@anildash @natematias @ruchowdh @cfiesler FWIW, working with folks to build products and systems which are respectful of the lovely diversity of humans which exist is what I do. I've been lucky enough to work with a bunch of deeply ethical, thoughtful, and smart folks with a range of backgrounds and skillsets.
@anildash @natematias @ruchowdh @cfiesler I can talk about a bunch of things that I've done, places where you can see my work and that of folks like me, I can talk about PEPR, a conference for talking about this sort of work, but what I can't really talk about is the many things that never launched because of quiet chats
@anildash @natematias @ruchowdh @cfiesler Fundamentally, people want to build great systems and products. I try to help them understand that to get to greatness, you need to have respect built in -- folks I've worked with often come out feeling like they've built a better product and know how to design better.
@anildash @natematias @ruchowdh @cfiesler There's a lot in there: human-centric threat modeling, treating it as a full-stack problem from humans and the societies they build all the way down to the hardware, math, systems engineering, UX research/design/writing, program management, a deep and abiding curiosity, etc.
@anildash @natematias @ruchowdh @cfiesler I haven't been perfect. I'm not omnicient about either the present or the future, sometimes teams make decisions that I think aren't the best. But I hope I've made a lot of products better, both at the companies I've worked with and through some quiet conversations with others.
@anildash @natematias @ruchowdh @cfiesler I haven't been perfect. I'm not omnicient about either the present or the future, sometimes teams make decisions that I think aren't the best. But I hope I've made a lot of products better, both at the companies I've worked with and through some quiet conversations with others.
@anildash @natematias @ruchowdh @cfiesler ... also by helping make sure that products and features that shouldn't see the light of day didn't. At one point I was told that a some people were scared of me and 🤷 --Apparently I got a reputation for asking questions which made people say "we need to cancel this project"
@anildash @natematias @ruchowdh @cfiesler I don't think I was captured, but I also have a healthy respect for my lack of omnicience and I think to do work in this space you have to be prepared to make messy, hard choices, because there are only rarely clean ones.
@anildash @natematias @ruchowdh @cfiesler Different people have different needs; we build technology to make those choices better, but we continue to have more to learn and to build.
@anildash @natematias @ruchowdh @cfiesler One thing that helps is that, more than anything, I care about truth and respect for the people who are affected by products I help care for.

I have always been willing to quit for ethical reasons. And here's the thing: for companies that care, that is a *feature*.
@anildash @natematias @ruchowdh @cfiesler One thing which can happen (and doesn't help anyone) is that some people get scared of telling their execs that something is not OK and how to make it better. I was too socially clueless to get scared, so that meant that people could trust me to always tell them the truth.
@anildash @natematias @ruchowdh @cfiesler Because what's the worst that would happen? A company which would fire me for telling them to do better is a company I don't want to work for.

(Side note: this is a privileged position. I have never lived paycheck to paycheck.)
@anildash @natematias @ruchowdh @cfiesler So anyway, I do think this is possible. It's not always easy; there are some serious technique-related caveats I don't have room for here. But it's possible and it's even desired by companies.
@anildash @natematias @ruchowdh @cfiesler In the long run, I believe that respectful products win. (If nothing else because the other kind tend not to survive.) Companies want to hire me and folks from my team because they want to build better products and systems. I suppose that's what you'd call a theory of change.
@anildash @natematias @ruchowdh @cfiesler (For context, since I believe we haven't met: among other things, I was the Global Lead of Privacy Tech at Google, came in to help Zoom with their security/privacy/abuse problems. So not entirely my first rodeo. 😉)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lea Kissner

Lea Kissner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @LeaKissner

3 Feb
Last talk of #enigma2021 by Marcus Botacin: "DOES YOUR THREAT MODEL CONSIDER COUNTRY AND CULTURE? A CASE STUDY OF BRAZILIAN INTERNET BANKING SECURITY TO SHOW THAT IT SHOULD!"

usenix.org/conference/eni…
The outcomes I get from my analysis of malware I find in Brazil were quite different than what I saw in analysis of malware from other researchers. Why? Because the malware attacks were different!
The Brazilian banking system:
* let's move banking to computers (80s)to keep up with hyperinflation
* desktop clients for users... and the attackers migrated from physical to fake desktop app attacks -- that would only work in Brazil because that's where the banking was
Read 18 tweets
3 Feb
@gianluca_string is up at #enigma2021 speaking about "COMPUTATIONAL METHODS TO UNDERSTAND AND MITIGATE ONLINE AGGRESSION"

[Make sure to catch the talks when they're posted -- my hands can't keep up with these speakers and the talks are 🔥]

usenix.org/conference/eni…
Content note: this talk is about online abuse as some of the content may be upsetting
Got pulled into this after a screenshot of a class assignment sending folks to post on 4chan to post about race/gender/etc issues got posted on 4chan without the email address... so the 4chan folks thought it was @gianluca_string. It wasn't, but they doxxed and harassed anyway
Read 15 tweets
3 Feb
Kicking off the last session of #enigma2021, @katestarbird is speaking about an extremely pressing topic: "ONLINE RUMORS, MISINFORMATION AND DISINFORMATION: THE PERFECT STORM OF COVID-19 AND ELECTION2020"

usenix.org/conference/eni…
So much mis/dis-information in the last few months about covid: rumours about lockdowns, home remedies... and then conspiracy theories
This ... thing was taken viral by media and social media and spread so much mis/dis-information.
Read 24 tweets
3 Feb
"THE LIMITS OF SANDBOXING AND NEXT STEPS" from Chris Palmer at #enigma2021

usenix.org/conference/eni…
This talk is going to go through the experience pushing the boundaries on sandboxing in the Chrome browser

What is sandboxing?
* breaking something into lower/higher privileged process
* necessary for browers, OSes, VMs etc.
Chromium uses to reduce the amount of privilege of the application: also to reduce the amount of privilege for code that touches websites (renderer)
* split different websites into different processes
* good defense against logic bugs (e.g. same-origin policy)
Read 18 tweets
3 Feb
Next up at #enigma2021, Alex Gaynor from @LazyFishBarrel (satirical security company) will be talking about "QUANTIFYING MEMORY UNSAFETY AND REACTIONS TO IT"

usenix.org/conference/eni…
Look for places where there are a lot of security issues being handled one-off rather than fixing the underlying issue
We tried to fix credential phishing mostly by telling people to be smarter, rather than fixing the root cause: people being able to use phished credential.

2-factor auth just ... fixes the problem.
Read 15 tweets
3 Feb
It's time to talk about @zoom_us security over @zoom_us at #enigma2021 by Merry Ember Mou with the talk "BUILDING E2EE AND USER IDENTITY"

usenix.org/conference/eni…
Zoom's launched end-to-end encryption 5 months after the white paper was published
* prevents eavesdroppers between users who are speaking to each other
* protection against compromised servers
[ here's the E2EE whitepaper from Zoom]

github.com/zoom/zoom-e2e-…
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!