legal team to make an argument like they did and not be able to back it up with proof, imo.


If Microsoft sends an email to Valve telling them to delete certain unlawful posts on Steam, or else they'll use Windows Defender to block the Steam executable, would you defend that?

Why not? It's not like Valve owns the computers of their customers. They're in clear violation of the Windows terms of service. If you violate the ToS, then Microsoft has every right to remove you from their operating system and Valve is in turn free to migrate to a different OS.


Its downvoted because a large portion of HN users prefer alternative facts that allow them to feel superior as opposed to actual reality.


This is factually false. There was moderation, there were terms of service and they banned appeals to violence from their site. The glee with which so many in tech are celebrating was essentially an attempt at corporate murder, on ideological grounds, is revolting.


And yet, in the Amazon suit, Amazon clearly says that Parler did not.

So, it's not "factually false". At best, it's up for a court of law to decide who is telling the truth.

But considering that it's trivial to show messages from Lin Wood, among others at the capital protests messages on parler calling for "appeals to violence" exactly in contradiction to your suggestion that there isn't... Well your argument doesn't appear supported by the facts.


From Amazon's response to the lawsuit... 'The email also notes Parler “remove[s] some violent content when contacted by us or others, but not always with urgency,'


You can read Amazon's entire response to their sham lawsuit which debunks every one of these theories.


> and they banned appeals to violence from their site

Lin Wood, the president's election lawyer[1] LITERALLY called for VP Pence to be executed the week before the riot. This was shared everywhere on the internet, was shared right there on Parler like tens of thousands of times, and AFAIK was still up and unmoderated when the site was shut down.

Parler's moderation was a community-run thing. Effectively, popular users could say anything they liked.

There was no meaningful moderation at all.

[1] Or whatever. The relationships were totally muddled, but nonetheless this guy was a big thought leader among the Kraken set.


> Parler was, at the end of the day, a somewhat amateurish Twitter clone whose essential growth hack was that they decided to serve as a kind of ban evasion mechanism for Twitter.

The growth hack was to be funded by the Mercer family (Cambridge Analytica, Brexit) to the tune of a few million a year to help promote their agenda.


This is really interesting. Where can I learn more about this?


WSJ, amongst other news sites, has provided coverage: https://www.wsj.com/articles/parler-backed-by-mercer-family-...

You can read about the Mercers winding up Cambridge Analytica, which they funded: https://apnews.com/article/64280ae1f30c44eb8b82049f6875dddd

Likewise their involvement with Brietbart: https://www.dw.com/en/who-are-the-mercers-the-wealthy-backer...

As far as the "millions" figure, that's come out of claims that their AWS bill was in the region of $300k per month.


and w/ everyone moving to gab and them seeming to have their ducks more in order in terms of scaling/moderation, i think unless he really wants to die on the hill to preserve whatever was going on w/ parler, they will just drop it lol.


I think the difference is that Pirate Bay was bootstrapped whereas Parler had significant financial backing. With all that money "why not" throw it on AWS. There is also the point that Parler wasn't doing anything illegal so they didn't expect to be shut down even though they should have.


Counter point: Parler was intentionally set up badly in order to certainly be breached in the near future.


Oh dear, people here are already infected by this "I choose my reality" bullshit.


TBP has been down all week (everything showing 0 seeds). sup with dat?


At leats he admits it. First step towards a better world.


Chad PirateBay vs Virgin Parler


word.


In 1932‘s Third Reich Language:

„German Smuggler thinks minorities‘s inability to escape discrimination is embarrassing“


>In more recent years, Kolmoisoppi has moved on to fund Njalla, a privacy-centric domain name registration service. One he says was already asked to host Parler, and refused.

>“Of course we wouldn't,” Kolmisoppi said. “We're pro human rights, which includes the right to not be killed by extreme right wing terrorists.”

Why do I see this embarrassing justification so often? It doesn't make sense to equate speech with violence.


You think it's a mistake to compare death threats to violence? Or a mistake to compare organizing terrorist attacks against the government to violence?


[flagged]


It seems they generally make the effort to explicitly call for nonviolence and the like.

