illustration of the gettr logo formed up of data

Quardia/Shutterstock (Licensed) Remix by Max Fleishman

Gettr, a so-called alternative to big tech, uses Google and Facebook trackers and has serious security flaws, investigation finds

The researchers say Gettr's claims about privacy and security are 'disingenuous.'

 

Claire Goforth

Tech

Posted on Jan 11, 2022   Updated on Jan 12, 2022, 4:24 pm CST

An investigation into Gettr by the lead researcher at the Privacy Lab at Yale Law School casts serious doubt about privacy and security claims from Jason Miller’s social media platform.

Miller was an adviser to former President Donald Trump. Last summer, he launched Gettr as an alternative to mainstream social media platforms. The site touts itself as a safe, secure place to “break away from Big Tech” for “unfiltered discourse.” Shortly after it launched, security researchers found numerous bugs and vulnerabilities and accounts for high profile accounts were taken over by a hacker.

Talk Liberation Investigates’ findings give the impression that not only is Gettr just as bad about privacy and security as other platforms, in some ways it’s worse. The investigation is authored by Sean O’Brien, who in addition to his work at the Privacy Lab is the chief security officer of upcoming crowdfunded social media platform Panquake.

In a phone conversation with the Daily Dot on Tuesday, O’Brien said that Gettr’s assurances about privacy and security on the platform are “disingenuous.”

O’Brien’s wide-ranging report highlights several findings about the platform. These include embedded trackers from Facebook, Google, and other third parties on its web and smartphone apps; permissions that enable surveilling users’ behaviors and locations that are both used internally and shared with third parties; failure to disclose the full range of data collected and who it’s shared with; a large data trove available utilizing basis technical methods; and ties to Steve Bannon, one of the key figures behind the Cambridge Analytica scandal.

“After a multi-faceted, technical analysis of Gettr, it is evident that the platform is not at all ‘safe from the Silicon Valley Mafia’s tyrannical overreach,’ as they claim,” the investigation states.

Gettr did not respond to request for comment sent via email on Tuesday.

The investigation comes as Gettr is experiencing an influx of new users. Following Twitter’s permanent suspension of Rep. Marjorie Taylor Greene (R-Ga.), both she and Joe Rogan promoted Gettr as a freer alternative.

Rogan’s endorsement is credited with inspiring 1 million people to join Gettr within a matter of days, bringing the total number of subscribers to 4 million.

Given what Gettr claims about itself, those 4 million are justified in expecting Miller’s app to be an alternative to larger platforms that have long been accused of abusing users’ privacy and unscrupulously handling their data. Earlier today, Miller told Fox Business: “This is about taking power away from Silicon Valley oligarchs and decentralizing more, so it’s not just Twitter and Facebook who have all the control.”

That expectation may not mirror reality, however. O’Brien’s investigation leaves the impression that Gettr doesn’t want to take power away from Silicon Valley so much as it wants to share it.

For one, Gettr uses advertising trackers from Facebook, Google, and others. The report notes that these enable “creepy” cross-device tracking that maps out your digital life. So whether you’re watching Euphoria on a smart TV, shopping on your phone, or even going to the bathroom, Gettr—and its trackers—may know and feed you ads and content tailored to these behaviors.

The report says they found “particularly aggressive surveillance by AppsFlyer,” which uses a combination that includes browser fingerprinting and is “utilized to record user behavior, such as clicks.”

The types of data the trackers collect reportedly include “IP address, cell network provider, operating system version, phone model, and both coarse and fine-grained location information.”

Talk Liberation also found that Gettr users a third-party vendor to verify users’ email addresses without disclosing whether and how that the vendor will store and mine the address. The message further travels through a Google email address.

“If emails for new users are being cached with Google and other third parties, privacy is evidently not a priority—let alone avoidance of Big Tech’s gaze,” the report states.

Gettr also asks for 34 permissions, some that raise serious red flags for the privacy-minded. For example, it asks to take photos and video; record audio; read, modify, and delete external storage contents; request installing packages; and track geographical location.

The report says that these have the cumulative effect of giving the app “substantial control” over a device and allowing “ample opportunity for surveillance.”

In addition to what Gettr chooses to do, there are issues with what it chooses not to do that create security issues for both the app and its users.

Gettr connects to a variety of external sites to load content, the report states. They found a variety of resulting security issues, such as loading unencrypted HTTP content, that create a “serious potential for malware injection and subjects users to surveillance by the originating source.”

“Of course, law enforcement and anyone watching the network (say, on a university campus) could also see this unencrypted HTTP traffic and record information about the user,” the investigation says.

Talk Liberation further noted that Gettr was bankrolled by Guo Wengui, a Chinese billionaire who has partnered with Steve Bannon. (Miller denies Guo has any official authority over Gettr.) Bannon was on the board of Cambridge Analytica when it infamously harvested 50 million Facebook users’ data to profile voters ahead of the 2016 election.

Concerns about online privacy and the power of big tech have become pervasive in recent years. Gettr has portrayed itself as an alternative to big tech and its digital eyes that are always watching. This investigation gives the impression that it’s not so much an alternative as another set of eyes.

“People don’t realize the full range of tracking with Gettr…,” O’Brien said. “I think there’s a number of things they need to change architecturally.”

Update 3:29pm CT: Via email, a Gettr spokesperson denied several allegations in the report. The company conceded using trackers, analytics and location data—but insisted that it protects users’ privacy and either uses industry standard or better practices.

“This report gets a lot of things wrong, and a more responsible fact-check on the front-end would have helped the author avoid any unnecessary confusion. Unlike the big tech social media platforms, Gettr does not sell user data, and we are committed to protecting users from big tech’s overreach and political discrimination. On Gettr, everyone is treated the same regardless of ideology. We’re a safe space for free speech, independent thought and very importantly, user data. That’s the difference between us and our Silicon Valley competitors,” Miller, Gettr’s chief executive officer, told the Daily Dot in an emailed statement.


Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Jan 11, 2022, 1:02 pm CST