The far-right platform still hasn’t found a US-based home. Where it lands could have serious consequences for its users’ privacy.
Jan 21, 2021
In the wake of the Capitol riots two weeks ago, a number of large tech companies pulled support for Parler, a Twitter-like social network that Donald Trump’s supporters have increasingly favored since its launch in 2018. Apple and Google removed the Parler app from their digital stores, and Amazon Web Services cut the platform’s hosting services. After more than a week offline, the site is now partially backed up, in the form of a landing page that promises a full return. To get even this far, Parler has hired DDoS-Guard, a Russian digital infrastructure company, to defend it against the endless barrage of attacks that virtually all sites face online—particularly those as controversial as Parler.
DDoS-Guard told WIRED it is only providing defense against denial-of-service attacks, not hosting Parler’s site. But even that level of support requires access to all the traffic that flows through Parler, so that it can “scrub” out malicious traffic aimed at overwhelming the site. Given the Russian government’s active efforts to isolate the country’s internet and gain access to all data, Parler could expose its users to Russian surveillance if the site someday does relaunch in full with DDoS-Guard.
“Now seems like the right time to remind you all—both lovers and haters—why we started this platform,” Parler’s homepage currently proclaims. “We believe privacy is paramount and free speech essential. We will resolve any challenge before us and plan to welcome all of you back soon.”
Parler’s chief operating officer, Jeffrey Wernick, told The New York Times on Tuesday that the social network would prefer US-based providers and is working to find them. The platform registered its domain through Seattle-based Epik. But while Parler has been shunned by the US tech industry’s biggest names, it purports to have more than 12 million users, making the platform too big for most small hosts. So its domestic options are sparse.
By embracing DDoS-Guard, even as a stopgap, Parler joins a growing list of far-right sites like 8kun (formerly 8chan) and the Daily Stormer that US infrastructure companies have knocked offline, only to see companies in countries with limited internet freedom—like DDoS-Guard—enable their reemergence.
“At this time, Parler.com does not violate either our Acceptable Use Policy or the current US law to the best of our knowledge,” DDoS-Guard said in a statement to WIRED. “DDoS-Guard
responsibly keeps customer data without disclosing it to third parties. Moreover, the provider stores only information required for the service and explicitly provided by the customers.”
But Russia has passed laws that compel tech companies to comply with government requests, and it has deployed physical network infrastructure to monitor everything from web user IP addresses and communications to location data. Employing Russian infrastructure services could expose a site’s users to the country’s surveillance schemes, says Alp Toker, director of the nonpartisan connectivity tracking group NetBlocks. Most posts on Parler are meant to be public, but the platform also offered a direct messaging feature and numerous types of “verified” accounts, including red badges for anyone who uploads an image of their government identification card. All of this information, as well as granular user activity data and user IP addresses, would potentially be exposed to the Kremlin if Parler returns with those same features while routing its data through Russian servers.
Regardless of where Parler ultimately lands, it seems likely to find a home somewhere. The internet’s decentralized design helps ensure connectivity, but it also makes it difficult to keep people or platforms from being silenced. Even repressive governments in countries like Iran and China have struggled with the logistics of fully controlling a regional internet.
“It seems an unsolvable dilemma,” Toker says. “If you’re a victim of violent speech, then there is nothing more reasonable than getting it taken down. But on the other hand, pulling down technical infrastructure to limit speech isn’t part of the great internet freedom vision everyone set out with.”
Researchers emphasize that the potential privacy and security risks Parler users may face in the future echo discussions about where the line is for, say, an individual using a Chinese-owned platform like TikTok. But where TikTok’s mainstream popularity has exploded in the US, shunned platforms like Parler that have sought alternative hosting and DDoS protections have largely been bastions of right-wing extremist content. As a result, driving Parler into the arms of Russian infrastructure companies poses particular risks, given the Kremlin’s existing efforts to target the far right in the US and Europe with disinformation. Carte blanche access to additional data on these types of users would be particularly valuable to Russia.
“It makes sense to demand that social media platforms have clearly stated rules and enforce them transparently with due process,” says Evan Greer, deputy director of the digital rights group Fight for the Future. “But when you start pushing for moderation to occur at the infrastructure level, like demanding that Apple and Google ban apps from their app stores or CDNs make content-based decisions, it raises a lot of concerns.”
Parler may not end up contracting with DDoS-Guard long term. But wherever the platform lands will have consequences—for Parler’s own users, for geopolitics, and for other sites that may find themselves in similar situations in the future.