Gettr, one of MAGA’s Facebook / Twitter clones angry with social media rules against conspiracy theories and prejudices, is a potential way to escape the totalitarian tyranny of high-tech giants such as Facebook and Google. I sold it to a typical user. surprise! There are a million warnings on its pitch, but first and foremost, Gettr doesn’t seem to do that at all.

According to a new study conducted by SeanO Brien, founder of Yale Law School’s Privacy Lab, and recently published by Talk Liberation Investigates, Gettrs’ web and smartphone apps include Gettrs, which Facebook and Google believe to be free speech. Includes a tracker that allows you to follow users walking around. (OBrien is also the Chief Security Officer of Panquake.com, a crowdfunding and blockchain-enabled social network, but hasn’t been launched yet, which means he works for a competitor.)

The Gettrs code contains two trackers that are ubiquitous throughout the weba browser cookie that tracks users of Google’s vast AdSense network, as well as the infamous Facebook pixel. This is a small dot embedded in millions of sites on the web that pings Facebook each time it loads. With these tools, Gettr can take advantage of the same kind of ubiquitous web tracking technology that principals such as former Donald Trump’s aide and CEO Jason Miller have blamed. Admission, of course, is to share that pile of data with Facebook and Google.

In addition to Facebook and Google trackers, Gettr uses similar third-party tools such as AppsFlyer and County to provide web browser fingerprints (creating unique user IDs) and behavioral data. Overall, these trackers send detailed behavior and location data, enabling persistent cross-device tracking for Gettr users. AppsFlyer alone can collect details such as IP address, cell network provider, operating system version, phone model, and both rough and fine location information.

That’s not the only privacy issue. The report also identifies some major security flaws.

A large amount of JavaScript code is delivered via the cloud [content delivery networks] OBriens reports include embedded content that loads directly from the entire web, as well as Amazon AWS and Cloudflare. When a user browses GETTR, they are literally connected to dozens of domains at the same time … GETTR utilizes a variety of third-party services to communicate and support their users. There is a lack of transparency about GETTR’s relationships with these parties. Includes ZenDesk, Postmark, Mailgun and SolarWindsPingdom.

In addition, the report states that Gettr connects to a number of external domains to hotlink content such as news articles, blogs, and videos. While GETTR loads a lot of unencrypted or mixed HTTP content, it doesn’t seem to implement standard security practices such as adding security headers, referrer headers, and other defaults. This not only could theoretically infect the major security risk content from these third-party domains with malware, but it could also expose the user to surveillance by the original source. It also creates opportunities for network administrators such as police, college and corporate IT departments to monitor unencrypted traffic. This is a site that was hacked within hours of opening, and given the apparent lack of technical expertise among the types of users Gettr supports, this is a fairly large vulnerability. is.

Despite a large data breach, including scraped personal data last year, Gettr makes the API accessible to anyone without security measures such as validation keys. Gettr removed the email address and location data from the API after the leak, but according to the report, the lack of validation means that anyone with basic technical skills can follow the entire user’s post history or follow it. This means that you can run queries to download data like everyone else, with virtually no restrictions.

OBrien told Daily Dot in an interview that Gettrs’ pledge to users regarding privacy and security is dishonest, adding:

Gettrs’ privacy policy allows the use of trackers. In particular, I admit that I am using Google tools. We may use third-party services such as Google Analytics to analyze performance, service delivery, and advertising.

Millers’ core suggestion was that Gettr wouldn’t censor users, much like right-wingers blame social networks like Facebook and Twitter. However, while the rules may be looser (and suspicious features to actually enforce them) than competitors, content removal, account bans, and spam removal are the minimum to keep your site available. It’s a limit. As TechDirt pointed out last month, Gettr not only banned white supremacist Nick Fuentes from violating the Terms of Service, but also called the groyperan internet meme, which became a colloquial expression for a few Fuentess followers from the site. I completely banned words. Gizmodo tested this on Tuesday and tried to post the term groyper, Oops! I found that the error is returned. An error occurred while sending the post. However, no matter what system is in place, repeated attempts to post terms will eventually succeed, so it doesn’t seem to work.

The getter did not respond to requests for comment on this story, but please update if you get a reply. Miller sent a statement excerpted from the following to the motherboard.

This report made a lot of mistakes, and more responsible fact checking on the front end helped authors avoid unnecessary confusion. Unlike the Big Tech social media platform, GETTR does not sell user data. We promise to protect you from Big Tech’s overkill and political discrimination. In GETTR, everyone is treated the same, regardless of their idealism. Freedom of speech, independent thinking, and most importantly, a safe place for user data. That’s the difference between us and our Silicon Valley competitors.

These so-called trackers are only used for targeted Facebook and Google ads performed to promote GETTR and are used as part of remarketing activities designed to encourage people to return to the platform. .. This information will not be shared with others. When it comes to data analysis, they are used strictly only for the purpose of internal quality assurance and improving the customer experience.

