On January 6, 2021, a crowd of protesters captured the US Capitol. Several dozen entered the building into places usually closed to the public, including the offices of parliamentarians and the conference hall. Naturally, they immediately started taking selfies, filming videos – and then posting them on social networks. Some even streamed live.
Among the rioters were several users of the Twitter-like social network. Parler… it it turned out by GPS metadata from their videos. The fact is that Parler does not strip this metadata in a standard manner, as other social networks do, to protect people’s privacy.
It would seem like how to conduct metadata analysis if the site has been unavailable since Monday, when Amazon refused to serve it. But thanks to the young hacker @donk_enby we have archive for 56.71 TB with all the data published on the social network.
donk_enby is part of the team Archive Team, which deals with archiving different sites. Especially those who are threatened with closure (for example, Reddit constantly bans different communities for alleged hating, as happened with / r / fatpeoplehate, or, for example, all sites on the Google Sites platform will definitely go offline on 1.10.2021). Sites hosting important content are also archived. In Parler’s case, this was important because right here the ultra-right US nationalists were planning their actions. They used other platforms that are considered an alternative to the mainstream: Gab, MeWe, Zello and Telegram.
The Parler archive has accumulated 1.1 million videos for the entire time. The metadata looks something like this:
An analysis of all files released on January 6 (the day of the mutiny) revealed 618 videos with GPS coordinates in and around the Capitol. It is known that a similar analysis was carried out by the FBI as part of a large-scale campaign to find rioters, at least 20 of whom are already in custody.
The findings give an idea of how Parler users swarm around the Capitol.
The siege on January 6 lasted for about two hours and resulted in the death of five people, including a Capitol police officer who was hit with a fire extinguisher. Graffiti is painted on the walls of the 220-year-old building, windows are broken inside, tables are overturned. Among the videos from the rebels is an interesting footage from the office of House Speaker Nancy Pelosi with included a computer with a security alert message open on its screen.
The exact location of Parler users inside the building is actually difficult to determine. Coordinates in the metadata do not make it clear which floors they are on. In addition, they show a limited distance of approximately 11 meters.
Other points outside the Capitol show the flow of protesters from the National Mall.
IN interview with Gizmodo donk_enby says it began archiving Parler messages on January 6, the day the protesters gathered outside the Capitol. When it became clear that Amazon intended to remove the app from its servers, it redoubled its efforts to download absolutely all Parler content.
@Donk_enby estimated that it managed to save over 99% of all Parler posts, including 1.1 million videos with the location of users. Unlike most of its competitors, Parler was unable to implement a mechanism to remove sensitive metadata from video files prior to their publication on the Internet.
Analyzing photos on social media provides a lot of useful information. Monday from work removed two Capitol police officers: one took a selfie with the rioters, and the other donned a red MAGA cap and guided them through the building.
Deanonymization of a person by his GPS coordinates
In general, when analyzing the GPS metadata of all videos of an individual Parler user for the entire time, if there are enough of them, then you can create a certain profile for a person, up to determining his home address and place of work. Even if this is an anonymous profile, we can only find out a person’s name by his GPS coordinates.
It should be borne in mind that GPS records of users can be obtained not only as a result of a bug on the Parler website. Dozens of tracking companies collect these coordinates. For example, within Project Privacy The NY Times newspaper examined a file with over 50 billion entries. Each record in the database is the location of one smartphone. The period is several months in 2016 and 2017.
NY Times reporters obtained this file from a tracking company. It is the largest and most informative dataset ever leaked to the public domain.
Visualization of GPS coordinates from a dataset
We told in the article “How people are tracked using” anonymized “datasets” that such a history of movements is collected literally for every mobile phone user. Tracking is performed through any mobile application that has permission to access information about the location of the device or if there is no such right For example, the Facebook application monitors the location of users, even if it is disabled in the settings… The information is then sold to brokers.
A number of scientific studies have shown that a person’s personality can be easily established from the history of his movements. Scientists have come to the conclusion that a truly accurate and long history of geolocation is absolutely impossible to depersonalize… It’s like fingerprints or human DNA.
At the same time, companies continue to claim the data is “anonymous” to reassure people about such invasive monitoring. In addition, according to the legislation of the Russian Federation and other countries, no one prohibits private companies from freely collecting and selling location data and other personal information as long as this information considered anonymous… Therefore, companies use a loophole to collect and sell massive databases with supposedly anonymous GPS coordinates.
The history of geolocation says a lot about a person, but tracking firms collect a much more detailed dossier for each person, including information from other trackers, including the history of actions on the Internet, pages viewed and searches on a personal computer, laptop, tablet and smartphone; videos, films and programs running on the TV screen and much more.
Most users do not mind the collection of data in mobile applications, because they do not understand the scale of surveillance and are willing to put up with it for the sake of convenience and communication. “The biggest trick that tech companies have ever pulled is convincing the public to watch over themselves,” writes the NY Times.