Alt-Tech Social Networks: What Investigators and Analysts Need to Know

Alt-tech social networks

Alt-tech social networks once catered to a niche clientele such as privacy advocates, conspiracy theorists, and fringe political groups. Now, seemingly everyone is jumping on board.

Over the past year, tens of millions of people have abandoned mainstream platforms like Facebook and Twitter. In their place, users have shifted to a growing collection of new offerings that promise less content moderation and more privacy features.

That creates new challenges for loss prevention teams. On one hand, more users have turned these alt-tech sites into an invaluable source of threat intelligence. But they can also serve as havens for nefarious groups like cyber criminals, shoplifting rings, and other bad actors.

- Sponsors -

Alt-Tech Social Networks Explained

Alt-tech social networks represent a collection of platforms that have positioned themselves as new offerings to more mainstream sites like Twitter and Facebook. They first emerged in the early 2010s, catering to a hodgepodge of various fringe communities. But these hubs have exploded in popularity over recent years and that has drawn more attention from security experts.

This movement is a direct response to the concentration of power among a handful of tech companies. Facebook, for instance, owns the four most downloaded apps of the past decade—Facebook, Facebook Messenger, WhatsApp, and Instagram. Only a handful of other firms have a sizable chunk of active users. That gives these firms an enormous amount of sway in terms of what messages get shared and promoted online. Thus, founders of many alt-tech websites see themselves as important counterweights to Silicon Valley’s growing control over the web.

The rise of alternative technology also represents a reaction to the debate over what content social networks should host and promote. Big Tech companies have struggled to find a balance between embracing free speech while policing harassment and propaganda. Much of their efforts have involved deplatforming (removing someone from the network), censoring, or shadow banning problematic individuals. But those efforts have sparked a backlash. A growing number of people accuse social media companies of politically motivated enforcement, censoring those with right-of-center or anti-corporate views. And in response, critics have started migrating to alternative online spaces with fewer restrictions.

The result is a constantly shifting ecosystem of sites and apps. New platforms pop up all the time, and established communities can disappear overnight.

Who Uses Alt-Tech Social Networks

The type of people that make up these online communities can vary widely. Some platforms, such as Discord, Mastodon, and Telegram, are ideologically neutral. Topics of conversation range from birdwatching and video games to television and sports. Limited content moderation has attracted large numbers of political extremists, organized retail crime (ORC) groups, and various fringe communities. Other sites cater to explicitly right-wing audiences not welcomed on mainstream networks. This includes forums (8kun formally known as 8Chan), microblogging sites (Parler and Gab), and video streaming services (BitChute).

This creates a challenge for security teams. Previously, analysts only had to watch a handful of Big Tech platforms like Instagram, Reddit, or Twitter. And given these sites command the bulk of online market share, they still represent the most important places to watch for threats. But users continue to migrate to lesser-known corners of the web—the darknet, paste sites, and alternative social networks. And as they do, security teams could miss or overlook serious risks to their organizations.

We often describe it as an intelligence agent eavesdropping on conversations in a coffee shop. If you’re in Starbucks but all of the bad guys are meeting at Dunkin’ Donuts, you probably won’t pick up any useful information.

The riots at the US Capitol provide a good case in point. In the weeks leading up to the incident, individuals and groups published posts openly calling for violence. But because these conversations mostly took place on alternative social networks, notably Parler, the event caught many in the intelligence community off guard.

But the same principle applies to retail loss prevention. Organized criminal groups may have once coordinated their activities on mainstream websites. But today, these groups are far more likely to use alternatives like Raddle.me or Telegram. Security teams that fail to monitor these sites could be caught off guard by a threat that they later discover was published right in plain sight.

The Largest Alt-Tech Social Networks

Analysts could also benefit from exploring alt-tech social networks during investigations. Bad actors don’t conduct online activities in one corner of the web. Like the rest of us, they often have multiple accounts across several sites. An analyst might detect a threat on a mainstream platform. Then the analyst has to follow a trail of clues through various alternative forums and communities. It’s often only through the collection of data across multiple locations, mainstream and alternative, that security teams can develop a full picture of a threat.

the largest alt-tech social networks

The New Dark Web

Telegram ranks as one of the largest and most successful sites in the alt-tech universe. The instant messaging system, which resembles Facebook’s WhatsApp, offers one-on-one
conversations and group chats. Users love the platform for its end-to-end messaging encryption and other security features. And that explains why Telegram once ranked as the communication tool of choice for dissidents in places like Iran, Russia, and Hong Kong.

