Share this page!

Cory Doctorow Profile picture
Twitter logo
Apr 26 20 tweets 7 min read
An "Emergency Data Request" (#EDR) is a warrantless demand by a police officer to a tech company, designed for white-hot emergencies when a cop needs an online service to cough up some of its user data to save a life or prevent a tragedy. 1/ A padlocked barn door. The rusty padlock is emblazoned with
Criminals *love* EDRs. Once a crook breaks into a police email server (something so easy that the children running the LAPSUS$ crime-gang did it several times), they can send their own EDRs to online services, who will dutifully dox their own users. 2/
After all, if someone's in mortal danger, there's no time to stop and verify the cop's identity:

pluralistic.net/2022/03/30/law…

Children don't just abuse EDRs, they're also *abused* with EDRs. 3/
Facebook, Apple, Google, Snap, Twitter and Discord have all been tricked with fake EDRs into giving up sensitive information about underage children, according to a @Business report by @WilliamTurton.

bloomberg.com/news/articles/… 4/
These EDRs were wielded by "sextoritionists" - sexual criminals who blackmail their victims into performing sex acts on camera; videos of these sex acts are used as leverage for increasingly extreme extortion demands. 5/
There was a sextortion wave in the 2010s. It turned out that one extremely prolific sextortionist was a US Embassy staffer stationed in London, who ran a sextortion campaign that targeted at least 75 young women over two years:

arstechnica.com/tech-policy/20… 6/
A 19 year old targeted hundreds of girls and women, and was only caught when he tried to extort a former Miss Teen USA, who had connections that put her in touch with the FBI:

arstechnica.com/tech-policy/20… 7/
The men who attacked women in this first wave relied on a piece of malware called a "Remote Access Trojan" (RAT). A 2014 sweep of RAT criminals busted 100 men who had victimized 70,000 women and girls

arstechnica.com/information-te… 8/
But today's sextortionist doesn't need to break into his target's computer. He can just send an email from a hacked police account to an online service and they'll hand him all the information he needs to gain access to his target's most sensitive data. 9/
(Readers interested in learning more about how sextortion works in the real world are encouraged to read @LaurenMcWoof's superb 2020 novel, "Send Pics"):

memex.craphound.com/2020/04/21/sen… 10/
There are 18,000 police agencies in the US, making it impossible to determine whether an EDR comes from a real cop or not (and, of course, between the 18,000 agencies, it's inevitable that some of those cops will make fraudulent EDRs for money or as a favor to a buddy). 11/
What's more, the online services have little or no clue about how their users' data is being accessed and shared. 12/
Amazon had to fire a string of Chief Security Officers until it found a one so underqualified that he wouldn't complain about the company's incredibly reckless data handling. This led to a string of breaches that the company can't fully quantify.

wired.com/story/amazon-f… 13/
Amazon isn't uniquely cavalier about your data. A newly published leaked Facebook memo reveals that the company's privacy engineers have warned their bosses that the company has no way to know how it's used your data:

documentcloud.org/documents/2171… 14/
To quote those engineers: "We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’... 15/
"...And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation." 16/
Reporting for @motherboard, @lorenzofb quotes an internal Facebook source who calls the company's data handling "broadly speaking, a complete shitshow."

vice.com/en/article/akv… 17/
Let's recap: the companies collect as much of your data as they can. They store it forever. They give it to anyone who has a police department email address, without question. And they don't keep track of who they give your data to. 18/
Image:
Paulo Valdivieso
flickr.com/photos/p_valdi…

CC BY-SA 2.0, modified
creativecommons.org/licenses/by-sa… 19/
ETA - If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2022/04/27/im-…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cory Doctorow

Cory Doctorow Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @doctorow

Cory Doctorow Profile picture
Apr 28
Today's Twitter threads (a Twitter thread).

Inside: Renegotiate the web "bargain" by blocking all ads; and more!

