Destroying Gab, with words, on a screen, but at least it’s not LiveJournal!
“build it yourself social media back end for blog comments”
Greetings Kids,
It’s been a while since I did a post exposing and pointing out major flaws while laughing hysterically. This might be the worse one yet, especially if the information about Gab’s founder, Andrew Torba, are correct. The reason he got kicked out of the big kid clubs was because he kept doing pump and dump schemes selling everyone’s data afterwards. I don’t know if his new social media platform will be the one project he isn’t going to abandon after raking in all his donations, we can hope this “Free Speech Warrior” will surprise everyone? 
Tigers can change their stripes guys, you just gotta wish and believe really hard? Is Gab running off of a $49 build-it-yourself social media kit an indicator of possible doom? Did Gab stopped doing live notifications for some nefarious reason? Nah! Of course not!
A lot of people heard of this social media platform because of Twitter’s lack of sanity and political censorship, which gets worse every year as stock prices keeping going lower and lower. Gab’s marketing was literally just “Got banned on twitter? Come to Gab! We’re different!”. When I eventually got in, it was a pro-trump utopia, but I never saw anything I’d really say is that bad. It was the biggest self serving hugbox I’ve ever seen and puts any SJWs to shame. You’d get live notifications with a frog croak that sounds like a small animal dying, 300 char posts where you could write something meaningful, but it was lacking a lot of basic features. A major one was private messaging as well as a lack of an API, which becomes apparent why the further I dug into it.
When I first started looking into the back end with my favorite debugging proxy fiddler, I noticed literally everything is written in JavaScript (can I emphasize literally?), and all the interactions between between gab’s server and the browser was all JSON. The biggest issue I saw was the Cross Site Scripting potential of this setup, as gab was actually pinging every single website, then having a client’s browser do direct requests to the website in order to having a fancy display summary images and such. This effectively has the potential to harvest any user’s IP address, and since it’s all in JavaScript, high potential of Cross Site Scripting drive by deanonymizing. After announcing a bit of this in public, some people have in private confirmed this not just likely but they can do Cross Site Scripting attacks on Gab. Say what you want about Twitter, but at least they have CDN caching to prevent leaking their own user’s information. But Gab DOES have a CDN from Microsoft Azure for static assets, so why are they not protecting their user’s information? The conclusion I’ve come to is Gab is made to be as cheap as possible but still somehow work dangling off a cliff. The reason why they have no API is because the API is pusher.
The next surprise was looking at the home page on Gab, and seeing there was some kind of stats collector. I initially overlooked it, but I didn’t realize the significance until I did a second glance. This was some kind of build it yourself social media rapid deployment kit for dummies that handled all the back end work done. I browsed over to the pricing plans they had, did some collection as to current Gab’s usage of approximately 30k posts per day they seem to just fall into the $49 Startup plan at present. I suspect live notifications stopped working for a bit sometimes, because it might be a way to save from having to upgrade to the next paid plan, or it could just be incompetence, it’s honestly hard to tell.
I do know someone is going to say the what if they did the custom solution consultation but pusher is for stuff like live chats and blog comments, not a knock off improved twitter, which is really 300 char blog comments. The amount of money spent doing that kind of consultation is way above making a deal with a single developer (or many) to help build it at a fraction of the price, or in this case a single developer rigging pusher. I think they use pusher as a means to not spend money on proper hosting and a better solution, like GNU Social, which would require a back end with their own servers, or at least Amazon Cloud.
This is a very significant discovery, as it explains the lack of coming out with features that are trivial for even a single developer to do, because there just isn’t any support for their build it yourself social media back end for blog comments. Gab has been doing donation drives and giving people check marks to help support it but there really isn’t much cost to run it as biggest parts of it are cheaply outsourced like pusher. The “beta testing” of uploading images before it becomes available to everyone is likely related to Microsoft Azure’s CDN prices per GB.
I’m not going to claim this is some kind of scam like the rest of Andrew’s projects but if I was doing an exit scam, this is how I’d do it! Low overhead! He’ll get that sweet user data and PayPal logins via password reuse, that is in my opinion!
Disclaimer: !LOL! Hacking is illegal !LOL!
Last Minute Update:
The notorious hacker, known as 4chin, has contacted me to include a list of things you really shouldn’t do on Gab. There is no input validation and issues with authentication so don’t use wget or curl, passing the cookies + UA + appropriate POST data anywhere, that is just naughty. The Grand 4chin also informed me that their data was already being sold by Gab and they have no hashing on their passwords. LOL! This might be in relation to the current PayPal donations and those silly people who reuse their passwords donating (Just a theory). I’m not saying anything but I think those people are going to have a bad time. There goes the neighborhood, oh well, epic sad face emoji that
can’t express
JOIN https://sealion.club/FOR A SAFE SECURE ALTERNATIVE TODAY! I GOT PAID OVER $9,000 DOLLARS TO PUT THIS HERE, SO PLEASE GO THERE, OK?!!>##>@!
I accept legal documents, requests, inquiries, and other related legal stuff I can post and publicly ridicule via email at LOLUMAD @ OCCULTUSTERRA DOT COM. You can optionally rage like a Muppet at 1-860-263-9252.
No comments:
Post a Comment