Share this page!

Maybe Scrolly?
Zach Edwards Profile picture
Twitter logo
Aug 24 15 tweets 7 min read
I've gone through mudge's redacted whistleblower complaint and there are some really spicy sections that relate to ad tech + privacy + foreign intelligence... brief thread of what I think is most interesting (link to documents in tweet below)🌶️🐦🌩️⚖️🧵
First up... folks have known for awhile that tons of Chinese advertisers were/are buying Twitter ads... But no one had pieced it together that those Chinese advertisers would be using ***Twitter Custom Audiences to doxx VPN users who verified with real contact info...** 🚨🥵🥵🚨 "Twitter executives opted to allow Twitter to become mo
"Twitter executives opted to allow Twitter to become more dependent upon revenue coming from Chinese entities even though the Twitter service is blocked in China...."

It seems clear that Twitter is becoming "more dependent" on China.. via.. Twitter advertising. Uhh @congress ?? "Twitter executives opted to allow Twitter to become mo
"After Chinese entities paid money to Twitter, there were concerns within Twitter that the information the Chinese entities could receive would allow them to identify and learn sensitive information about Chinese users who successfully circumvented the block..."

View Through DOX "Twitter executives opted to allow Twitter to become moCustom Audience options are dangerous when used to check if me reading this section
I would show this in a native twitter ads interface but I'm banned from twitter ads for unknown / probably doing weird stuff reasons. But Twitter's Custom audiences can be built with *emails* (historically phone numbers too) + MobileIDs == DOX risks

business.twitter.com/en/help/campai… Options to build list custom audiences on twitter
If the Chinese entities had specific lists of people to dox, and had their protonmail emails or androidIDs, they could load those up into twitter ads campaigns w/ custom audiences filled w/ bad data, so that you "accidently" only target 1 person or a small group. == DOXX city
And what Mudge is describing is a common Doxxing scenario -- if you let someone spin up countless custom audience segments, upload countless variations of the same data, don't police them doing weird ass shit with their campaigns, and don't care who pays those bills? DOXX CITY
"...the Chinese entities could receive would allow them to identify and learn sensitive information about Chinese users who successfully circumvented the block,🚨 and other users around the world🚨."

**the Chinese entities uploaded Custom Ad Lists w/ non-Chinese data** 👀🥵🌩️ "Twitter executives opted to allow Twitter to become mo
Do you understand what it means if Twitter isn't policing Chinese entities who run content ad farms from uploading custom audiences with data from people all over the world? And if Twitter lets them run ads with that data? Doxx city Doxx Doxx city 🥵🥵🥵
Twitter apparently used their cookies for "all purposes" (security cookies used for advertising) ++ once told by the French CNIL to change this, they kept it on purposefully for another month "in order to extract maximum profit from French users before rolling out the fix." 😅🫥 Details from mudge in footnote 52 "In December 2021, th
"Twitter employees were repeatedly found to be intentionally installing spyware on their work computers at the request of external organizations. Twitter learned of this several times only by accident, or because of employee self-reporting." 👀📴📴

Which external orgs???? 🧐🧐 Footnote 54 "Twitter did not actively monitor..."
Interesting process to redact an external audit so that you can't be held accountable to the findings:

"Twitter counsel explicitly told Mudge that this was intended to hide the findings and prevent them from becoming known internally or externally" Footnote 61 "Anomalous Handling of Report on Platform I
"Twitter maintains a list of hateful terms and slurs that cannot be used for ad targeting. But Mudge learned that the list was not "stemming" properly, meaning that even minor variations on slurs were able to be used for targeting for an unknown period..."

uhh who used those??🥶 Footnote 63 "Failed "stemming" for hateful ad
"...The Indian government forced Twitter to hire specific individual(s) who were government agents... it was believed by the executive team that the Indian government had succeeded in placing agents on the company payroll..."

So Indian spies at Twitter, huh? neat.🙄🥵 Section on government interference "The indian governme
Ending this thread w/ :

"Shortly before Mudge was ___ terminated, Twitter received specific information from a U.S. government source that one or more particular company employees were working on behalf of another particular foreign intelligence agency."

g'night, goodluck!🌩️⚖️ "Shortly before Mudge was ___ terminated, Twitter recei

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Zach Edwards

Zach Edwards Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thezedwards

Zach Edwards Profile picture
Aug 5
Reminder: @WhiteHouse has done nearly nothing to hold Yandex accountable for their Putin War propaganda via Yandex News, no comment about the massive Yandex Appmetrica SDK data collection straight to Moscow.