Archived at: pluralistic.net/2022/04/28/shu…

#Pluralistic 1/ Image
This morning (4/28), I'm on a streamed panel called "The Power of Utopia," hosted by @theC4AA:

c4aa.org/2022/04/revolu… 2/
Renegotiate the web "bargain" by blocking all ads: The @adafruit ESPHole lets you say "How about 'Nah?'"

3/ Image
Read 19 tweets
Cory Doctorow Profile picture
Apr 28
This is not a headline I expected to read in the @FT: "Buffett’s Berkshire Hathaway needs to be broken up"

ft.com/content/89ca1c… "Berkshire had been do...
This is interesting in light of my thought experiment about a capital gains holiday for companies that voluntarily unwound vertical mergers.
The author is arguing that Buffet is losing a step and likely to keel over soon and when he does, his successor owes it to his investors to unwind a bunch of Buffet's acquisitions because the firm is too unwieldy to effectively manage.
Read 4 tweets
Cory Doctorow Profile picture
Apr 28
allhailthe70shousewife.tumblr.com/post/682752878…

allhailthe70shousewife.tumblr.com/post/682752881…

allhailthe70shousewife.tumblr.com/post/682752894…

allhailthe70shousewife.tumblr.com/post/682752899… ImageImageImageImage
allhailthe70shousewife.tumblr.com/post/682752905…

allhailthe70shousewife.tumblr.com/post/682752916…

thevaultoftheatomicspaceage.tumblr.com/post/682768423…

thevaultoftheatomicspaceage.tumblr.com/post/682774583… ImageImageImageImage
House (1966) built for himself in Curitiba, Brazil, by Jaime Lerner germanpostwarmodern.tumblr.com/post/682756723… Image
Read 19 tweets
Cory Doctorow Profile picture
Apr 27
Back in 2019, I wrote a case-study on ad- and tracker-blocking as part of @EFF's series on #AdversarialInteroperability (AKA #CompetitiveCompatibility or #Comcom).

eff.org/deeplinks/2019… 1/ An Adafruit ESPHole: an ope...
My point was that the ad-tech industry says that it tracks you as part of a bargain: you trade away your privacy and get media in exchange, but that this was a bizarre kind of take-it-or-leave-it form of bargaining. 2/
The ad-tech deal boils down to this: "Just by following a link to this page, you have agreed to, well, *anything* we feel like doing. We can collect your data, sell it, merge it with other data, share it, mine it, exploit it. Forever."

That's not much of a bargain. 3/
Read 18 tweets
Cory Doctorow Profile picture
Apr 27
Today's Twitter threads (a Twitter thread).

Inside: How police backdoors for online services let sextortionists target children; Laura Jean McKay's "The Animals in That Country"; and more!

Archived at: pluralistic.net/2022/04/27/im-…

#Pluralistic 1/ Image: Paulo Valdivieso htt...
Tomorrow (4/28), I'm on a streamed panel called "The Power of Utopia," hosted by @theC4AA:

c4aa.org/2022/04/revolu… 2/
CORRECTION: Yesterday's thread on recycling identified Exxon as the creator of the recycling symbol. They did not create the symbol, but they pressured 40 US state legislatures to mandate its use, though they knew that the plastics that bore it couldn't be recycled. 3/
Read 24 tweets
Cory Doctorow Profile picture
Apr 27
This is good Twitter analysis, by @robinsloan robinsloan.com/lab/lost-threa… (via Kottke):

"Twit­ter has no future, so please, enjoy it only and exactly for what it is — every decline is surfable — and do not dis­re­gard the alter­na­tives to its time­line, when and if they appear."
[Twitter]'s indif­fer­ent to huge swaths of human expe­ri­ence & endeavor. I invite you to imag­ine this omit­ted con­tent as a vast, bustling city. Scratch­ing at your time­line, you are hud­dled in a sin­gle small tav­ern with journalists, nihilists, & the chaotic neutrals.
As a writer, looking for evi­dence of read­er­ship and engage­ment on Twit­ter makes you into the drunk look­ing for your lost keys under the street light.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(