Those same privacy features, however, also make Telegram the tool of choice for organized crime. Messaging encryption provides near complete anonymity. This has turned the app into a safe place for criminals to conduct online activities, such as recruiting coconspirators or marketing illegal products and services.

Take the Russian Telegram channel Dark Job. On this forum, criminal outfits recruit staff for their operations. Employers color code roles (white, gray, and black) depending on their difficulty or illegality. And anyone who downloads the Telegram app can advertise or apply for positions.

Insider threats represent one of the biggest concerns here. On the Dark Job channel, it’s not uncommon to find criminal groups recruiting company employees or contractors. High advertised salaries could be attractive for any disgruntled workers or employees in dire financial straits. Tasks include leaking confidential data, selling workplace uniforms, or compromising cybersecurity measures. All of which could be useful when carrying out a robbery or other type of attack against a business.

Counterfeiting also runs rampant on Telegram. A simple search will reveal dozens of channels dedicated to selling knockoff products, including electronics, designer handbags, and high-end watches. Criminals have also impersonated the official pages of well-known brands, tricking unsuspecting customers into buying fakes.

This has obvious downsides for impersonated businesses. They miss out on direct sales, for starters. Every dollar counterfeiters earn is a dollar that comes out of the company’s bottom line. Even worse, counterfeit products may deteriorate quickly or fail catastrophically. But because customers may not know they’ve purchased a knockoff, they will likely still blame the supposed manufacturer. Ultimately, that can bite into a company’s brand value.

Looking forward, some cybersecurity experts have even called Telegram the “new Dark Web.” Historically, criminal outfits and terrorist groups have exploited encrypted Tor (The Onion Router) networks to conduct their online activities. Tor software conceals a user’s location by randomly bouncing communications through a network of relays across the globe. Accessing this corner of the internet, however, requires some technical expertise. Individual forums represent vulnerable targets to distributed denial of service attacks, which can take down sites for weeks at a time. And high-profile takedowns of dark web marketplaces, such as AlphaBay and Hansa Market, crippled organized crime groups.

Telegram, however, doesn’t present any of these problems. Bad actors can get started by downloading the app. If a channel gets taken down, they can set up a new group in minutes. And conducting activities on Telegram’s existing infrastructure means criminals don’t have to deal with the many security headaches encountered on the dark web. All these advantages make this app a perfect tool for running illegal businesses.

Shoplifters’ University

Raddle.me ranks as another popular alt-tech social network to take off in recent years. The community split off from Reddit after the subgroup /r/LeftWithSharpEdge repeatedly violated the site’s terms of service. Today, Raddle.me bills itself as a group of “outsiders, malcontents and wayward dreamers,” while promoting an anti-capitalist and anarchist ideology.

For visitors, Raddle.me feels like a simplified version of Reddit. Users organize content in boards around various topics, such as “books,” “AntiWar,” and “EatTheRich.” Members can up- and down-vote content, pushing the most popular links to the top of the site.

It’s tough to put an exact number on the size of this community. Raddle.me doesn’t cater to advertisers or run much in the way of analytic software. But judging by the rapid growth in the number of posts and sub-groups, it appears to be thriving. The site’s administrators have also launched a dark web mirror that allows members to access the community with even more anonymity.

For security analysts, keeping tabs on the site can pay dividends. On the forum /f/Illegalism, for instance, members discuss theft prevention measures at various stores, techniques for concealing stolen goods, and which brands represent the easiest targets. It’s not uncommon to find detailed how-to guides for conducting various scams.

Understanding common phrases used by shoplifters also represents valuable threat intelligence. For instance, an analyst might learn a common nickname for their company’s brand inside a Raddle.me forum. Searching for that same keyword could reveal other theft rings on another social network.

Raddle.me CVS post

How to Monitor Alternative Social Networks

Monitoring alt-tech social networks presents a challenge. In the case of more mainstream platforms, analysts could cobble together a collection of free online tools. Or they could piggyback off the marketing department’s social media listening software by buying an extra license.

Such quick fixes, however, likely won’t carry over to the world of alt-tech. For starters, software developers tend to develop their applications with marketers in mind. Tools tend to cover just the largest, most popular networks. Or applications may only crawl online data sources once every few hours. Those limitations may be irrelevant for sales teams and marketing managers. But they can leave analysts blind as to what’s happening in the lesser known corners of the web.

In such cases, security teams may have to resort to more manual methods. To get started, it’s not a bad idea to set up an account on these platforms. This can give some idea as to the types of people who use them. Most sites also feature keyword search functionality, which can be used to explore these communities. This represents a free, though perhaps cumbersome, method to conduct investigations.

