[HN Gopher] The search for dirt on Mudge ___________________________________________________________________ The search for dirt on Mudge Author : jrochkind1 Score : 120 points Date : 2022-09-13 12:46 UTC (10 hours ago) (HTM) web link (www.newyorker.com) (TXT) w3m dump (www.newyorker.com) | ineptech wrote: | > Zatko told me, "These tactics should be beneath whoever is | behind them." | | Hahahaha! Probably time to get a padlock for your garbage cans. | | edit: apparently I should clarify, this was a humorous suggestion | that the people who do research for hedge funds will stoop | considerably lower than the tactics Mudge was referring to, not a | serious suggestion that he actually padlock his garbage cans | tablespoon wrote: | > Hahahaha! Probably time to get a padlock for your garbage | cans. | | How would that even work? Give the garbageman a key? | | Probably time to get a shredder, or a firepit, or both. | scottyah wrote: | Lots of small businesses have padlocks on their garbage bins | to prevent others from filling their (paid)bin. Getting rid | of a pickup-truck load of garbage (from a house renovation or | something) is actually quite expensive. | fmajid wrote: | DIN 66399 P-5 shredders (1.9x15mm micro-cut) are not that | expensive, I paid less than PS300 for my HSM Securio C18. | Just get the good kind, not the made-in-China junk. The NSA | requires P-7, which can still be had for slightly over $1200. | wrycoder wrote: | We wore out a commercial shredder on a GOCO proposal. | | At the end, we hired a kid to stand there and spray it with | WD-40 as he fed it. | sophacles wrote: | The garbage area at a lot of retail stores is fenced off | behind a padlock. Those places live in constant fear of | someone making use of their trash for reasons other than | making the trash problem worse. | dan-robertson wrote: | Seems like they're asking the wrong people, e.g. | | https://nitter.fly.dev/igb/status/1569679325359919104 | https://nitter.fly.dev/search?f=tweets&q=from%3A%40igb+mudge... | | (Direct Twitter links: | https://twitter.com/igb/status/1569679325359919104 | https://twitter.com/search?f=tweets&q=from%3A%40igb+mudge+OR... ) | | The basic claim (from someone I understand was reasonably senior | and worked reasonably closely to Mudge) is basically that the guy | was not good for Twitter security and so to a great extent his | whistleblower complaint is 'Twitter put me in charge of security | which was highly negligent of them' eg | https://nitter.fly.dev/igb/status/1562087069391785984 | th0ma5 wrote: | Sure does seem like a ton of effort to try to "expose" those | trying to stop all the far right influence campaigns. | DanAtC wrote: | What's stopping someone from taking the money and giving them | nothing of value in return? Missed opportunity. | awinder wrote: | Yeah I'm with you, once the friends group clued in that it was | a bunch of financial types trying to make trades on a feeling, | they should have spit all kinds of divergent information into | that idiot machine. | danielmarkbruce wrote: | You can do that once, at best. Most of them have a phone | system which counts the minutes and you get prorated. The | people paying the money aren't idiots. They'll cut you off | after 10 minutes if it seems like you are full of it. Then | the relevant expert network never calls you again. | | The other side (the people that pay) do reviews etc. | | "Mr X appears incompetent". | bdhe wrote: | Integrity? Something the world seems awfully short of, these | days. | KerrAvon wrote: | Self-interest would probably also work. You can do that once, | maybe twice, but word will get around. | fullsend wrote: | As if the world was brimming with integrity in the past? We | have the internet now, and can see how the powerful have been | behaving this whole time. | bloppe wrote: | It's probably more like a plea deal negotiation. They pay for | the info not just the conversation. | [deleted] | [deleted] | [deleted] | londons_explore wrote: | Mudge developed password cracking tools.... | | It seems likely that when he was starting out as a security | researcher he did some more "legally shady" things... and I'm | sure someone out there is willing to share information about that | for enough money... | | His only hope is that computers in the 80's/90's were typically | far less interconnected, and any records of mudge's hacking may | have been lost to history. | fmajid wrote: | Almost as bad as eBay's campaign of harrassment against David and | Ina Steiner. It's long past time for executives to face personal | criminal liability for their misdeeds on the company's dime. | jahewson wrote: | They do face liability for their own misdeeds. The problem is | that "their own" is very hard to isolate. | ericbarrett wrote: | Strongly disagree: | | > Ina and David Steiner say eBay employees tortured them for | two