The difference between now and the last time that abortion was illegal in the United States is that we live in an era of unprecedented digital surveillance.
My favorite piece of gossip about the disabled Icelandic guy that Elon decided to humiliate and fire was that as the CEO of an acquired company, he was on the "do not fire" list because his contract gives him a giant payout if he is fired.
If you think the US needs a TikTok ban and not a comprehensive privacy law regulating data brokers, you don’t care about privacy, you just hate that a Chinese company has built a dominant social media platform.
Starting today, you’ll start seeing additional icons that provide context for accounts on Twitter. In addition to blue and gold checks, you’ll see grey checks for government and multilateral accounts and square affiliation badges for select businesses.
There are a lot of interesting things going on in this thread, but one thing I would like to highlight is that this is a story about how engineers refused to build a privacy-invasive product for advertisers AND IT DID NOT GET BUILT.
With Twitter's change in ownership last week, I'm probably in the clear to talk about the most unethical thing I was asked to build while working at Twitter.
🧵
If you are a woman who has been sexually abused by a hacker who threatened to compromise your devices, contact me and I will make sure they are properly examined.
Former EFFer Peter Eckersley died very suddenly today. If you have ever used Let's Encrypt or Certbot or you enjoy the fact that transport layer encryption on the web is so ubiquitous it's nearly invisible, you have him to thank for it. Raise a glass.
If tech companies don’t want to have their data turned into a dragnet against people seeking abortions and people providing abortion support, they need to stop collecting that data now. Don’t have it for sale. Don’t have it when a subpoena arrives.
Today is a good day to remember that George W. Bush is a monster who led the US into two disastrous wars in the Middle East and not some kindly old man who took up painting in retirement.
Repeat after me: no encryption backdoors. None. Not to stop terrorism. Not to save the children. You can't protect the "golden key." This is going to end badly for everyone. Just stop.
People who believe that today’s Facebook/WhatsApp/Instagram outage couldn’t possibly be a coincidence after Sunday’s 60 Minutes expose on Facebook do not understand that the internet is held together with bubblegum and string.
If you are in the United States and you are using a period tracking app, today is good day to delete it before you create a trove of data that will be used to prosecute you if you ever choose to have an abortion.
Today in cyberpunk dystopia news:
My feed is full of Californians complaining that FaceID doesn’t work with the breath masks they’re wearing to cope with the fires.
Hey software engineers, remember how you were going to resist the coming dystopia? You can do it by refusing to work on this project and shaming any company that cooperates.
Search data matters. Location data matters. Health data matters. Contact lists and friend lists matter. The contents of messages matter and so does the meta-data. If you work in tech, this is what you should be protecting right now.
I cannot overemphasize the chilling effect on journalism that comes from seeing that if you criticize your government, they will spy on you through your phone using surveillance tools you cannot detect or avoid.
Americans: I’m bilingual. I’ve done so much DuoLingo! I can totally recognize most of the stuff on a restaurant menu!
Everyone else: Please excuse my terrible English, it is not at the level of a UN translator for Middle East peace negotiations.
Now is not the time to shrug and say it’s too late and nothing can be done. Now is the time to ask hard questions at work. You hold the world’s data in your hand and you are about to be asked to use it to be Repression’s Little Helper. Don’t.
The year is 2020. Ash has blocked out the sun. My friends are evacuating out of fire zones. Pants are a distant memory. A podcaster asks me over Zoom, “So what’s it like to be a woman in tech?”
When your friends write books, buy them. Read them. Write reviews. Buy copies for other people. The publishing industry is a hellscape and the people who are still trying to create something good in it need you.
I see that people are talking about how people in the tech industry without CS degrees are unserious, untechnical, and inferior.
My degrees are in Political Science and International Relations. Some of the smartest people I know in tech have degrees in Classics and Ceramics.
Just yelled “Encryption of data in transit is not the same as encryption of data at rest!” at a journalist on the car radio before slamming it off.
I am a hit at parties.
Can we all just agree that filling your house with cameras and microphones that can be used remotely is maybe not the best idea for most threat models?
Gov. Mike Parson says a St. Louis Post-Dispatch reporter who viewed the source HTML of a Missouri Department of Education website is now likely to be prosecuted for computer tampering. That sound you hear in the distance is my howl of outrage.