For teams looking to automate this process, new software does exist. In recent years, numerous businesses have popped up to automate the collection and analysis of social media platforms. And more firms have started catering to the needs of security professionals.

These specialized tools have several advantages. For starters, security software providers collect data from a large number of sources, including mainstream and alternative platforms. That reduces the chance of an analyst overlooking a relevant threat. Additionally, security software solutions tend to emphasize short crawl times, refreshing data from sources on a frequent basis. That allows analysts to detect and respond to threats as quickly as possible.

The Future of Alt-Tech (and What It Means for Security Teams)

Historically, deplatforming, network effects, and limited funding have crippled the viability of alternative social networks. But that has started to change.

Online startups have long struggled to keep internet power brokers, like Apple, Google, and Facebook, happy. This gets even tougher for sites with a laissez-faire approach to content moderation or that cater to fringe communities. On many occasions, once popular services, such as Voat, Hatreon, and 8kun, all went dark after payment processors and hosting providers suspended services. After all, most business partners want to avoid attaching their brands to any type of political controversy.

Parler, a Twitter-like social network popular among supporters of former president Donald Trump, presents a recent example of the problems facing these sites. Following the January riots at the US Capitol, Apple and Amazon cut ties to the service. That resulted in Parler going off-line for several weeks.

But even politically neutral sites struggle with the very real economics of running a social network. People want to be on the biggest platforms where their friends hang out. Content creators want to reach the most users. Advertisers want to reach the most eyeballs. For those reasons, it’s tough for upstarts to swipe market share from the incumbent players.

That said, leading figures in the alt-tech movement have started to tackle these issues. Entrepreneurs have launched rivals to mainstream Silicon Valley companies for all sorts of internet services, from site hosting to search engines. Combined with the rapid adoption of bitcoins and other cryptocurrencies, these platforms can ensure they’re never cut off from payment services. And this means critics of the alt-tech movement will have a much harder time deplatforming sites going forward.

One good case in point is the self-described “free speech” app Gab. After hosting posts linked to the Pittsburgh, Pennsylvania, synagogue shooting in 2018, GoDaddy and PayPal cut ties to the social network. That effectively forced Gab offline. Since then, CEO Andrew Torba has worked to separate his platform from the Silicon Valley Big Tech ecosystem. This includes hosting the site on internal servers rather than relying on third parties as well as accepting bitcoins as payment.

Gab even went so far as launching its own web browser called “Dissenter.” The program blocks ads and trackers, protecting the privacy of users from advertisers. Additionally, Dissenter creates a comment section for every URL online. Here, individuals can discuss the contents of a site with other Dissenter users. This amounts to a secret comment section for every web page, completely invisible to users on other browsers.

Gab political cartoon

These efforts mean alternative social networks are becoming less vulnerable to the whims of internet gatekeepers. And near term, critics of a particular site’s ideology will have a tougher time shutting down its services.

Moreover, growing concerns over internet privacy benefit alt-tech sites. Scandals over the treatment of personal data have repeatedly plagued mainstream platforms. Users have also grown more skeptical of corporations auctioning off their private information to the highest bidder. All of which bodes well for upstarts.

Take Mastodon, for instance. In 2016, German founder Eugen Rochko launched the microblogging social network as a response to some of the harassment and censorship problems he saw on Twitter. The service saw a surge of new users in 2018 following privacy concerns raised by the #deletefacebook movement. Today, Mastodon claims to have over two million active users.

Telegram has also benefited from this exodus. In January, Facebook announced it would change the terms of service for its popular instant messaging application WhatsApp. Critics, however, charged that the changes would compromise user privacy. So over the following month, rival Telegram topped 63.5 million downloads, up 283 percent from the same period in 2020.

Longer term, it’s not hard to picture two separate internets running alongside one another. It’s no secret America faces a crisis of political segregation. People increasingly don’t marry, work with, or live alongside others who think differently from themselves.

Now that’s starting to show up in the world of social media, too. As a result, we have started to see the emergence of one set of social networks for people with liberal leanings. And then we have another set of social networks for those with conservative views.

That presents a headache for security professionals. As alternative platforms beef up their infrastructure, they will keep growing their user base. That means these sites will become an even more valuable source of intelligence. And managers or executives who overlook this trend could be kicking themselves later.

About the Author

Neil Spencer
Neil Spencer

Neil Spencer is a market strategist for LifeRaft Inc. He has more than twenty years of security industry experience advising corporate and government clients. His research focuses extensively on the role open online data sources can play in helping businesses safeguard their customers, employees, and facilities. You can read more of Spencer’s insights on the LifeRaft blog at liferaftinc.com/resources.

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.