Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
mas.to / Profile picture
@kingslyj
Jun 25, 2022 17 tweets 8 min read Read on X
Scrolly
People highlight genuine issues and are met with silence or blanket denials.

Someone shares a stupid video that goes viral on social media and they respond with a whole page of counter bullshit.
Hey @NPCI_NPCI if this is how your encryption/decryption system works, you are a bunch of incompetent morons.

Banks "lock" data with a "private" key and NPCI decrypts it with corresponding "public" key that only NPCI possesses! #DigitalIndia

WTF is "Hexadecimal Private Key"?
@NPCI_NPCI This statement from NPCI actually says a LOT more in what they left unsaid than the 6 points of bullshit that they hastily put together to put out a statement.
@NPCI_NPCI "built on a 4 party model" in which the owner of the FASTag who is paying money is not considered a party.

It's similar to horse racing, where the jockeys, horse owners, race organisers, bookies and gamblers all make money but horses don't.
@NPCI_NPCI "Several layers of security protocols" but not one word about the security features in the FASTag stickers that have been forced on almost all cars in India.

Because there isn't any?
All security protocols exist to only protect the interests of the 4 parties in the "ecosystem"?
@NPCI_NPCI Text: "an Individual cannot receive money... from fraudulent transactions"

Subtext: Only non-individuals can profit from fraudulent transactions,
(Including secret 5th party "System Integrators")

Remember how @airtelindia siphoned away 100s of crores of lakhs of victims?
@NPCI_NPCI @airtelindia From this Dec 2020, @FinancialXpress report...

According to WheelsEye Technology, one of the largest FASTag providers in India 3% of daily FASTag transactions are "faulty".

financialexpress.com/auto/industry/…
For a mango person using FASTag, both "fraudulent" and "faulty" txns aren't very different both force them to load more money.

Leading to more money parked with the "Issuer banks"! (1 of 4 parties secured by the "ecosystem")
For the first 5+ years of FASTag operation, the 3% "faulty" transactions were locked up for 30 days.

Effectively month long interest free credit.

And even after 5 years @NPCI_NPCI couldn't fix their system to eliminate these "faulty" transactions.
@NPCI_NPCI Since the FASTag system is defective by design and therefore unfixable, the "solution" to "faulty txns" is... Artificial Intelligence!

"The new AI-enabled FASTag management system will now auto-detect wrong transactions and generate refunds within 3-7 days."
@NPCI_NPCI Refunds going down from 30 days to 3-7 days may seem like an improvement, but remember from early 2021, FASTags became mandatory.

The "3% faulty txns" is now worth a lot more and <1 week of interest free credit to the "4 parties" is still worth many crores of rupees and growing.
Back to Captain Subtext and Point #2

At face value is near perfect. IP Firewall + Application Firewall+Hardware Security Module = 💯

Except.. toll plazas are in the middle of nowhere and need to be online 24x7 to make money, they aren't going to tie up with just one ISP/telco.
They'll need spare hardware ready to use in case of hardware failure.

Even if they don't, varying number of toll gates operational at different points of the day.

So at any point there are additional whitelisted IPs and Hardware Security Tokens lying around unused.
Point #3 is the only sensible part of the whole letter but it is a lot of jargon to impress people about what is the absolute bare minimum for any kind of private bank integration.
Point #5 is a free standing statement that doesn't tell us why that is a good thing or even what it is mapped to.

(Is Toll Plaza the entire structure or is each lane considered to be a "Toll Plaza"?)
This is NPCI telling the world that they are collecting and storing location information and can track vehicles on highways and even within cities via FASTag for Parking.

npci.org.in/what-we-do/net…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with mas.to /

mas.to / Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @kingslyj

mas.to / Profile picture
May 11, 2024
What a joke!

All this big talk about moving away from @Microsoft @Azure within a week for this most bullshit-iest of reasons when Ola's workload is primarily on @awscloud .

This thread will show document all the critical resources of @Olacabs that are hosted with @awscloud...
⁃Since LinkedIn is owned by Microsoft and Ola is a big customer of Azure, we’ve decided to move our entire workload out of Azure to our own @Krutrim cloud within the next week. It is a challenge as all developers know, but my team is so charged up about doing this.
@Microsoft @Azure @awscloud @Olacabs This is @Olacabs website www-dot-olacabs-dot-com

DNS with @awscloud Route 53.

CDN with @awscloud Cloudfront ;; QUESTION SECTION: ;www.olacabs.com. IN A ;; ANSWER SECTION: www.olacabs.com. 21 IN CNAME d2km9f2275q5od.cloudfront.net. d2km9f2275q5od.cloudfront.net. 20 IN A 18.155.49.85 d2km9f2275q5od.cloudfront.net. 20 IN A 18.155.49.12 d2km9f2275q5od.cloudfront.net. 20 IN A 18.155.49.50 d2km9f2275q5od.cloudfront.net. 20 IN A 18.155.49.80 ;; AUTHORITY SECTION: d2km9f2275q5od.cloudfront.net. 71273 IN NS ns-1519.awsdns-61.org. d2km9f2275q5od.cloudfront.net. 71273 IN NS ns-1719.awsdns-22.co.uk. d2km9f2275q5od.cloudfront.net. 71273 IN NS ns-325.awsdns-40.com. d2km9f2275q5od.cloudfront.net. 71273 IN NS...
@Microsoft @Azure @awscloud @Olacabs www-dot-olacabs-dot-com redirects to olacabs-dot-com.

