 |
|
an aside about Parler
Posted on: January 22, 2021 at 16:09:12 CT
ashtray UF
Posts:
111045
Member For:
22.63 yrs
Level:
User
M.O.B. Votes:
0
never use the platform
Here is a list of their security failures:
1. No API authentication. Anyone could easily scrape data without logging in or having an account
2. Soft-delete messages and posts, and include them in the public API for everyone to see, and yes, that includes private messages between individuals.
3. Geolocation tags are still present in the media files, showing where the device was located when the media was created.
4. Message and Post IDs are sequential integers instead of using a UUID or GUID, making it trivial to scrape every single message and post via the public API
Sounds like a sample project escalated to production
Here is a list of their security failures:
1. No API authentication. Anyone could easily scrape data without logging in or having an account
2. Soft-delete messages and posts, and include them in the public API for everyone to see, and yes, that includes private messages between individuals.
3. Geolocation tags are still present in the media files, showing where the device was located when the media was created.
4. Message and Post IDs are sequential integers instead of using a UUID or GUID, making it trivial to scrape every single message and post via the public API
Sounds like a sample project escalated to production
Please explain why this message is being reported.
MESSAGE THREAD
- 
an aside about Parler - ashtray UF - 1/22 16:09:12