Profile picture
, 23 tweets, 12 min read
My Authors
Read all threads
Y'all gotta stop what you are doing rn and catch up on this hot mess disgusting scammy snake oil-y non-blockchain "blockchain" app Voatz.

Yes. A blockchain voting app being touted around for real live elections. What could go wrong?

Join me. 🐰🕳🔥🔥🍆🦠🤥💥⚰😱🦠🍆🌵🍆
Nov 2019 (my date of discovery)

@mattblaze shares that our lovely bureaucracy is sending letters around demanding a security audit of a voting app. Bc, yes, we rely on paper to secure our elections. Oh…wait…😒

Fast forward ⏩ Feb 13, 2020

So while most of us were at ETHDenver, Voatz started getting attention again after a report came out by @mspecter @jimmykoppel @djweitzner from @MIT. (News possibly enhanced by the hot-mess Iowa Caucus 2wks prior.)

Report:
internetpolicy.mit.edu/wp-content/upl…
Feb 13-Feb 15, 2020

A good thread summarizing the news that research and subsequent news coverage:

Feb 13, 2020

Voatz responds with typical scam bullshit, "blah blah I pinky promise we're not a scam!!! 🤥🤥🤥"

blog.voatz.com/?p=1209
Feb 14, 2020

The researchers respond to Voatz response.

internetpolicy.mit.edu/faq-on-the-sec…

(Also, @schneierblog picks it up
schneier.com/blog/archives/…)
Feb 15, 2020

More glaring concerns are shared by @yaelwrites, who, unfortunately, has had experience with Voatz and their secrecy dating back to NOVEMBER 2018!! 😲

Feb 15, 2020

@tarah says 🖕

"For a company that claims to be staffed by cybersecurity experts there appears to be a stunning lack security engineers……it takes 1.5 infosec staff about 23 days to even triage a @Hacker0x01 report"

Full of 💎's:
Fast forward ⏩ March 13, 2020

While we were busy w the crypto markets
…and the stock market
…and Trump being "yo I always knew this was bad! ahh chinavirus! 🤮"
…and MakerDAO was like "ahhUum USDC?"

@trailofbits drops this EPIC 122pg MASTERPIECE💥

github.com/trailofbits/pu…
Yup nope you gotta click this and at least skim it. They worked their asses off. It's the least you can do. I'll wait.

github.com/trailofbits/pu…

github.com/trailofbits/pu…

github.com/trailofbits/pu…

github.com/trailofbits/pu…

github.com/trailofbits/pu…

github.com/trailofbits/pu…
March 13, 2020

@SarahJamieLewis with the fire, per usual:

March 13, 2020

@jackhcable reappears after being shit on back Feb for disclosing that really really glaringly immature terrible stupendously ridiculous bug and being told by Voatz "we pinky-promise we aren't a total scam and yeah also you're wrong. 🤥🤥"

March 13, 2020

More summaries and good takeaways from @trailofbits' report since you are all too lazy to READ THE PDF THEY WORKED SO HARD TO GIVE YOU. 😒

March 13, 2020

Yay @lorenzofb and @jason_koebler and @matthew_d_green bringing more fire.

Aug 6, 2018–March 13, 2020

One of my fave people, @GossiTheDog, shouted back to his AUGUST 2018 thread of more 😱 things about Voatz.



(scroll UP to go back in time, it's amazing 😍)
Okay so WHAT DOES THIS ALL MEAN?

🍆🦠💣🦠🦠👨‍💻💥⚰😱🍆🍆🌵

Basically, well, yup, we're still all completely fucked. Sorry.
K, for real though.

1. Governments fall for scams too.

2. This has never been a legitimate project. Period. Full stop. Period period period.

3. Trust security experts.

4. Red flags are red for a fucking reason. OPEN YOUR DAMN EYES.
4b. The red flags from 2018 should have been enough to destroy this in 2018.

