Share this page!

matt blaze Profile picture
Twitter logo
15 Oct, 4 tweets, 1 min read
A new paper by my colleagues and I on the security risks of “client-side scanning” architectures.
Some coverage of our paper here (but, as always, we urge you to read the paper itself). nytimes.com/2021/10/14/bus…
Building in scanning for illicit content on client computing devices, however laudable the goal, is a radical architectural concept, introducing significant security risks. And so far, specific proposals for client scanning, while often novel, have been less than encouraging.
Re-upping because much of the press coverage of our “Bugs in your Pocket” paper fails to include a link to it. cs.columbia.edu/~smb/papers/bu…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with matt blaze

matt blaze Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mattblaze

matt blaze Profile picture
14 Oct
Don’t encode SSNs of people in the HTML of publicly available webpages. And if you do, don’t call the cops if someone notices and (quite responsibly) warns you.
Also, don’t tweet stuff that makes you look like an idiot.
I tweeted this through a multi-step process, by the way.
Read 8 tweets
matt blaze Profile picture
10 Oct
This case reads like a spy novel, and also illustrates the limits of cryptography. He set up encrypted communication and dead drops with a foreign government (even calling the endpoints “alice” and “bob”), but was actually communicating with the FBI.

justice.gov/opa/press-rele…
My guess for COUNTRY1 is France: has subs, independent enough that someone might approach but friendly enough to rebuff the approach and cooperate with the US, not English speaking.
A couple things jumped out at me. As soon as the FBI got the package from COUNTRY1, they clearly took it VERY seriously. Within just a week they had analyzed the SD card and sent an initial response to the Proton account.
Read 9 tweets
matt blaze Profile picture
5 Oct
1. A proper computer science education includes the study of physical security and locks.

2. An angle grinder was absolutely the right thing to do here. Server cages are cheap.
I just hope they wore safety glasses and other appropriate PPE.
Fortunately, angle grinders aren’t yet networked.
Read 4 tweets
matt blaze Profile picture
4 Oct
Imagine if FB owned AWS (or something with a similar footprint) right now.
“The Internet was designed to survive a nuclear war” has always been a myth, but it’s wronger than ever after decades of quiet centralization.
A really bad takeaway from this would be “look how badly FB was engineered”. They no doubt made some (serious) errors, but they’re about as technically good as anyone is at their scale.
Read 6 tweets
matt blaze Profile picture
3 Oct
Spending a lazy sunday afternoon testing faraday bags for phones. (Preliminary results so far: You don’t always get what you pay for, but you never get what you don’t pay for.)
Motivated by the fact that iPhones officially can’t be powered off, which, even if they implement really good privacy protections, will inspire other manufacturers to try similar things, often less carefully.
Some quick preliminary results, testing at 1, 2, 3, 4 , 5 and 6GHz: The expensive (~USD 40-60) phone-size bags from Mission Darkness (sold on Amazon) and EDEC (online store) work reliably well: >60dB attenuation at 1M distance, IF closed properly.
Read 13 tweets
matt blaze Profile picture
1 Oct
I knew this was coming eventually, but it finally happened. I asked a class today, as I periodically do, “how many people here have a landline phone at home” and the answer was zero.
“Plain old telephone service”, used to mean the once ubiquitous 48V,20ma local loop. The kids today think it means a cellphone with no data service.
That Apple origin story about Woz and Jobs financing the company by selling Blue Boxes for making free long distance calls requires a lot more explanation than it once did.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @mattblaze has new unrolls!

Check out other threads from @mattblaze!

Read all threads by @mattblaze

:(