Apple distributed this internal memo this morning, dismissing their critics as "the screeching voices of the minority."
I will never stop screeching about the importance of privacy, security, or civil liberties. And neither should you.
BREAKING: a federal judge has ruled that suspicionless searches of travelers’ cell phones, laptops, and other electronic devices when we cross the U.S. border are unconstitutional.
This is an enormous victory for privacy.
I'm saving my "What about SolarWinds?" for the next time the FBI tries to tell me that backdooring end-to-end encryption will be fine because the US government will protect the keys.
It has come to my attention that at this time last year I may have dared 2018 to “come at me,” and it did.
Dear 2019: I don’t want to cause any trouble. Please put down that broken bottle so we can get along.
Exclusive:
@Huawei
can covertly access mobile networks through back doors meant for law enforcement, U.S. tells allies in bid to show firm poses security threat. My report via
@WSJ
I do not want your encryption backdoors
I do not want them in a box
I do not want them with a fox
I do not want them here or there
I do not want them anywhere
I see there is some discussion about women wearing "inappropriate" clothing in the workplace being distracting to men. I wear the skins of my enemies, and if you find this distracting, step a little closer and you will become a jaunty hat.
I cannot think of a less desirable feature than one that lets people know when I am on Twitter. The cherry on this bad idea sundae would be turning it on for all users by default.
Twitter wouldn't have to worry about the possibility that the attacker read, exfiltrated, or altered DMs right now if they had implemented e2e for DMs like EFF has been asking them to for years.
Facebook hired a consulting firm to review and respond to Facebook Marketplace complaints. They gave those workers "large unfettered" access to Facebook Messenger inboxes. Contract workers used that access to "spy on romantic partners" because of course they did.
BREAKING: Austrian press reporting EU Council of Ministers have an 'almost complete' resolution on the table to ban end to end encryption on apps like
@whatsapp
&
@signalapp
. Waiting on further reporting.
All I want for 2022 is not to have to spend my year helping a journalist fight the state of Missouri prosecuting him for viewing the HTML on a website and telling them he saw a mistake.
You are in an interview. To your left is a person who demands that you answer brain teasers. To your right is a person demanding that you solve coding problems in real time on a whiteboard. How do you get out of this industry?
Seriously. Nothing says "I don't actually care about or understand who you are or what you do" like a moderator on a panel asking me "what's it like to be a woman in tech?" like I'm some sort of magical novelty item.
I know that I say this all the time, but that’s only because it’s what gets me through the times when everything seems to be on fire.
No one is coming to save us. That’s why we have to save each other.
This is shocking. DuckDuckGo has a search deal with Microsoft which prevents them from blocking MS trackers. And they can't talk about it!
This is why privacy products that are beholden to giant corporations can never deliver true privacy; the business model just doesn't work.
I have learned the hard way that if a person asks me for a VPN recommendation, I should start by asking what they think a VPN does and what they plan to use it for, because the answers often puzzle and surprise me.
BREAKING: Apple pauses its plan to do client-side scanning for CSAM.
This is a direct response to the outcry from users and civil society. We're not done, but this is a reminder that collective action moves the needle.
Someone asked me today if I’m hopeful about the future. I am not hopeful. I don’t fight because I think I’m going to win. I fight because a world in which I don’t fight will be worse.
The Russian army in Ukraine has knocked down the 3G towers that it needs for its secure phones to work and are now using insecure comms, which get intercepted. This whole thread is *chef's kiss*.
In the call, you hear the Ukraine-based FSB officer ask his boss if he can talk via the secure Era system. The boss says Era is not working.
Era is a super expensive cryptophone system that
@mod_russia
introduced in 2021 with great fanfare. It guaranteed work "in all conditions"
Of course Elon swiped the
@x
account out from under the person who'd had it previously. There was only one way this was ever going to play out.
Does the owner of the account have any recourse? I'm pretty sure that the answer is NOPE.
I am begging people who run conferences to think about people who wear skirts and dresses when they are making their seating arrangements because I don’t want to have to spend my entire interview desperately hoping that I’m not flashing the audience.
Pour one out for all of the security practitioners who are going to have to patiently explain that using a password manager is still good, actually, to people who have glanced at a headline about the latest LastPass breach.
“A Fitbit in your skull.”