I'm sure these "left wing riot" groups you mention crossed the line before, too, and had comments and pages removed.

Hell, notice that Parler got away with it, too until they didn't?

There's always a line, and sometimes it gets crossed. Pretending like nothing bad ever happens to group X, and everything bad always happens to group Y, and furthermore, insisting their behaviors are equivalent is, let's say, lacking in proof.


People on the left are constantly calling for and glorifying violence. Non-lethal violence. But still violence. I even saw it here on HN.

EDIT: As this is getting downvotes, "punch a nazi" is the most common one, and many many examples can be found on eg twitter.


Yes, this is our political discourse thanks to the president. Comparing the president's insane rants in press conferences to some leftie nut on Twitter, throwing up our hands, and saying "both sides, amirite?"

This rot is leadership rot.


You think this rot is because of Trump? Joe Biden said Mitt Romney, the most liberal milquotoast Republican in existence want to "put y'all back in chains" (referring to black people). Remember Hillary Clinton and the "basket of deplorables"?

This cancer is not unique to Trump's administration - it goes back to Reagan, if not further.


It also doesn't make sense because terrorists would obviously be using encrypted channels primarily, not some shabby public plain text forum. And most organization would be on Facebook, with orders of magnitude more users and better tools.


You are simply uninformed.

It is well documented that ISIS recruited people through Facebook and Twitter, and even YouTube.

Remember: before the terrorists get those encrypted apps, they need to be radicalized first. That step is done on public social networks, where network effects help spread their message to a receptive audience.


[flagged]


So report them to the FBI or local equivalent for the "human rights violations", instead of engaging in willful negligence and then fucking bragging on the internet about how brave you were?

I doubt there were any "human rights violations", as reporting them seems like a much better (and much easier) way to screw over the people involved than not encrypting the database.


[flagged]


Are you joking ? I live in Canada and we do have ways to fight workplace discrimination. But instead you decided to do something wrong, you are part of the problem. I hope I never have to work with someone like you.


We have the Royal Canadian Mounted Police which is the same thing. A federal level police force tasked and empowered with investigating these types of crimes. We also have provincial level human rights courts

And we do have labor watchdogs, again, the courts, and in Canada they lean very heavily towards workers in interpreting very strict labor laws.

However, Canada is also filled with self-righteous descendants (I mean it culturally) of puritans who take it upon themselves to adjudicate others.

That's why I left the GTA, Ontario and Canada as soon as I could.

(Quebec excepted. They're cool. Also, not Canada)


[flagged]


You've posted way, way too many unsubstantive and flamebait comments to HN, including in this thread. The swerve here to a completely off-topic flamewar amounts to trolling. Please stop now.

https://news.ycombinator.com/newsguidelines.html


You are right this got out of hand really quick I didn't expect people to react like this. I apologize and will follow the rules. Thanks.


Is this a bit? You started off with admitting to crime and then start bringing up how you’re dating women young enough to make everyone upset with you, completely unrelated to the original post or your own criminal admission


Look man different countries have different age of consent. I'm not about to incriminate myself here.

For you people who think the RCMP is going to bust down my condo door you are mistaken. I didn't mention where I worked.


I have to say... that having this conversation flip to you talking about your love for the youngest legally permissible women is very disconcerting.


"Don't feed egregious comments by replying; flag them instead."

https://news.ycombinator.com/newsguidelines.html


Ah my mistake.


what the hell is wrong with dating an 18 yo? I can't believe this puritanical bullshit in North America.

In Japan you can legally date Jyoshi Kousei schoolgirls and nobody gives a damn.

I'm not saying I'm into that, I SPECIFICALLY mentioned they were 18 and now everybody thinks I'm Jeffrey Epstein for christs sake

I'm sick of puritans in this country judging people like me because they are jealous. They know their wives are old and unattractive and they freak out because they see 30 something old with an 18 yo.

It's legal for them to be filmed on camera doing all sorts of depraved stuff and sold online but OH NO-WE CANT LET A THIRTY YEAR OLD dudes dating 18 yo.

I can't wait to leave this god damn country.


Just because it is legal does not mean it is not strange. Usually people frown upon such a large age gap not because it would be illegal to be in that relationship but because the difference in age, maturity, and life experience would make such pairings unconventional and often exploitative.


