Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Lea Kissner Profile picture
@LeaKissner
Feb 1, 2022 18 tweets 5 min read Read on X
Scrolly
@patrickgage is starting off his talk about COVID-19 misinformation with literal 🔥
Investigation through public opinion polling
Boy howdy a lot of people heard that misinformation about 5G
... but not the same everywhere in the world
And many fewer people believe... but not few enough
Although the narratives move quickly, once they take hold they're difficult to change. The wrong beliefs stick.
Misinformation is also there -- and sticky -- for vaccine misinformation
Also studied statements which weren't just misinformation, like that vaccines would be safe
Different policies in different countries affect beliefs differently
If you've heard misinformation many times you're way, way more likely to believe it
... this may not be casual: the factors which lead to the choices someone makes which exposes them to misinformation may also influence their fixes
Outcomes
In response to question: There's a ton of demographic spread in people who fall for misinformation. There aren't near categories.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lea Kissner

Lea Kissner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @LeaKissner

Lea Kissner Profile picture
Dec 6, 2022
A rant on tokenization:
Tokenization is replacing particular data with an opaque set of bits, called a “token”.
The token either is encrypted or a mapping stored in a table. Tokens are usually a fixed # of bits (usually 64) for simplicity.

They are also surprisingly dangerous...
I love tokenization for cases like credit card numbers, where a small opaque piece of data is quite sensitive and generally has reasonable usage patterns. But people try to use tokenization without security or scalability.

Don’t do this. Let me explain...
Why use tokens? (If you can make them secure and scalable enough)
* Because you don’t need to worry so much about every single system which touches tokens instead of sensitive data. That's great, because I've already got enough things to worry about.
Read 12 tweets
Lea Kissner Profile picture
Nov 23, 2022
What's a good way to set the edge between a security (or privacy) engineering team and the rest of engineering?

(Was asked this question this morning and thought the way I think about the answer might be helpful to other folks.)

One simple trick: look at your on-call rotations
There are a lot of places where systems are security/privacy-critical. A *lot*. Not all of those should go in the security/privacy team.

I'm Captain Pragmatic, teams should sit where they're productive and happy, but this is where I'd tend to put those teams.
1. The systems where you can't build or run them without doing security/privacy deeply on an ongoing basis. Think authentication, authorization, insider threat detection systems for security. Think central data deletion infra for privacy.

Those should live in sec/priv.
Read 13 tweets
Lea Kissner Profile picture
Nov 16, 2022
A buddy who's interested in end-to-end encryption (E2EE) but hasn't done one of these projects in the very messy place which is the real world happened to ask me this morning about pitfalls which might not be obvious. So here's a partial list in the hopes that it's helpful. 🧵
For context: I have a PhD in cryptography, my thesis is on privacy-preserving cryptographic protocols, and I'm publicly known to have worked on several novel E2EE systems (from Zoom and Google).

So: 1) YMMV because every system is a bit different 2) this is not my first rodeo
1. People lose their keys. Most obvious, always important. Their phones break, they're lost, etc. and all the keys which were on them go away. Also people forget passwords.

People get grumpy when they lose their data. If you can design your product so they're not, it's easier.
Read 14 tweets
Lea Kissner Profile picture
Nov 15, 2022
I want to be right, so I keep looking for how I could be wrong.

I ask my coworkers what worries them, how I'm wrong, what I'm missing. I repeat and repeat that I want the bad news, because I can't help fix problems I don't know exist.
Everyone has their own style, but this really helps me solve problems, fix things, and keep them fixed.

Plus I get fewer surprises. Security and privacy people hate surprises.
I've been getting questions in here so I'm going to start answering 'em in this thread in the hope that the answers are helpful to other people, too. And if you have a different answer, go ahead and post it! Different things work in different situations.

Except being a jerk.
Read 7 tweets
Lea Kissner Profile picture
Aug 18, 2022
Hey folks! If you don’t know me, I’m the CISO of @Twitter – I run the information security, privacy engineering, and IT teams.

We’ve got a bunch of roles open across infosec, privacy eng + legal, and IT. Come help Twitter build great things which respect our users! 🧵
I’d love to have the chance to work with you. We have roles from relatively junior up to Director. Links in this thread; there are likely some more coming.

Managers are tagged in this thread, so you can ask any of us questions or say hi. They're good folks.
All of these jobs are remote-friendly, with a few caveats: (1) your working day needs to overlap heavily with the folks you’re working with (for most roles Americas time zones) (2) we need to be able to legally hire you where you want to work.
Read 23 tweets
Lea Kissner Profile picture
Feb 15, 2022
I mentioned the Bad News Hat at #enigma2022 and promised to tell the story when I had a few minutes.

This is the hat I pull out when I have to tell people something they won't like. I do it because earlier in my career a group of people literally cringed when they saw me. 🧵 A dusty black hat with a spray of colorful feathers stuck in
Back in the day, I worked with a particular team who had what I called "incident season" which came right after... well, as far as I could tell, "bad decision season". They weren't all bad, but under pressure to launch this team launched some things which weren't solid. /2
I had to walk over and tell that team they had an incident which they needed to drop everything and fix so many times that they started literally flinching when they saw me, even if I wasn't coming to tell them anything bad!

This isn't great for a working relationship. /3
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(