But leaders within women's hockey (PWHPA) fought back against Yandex🧵
ICYMI in April 2022 the PWHPA decided to *not* move forward w/ a partnership w/ the PHF due to the connections to Yandex Chair John Boynton, "It’s believed Boynton will be an issue when it comes to attracting major sponsors moving forward." 🧐🌩️⚖️👏🏻👏🏻👏🏻

thehockeynews.com/news/report-pw…
And the vote from PWHPA (Women's pro hockey) in April 2022 to stop all discussions with PHF due to the PHF connections by-proxy to Putin allies, was *unanimous* -- one organization stood up effectively to Yandex here in the U.S....

But @whitehouse ??
Read 7 tweets
Zach Edwards Profile picture
Jul 31
Google's "automatic ads" w/ the new "Anchor / Vignette Ads" = full-screen between-page-loading interstitial @ support.google.com/adsense/answer… @ "Auto ads will then scan your site and automatically place ads where they’re likely to perform well and potentially generate more revenue."👀 Auto ads offer a simple and...
This is going to be a complex product to audit how it performs / users are impacted, and while I'm a big fan of "easy deployments" - I can only imagine what would happen if this process for "auto ads will then scan your site and automatically place ads" went a little wrong.😅🥵
Being a technical auditor requires you to constantly receive partial information and then back into what could have happened during a client experience -- and oftentimes information about a problem can be as murky as "ghost in a machine ate my homework" = auditing "auto ads" = 😅
Read 9 tweets
Zach Edwards Profile picture
Jul 31
One of the saddest parts about understanding how politicians use their email lists, is that if you signup for *official* newsletters from members of Congress, the updates are very informative, some bs but tons of policy. Campaign email updates have ~zero policy, all bs & $$ asks.
And it's *illegal* for the official Congressional / elected officials office to promote the campaign email newsletter/accounts, but it's totally legal (IANAL) for the campaign to promote the official office website / newsletters -- yet it's super rare for campaigns to do this.
Why don't current elected officials encourage people on their *political email list* to signup for updates from their official congressional/office newsletters? Why can't political campaigns figure out that many people on an email list want *mostly policy* updates w/o money asks?
Read 8 tweets
Zach Edwards Profile picture
May 23
Sometimes you find something so disturbing during an audit, you've gotta check/recheck because you assume that *something* must be broken in the test.

But I'm confident now.

The new @DuckDuckGo browsers for iOS/Android don't block Microsoft data flows, for LinkedIn or Bing.🧵
DuckDuckGo has browser extensions & their own browsers for iOS / Android @ duckduckgo.com/app

iOS @ apps.apple.com/us/app/duckduc…

Android @ play.google.com/store/apps/det…

Both versions of the DDG browser claims to use tools which
"automatically blocks hidden third-party trackers" 👀 DuckDuckGo promise @ "Privacy, simplified"Escape Website Tracking — Tracker Radar automatically bloc• Escape Website Tracking - Tracker Radar automatically bl
If you download the current version of the DuckDuckGo browser for iOS/Android, & if you hope this browser actually stops data transfers to super common advertising subsidiaries owned by a company like Microsoft... well too bad, the browser has a secret allow data flow list 👀🤡
Read 15 tweets
Zach Edwards Profile picture
Oct 22, 2021
And now we know what Google has been actually doing to slow down ePrivacy..

The unredacted documents between Google & Facebook @ storage.courtlistener.com/recap/gov.usco… are outrageous. There are going to dozens of important ad tech, digital privacy stories from all the details we can now see.
Facebook had minimum spends & quotas via Facebook's header bidding. Google considered a "nuclear option" of reducing Google's exchange fees down to zero to kill header bidding.

Google documented it could not avoid "competing with [Facebook's Audience Network"
"An internal Facebook communication at the highest level reveals that Facebook's header bidding announcement was part of a pre-planned long-term strategy -- an "18 [month] header bidding strategy" - to draw Google in. Facebook decided to dangle the threat of competition..."
Read 27 tweets
Zach Edwards Profile picture
Jun 19, 2021
Does everyone realize that this is almost assuredly @Merck using the Ad ID Consortium to target ads to cancer patients? BOK's former company left this data-co-op (adexchanger.com/online-adverti…)

I'll do a thread on this, explaining how you can audit a website like keytruda.)com ⚖️⛈️🧵 Image
First, BOK's old company used to own the domain facilitating these data flows "adnxs.com" - this domain was used in the Ad ID Consortium & was the most popular. AT&T bought appnexus, pulled out of the AD ID C, & seemingly "gave the domain up"
admonsters.com/universal-id-a… Image
*I haven't 100% confirmed that Appnexus/AT&T has zero control over their old adnxs.com domain, but I know this domain is still used heavily by the Ad ID Consortium syncs, which AppNexus/Xander isn't part of, so this seems to indicate the domain was donated. TBD!🧐🖖
Read 19 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(