Share this page!

Matthew Green Profile picture
Twitter logo
2 Dec, 6 tweets, 1 min read
I think it’s funny how little computer security people know about the Dapp ecosystem. It’s like they’re living in the hotel from The Shining and they have no idea what’s going down in Room 237.
Crypto/security people: we can’t *possibly* run a secure messaging app over the web because everything’s too insecure!

Dapp folks: let’s secure $100m using Javascript served by Cloudflare.
In case you don’t know what I’m on about. coindesk.com/business/2021/…
Also, if you’ve never done this: mention MetaMask in a tweet and watch the bots that show up.
Honestly I wish Google had this level of customer support.
I’m thinking about changing my Twitter display name to “MetaMask Instant Support Team”. I’ll probably get suspended from Twitter, but I’ll be rich?

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

Matthew Green Profile picture
1 Dec
Oof. I would say that NSS gives me the willies but all these crypto libraries give me the willies. googleprojectzero.blogspot.com/2021/12/this-s…
Oh god oh god. Image
Where am I going to store my post-quantum RSA keys in this data structure? Has anyone even thought about this?
Read 4 tweets
Matthew Green Profile picture
30 Nov
This picture should be presented to everyone who activates iCloud Backup.
“Our end-to-end encrypted system is only really encrypted if you don’t touch our janky unencrypted backup service that we practically beg you to use.”
Maybe if Apple implements some really good automated scanning in iMessage, the government might allow me to encrypt my backups.
Read 14 tweets
Matthew Green Profile picture
25 Nov
I still don’t understand why “let’s make system RNGs fast and insecure in case someone wants to run a Monte Carlo simulation” was ever considered to be anything other than the dumbest of all possible thoughts.
Apparently there is this huge population of language/OS users running Monte Carlo simulations and THEIR LIVES WILL BE UTTERLY RUINED if those simulations run slow.
I mean if I’m doing statistical simulations and the built-in system PRNG is slow, what’s the impact? I guess I’ll have to spend the 10 minutes copy/pasting the Mersenne Twister off Wikipedia. Seems pretty non-devastating.
Read 4 tweets
Matthew Green Profile picture
12 Nov
I headed over to the Home view to see why tech Twitter has gotten so much lamer, and it’s all people speculating on when Bitcoin will hit 100K.
So henceforth this account will just speculate on the Bitcoin price.
I’ve been using Latest Tweets for a couple months now and switching back to Home is like going home to find your parents have turned your bedroom into a Taco Bell. ImageImage
Read 6 tweets
Matthew Green Profile picture
5 Nov
Many governments realize they’ve “lost” their chance to ban end-to-end encrypted messaging, but they also realize it doesn’t matter because unencrypted backups are much more useful.
So predictably the vanguard of the conversation has shifted away from E2EE (which is in many places a done deal) to device backups — which are still not widely E2EE encrypted.
I personally think that governments want to preserve unencrypted backups because it provides investigative capability. (Ie. they can subpoena Apple to get your texts.) And CSAM fear is just a tool that politicians are using to preserve this capability. But 🤷‍♂️.
Read 5 tweets
Matthew Green Profile picture
2 Nov
Good thread about the recent Unicode attacks and some previous work that predates it. I agree that citations could be improved. But I want to push back a little. 1/
What was interesting to me about the recent Unicode/Trojan attacks (link below) isn’t that Unicode contains some exploitable fluffery. *Of course* it does. Unicode is terrible. 2/ trojansource.codes
What was surprising to me is how many compilers, source management tools and IDEs were vulnerable to the attacks. I expected this from pomo languages like, say, Golang or Swift. But even compilers for ancient languages like C/C++ were happy to eat Unicode and not complain. 3/
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @matthew_d_green has new unrolls!

Check out other threads from @matthew_d_green!

Read all threads by @matthew_d_green

:(