Share this page!

Maybe Scrolly?
Lea Kissner Profile picture
Twitter logo
Feb 2 6 tweets 3 min read
Taint flow analysis to ensure data isn't going anywhere it shouldn't, like leaking location in Instagram at #Enigma2022 from Graham Bleaney
... and bug bounty to try to find out about data abuse, like an abuse bounty, including scraping
Also suggests obfuscating passwords in transit...

Personal note: I'll point out that tokenization is great for this but NOT MANY OTHER THINGS ask me another time why this doesn't solve as many problems as most people hope
There are "bypass the protections" APIs. How to keep developers from using them?
Try scary function/variable names!

Personal note: I have totally done this is works better than it should 😂

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lea Kissner

Lea Kissner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @LeaKissner

Lea Kissner Profile picture
Feb 2
Bob has clearly not understood the problem.

@senykam at #Enigma2022 ImageImage
"using marginalized groups as branding is a way to seem sincere" Image
Bob should work with people who actually understand the problem. Image
Read 18 tweets
Lea Kissner Profile picture
Feb 1
Dr. Gus Andrews is up next at #enigma2022

It's all just information. They have different teams.
People try fact checking and AI/ML. A lot

But assumes facts and trust are at the center
How to get people on "team science"?

Concept of fact comes from 17th century
Read 22 tweets
Lea Kissner Profile picture
Feb 1
@patrickgage is starting off his talk about COVID-19 misinformation with literal 🔥
Investigation through public opinion polling
Read 18 tweets
Lea Kissner Profile picture
Feb 1
@C_C_Krebs is kicking off #enigma2022 with a look back at the excitement which was the 2020 presidential election. Chris Krebs speaking at #enigma2022
I can't live tweet because I busted my wrist and I'm one-handed but talk is already great.
So I can't manage the alt text here but @ram_ssk is live tweeting for real 😁
Read 6 tweets
Lea Kissner Profile picture
Jul 9, 2021
Non-cryptographers should be scared of crypto libraries. I'm not happy with that state (not every company has a friendly local cryptographer! or even an unfriendly one!), but that's sadly the state of things.

A story about my friend @yonatanzunger messing up, then suggestions.🧵
Yonatan went off to work for @humuinc several years ago (though he's at @Twitter now) and, being a small startup at the time, there were unsurprisingly zero cryptographers.

So one day I get a message from him asking what crypto library he should use, to which I replied "WHY???"
The reason I replied with serious "oh no" in my heart was that people screw up using crypto libraries all the time. So I wanted to know what he wanted to do with said library.

And what he wanted to do was encrypt some data and put it in a cookie so users couldn't mess with it.
Read 14 tweets
Lea Kissner Profile picture
Jun 29, 2021
I realized today that I had never talked publicly about something really important about the design of access control systems: design their semantics to be reverse-indexable.

This is a much spicier take than it sounds like, but there's a good reason. 🧵 [1/]
Right now, access control systems are built so you can show up and say "I want access to object X", the system looks up the access control rules for object X, and then figures out whether you should have access. [2/]
With the exception of a few corner cases, the semantics of access-control system you build should be able to be turned upside down. For this you want a reverse index (which wikipedia calls an "inverted index").

en.wikipedia.org/wiki/Inverted_… [3/]
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Like this author's thread?

Get emails when @LeaKissner has new unrolls!

Check out other threads from @LeaKissner!

Read all threads by @LeaKissner

:(