There is NO reason this scam bullshit should be considered legitimate enough for basically all the top security researchers + MIT + @trailofbits to get involved. Period.
4c. This is akin to every expert telling everyone that smoking is bad and the cigarette companies going, "no…are you sure? You're not a real doctor! Let's research some more!"

No, it's worse.

It's like if that happened in 2020 and people bought their bs. 😡
5. Paper is my 👑queen👑 and it should be yours too.

Yes, technology is awesome. Yes, we should invent. No, you should not trust technology when it comes down to our truly valuable, important cores.

Less is more.
6. Elections are a zero-sum game. The winner takes all.

And, you don't have to hack all the votes, you only have to manipulate a relatively tiny amount of votes in key areas.

I highly recommend you read @chrisinsilico's Mindf*ck.
The incentives to manipulate elections are so large it's unfathomable. Understand the game you are a part of. It's happened before and will continue to.

BUT FFS DON'T MAKE IT SO FUCKING EASY.
Lastly, 🙇THANK YOU🙇 to all the security researchers, hackers, writers, tweeters, experts, and everyone out there fighting ALL the good fights. Keep fighting. We need you and we love you.

💖💪💖💪💖💪💖💪💖💪💖💪💖💪💖💪💖
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Taylor Monahan

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @tayvano_ see all

Profile picture
Taylor Monahan
@tayvano_
One of my favorite #ETHDenver projects: frontrun malicious txs being sent from your account.

While dealing with phishers & again after our CryptoKitty rescue mission (link.medium.com/O2jFvLOca4) I wondered if this was possible. Txpool(s) are tricky but, yup, it's possible.
Scaling this service for mass use would be difficult, and is much better suited for large accounts with few transactions: cold storage, treasuries, etc. where you can customize based on end-user or include in a larger enterprise-type security/consulting offering.
For example, I know @Corpetty monitors contracts & asset movements in order to know as soon as possible if something is compromised or funky to quickly mitigate further loss after a bad thing happened.

This tool would also allow for a chance to *prevent* the initial loss.
Read 5 tweets
Profile picture
Taylor Monahan
@tayvano_
You can simultaneously believe that one's actions were morally wrong while also believing the laws regarding those actions should not exist.

You can believe that one's actions were morally right while also believing the laws preventing those actions are necessary and just.
That isn't hypocritical, it's nuanced.

Morality, legality, and the shit that goes down in the real world is hard to unwrap because people are complex, groups of people are complex, and the systems that attempt to coordinate those people are designed to be flexible, not complex.
It sucks that online comm's discourages both nuance & flexibility.

In theory, discussion should increase knowledge -> shape & strengthen opinions, beliefs, values.

In reality, it mostly strengthens one's resolve to defend their stale opinions, beliefs, values.
Read 5 tweets
Profile picture
Taylor Monahan
@tayvano_
Alright here's the short version of the roller coaster.

1. News breaks that Virgil went to North Korea to teach them how to use crypto to launder money + evade sanctions.

2. Docs show that isn't *really* the case. Headlines misleading af.
3. Docs show that he made some other bad choices, like testing the borderlessness of crypto...using the N. & S. Korea border. 😬

These are more likely the foundation of his arrest, not the substance of his conference talk.
4. There's a lot of other fluff but it's not really relevant. He said things on the internet that you wouldn't say (surprise!) and tried to get citizenship outside US (how original.)

Unless you are writing his biography, more interesting is what US govt did.
Read 17 tweets

Related threads

Profile picture
CryptoHieu
@TrungHieuD
🚨 @stratisplatform Global Crypto Network 🚨

Total nodes: 4,681
Total new: 1,204
Total participation countries: 84❗️
New countries: Dominican Republic 🇩🇴 , Sudan 🇸🇩, Kyrgyzstan 🇰🇬

Europe: 3,298
Middle East: 125
Asia: 291
Oceania: 128
N America: 628
L America: 144
Africa: 67
A breakdown of the $STRAT Node version. Note: please run 3.0.4.0 and higher❗️

2.0.0.3 has taken the lead. While a good amount is also running 2.0.0.5.

3.0.5.0 and 3.0.4.0 comes in second and third respectively.

A few are running the bleeding edge with 3.0.6.0 and 3.0.7.0.
No one is catching up to Germany running @stratisplatform nodes!

Every country in Europe has increase node count except Bulgaria, Hungary, Isle of Man, Liechtenstein, Lithuania, Luxembourg, and Slovakia.

I wouldn’t be surprise to see some stable coins on the #blockchain.
Read 11 tweets
Profile picture
johnkun bear family au ⋆
@kittyong
"mr qian, if you don't mind me saying—"

"kun."

johnny looks up from his gogo squeez. mr qian meets his eyes, a small smile playing around his lips. "my name is kun."

"kun." johnny's brain short circuits as it attempts to run through every possible combination of their names.
"uh, kun. if you don't mind me saying, i think you're doing a fine job of making friends. to me, anyways. and... for what it's worth, you're raising some really great kids."

kun sighs. "i hope so."

"are you kidding?!" johnny exclaims. "you're, like, super dad!"
those accursed, perfect eyebrows—johnny's newfound archnemeses—raise. "super dad?"

"yeah!" johnny splutters. "you brought a whole cooler of healthy snacks! you're so put together! your kids have lace-up shoes instead of velcro! you're all i've ever wanted! y'know, to, like, be!"
Read 1049 tweets
Profile picture
SCMP News
@SCMPNews
#LIVE: Protesters are staging at least three more demonstrations today, and tensions are high. Follow our live coverage here: sc.mp/uy5tc #hongkongprotests
#LIVE: Earlier, police, residents and protesters were in a stand-off outside the Sogo department store in Causeway Bay. Officers briefly raise a black flag, which means those gathered must disperse or tear gas will be used sc.mp/uy5tc #hongkongprotests
#LIVE: Festival Walk shopping mall in Kowloon Tong is open as normal, despite a planned boycott this afternoon. There are fewer mainland Chinese shoppers than usual sc.mp/uy5tc #hongkongprotests
Read 85 tweets
Profile picture
Sohail
@Sohaileus
Going to do an article about this at some point, but I just want to confront the whole trope re "Data's more valuable than oil".

Is it or not? I don't know and, honestly, I don't care.

But what a lot of us *should* care about is the fact that it's even a question..
Without meaning to get in to psuedoethics, philosophy and whatever other subjects the argument encompasses, there are a few realities that we have to acknowledge.

First - data is big business. In fact, some of the biggest in the world. Businesses like Facebook are built..
around the ability to be able to capitalise on all the little bits of data we are throwing out.

Second - while organisations like Facebook are predicating on the data we (often unwittingly) allow them to access, it can also be used for a lot of bad - see Cambridge Analytica.
Read 17 tweets
Profile picture
Matthew Willemsen
@mwill_crypto
0/ Strong finish to the week in the #cryptocurrency and #blockchain space. Partnerships, funding, mainnet/testnet launches, interviews; that's just some of it!

Below, a 23-part thread covering the latest from the budding #crypto industry over the past day or so. Enjoy!
1/ 🙋‍♂️#Crypto spot and futures trading platform @ErisX_Digital announced two additions to its board of directors: @EthereumJoseph (CEO & Founder, @ConsenSys; Co-Founder, #Ethereum) and #fintech entrepreneur, Chris Conde!
2/ 📢 @HelloICONworld [ $ICX ] published a write-up detailing their strategy to expand the #ICON public #blockchain ecosystem!

There's plenty planned for 1H19, including the launch of a DEX, DID #smartphone app, and Tokyo-based #dApp launchpad. medium.com/helloiconworld…
Read 24 tweets

Trending hashtags

#cryptocurreny #dunnit #FromTheSouth #Khashoggi #Lightyears #ERC20 #lying #MSers #CollateralDamage #blockchain #Floridaman #liberty #niTROn2019 #LIVE #UK #Kurdos #quarterbacked #Syrian #hackathon #Venezuelan #Germany #American #Decred #fishy #important

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!