This may not be a popular opinion in the cyber industry, but is a worthwhile piece to read. Many of us in Cyber forget that security, after all, is a means to an end, not an end in of itself.
Thanks so much for this "reality check" piece because mainstream media (and opportunistic politicians) seem to have chosen their side already on this matter, for reasons you have listed at the beginning of the article.
Why should Twitter be secure in the first place? Unlike email, it's not a platform where sensitive data tends to live. Unlike facebook, it's no one's lifeline or confession booth. It's a pseudonymous public square with a DM system hastily tacked on top. The idea that all these services should be beholden to the same security priorities is a strange one. As the old Soviet joke goes, "you've seen all the red flags you needed when you crossed the border".
Which is not to say there aren't some rather interesting questions about Twitter's security decisions, such as "how comes the name 'Ellen Page' triggers instant bans but no one does the simplest things to stop crypto scammers from impersonating VIPs?".
There are a number of important security issues beyond just DMs. Mudge brings them up in his testimony.
For example, Twitter knows the IP address that you used when tweeting. They also know some information that you gave them when registering the account, such as a phone number. Based upon this information, they can track you back, find where you live, and what locations you've been visiting while tweeting. Evil governments can use such information to crack down on dissidents who tweet.
Thus, there are concerns here. But there's still the question whether Twitter is morally obliged to solve them, or morally obliged to be transparent about them, such as telling people "foreign spies regularly get access to our data to find dissidents so be careful what you tweet".
The point of this piece isn't that Twitter doesn't have problems, but that "executives" and "activists" make different assumptions about what the problem is and how to address it.
You're right -- nontrivial security issues come into play in border cases or around repressive governments. Still, twitter plays in a different ballpark from google or facebook, who likely have some compromising info on any serious user. A better comparison would be reddit (although even reddit is riskier, given how some people use it) or livejournal (has anyone ever audited them?).
This may not be a popular opinion in the cyber industry, but is a worthwhile piece to read. Many of us in Cyber forget that security, after all, is a means to an end, not an end in of itself.
Thanks so much for this "reality check" piece because mainstream media (and opportunistic politicians) seem to have chosen their side already on this matter, for reasons you have listed at the beginning of the article.
Why should Twitter be secure in the first place? Unlike email, it's not a platform where sensitive data tends to live. Unlike facebook, it's no one's lifeline or confession booth. It's a pseudonymous public square with a DM system hastily tacked on top. The idea that all these services should be beholden to the same security priorities is a strange one. As the old Soviet joke goes, "you've seen all the red flags you needed when you crossed the border".
Which is not to say there aren't some rather interesting questions about Twitter's security decisions, such as "how comes the name 'Ellen Page' triggers instant bans but no one does the simplest things to stop crypto scammers from impersonating VIPs?".
There are a number of important security issues beyond just DMs. Mudge brings them up in his testimony.
For example, Twitter knows the IP address that you used when tweeting. They also know some information that you gave them when registering the account, such as a phone number. Based upon this information, they can track you back, find where you live, and what locations you've been visiting while tweeting. Evil governments can use such information to crack down on dissidents who tweet.
Thus, there are concerns here. But there's still the question whether Twitter is morally obliged to solve them, or morally obliged to be transparent about them, such as telling people "foreign spies regularly get access to our data to find dissidents so be careful what you tweet".
The point of this piece isn't that Twitter doesn't have problems, but that "executives" and "activists" make different assumptions about what the problem is and how to address it.
You're right -- nontrivial security issues come into play in border cases or around repressive governments. Still, twitter plays in a different ballpark from google or facebook, who likely have some compromising info on any serious user. A better comparison would be reddit (although even reddit is riskier, given how some people use it) or livejournal (has anyone ever audited them?).