Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Troy Hunt Profile picture
@troyhunt
Apr 29, 2020 6 tweets 3 min read Read on X
Had a great panel on #covidsafe tonight with @alecdtucker, @matthewrdev, @GeoffreyHuntley and @kcarruthers. I had a bit of an epiphany on where I believe a lot of the misunderstanding is coming from so bear with me here:
A theme across my intro was that I encouraged people to ask not whether #covidsafe ensured privacy or not, but rather how it *changes* privacy from what it would be without the app. If you test positive, for example, how will privacy differ with or without the app?
The epiphany is that people are frequently associating digitised records directly with the app. They ask questions like “how will data from the app be protected on the server” but never seem to consider that even without the app, your data will still be on a server if positive.
For example: some people were unhappy that #covidsafe stores data on Amazon, but where is data stored if you’re *not* using the app and test positive? Because y’know it’ll go onto a server somewhere, right?
Or they’re worried that uploading data on contacts (something that only happens if tested positive) poses a risk. Do people realise they’ll be queried about their movements and contacts and that their answers will be digitised even with no app?
These are all (quite rightly) valid concerns, my point is that for the most part they’re equally valid with or without the app in its current implementation. You catch this thing and a whole bunch of your personal data is going to end up on a server somewhere. That’s the point.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Troy Hunt

Troy Hunt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @troyhunt

Troy Hunt Profile picture
Jan 31
Alright folks, this is starting to smell like bullshit. Not the alleged breach (which smells bad for reasons I'll explain in a moment), but the "AI" line from both Europcar and the PR agency that just emailed me pitching someone's hot take on it. Here's why:
Firstly on the legitimacy of the data, a bunch of things don't add up. The most obvious one is that the email addresses and usernames bear no resemblance to the corresponding people names. For example: Image
Next, each of those usernames is then the alias of the email address. What are the chances that *every single username* aligns with the email address? Low, very low.
Read 12 tweets
Troy Hunt Profile picture
Oct 30, 2023
We often receive comments to the effect of “we want to purchase a @haveibeenpwned subscription but our company doesn’t allow us to use a credit card”. What is the financial reason behind this?

This is a very small portion compared to those that *do* pay by card, but why is this?
To add to this, having spent 14 years at Pfizer I’d see policies like this all the time. But it’s also not like there was a blanket ban: try going on a business trip and asking the person at the noodle shop you’re having lunch at to raise an invoice on 60 day terms 🤣
This also isn’t about traceability; spend the money, raise an expense claim with receipt, job done. I could understand if the answer was “because an invoice and wire transfer stops people randomly being stuff and puts procurement in control”, but they could still pay with a card.
Read 7 tweets
Troy Hunt Profile picture
Sep 8, 2023
Let me add some more context to the Dymocks breach, starting with giving them a massive pat on the back for responding so quickly. It was less than 48 hours ago between me contacting someone there via LinkedIn and them having sent disclosure emails to customers. Massive kudos!
What's not as clear from the story is the extent to which the data was already circulating before I was able to get in touch with them. Multiple Telegram channels and a popular *clear web* (not dark web) forum were broadly circulating the data.
I also suspect we're about to see a repeat of the question so many people raised after Optus and Medibank: why do they still have my data? About a quarter of the rows are flagged "inactive" with dates as far back as 2005, yet still sit there with address, email, phone etc. Image
Read 4 tweets
Troy Hunt Profile picture
Jun 16, 2023
Crikey Miele 🤦‍♂️ ImageImage
Ah, so that’s why. Up until 10 minutes ago… Image
I can’t setup my dishwasher because I can’t register in the app because the Miele “server” is down 😭 Image
Read 12 tweets
Troy Hunt Profile picture
Jun 8, 2023
Had a weird thing happen with @AzureApiMgmt that caused the public @haveibeenpwned API to start getting laggy, especially around 1 week ago. It went from ~220ms response times 90 days ago to over 1 second up until yesterday. Scaled out an instance and now we're down to ~70ms. Image
This is despite very consistent performance of the underlying @AzureFunctions app. Something started gradually going south at the APIM level and I'm continuing to look at that with the team there. Image
What I'm a bit more interested in now is tackling this graph. This is "gateway errors", namely the reason APIM rejects requests. Exceeding the rate limit is number 1, but invalid subscription keys are massive too, plus there's an obvious hourly spikey pattern. Image
Read 19 tweets
Troy Hunt Profile picture
May 30, 2023
Ok folks, here’s the next edition of “Troy’s IoT Hell” 👿

Recently I had to make a call between buying the older Yale Assure locks sold locally here in Aus or the newer one only sold in the US. This was for 2 locks, one for the front door and one for the front (undercover) gate.
I went with the newer ones from the US as they were smaller, looked a lot neater, support Matter (with a coming add on module) and only took a few days for shipping. They look *great*! ImageImage
However… I knew I wouldn’t be able to pair them with the Yale app in the Aussie App Store. I’m going to come back to this issue later in the thread, for now it was an easy fix with a spare iPhone and US Apple account reddit.com/r/homeautomati…
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(