Alec Muffett Profile picture
everybody deserves good security. see also:
burcucift Profile picture Michael Litman.ethᵍᵐ Profile picture 2 subscribed
Nov 2 8 tweets 3 min read
Hot on the heels of #ChatControl and in the name of “identity” and “consumer choice” the EU seeks the ability to undetectably spy on HTTPS communication; 300+ experts say “no” to #Article45 of #eIDAS #QWAC If you would like to see more discussion regarding:

Regulation: EU Digital Identity Framework — including #eIDAS and #QWAC

…here's a #ReadyMadeTwitterSearch with links & more information at:…
Jul 20 15 tweets 5 min read
When Signal and WhatsApp have fled the surveillance of the #OnlineSafetyBill, what app will still be around for politicans, journalists, and actual normal people to use, securely.

The answer might be this: @JohnNaulty @matrixdotorg Let's be clear: we are talking about the evacuation of the entire Signal and WhatsApp userbase / niche, from the United Kingdom.

That's a lot of people.
Jul 21, 2022 17 tweets 7 min read
All Watched Over By Filters Of Loving Grace: GCHQ's Holistic, Sociotechnical , "Thoughts on Child Safety on Commodity Platforms" #ghostProtocol #ghost #NCSC This still stands:
Jul 20, 2022 4 tweets 2 min read
I've been saying stuff like this for ages, maybe if @alexstamos says it too then people will listen? #DMA Inevitably the response is something glib like "Use Matrix"
Jun 10, 2022 4 tweets 3 min read
Oh God, please, no. Cc: @glynwintle… Could be the attached, but my suspicion is that this is going to be another CYBER! DARKWEB! CYB3R! SYBER! CAMBRIDGE ANALYTICA‼️BRAIN CONTORL! YOU SAW AN ADVERT AND SO A RUSSIAN ARTIFISHIAL INTELLIGENCE APP MADE YOU VOTE FOR UKIP! … thing.

Jun 2, 2022 12 tweets 5 min read
Back in 1991 I published an open-source password cracking tool which defined the state of the art for the next 5+ years, so much so that echoes of it can be found in all major password crackers of today.

Some folk criticised me for doing this, choosing words like these to do so: Image I know that in general it's bad form to take a single quote out of context and use it to critique an entire essay ( — but I do feel that this time it's deserved.
May 11, 2022 5 tweets 3 min read
Elsewhere in EU regulatory pipe-dreams authored by people who apparently have more good intention than understanding, the #DMA means that @WhatsApp and @signalapp should both adopt #XMPP and thereby deliver a unified "inbox" of messages. @WhatsApp @signalapp Not making this up: ImageImage
May 10, 2022 45 tweets 25 min read
Well, this is some interesting reading for the afternoon.… "We want a backdoor, but we don't want just *anyone* to be able to use it. Only us good guys."
Mar 8, 2022 16 tweets 9 min read
This is possibly the most important and long-awaited tweet that I've ever composed.

On behalf of @Twitter, I am delighted to announce their new @TorProject onion service, at:

…zg5vztmjuricljdp2c5kshju4avyoid.onion I'm delighted to have assisted @Twitter engineers in their adoption of #OnionServices & #OnionNetworking from @TorProject — providing greater privacy, integrity, trust, & "unblockability" for people all around the world who use @Twitter to communicate.…
Oct 25, 2021 13 tweets 6 min read
1/ Oh this is glorious: *NOW* Frances Haugen says that she supports end-to-end encryption… buuuuut:

2/ …but: now she wants to enforce a

"1 Human Being" = "1 Instagram Account"

...real-name, real-identity policy, in order to "protect the children" by stopping them doing and seeing bad things.

Oct 25, 2021 5 tweets 2 min read
1/ So @StevenLevy has written at length about the "Badge Posts" - the goodbye, final messages posted for other employees to read as they leave the company.

You'll find his article here:… 2/ But these are not just "human interest" stories; some are meant to achieve something, and in my case the goal was to move Facebook away from implementing national identities & censorship within the Facebook platform.