Elon Musk launches
#Neuralink
.. an implantable device for your brain to help fight memory loss, blindness, paralysis, depression, insomnia, seizures, addiction, brain damage.
He says it’s the size of a large coin.
I didn’t realize that so much of being an adult would involve trying to distinguish the pain caused by exercising too much from the pain caused by not exercising enough.
The Facetime bug works in both iOS and MacOS, so now would be a good time to disable Facetime on everything and then pour out a 40 for the Apple security team.
I'm begging people to please do any kind of research into the history of real names proposals before suggesting this idea like no one has ever tried or discussed it.
Hint: it has been tried and did not go well. It has side effects that put vulnerable people in danger.
Why not both? Because just passing a comprehensive privacy law would make a TikTok ban unnecessary and would have the additional benefit of protecting people on all platforms. This is absolutely where people who care about user privacy should be putting their energy right now.
"The problem is that the people who are deciding what constitutes exigent circumstances..are Ring and the police, both of whom don't have a great reputation when it comes to deciding when it's appropriate to acquire a person's data."
I'm not going to link to that
@TechTimes_News
story because they don't deserve the traffic. But I promise that this screenshot will be featured in all of my future talks about stalkerware and domestic abuse.
“Why doesn’t everyone just run their own infrastructure?” is a question that has never once been asked by a person who has had to admin their own mail server.
Is it now? The last 7 years of my life would like to have a word with you...
All the times I brought casework to you as a trained, trusted partner in your own internal processes that you ignored or handwaved would like to have a word with you...
I’m rooting against him.
Signal crafted Instagram ads that showed users what Facebook knew about them. Facebook banned these ads because apparently they would like me to send them a copy of these screenshots every time they tell me how committed they are to transparency.
Oops! Twitter “unintentionally” used the information it got from you to secure your account in order to make money. This kind of behavior undermines people’s willingness to use 2FA and makes them less secure in the long run.
We recently found that some email addresses and phone numbers provided for account security may have been used unintentionally for advertising purposes. This is no longer happening and we wanted to give you more clarity around the situation:
Gangs in the Rio de Janeiro favelas have enforced a lockdown from 8pm tonight. The statement reads: "If the government won't do the right thing, organised crime will"
I choose to believe that Elon is tweeting nonsense because his two remaining engineering managers are coming to work and telling him, "Sir, the site is slow because the bipittybops are only batching 1000 flibs per second." On Monday they will quit.
The contacts list in my phone is not a list of my friends. There are people on that list that I never want to hear from and that I would prefer not to have any information about what I'm doing. I will never want to send an invite to anything to my contacts list.
Amazon, Google, Microsoft are competing for a $300 million ICE contract to build a data mining/analytics tool, RAVEN, that captures everybody: "non-immigrants, immigrants, U.S. citizens, or lawful permanent residents," said an internal document.
When I tell audiences at hacking conferences that“the choices that you make matter,” this is what I’m talking about. You don’t have to take the job. You don’t have to build the machine. And if enough people don’t do it, it won’t get done.
@mcuban
@Twitter
@facebook
This is an extraordinarily bad idea that would put women, victims of domestic abuse, activists, transgender people, whistleblowers, and more in danger.
Normalizing mask-wearing in public space is good, actually. I enjoy catching fewer colds and not being told by random men on the street that I'd look prettier if I smiled.
The anonymous guy in Germany who made a tool to link women in porn to their real names and identities has shut down the project, possibly because it turns out to run afoul of many, many laws.
@evacide
An internal outage has nothing to do with the internet and how it communicates. This was likely a cyberattack and not because the internet is held together with bubblegum and string. Only a twit that doesn’t know anything about technology would say such a thing.
Facebook has been using contact information that users explicitly provided for two-factor authentication—or that users never provided at all—for targeted advertising.
If your reputation is damaged because something terrible you did becomes public, the problem is not the damage to your reputation, it's that you did something terrible.
In middle school, I read the Foundation books and said "Whoa, imagine living at the center of a crumbling Empire and not even knowing it." I think about that moment a lot.
One co-coworker once told another that I was smart, but “it’s a pity, how she presents herself.” That person is gone and I am the Director of Cybersecurity.
Tech Twitter: Tell me about a time someone underestimated or dismissed you and what amazing things you’ve gone on to do since then?
RT for reach if y’all want a bunch of victory stories 😌💖