by Jon Hall, Free Market Shooter:
In the vast majority of Joe Biden‘s never-ending stream of screw-ups on the campaign trail, many of his decisions are not yet impacting voters at home. Unless, of course, his mobile application leaks data about hundreds of thousands of Americans via his campaign’s very own “Vote Joe” app.
TRUTH LIVES on at https://sgtreport.tv/
What is the Vote Joe App?
Vote Joe, the Biden-Harris’ attempt to appeal to the youth, is a sleek mobile application (admittedly sleeker than the competition’s) that aims to get people to annoy their friends to vote, politically charge and already-over-politicized nation, and turn ordinary folks into telemarketers, with a leaderboard, points, and a leveling system to boot.
My main development laptop broke, and as COVID restrictions have delayed Apple for weeks, I decided to kill some time by digging into what the application does and the code that powers it.
All debugging and requests made are for my own personal information or information that is already public, and falls squarely inside the bounds of what is allowed by the CFAA (Computer Fraud and Abuse Act). Requesting the data of other users may have you facing charges. Don’t do it.
So what’s the problem?
To begin, there is usually a lengthy process to even attain the code that powers a mobile application. Companies don’t want you seeing it, and neither does Apple. Thanks to jailbreaking, the process of breaking out of the numerous security measures Apple has in place for their mobile devices, most of the buck of making sure applications are secure fall to the developers, or in his case, Joe Biden and his staff.
As we all know, they’re fairly incompetent.
To be fair, the application wasn’t created by Joe Biden and his team directly, but a company based out of Somerville MA called OutVote (https://outvote.io). Outvote is self-described as an application for progressives to canvass, act, and connect to get the politicians they like elected. Joe Biden most likely partnered with this organization to create a new mobile application, but it turns out they lazily tacked-on to their existing application to create “Vote Joe.” The codebase is almost identical except that there are a few Biden-specific edits shoved into the Biden version.
And what happens when developers get lazy and don’t think things through?
You get data leaks.
My curiosity for the app stemmed from the fact you could upload your contact book and get tons of information about each contact entry. For example, each person in my contacts now had a hometown, an age-range, a party affiliation, and a voting history. None of my contacts know I requested this data, never mind giving permission for it. Now, this isn’t specific to the Biden application, voter rolls exist and are (somewhat) public information in some states, but not in all of them.
Many states limit this data to political parties (of which Biden is, of course, a part of) for legitimate campaign uses. What happens when all of this data, regardless of state, is accessible to anyone? Without requesting it from the state?
Some might call that doxxing – Imagine this data getting into the hands of Twitter and TikTok.
So what’s the process of getting this information? Vote Joe asks for a first name, last name, age range, and state. However, if you don’t use the Vote Joe app and instead submit an HTTP request outside of the app, you just need a first and last name, and the state. From that you can get every single person with that name in that state, their hometown, age range, party affiliation, and voter history.
But wait – there’s more!
If you shrugged that one off as “it’s mostly public information anyways,” trust me that was the appetizer, the mozzarella sticks to the chicken parm that’s headed your way.
So I decided to look into my profile. On the page it happened to say “Team Size: 1, Points: 0, Actions: 0” – it’s weird how I never created a “team” but I shrugged It off. The team name was my first and last name, “Catboy Presidente”
The leaderboards has teams too, ranked by points for a truly game-ified democracy. It showed the first 34 teams, with names like “Amy Klobuchar’s Team,” “Muslims for Biden,” “Soul Squad,” and “Women for Biden.”