Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Techlore Profile picture
Techlore
@TechloreInc
Digital rights for all 🕵️ 📺 YouTube: https://t.co/HeRlEEMVaS 🌎 Website: https://t.co/1uhzTjUw5t 💙 Support: https://t.co/8o940PBxZ5
Apr 9 6 tweets 2 min read
Big headline, luckily not as scary as it looks, but an important lesson...

The FBI extracted Signal messages from a defendant's iPhone even after the app was deleted. Here's what actually happened and what to do 🧵 Image The way it works: The FBI had physical access to the device and used forensic extraction software.

When Signal messages arrive, iOS stores push notification previews locally on the device. Those previews stayed behind even after Signal was uninstalled.
Nov 18, 2025 8 tweets 2 min read
🚨 MASSIVE: Researchers scraped 3.5 BILLION WhatsApp phone numbers using the app's contact discovery feature, along with profile photos and bios for millions of people. This would be "the largest data leak in history" if it hadn't been done by researchers 🧵 Image Here's how simple it was: WhatsApp lets you check if a phone number is registered. Researchers automated this for every possible number combination at ~100 million checks per hour. Meta had ZERO effective rate limiting in place (because why would anyone want that?)
Nov 18, 2025 5 tweets 2 min read
🚨 DoorDash just confirmed a data breach affecting customers, delivery workers, and merchants. Names, emails, phone numbers, and physical addresses were exposed. But here's where it gets wild... Image DoorDash claims "no sensitive information was accessed."

Reminder: Your phone number is tied to 2FA, account recovery, and SIM-swapping attacks. Your email is used to log in to banks. Your address is literally where you live. But sure, totally not sensitive information 🙃
Aug 25, 2025 5 tweets 2 min read
🚨 Google is tightening the screws on Android freedom! Starting next year, they're blocking sideloading of "unverified" apps which requires all developers to identify themselves to Google. Goal is global 2027 rollout.

This is a blow to Android's open ecosystem and user choice 🧵 Image What does this mean for users with devices that have Google Play Services?
- F-Droid apps could be harder to install
- Custom APKs might be blocked
- Google gets even more control over what you can run on YOUR device

Android is looking more like iOS every day...
Jul 28, 2025 4 tweets 1 min read
UK's age verification laws are creating a dystopian internet where you can't access sites without proving your identity first. People are finally waking up to how terrifying mandatory identity verification really is.

Your anonymous internet is disappearing 🧵 Image What's happening in the UK:
• Users must verify identity to access many websites
• Government-mandated age checks spreading across platforms
• Real names and documents required for basic internet access

The "show your papers" internet is here.
Jul 17, 2025 4 tweets 1 min read
🚨 SURVEILLANCE ALERT: Chinese authorities are using a new tool to hack seized phones and extract data!

This tech can bypass security measures and even extract Signal messages. Here's what you can do when traveling... What can you do? Well without more details it's hard to know. Some things that won't do harm (Part 1)
✅ Use iOS Lockdown Mode and/or GAPP on Android
✅ Consider a tool like @GrapheneOS
✅ Use ephemeral messaging
✅ Signal clients like Molly have additional database encryption
May 20, 2025 4 tweets 2 min read
To nobody's surprise...it's been revealed Telegram gave authorities data on over 20k users in only 3 months. Let's cover some lessons & important takeaways if you care about maintaining security. Image First, the writing's been on the wall for years. Telegram's relied on 'trust me bro' vibes, rather than good tech that doesn't require trust. Most notably:
- No default E2EE
- Less secure encryption
- No E2EE groups
- Misleading marketing over-promising their abilities
Mar 6, 2025 4 tweets 2 min read
New Telegram vulnerability, EvilLoader, discovered. Here's what you need to know🧵 Image
Image This allows attackers to spoof malicious APKs as videos. It's still unpatched & works on Telegram for Android 11.7.4. There's even evidence that it's been sold on underground forums for people to use at-will, and can be used to then install spyware, ransomware, & other malware. Image
Feb 14, 2025 5 tweets 3 min read
Honesty time: I'm disappointed.

When I reviewed @KagiHQ a few months ago, many pointed to the account requirement as 'clear evidence' it wasn't privacy-respecting. This is despite their several commitments to user privacy, strong policies, and an ethical business model. Image @KagiHQ Well...they released a feature called Privacy Pass. It allows you to authenticate with Kagi so Kagi can verify the connecting client has the right to access its services without determining *which* client is actually connecting.
blog.kagi.com/kagi-privacy-p…Image
Image
Image
Jan 15, 2021 7 tweets 4 min read
Welcome to the world of #privacy, #security & #anonymity in 2021! 📅

This thread is dedicated to getting you started on your journey in 5 steps. Whether you’re brand new to the scene or an advanced user, we welcome everyone. Let’s begin!🔐 ✅1. We believe privacy is a fundamental human right and encourage others to see why we hold this vision. A few resources to get you started:
privacyinternational.org/learning-resou…