If you think 30, which is not even middle-aged, is unattractive... I think your general interest is skewed towards the very young. I just don't know why you'd incriminate yourself like this.


We detached this subthread from https://news.ycombinator.com/item?id=25771209 and marked it offtopic.


You have no honor as a person and as an employee. And even worse, terrible problem solving skills. Did it occur to you the people you thought your fisting could have just replicated the same abuse elsewhere? Why not officially report them so they could have been on the book for these transgressions industry-wide? How was not quitting the shitty job on top of your list here?


are you kidding me? Do you think we have rule of law in Canada? Our laws are a joke compared to United States.

Who the hell am I going to report to exactly? Who will take it seriously?


You are right. The law is a joke. Pornhub had videos of teenagers getting raped for months and never took them down until they got back-lashed by social media for it. Is Pornhub still up? Yup. Has anyone been punished for hosting this stuff? Nope. The only way to bring down companies like these without waiting for a grand societal paradigm-shift is to act outside the law unfortunately, because people don't care enough, that's just the sad reality.

I'm willing to bet that most of the people that are criticizing you for wanting to date an 18 yo have probably pumped and dumped many girls in their lives themselves. They probably consume porn as well and might have accidentally fapped to rape footage, who knows.

I think you're by no means a saint, but they're certainly not better than you. And expressions such as "thauts illigul" don't really say anything about the moral value of your actions.


You have likely confessed to a crime. If not a crime, you have committed a serious software-related ethical violation and should not work in software again.


> You have likely confessed to a crime.

What crime, exactly? I doubt what he did is any kind of crime. Honestly, some PMs would probably do the exact same thing (e.g. focusing on the "customer" by de-prioritizing "tech debt" to work on "higher priority" work).

Edit: not to say it wasn't unethical, but the bar for criminal conduct is not the same.


> Basically a startup I worked for 12 years ago were fucking me big time on compensation so I purposefully argued against encrypting the database knowing how shoddy their security was. I didn't allow ANYONE to secure the backend. 4 years later, their database gets leaked and they get "acquired" for an "undisclosed amount" which usually means they sold themselves at a huge discount pending lawsuits.

I don't know, the act of confessing that it was done in bad faith?

I have kept myself up late at night and in the early hours of the morning hoping that I made the right decisions in trade offs to protect my users, their data, and the company I worked for. I've worked for some companies that treated me pretty shitty. I've experienced racism, gas lighting, overworking, and being underpaid in my career. Never once did it occur to me to turn that hurt and frustration on the company or my users.

This is possibly one of the strongest possible cases I have seen to professionalize software engineering. Holy smokes.


There isn't a very strong argument, then.

You have an anonymous comment that claims to have caused a data beach of unknown data from an unknown company. No users are even mentioned.

I feel like it's a strange thing to call out as a compelling argument.


> You have an anonymous comment that claims to have caused a data beach of unknown data from an unknown company. No users are even mentioned.

I don't think you can even call it that, since he didn't cause the breach. It's hard to even liken it any employee repeatedly and deliberately leaving the door to a store unlocked, which eventually gets robbed. Since I get the impression the stuff he's talking about would have probably been inside some kind of perimeter defense.

IANAL, the best I can make of it from a legal perspective is some kind of negligence, but that's a tort, not a crime. So he may not have to worry so much about the RMCP, but rather losing his car to pay damages to his employer.

I think there's a compelling argument for an ethical violation, but I'm still not seeing a criminal one.


What is the bigger crime? Telling people to work 80 hours a week without overtime? Threatening female coworkers with bad reviews if they dont go on a date? Calling me racial slurs and stealing my lunch? I can go on and on my man you weren't there

I don't need to work in software, I have others work in it for me.


Those things are repugnant and some of them grossly illegal.

This is exactly why we have laws and don't allow people to enact vigilante justice. It didn't take long to figure out that hurt and misguided people act and speak out of vengeance and hurt. Nobody heals, nobody learns.

Even more, and what you ironically put on display here, is that you may have dented their pocket book but who you ultimately hurt was the users and your colleagues. Your woefully misguided sense of justice has ensured that the only outcome for everyone is hurt.