I wrote a response to Steven:
Oct 24, 2021 15 tweets 10 min read
> My interview with @StevenLevy of Wired re: @FrancesHaugen leaking my Facebook Engineering “Goodbye Post”

I'm posting this with password-embargo until Steven's @WIRED article is posted; but I have a message for Frances Haugen in this screencap extract. Image Frances is talking to @CommonsDCMS tomorrow, so she should have opportunity to bring this message of privacy and safety to people who would benefit from it.

/cc @DanMilmo… Image
Oct 24, 2021 6 tweets 2 min read

It is dark.


You flip the switch on the nightlight. You are in bedroom. You can see:

Wailing Baby, Pot of Sudocrem, Size 2 Nappies


You can't do that yet. > FIX BABY WITH CREAM

You slather the baby with the creamy unguent. The baby slips through your fingers onto the bed, and wails more loudly!


You'll need a mat for that.


The baby smells clean, with a hint of cheese. Roquefort?
Oct 23, 2021 4 tweets 1 min read
SATURDAY NIGHT THOUGHTS: it'll be weird if the echo-chamber of politicians, journalists, and "safety" / child-protection advocates succeed in somehow banning algorithmic content feeds… and then evaporate when the rage which feeds their community dialectic eventually dissipates. Say we all move to "chronological" feed ranking as the sole metric. QUANGOs and Charities are not natural "friends" of people, so they'll have to vastly increase their posting and reposting rates in order to maintain visibility.

This will annoy "power users" who follow them.
Sep 11, 2021 15 tweets 8 min read
1/ It's tempting to be darkly snarky about this article, along the lines of

"Met Commissioner Cressida Dick calls for more terrorists to be 'known to the police' before committing atrocities"

…the allusion being that (continued)… 2/ The allusion being that Security Services are already swamped in more "data" than they are "intelligence".

Evidence? INHOPE, the global Child Safety Hotline umbrella organisation, are swamped with old & stale reports, so develop "triage" tools:…
Aug 17, 2021 4 tweets 2 min read
Apple's on-your-iPhone #CSAM scanning — using your phone's resources to check whether you're a paedophile — is illiberal, misconceived, and dangerously architected. WORSE: they tie the hands even of those who they claim will vouch for Apple's honesty… Apple's "Appeal to Code Inspection" as a solution for trusting their #CSAM photo scanning is… a fig leaf. It's a PR spin meant to obscure something dirty — if they were serious, why not Open-Source iPhoto with reproducible builds? — but worse it ACTUALLY detracts from the issue. Image
Aug 17, 2021 5 tweets 2 min read
Aug 16, 2021 4 tweets 2 min read
1/ #Tech in general, and #InfoSec in particular, are obsessed with "work-life balance" and of building public perception that "you can have it all: a career AND a life" — seeing this as essential for filling undersized & inadequately diverse hiring pipelines.

And not JUST this… 2/ And not JUST this… clearly there's a mental health aspect to maintaining work-life balance, because if an employee is overworking, overstressing, or burning out then (frankly) the employer HAS a problem, and likely IS the problem.

So far, so obvious. But…
Aug 13, 2021 9 tweets 5 min read
1/n OMG, this deserves breaking down:
Image 2/ So, @ncmec are basically goaled and compensated for their headline "number of reports" metric. The bigger the number, the more govbucks and funding, for instance in their *previous* counterblast to end-to-end encryption:… Image
Jun 30, 2021 6 tweets 3 min read
BREAKING: attached is an extraordinary & electrifying blogpost - one which I *think* should be making major headlines:…

PDF:… I don't understand this very well, but it's a document describing new, surprise surcharges to phonecalls inbound to the UK - with the charges applied by source CallerID - which may impact/add costs to keeping in touch with relatives abroad.

This is NOT "EU Roaming":
Jun 30, 2021 4 tweets 3 min read
"Instagram for Kids" makes a lot more sense than "Kids on Instagram" — so why are #onlinesafetybill #childsafety advocates against it? It is intuitively & obviously easier, safer, & less error-prone to build a cut-down separate Instagram-like application for kids, so that developers don't have to add all sorts of complex checks & validation on "mixed" accesses by adults & kids.

And yet: