Profile picture
, 3 tweets, 2 min read
My Authors
Read all threads
Losing access to online accounts can be catastrophic, especially now that we're so dependent on the Internet. Make sure 2-factor authentication is enabled. Use a secure option like an authenticator app. SMS-based 2FA is vulnerable to SIM swap attacks. issms2fasecure.com
Recently, @kvn_l33 @bkaiser93 @jonathanmayer and I studied how easy it is to carry out SIM swap attacks on 5 major US prepaid carriers. We also found 17 websites on which user accounts can be compromised based on a SIM swap alone—no password breach needed. issms2fasecure.com
Nine websites remain insecure despite our responsible disclosure of these authentication vulnerabilities: Amazon, AOL, Finnair, Gaijin, Mailchimp, PayPal, Venmo, Wordpress(.com), and Yahoo. Check your password recovery and 2FA settings! freedom-to-tinker.com/2020/03/25/vul…
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Arvind Narayanan

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @random_walker see all

Profile picture
Arvind Narayanan
@random_walker
In a world where most companies use dark patterns, it’s easy to stand out by doing the right thing. Netflix will remind people who haven't watched in a while and may have forgotten that they subscribed. If they don’t respond, it will automatically cancel. media.netflix.com/en/company-blo…
Meanwhile, here's an innovation from the dark side. news.ycombinator.com/item?id=232798…
Hundreds of companies make it deliberately hard to cancel online subscriptions. It would be a huge public service to make a directory of cancellation procedures and dark patterns.

justdelete.me used to be a great crowd-sourced project but hasn't been updated in years.
Read 3 tweets
Profile picture
Arvind Narayanan
@random_walker
It's the age of dark patterns. In a new paper, we show how they emerged from three decades-long trends, highlight what's new and why it's deeply problematic, and exhort designers to do better.
dl.acm.org/doi/pdf/10.114… by @aruneshmathur, @ineffablicious, Mihir Kshirsagar, and me.
Manipulative sales practices have been around forever. But the online environment is different. In particular, user interfaces that optimize clicks using A/B testing and machine learning may gravitate toward deception even if that's not the designer's intent!
A big part of the answer to "where did dark patterns come from?" is growth hacking. It's a community filled with ingenuity but unfortunately didn't draw clear ethical lines. dl.acm.org/doi/pdf/10.114…
Read 4 tweets
Profile picture
Arvind Narayanan
@random_walker
This is like the unrealistic movie trope we all chuckle at in which a few badasses in their 70s have to come out of retirement to save the world because a long-forgotten horror has resurfaced and they're the only ones who know anything about it.
Turns out New Jersey's system for processing unemployment claims runs on COBOL and has fallen down under the load josephsteinberg.com/covid-19-respo…

Much of the world runs on COBOL and we never hear about it unless something breaks.
All joking aside, this is just a matter of supply and demand. It'll be much easier to find Cobalt programmers if you don't nickel-and-dime them.

(I'll show myself out.)
Read 3 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!