yan Profile picture
14 Sep, 4 tweets, 2 min read
my friend sophie got fired from her job at Facebook and turned down a $64,000 severance package in order to leak this, so u better read it. buzzfeednews.com/article/craigs…
my biggest takeaway from this article is that FB could be doing a lot more to prevent politically-motivated bot activity, but they choose not to because they don't see any immediate revenue or PR benefit from doing so.
clarification: in order to leak this *internally* at Facebook
FYI Sophie did NOT leak this memo to Buzzfeed. she posted it internally at FB, and then @BuzzFeed published this article without her permission.

I'm disappointed in @BuzzFeed for not respecting their source's wishes on when and how to publish their information.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with yan

yan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bcrypt

9 Apr
why is it not common knowledge that u can make perfect japanese-style croissants from scratch with like 20min of effort?? thx @MimeeXu for enlightening me

(recipe in thread👇)
1/ mix 400g bread flour & 6g salt

microwave 240g milk for 30s
dissolve 8g dry yeast in it
add 50g honey
add 40g softened butter
mix together

mix wet mix into dry mix to form a well-combined dough

cover and rest overnight in fridge
1. form 12 balls of dough
2. roll each dough as shown below, wrapping a piece of butter and pinch of salt at the center of each roll
3. lay rolls on parchment paper and rest for 40min in a slightly warm place (ex: warming drawer of oven, or an oven with the light on)
Read 6 tweets
8 May 19
1/ in this thread i'll summarize some differences between SameSite=Lax (Chrome's new proposed default policy; see mikewest.github.io/cookie-increme… for more technical details) and third party cookie blocking (Brave's default policy unless user turns it off for a site)
2/ SameSite=Lax is more strict than 3p cookie blocking in the sense that it also blocks requests using unsafe HTTP methods. For instance if X contains a form that POSTs to Y, cookies to Y would be blocked by SameSite=Lax but not most 3p cookie block implementations AFAIK
3/ SameSite=Lax is less strict than 3p cookie blocking in the sense that a site can override it with SameSite=None. But unless a site does that, both SameSite=Lax and 3p cookie blocking will block 3rd party cookies on subresource requests.
Read 4 tweets
11 May 18
Signal Desktop just pushed out a fix for a remote XSS vuln: github.com/signalapp/Sign…

a lot of @electronjs devs have the attitude that their app doesn't need sandboxing or keeping up-to-date with Chromium bc "it doesn't execute untrusted code". the problem is that falls apart as soon as you get XSS. github.com/signalapp/Sign…

(at least Signal has sandboxing)
"should i build this as a web app or use Electron?"
the difficulty gap between XSS and full RCE is much smaller in Electron compared to a browser like up-to-date Chrome, so plz make it a web app if u care about good things
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!