On January 6, 2021, a crowd of protesters captured the US Capitol. Several dozen entered the building into places usually closed to the public, including the offices of parliamentarians and the conference hall. Naturally, they immediately started taking selfies, filming videos - and then posting them on social networks. Some even streamed live.
Among the rioters, there were also several users of the Twitter-like social network Parler . This was revealed by the GPS metadata from their videos. The fact is that Parler does not strip this metadata in the standard manner, as other social networks do, to protect people's privacy.
It would seem like how to conduct metadata analysis if the site has been unavailable since Monday, when Amazon refused to serve it . But thanks to the young hacker @donk_enby , we have a 56.71 TB archive with all the data published on the social network.
donk_enby is part of the Archive Team, which deals with archiving different sites. Especially those who are threatened with closure (for example, Reddit constantly bans different communities for alleged hating, as happened with / r / fatpeoplehate, or, for example, all sites on the Google Sites platform will definitely go offline on 1.10.2021). Sites hosting important content are also archived. In Parler's case, this was important because it was here that the US ultra-right nationalists planned their actions. They also used other platforms that are considered an alternative to the mainstream: Gab, MeWe, Zello and Telegram.
The Parler archive has accumulated 1.1 million videos for the entire time. The metadata looks something like this:
An analysis of all files released on January 6 (the day of the mutiny) revealed 618 videos with GPS coordinates in and around the Capitol. It is known that a similar analysis was carried out by the FBI as part of a large-scale campaign to find rioters, at least 20 of whom are already in custody.
The findings give an idea of how Parler users swarm around the Capitol.
The siege on January 6 lasted for about two hours and resulted in the death of five people, including a Capitol police officer who was hit with a fire extinguisher. Graffiti is painted on the walls of the 220-year-old building, windows are broken inside, tables are overturned. Among the videos from the rebels, there is an interesting recording from the office of the Speaker of the House of Representatives Nancy Pelosi with the includeda computer with a security alert message open on its screen.
The exact location of Parler users inside the building is actually difficult to determine. Coordinates in the metadata do not make it clear which floors they are on. In addition, they show a limited distance of approximately 11 meters.
Other points outside the Capitol show the flow of protesters from the National Trade Center.
In an interview with Gizmodo, donk_enby says she began archiving Parler messages on the day of the gathering of protesters outside the Capitol on January 6. When it became clear that Amazon intended to remove the app from its servers, it redoubled its efforts to download absolutely all of Parler's content.
@Donk_enby estimated that it managed to save over 99% of all Parler posts, including 1.1 million videos showing users' locations. Unlike most of its competitors, Parler was unable to implement a mechanism to remove sensitive metadata from video files prior to their publication on the Internet.
Analyzing photos on social media provides a lot of useful information. On Monday, two Capitol police officers were suspended from work : one took a selfie with the rioters, and the other put on a red MAGA cap and guided them through the building.
Deanonymization of a person by his GPS coordinates
In general, when analyzing the GPS metadata of all videos of an individual Parler user for the entire time, if there are enough of them, then you can create a certain profile for a person, up to determining his home address and place of work. Even if this is an anonymous profile, we can only find out a person's name by his GPS coordinates.
It should be borne in mind that GPS records of users can be obtained not only as a result of a bug on the Parler website. Dozens of tracking companies collect these coordinates. For example, the NY Times' Privacy project examined a file with over 50 billion records . Each record in the database is the location of one smartphone. The period is several months in 2016 and 2017.
NY Times reporters obtained this file from a tracking company. It is the largest and most informative dataset ever leaked to the public domain.
Visualization of GPS coordinates from a dataset
We told in the article "How people are tracked using 'anonymized' datasets" that such movement history is collected for literally every mobile phone user. Tracking is performed through any mobile application that has permission to access location information device or if there is no such permission. For example, the Facebook application tracks the location of users, even if it is disabled in the settings . The information is then sold to brokers.
A number of scientific studies have shown that a person's identity is easy to establish from the history of his movements. Scientists have come to the conclusion that it is absolutely impossible to depersonalize a truly accurate and long history of geolocation . It's like fingerprints or human DNA.
At the same time, companies continue to claim that the data is "anonymous" to reassure people about such invasive monitoring. In addition, according to the legislation of the Russian Federation and other countries, no one prohibits private companies from freely collecting and selling location data and other personal information as long as this information is considered anonymous.... Therefore, companies use a loophole to collect and sell massive databases with supposedly anonymous GPS coordinates.
The history of geolocation says a lot about a person, but tracking firms collect a much more detailed dossier for each person, including information from other trackers, including the history of actions on the Internet, pages viewed and searches on a personal computer, laptop, tablet and smartphone; videos, films and programs running on the TV screen and much more.
Most users do not mind the collection of data in mobile applications, because they do not understand the scale of surveillance and are willing to put up with it for the sake of convenience and communication. "The biggest trick that tech companies have ever pulled is convincing the public to watch over themselves," writes the NY Times.