Avid Halaby Profile picture
same handle on protonmail | בעל תשובה | gulf coast Straussian | Pahlavi legitimist | nuclear family enjoyer with @airportgrinch

Dec 12, 2022, 17 tweets

The stuff uncovered in the Twitter whistleblower report is much crazier than anything in the "Twitter files" but it's much less politically/tribally salient so it got no attention. Going to do a thread on some of the craziest things, in no particular order.

Twitter didn't monitor employee computers at all, it was not uncommon for employees to install spyware on work devices

Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to production systems.

In 2020, Twitter had security incidents serious enough they had to be reported to the federal government on an almost weekly basis. Meanwhile, Parag Agarwal was lying about how secure Twitter was.

On 1/6, Mudge (the whistleblower) wanted to take action to prevent potential sabotage by a rogue employee. He learned it was not possible for Twitter to secure its production environment.

Mudge realized that a data center failure could potentially cause the permanent loss of all of Twitter's data. He shared this fact with senior leadership, who instructed him not to put it in writing for the Board.

A few months later, that exact eventuality almost came true, and only herculean effort by Twitter engineers prevented "permanent, irreparable failure."

Twitter had no software development lifecycle, and misled both the FTC and its Board about this fact for a decade.

Mudge informed Agrawal that there were thousands of failed login attempts to Twitter's engineering system every day. Agrawal did nothing.

Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn't comply with regulators.

"Every new employee has access to data they do not need to have access to."

Twitter is probably still vulnerable to Log4j to this day, lol.

Twitter does not have licenses for the machine learning models it uses in its most basic products.

Twitter knowingly allowed itself to be infiltrated by, or otherwise a tool of, many governments.

After Agrawal became CEO, he wanted to present materially misleading information to the Board, overriding Mudge's objections. Other employees raised similar objections. Ultimately it seems the material was shared anyway, and Mudge described the presentation to the Board as fraud.

Internal review after the meeting confirmed this assessment. Mudge began working on a report to correct the record with the Board. As his report neared completion, he was fired.

That's all I have the energy for tonight, I highly recommend reading the full report. PDF here: s3.documentcloud.org/documents/2218…

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling