Mediaboss Marketing

Despite assisting investigators in the wake of a historic attack on democracy, online platforms need to do more to keep their user data private even if it means going bust. The subsequent security failure by conservative social-networking site Parler is a lesson for other social platforms, even the good ones.

Events in the US have unfolded over the past two weeks like a boxing match between democracy in one corner and a grumpy skinhead in the other.

First, the latter the chin of democracy with a heavy blow. Rioters who entered the Capitol Hill Building, the country's Congress, committed a direct offence at one the most sacred political sites of American democracy that momentarily paralysed the nation.

But then democracy recovered. It rose to its knees and used what it's bestat, the power of the people. Within hours of the incident thousands of concerned citizens, open-source journalist and hobby online investigators gathered onlineacross social media networks - including your humble correspondent - andanalysed video-frame by video-frame every image of footage fromthe scene.

Leading perpetrators (see example of one Tweet above), were quickly located. This is becausethese individualsleft sufficient portions of online breadcrumbs - essentially traces openly accessible for those who know where to look - all over the web. Investigators used data fromonline posts, public authority records and other open-source intelligence sources.

This left their profile accessible and data that made tracing possible. Here at E&T, we covered variousfacial and images recognition tools and code that endow investigators and citizen journalists with great powers. They directly helped in the information gatheringfor the Capitol Hill incident and helped to inform federal and state investigators.

But we also need a few critical words on how these intrusive open-sourcetechniques impede privacy and thereforecan be viewed critically in the eyes of advocates.

Inthe example of the riotsit confirmed both. Itallowedinvestigators for instance to find the man who brought to Capitol Hill police-type temporary restraints, as Citizen Lab researcher John Scott-Railton wrote. If the trespassers had the chance, thesecouldhave been used to take members of Congress hostage. So there was a real need and opportunity to do good.

I chatted to people online and collected the set of essential tools used in what might have been the biggest ever collaborative online investigation. Most effective were online tools likeMicrosofts facial image comparisonanalyser. It allows to compare faces in uploaded images with others found across the web. It provides you with a score indicating how closely subjects' faces align.

Open source face verification online tool by Microsoft Azure that assisted in the manhunt for individuals involved in the Capitol Hill storming

Image credit: Microsoft, E&T

Other tools such as Yandex image search,PimEyes, TinEye, Berify, Pixsy, Face-rec.org, FindFace or Image Raider, all enabled users to gather intelligence to locate equipment, identitiesor even where the culprits shopped for their neo-Nazi clothes. All this eventuallyhelped to build a public case against the intruders.

Then democracy struck another blow at the sullen guy in the corner. Amazon decided to suspend its webhosting service to social media platform Parler. Parler is popular among right-wing extremist groups, and members involved in the Capitol Hill incident used it to coordinate their actions and share footage.

Amazon gave Parler a short-lived ultimatum. When it went dark, geolocation datafrom videos turned up. Every time a Parler user took a video, metadataincludingthe location, time and the Parler IDwererecorded.

This information leaked when the Parler data was initially scraped by @donk_enby on Twitter. This process is kind of like hitting next page then save over and over.The hacker shared links to the data she scraped, but not the data itself.

The links point to millions of public posts, images, and videos.The hacker also shared video metadata which included GPS locations and other information that cameras save in videos, like the phone model, but not data generated by the website, like usernames, other sources have told me.

That allowed developer Kyle McDonald and others, like me, to take the geolocation data from videos and plot it on a map. McDonald says it shows that Parler users were everywhere, not restricted to specific places the way that some popular narratives suggest. We can see the progression of videos taken around and even inside the Capitol Hill building.

Timeline graphic for video uploads by Parler users and their geo-location on January 6

Image credit: Google Earth, Parler data, E&T

The data is evidence for a clear movement from the White House to the Capitol on January 6, including many videos that were shot inside the Capitol.

Image credit: Google Earth; Parler

GPS locations can be accurate down to a few metres, McDonaldexplains. We can see dots and relevant Parler IDs taken videos inside the building (see image above). Although this helps to expose the people behind the Parler IDs, there is a darker side to these leaks that we should worry about.

[Such leaked metadata] have a history of being abused by police and other people interested in spying like stalkers, McDonald says.

"Parler was incredibly irresponsible in not scrubbing this metadata. They scrubbed metadata from images, which indicates that they were aware of this problem but too incompetent to fix it for videos". It's not the first GPS leak. It may not be the last. Other developers and privacy advocated told me that they are worried.

What happened if Facebook goes bust tomorrow [and leaks data in a similar fashion]? one privacy advocate and developer from London told pointed out to me.

McDonald says by now providers should know that they "should always scrub GPS metadata, making any attempt to locate users futile. But users should also have legal protections against this kind of abuse, he adds.

With the Parler geolocation video data now in the open, people started to look in their own neighbourhoods, some possibly for right-wing extremists. Who would blame them?

Of course, it warrants pointing out that not everyone on Parler is a member of an aggressive far-right extremist terrorist group. White supremacy and groups affiliated to it were recorded, that much is true, but many Twitter commentators also said that it would be a mistake to throw all Parler users in one pot.

Nonetheless,it's positive to see that theclosing of Parler struck a direct blow against far-right British groups that are banned from Twitter, Youtube and Facebook.

"People are taking a look in their own neighbourhoods, and remembering that we have a lot of work to do if we want to build strong communities that are resilient against the kinds of conspiracies and extremism that led to the attack on the Capitol,McDonald adds. Recently, hehelped to build a browser app called Facework that uses AI and uses peoples' facial expressions.

Will the fight between Democracy and privacy go into another round? You bet it will. For now, the Capitol Hill incident has led to support of federal investigators, the finding of the perpetrators andnow toDonald Trumps second impeachment.

He might not ever take public office again. So, despite this roundbeingwon by democracy, those who bet on privacy might have lost their money.

Most recent reports confirmed informationthat appZellowas alsoinvolved in the orchestration of the Capitol Hill incident. Weshouldhope that the social media walkie-talkie app, critics say has largely ignored a growing far-right user base,picked up a lesson or twofrom the Parler fiasco.

Pressure on the British biomasslobby is increasing. An investigation now also published byThe Guardian,forwhich E&T worked witha team ofinternational journalists,went through apainstaking process of fact-checking by the paper's lawyers before publication, I amtold.

Our effortsand scrutiny paid off. The piece made waves. Environmental advocate Greta Thunberg tweetedthe report and proclaimed itto be an "essential read on how 'bioenergy' is accelerating the climate crisis in the time span we have at hand."

E&T covered the same findings in Decemberandreceived pressure from several companies and industry groups. But the findings are watertight: healthy roundwood - trees that could be used to capture carbon emissions -is stillcutand used to make biomass pelletsfor the benefit of the UK's 'renewable energy transformation'.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Read more:
US events are prompting a showdown between democracy and online privacy - E&T Magazine