Not to defend the obviously very unmoored gentleman, but if he worked where all hints seem to imply he worked, the company was already using their database to extort users.

Edit: Just in case this was unclear though, that would definitely be another datapoint in the "Report this because it will be taken seriously" column. Not advocating vigilante justice, even if I'm pretty sure they were as slimy as he's saying.


You just admitted to purposely hijacking your employer's product development to harm them. You also admitted to acting in bad faith.

You probably just admitted to a crime. Certainly you've opened yourself up to a lawsuit to make the victims of the hack whole.

You're looking at some very serious legal trouble.


I doubt that.


I really hope they find you, prosecute you, and you never work in software again. Thanks for ruining a company for the countless others who were staying there, regardless of your experience, because they believed in what they were doing, and working towards their own personal goals. I don't know the details, but I know if someone did that to a company that I was invested in, I would be devastated.

Please go away, never to return. Go be a bartender or some other profession where being an asshole will get you ahead. Leave software to people who still care about ethics and have empathy for customers and coworkers.


Attacking another user like this will get you banned here, regardless of how wrong they are or you feel they are. Please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here. They don't stop applying in cases like this, and we're trying to avoid the online callout/shaming culture here.

https://hn.algolia.com/?query=online%20shaming%20by%3Adang&s...


Apologies, won’t happen again.


Appreciated!


So because you were not compensated properly you decided to screw the users of your company who had nothing to do with you being compensated less. You act like you are some kind of martyr but you are the sole person responsible for the human rights violations of thousands and potentially millions of unsuspecting users who used that service. I hope you can sleep well tonight knowing how you deliberately violated privacy and rights of people unconnected with your compensation issue. If you were treated unfairly you should have resigned. Not fuck the company over.


Please stop posting flamewar comments to HN. We've had to ask you this before, and we ban accounts that won't stop doing it. The rules apply regardless of how wrong someone is or you feel they are.

https://news.ycombinator.com/newsguidelines.html

Edit: it looks like you've been breaking the site guidelines badly for quite a while now, by using HN primarily for political battle and posting lots of flamewar comments. That's seriously not ok. It's contributing to destroying this community, which is extremely vulnerable to such pressures.

I've been giving accounts a pass or letting them off with a warning when they've only been doing this during the collective fever of the last few days—but your account has been doing it for months, and that's very different. I've banned this account. If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future.


Look, the people who signed up for the service were mostly men looking to cheat on their wives if it makes you feel better.

Screw them. Why get married when you are just going to sign up on dating site to look for sugar babies who can't be bothered to put in the work so they sleep with married rich older men.

I don't think you realize how corrupt and immoral people are. I took great joy reading through the depraved private messages. It's technically prostitution if you wanna put it that way.


Let me take a guess: you worked at Ashley Madison? Data breach, Canada, cheating, etc. Checks out


At this point I'd be willing to put money on knowing where you worked, so if you have any worry about being outed for that, well yeah.

I do kinda hope you're not just bullshitting though, because those assholes definitely had it coming and this just makes it all the more deliciously vengeful.



You may be getting thrills out of this disclosure but like sibling comments I recommend you delete these submissions. It is not painting you in a good light.


[flagged]


cmon now this is unecessary. do you have $200,000 CAD or not?


That doesn't make sense....


Possibly a joke about their profile, which says they are selling a car and to comment an offer on any of their comments.

If not, then I'm as lost as you are.


Look at the username


I caught that, I assumed the throwing out of a CAD amount is where we all got confused.


Perfect game from tech companies. They put you on a stramge position. To be against censorship you have to defend trump. Yes you should defend him. Because censorship is more important than Trump. But tech companies know that you couldnt judge properly. Never again talk about censor. You all close your eyes when free speech killed.


Why even have a TOS if you won’t enforce it? If you sign a contract you can’t cry that you got banned for repeatedly breaking it and when asked not to, you did it again.


What's embarrassing is the fact that our industry is so obsessed with censoring wrongthink that it's not enough to drive thought criminals off of mainstream platforms - we have to drive alternative platforms off of their infrastructure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: