a social media platform and microblogging site founded by Jason Miller, a former Donald Trump aide and launched on July 4, 2021. Miller said Gettr is “for everyone across the political spectrum” to come together and have debates as per the First Amendment. He also stated it was designed to be “cancel-free.” It was officially launched on July 4, 2021. Its user interface and feature set have been described as very similar to those of Twitter.
Gettr is a privately held company. Miller has said the company was financed by a “consortium of international investors” including a foundation tied to Guo Wengui, a Chinese businessman and defector committed to bringing down the CCP and friends with former Trump strategist Steve Bannon. Guo has said he is an adviser to the platform. Media sites tied to Guo have suggested that the platform and its logo were his ideas, though Miller has downplayed the connections. The Daily Beast reported that Gettr was a retooled version of Guo’s Chinese internet app, Getome, created by Guo’s Chainnov, which Miller confirmed.[33] Getome accounts were wiped before relaunching as Gettr. Miller has said that Guo did not invest money directly and has no official authority within Gettr.
According to new research conducted by Yale Law School’s privacy lab founder Sean O’Brien and recently published by Talk Liberation Investigates, Gettr’s web and smartphone apps contain trackers that would allow Facebook and Google to follow users as they roam Gettr’s supposed free-speech utopia.
Gettr’s code includes two trackers which are ubiquitous across the web—a browser cookie that tracks users for Google’s sprawling AdSense network, and the infamous Facebook pixel, a tiny dot embedded in millions of sites across the web that pings Facebook every time it’s loaded. These tools functionally allow Gettr to take advantage of the same kind of omnipresent web-tracking technology its principals and conservatives using the platform have decried. The price of admission is of course sharing that trove of data with Facebook and Google.
In addition to the Facebook and Google trackers, Gettr uses similar tools from third parties like AppsFlyer and Countly, which provide web browser fingerprinting (the creation of unique user identifiers) and behavioral data. Altogether, these trackers are capable of transmitting “fine-grained behavior and location data” on and enable persistent, cross-device tracking of Gettr users, according to the report. AppsFlyer alone is capable of collecting such details as “IP address, cell network provider, operating system version, phone model, and both coarse and fine-grained location information.”
The privacy issues don’t end there, with the report also identifying a number of major security flaws.
“A large amount of JavaScript code is delivered via cloud [content delivery networks] such as Amazon AWS and Cloudflare in addition to embedded content that is directly loaded from around the web,” O’Brien’s report states. “As users browse GETTR, they are connected to literally dozens of domains simultaneously… GETTR utilizes a variety of third-party services for user communication and support. Transparency about GETTR’s relationships with these parties is lacking. They include ZenDesk, Postmark, Mailgun, and SolarWinds Pingdom.”
Furthermore, the report states that Gettr “connects to numerous external domains” to hotlink content such as news articles, blogs, and videos. It notes that standard security practices like adding security headers, referrer headers, and other defaults don’t appear to have been implemented, while GETTR loads a lot of unencrypted or mixed HTTP content. Not only is this a major security risk—content from those third-party domains could theoretically be infected with malware—it also potentially exposes users to “surveillance by the originating source.” It also creates opportunities for police or network admins, such as university or corporate IT departments, to monitor any unencrypted traffic. Given that this is a site that got hacked within hours of opening and the obvious lack of technical expertise among the type of users Gettr is courting, this is a pretty gaping vulnerability.
Despite a massive data leak involving scraped personal data last year, Gettr still allows anyone to access its API without security measures such as a verification key, O’Brien wrote. While Gettr removed email addresses and location data from the API following the leak, according to the report, the lack of verification means it can be “queried by anyone with basic technical skills” to download data like the entirety of a user’s post history or everyone they follow with virtually no restrictions.
O’Brien told the Daily Dot in an interview that Gettr’s pledges to users regarding privacy and security are “disingenuous,” adding: “People don’t realize the full range of tracking with Gettr…. I think there’s a number of things they need to change architecturally.”
Gettr’s privacy policy does admit to use of trackers, specifically acknowledging that it uses Google tools: “We may use Third-Party Services such as Google Analytics to help us analyze our performance and our delivery of Services and advertising to you.”
Miller banned Nick Fuentes from Gettr for allegedly “using GETTR as recruiting for White Nationalists.” Fuentes responded by saying, “…that is not true lol. And I would challenge him to publish all five of my posts on Gettr and explain how any one of them could even remotely be construed as ‘White Nationalist recruitment.’”
As TechDirt noted last month, Gettr not only banned conservative talk show host Nick Fuentes for allegedly violating its terms of service, it went so far as to ban the word “groyper”—an internet meme that has become a colloquialism for Fuentes’s followers—from the site entirely. Gizmodo tested this out and found that attempting to post the term “groyper” returns an error stating “Oops! There was an error submitting your post.” Whatever system is in place doesn’t seem to be working very well, though, as repeated attempts to post the term eventually result in success.
Gettr concedes using trackers, analytics and location data—but insisted (via email to The Daily Dot) that it protects users’ privacy and either uses industry standard or better practices.
This report gets a lot of things wrong, and a more responsible fact-check on the front-end would have helped the author avoid any unnecessary confusion. Unlike the Big Tech social media platforms, GETTR does not sell user data, and we are committed to protecting users from Big Tech’s overreach and political discrimination. On GETTR, everyone is treated the same regardless of ideology. We’re a safe space for free speech, independent thought and very importantly, user data. That’s the difference between us and our Silicon Valley competitors.
Key Findings
- Numerous trackers from Facebook, Google, and other third parties are embedded in GETTR web and smartphone apps.
- App permissions facilitate the surveillance of a wide variety of information about GETTR users, including fine-grained behavior and location data. This data is then used to profile users and shared with third parties.
- “Getome,” a previous version of the GETTR app that targeted Chinese-language audiences, is still published in Google Play and effectively provides a backdoor to GETTR. Users can log in and interact on the GETTR network via the Getome app, bypassing updates on the newer application.
- Content on GETTR such as news is loaded directly from external sources, opening connections between GETTR users to dozens of domains. This introduces serious privacy and security risks. Some of this content is delivered via unencrypted HTTP, further jeopardizing users.
- GETTR’s privacy policies fail to disclose the full extent of GETTR data collection and sharing with third parties.
- GETTR infrastructure is hosted by cloud vendors such as Amazon AWS so is required to comply with Amazon’s idea of what’s allowed, and company email accounts are hosted by Google.
- Utilizing the API of GETTR to gather large amounts of data is trivial. The situation has improved since approx. 90,000 emails were breached in July 2021, but a trove of information is still available via basic technical methods.
“After a multi-faceted, technical analysis of GETTR, it is evident that the platform is not at all ‘safe from the Silicon Valley Mafia’s tyrannical overreach,’ as they claim.”
Gettr is not a safe platform from big tech tracking and the reality is that this social media platform, while doing much to protect political free speech, is beholden to the Big Tech companies like Apple, Google and Amazon. If they do not restrict certain speech like hate speech, as defined by those Silicon Valley companies, they’ll face the same result as Gab by being kicked off of those app stores.
Sources: