I see that we are talking about "Hypocrite Commits" again and I want to clarify a few things.

Despite what their paper says they didn't get an IRB-exemption until *after* they posted about their IEEESP paper acceptance and a group of researchers (inc myself) expressed concern...
Our complaints were based on the abstract and a screenshot of the first page of the paper. They have since published the whole paper:

raw.githubusercontent.com/QiushiWu/qiush…
They lied to people in order to assess their response, with no system in place for prior informed consent or debriefing.

That any IRB could conclude that it wasn't a deception study on human subjects speaks to the overall ability of many IRBs to reason about internet studies.
I also want to take a moment to point out the original wording of their abstract (in their screenshot IEEESP announcement) v.s. the paper published in that repository.

"successfully introduced multiple exploitable...vulnerabilities"

v.s.

"safely demonstrate it is practical"
Some people who have grown extremely cynical of academia, like myself, might classify the original wording of the abstract (accepted to IEEESP) - as "a lie intended to bolster the impact of the paper"
Quoting myself from a previous thread:

"What if people submit code that has bugs in it, and the maintainers don't catch it!.......

but intentionally"
To be fair to the researchers...the future research section basically writes itself...

Without controversial studies like this we may have never gotten great conclusions like "make contributors agree not to introduced bugs" and "verify everyone's identity which is definitely an effective mitigation against malicious behaviour"
They apparently learned nothing, seemingly conducted another round of experiments with more incorrect patches...

Got caught, and in the resulting fallout they blamed a new static analysis tool, and accused the maintainers of (bordering on) slander...

lore.kernel.org/linux-nfs/YH%2…
> "but they still did demonstrate a flaw"

It was a known flaw, one practically every maintainer is aware of. The solution is safer languages with stronger security semantics coupled with automated testing and analysis tools. Initiatives that many people are actively working on.
Anyway this is the latest in a long line of computer science researchers stumbling into human subject research, disregarding any and all ethical considerations, getting a paper published, and leaving to find a new community fuck around in.

That this behaviour continues to be supported and even encouraged by university departments, institutional review boards and conference program committees demonstrates that this is an institutional problem permeating across academic computer science.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sarah Jamie Lewis

Sarah Jamie Lewis Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SarahJamieLewis

19 Apr
Their right about one thing...we do need a debate reset.

End to end encryption provides some safety, but it doesn't go far enough.

For decades our tools have failed to combat bulk metadata surveillance, it's time to push forward and support radical privacy initiatives.
As an aside, I love the way that the NSPCC tell on themselves in this ridiculous report by contrasting the rights of children with the rights of "LGBTQ+ young people"

Refusing to even acknowledge the intersectionality of their own client base if a great way to provide "balance".
Anyway we do this dance every 6 weeks or so now, and I'm busy building actual privacy tools so I will let past-Sarah explain why all of this is bullshit.

Read 6 tweets
24 Jan
I regret to inform you that the tone in which I tweet about vulnerabilities in my free time has no bearing on how impactful that vulnerability may be to you.
The nice thing about public demonstrations of vulnerabilities is that you can't argue about them until you've fixed them, after that I don't particularly care if you think I should have been nicer about it.
I've been called every name in the book at this point, some not in the book, threatened with lawsuits, prison, one comedian even remarked that I look like I might have been burned at the stake after a disclosure.

Still here. Still doing what I do.
Read 4 tweets
23 Jan
Announcing my resignation from the Zcash ZOMG forum.zcashcommunity.com/t/announcing-m…
I didn't mention sexism in the post because I was afraid it would overshadow my primary point i.e. "Large amount of funding in this space should come with the expectation of responsibility"

But that has happened anyway so ¯\_(ツ)_/¯
Many in the Zcash community think it is a higher evil to notify users about unsafe software than it is to build unsafe software in the first place. Without substantial changes to that culture, I can't see how it has a future that people should trust.
Read 6 tweets
23 Jan
Promising security or privacy is a responsibility you shouldn't take lightly. It's not about your brand; it's not about you.

People will put their lives in your hands, it must always about their ability to consent, manage risk and reduce harm.
The only way to build a robust system is to open it up to the world. To have it be radically transparent from end to end.

It's a responsibility you shouldn't take lightly. It's not fast, or glamorous or easy.
We don't do those things because they are efficient, we do them because they are the right thing to do. To keep us accountable to those who entrust us with parts of their lives.
Read 4 tweets
15 Dec 20
Every time the UK decides to breathe life into its "Online Harms" proposal I feel the need to remind you about Section 28 - a backdoor amendment that was inserted as a legislative compromise a few months after the government realized they couldn't *prosecute* a book publisher.
What originally started as a generalized "public outrage" over a number of sex education books and "protecting children" narrative developed into legislation which effectively censored any acknowledgement of non-cis-heteronormative people or couples in schools or children's media
It's not hard to draw that line today. Until very recently "Extreme Pornography" in the UK included water sports, and by a ridiculous twist of regulation, squirting. Those laws were (and have been in recent history) used to mostly target queer people. Image
Read 6 tweets
5 Nov 20
Oh can I do a thread on Blockchain voting? I have *opinions*!

Let me burn your dreams with whimsical abandon, and then offer you a better future from the ashes...
First, let me zoom all the way out and state that under the right conditions, using a blockchain as part of the voting process isn't an absurd idea - there are actually a few schemes that have some nice properties, and we will get to them...but all those words are important.
Let me take you all the way back to 2018, when I bright eyed technocratic clusterfuck of a project called Voatz was awarded a contract to pilot "blockchain" voting for overseas military.

Read 43 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!