Also hosted with @awscloud.

The entire 108.156.0.0/14 IP range is owned by AWS,
;; QUESTION SECTION: ;olacabs.com. IN A ;; ANSWER SECTION: olacabs.com. 1 IN A 108.158.251.101 olacabs.com. 1 IN A 108.158.251.72 olacabs.com. 1 IN A 108.158.251.61 olacabs.com. 1 IN A 108.158.251.88
NetRange: 108.156.0.0 - 108.159.255.255 CIDR: 108.156.0.0/14 NetName: AMAZO-4 NetHandle: NET-108-156-0-0-1 Parent: NET108 (NET-108-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon.com, Inc. (AMAZO-4) RegDate: 2020-12-11 Updated: 2020-12-11 Ref: https://rdap.arin.net/registry/ip/108.156.0.0 OrgName: Amazon.com, Inc. OrgId: AMAZO-4 Address: Amazon Web Services, Inc. Address: P.O. Box 81226 City: Seattle StateProv: WA PostalCode: 98108-1226 Country:...
Read 15 tweets
mas.to / Profile picture
Apr 12, 2024
Ok people! Listen up!

It's been 10 days since I started screaming into the void here and no main stream media outlet has bothered to report anything except parroting @DigiYatraOffice PR talking points.

It's time to kick this whole effort up a notch.

The plan is to build a consumer education website.

A one stop shop for everything DigiYatra.

(Un)Covering all aspects from technical/legal/privacy/investors/contractors etc.

Every little bit of information that can be sourced will be consolidated in one central respository.
This is too much effort for one person to handle.

So it will be a crowd sourced volunteer run project.

If this website is something you believe in would like to help make happen..

Drop a reply with your skills and what you can help with and I'll tag you in the next stages,
Read 4 tweets
mas.to / Profile picture
Apr 2, 2024
Yet another #DigitalIndia #FAIL

The idiots at @DigiYatraOffice didn't realise their package name didn't match their org/domain.

in.dataevolve.digiyatra /


ie. "Official" DigiYatra app was no different from malicious apps pretending to be them. play.google.com/store/apps/det…

Image
@DigiYatraOffice Google doesn't allow you to change your package name.

So they have no choice but to force everyone to install their "new" app to lend their app some semblance of credibility.

/

More like #WeFuckedUp

org.digiyatra.org
play.google.com/store/apps/det…

Image
@DigiYatraOffice And this gets even better...

What is this "Dataevolve" company that built and likely was controlling the "official" @DigiYatraOffice app all these years?

It's an OPC Pvt Ltd aka "One Person Company" not very different from a Sole Proprietorship concern. Image
Read 69 tweets
mas.to / Profile picture
Jan 17, 2024
LATE BREAKING: @UIDAI Director (Authentication and Veririfcation Division) has written to various agencies last month(Dec '23) stating that Aadhaar is not valid proof for Date of Birth. Image
@UIDAI Maharashtra govt dragged UIDAI to court because an accused in a murder case had 2 different Aadhaar cards and claimed to be a juvenile based on the date of birth in one of them.

And UIDAI suddenly gained enlightenment that their @13footwall secured database is "in toto" garbage. It is further stated that in toto the capturing of date of birth is entirely based on information submitted by the resident and hence, burden of proving the date of birth of any person lies with the concerned resident.
@UIDAI @13footwall Literally *EVERYTHING* recorded by @UIDAI is "as claimed by the resident, on the basis of documents submitted by them"

So how can Aadhaar verify someone's IDENTITY and ADDRESS "on the basis of documents submitted by them" but not verify the DATE OF BIRTH from very same docs? Image
Read 5 tweets
mas.to / Profile picture
Sep 21, 2023
Another #SwiggyScam 🧵

Recently noticed that all Swiggy txns were for whole figure amounts, while other card txns still had paisa amounts.

Dug a bit and discovered @Swiggy used charge the exact amount to the paisa once upon a time but have since started salami slicing. Image
@Swiggy And it's not Swiggy just stealing a few extra paisa per order.

Eg.
626.57+35.24+2.00+28.00-52.99+33.09 = 671.91

Instead of adding 9 paisa to round up to the whole rupee, @Swiggy charges Rs.3.09 extra instead.

Absolutely no justification for this. Image
@Swiggy At Swiggy's scale, even 10 paisa per order would add up crores of rupees per year.

And this amount is being tacked on **AFTER** tax.

So how are they accounting for crores of extra income they are literally stealing without providing any service to or even informing customers?
Read 12 tweets
mas.to / Profile picture
Feb 26, 2023
So much WTF from this out of touch dinosaur in just one article...

financialexpress.com/industry/learn…
"India needs culture of honesty, just like China" --NRN

In the coin flip test, the four least honest countries were China, Japan, South Korea and India.

scmp.com/lifestyle/arti…
Translation:

We have too much democracy., and need more authoritarianism and regulatory capture by the likes his infosys co-founder @NandanNilekani who controls all aspects of #DigitalIndia by proxy. despite being the same size as India in the late 1940s, Chin
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(