years because they posted online reviews about the site. | Staffers allegedly sent the couple bizarre items, including a | pig Halloween mask, insects and a book on losing a spouse. | | (Source: https://www.cbsnews.com/boston/news/ebay-lawsuit- | cyberstalki...) | | The oppo research mentioned in the article surely leaves a bad | taste in one's mouth, but it's not even in the same league as | what the Steiners say they faced. | | Edit/additional thoughts: Mudge is a well-known executive who | held high-profile position in several organizations, and who | released very serious accusations about Twitter, where he was | an officer of a public company, in the midst of a multi-billion | dollar business dispute. Whereas the Steiners were just two of | millions of eBay sellers who were allegedly criminally harassed | by senior staff for the content of their newsletter (IIRC). So | there's also an enormous difference in the relationship between | these individuals and the entities opposing them. | r00fus wrote: | Let's just agree that both are the result of private stalking | gone wild. I'd agree the Steiners' eBay harassment was much | worse but silencing of any critical voices is definitely in | the authoritarian playbook and bad for a functioning society. | fmajid wrote: | > He also said that the company was led by executives willing to | cover up the platform's security issues, including by | discouraging Zatko from informing its board of directors about | them. (Hahn, the Twitter spokesperson, told me that Zatko's | portrayal of the company was "riddled with inconsistencies and | inaccuracies, and lacks important context.") | | I'm guessing the missing context is that Twitter's board itself | did not want to know (plausible deniability), otherwise they | would also become liable for breach of fiduciary duty. | joe_the_user wrote: | _Twitter 's board itself did not want to know (plausible | deniability)_ | | Oh seems plausible and I'd guess Mudge would expect that. And | I'd also guess that when making a complaint, you gotta pretend | that going through channels is the proper thing only few bad | apples will try to stop, IE that everyone involved here isn't | implicitly in on the scheme. | | And I doubt Twitter would raise this explicitly the "lacking | context", to say the least. | dweez wrote: | Matt Levine today: | | > Surely the highest-variance aspect of the Twitter vs. Musk saga | is Zatko's whistle-blower complaint. If Zatko can make a | compelling case that Twitter is horribly bad -- that its | information security is so bad that it violates the law, that it | has fraudulently concealed its problems, etc. -- then that is | probably Musk's best argument to get out of the deal: Twitter is | doing fraud, it has suffered a material adverse effect, etc. If | Zatko is just a run-of-the-mill paranoid security researcher who | is aggrieved about being fired and making mountains out of | molehills, then his complaint will quickly be kicked out of court | and won't affect the Musk deal. Zatko's credibility -- whether | he's telling the truth, and also whether he is exaggerating or | underselling the importance of Twitter's problems -- is a key | input into your evaluation of Twitter's stock value. The more | credible he is, the less likely it is that Twitter will get | $54.20 per share, and the less Twitter will be worth without | Musk's deal. | | > So if you are a hedge fund, or an expert-network firm working | on behalf of hedge funds, you obviously want to know how credible | he is. You might, for instance, want to talk to some of his old | coworkers to get a feel for him. You might offer to pay them a | lot of money for a one-hour phone call, because you might have a | lot of money riding on the Twitter deal, which means specifically | that you have a lot of money riding on your evaluation of Zatko's | credibility. | neonate wrote: | https://www.bloomberg.com/opinion/articles/2022-09-13/crypto... | | https://archive.ph/YoBJQ | anonymouse008 wrote: | Well hell, I made the wrong choice at a fork in the road then. | If finance is willing to buy a tighter confidence interval | based on insight to Mudge's credibility, then I severely | underpriced the potential payout in finance. | | E-mail is open to those who want tighter intervals re this deal | or similar: my new pivot. | ryandrake wrote: | Yea, wow, I had no idea someone would pay that much simply | for an ex-employee to spin a bunch of bullshit about their | former company or colleague. Incredible! | | I remember a surreal experience after having left a Silicon | Valley tech company. I was contacted over LinkedIn by someone | wanting to "do research" about that company. Reading between | the lines, he wanted company dirt, secrets, and so on. Having | no intention of violating my (very serious) NDA, I declined, | but he was insistent and offered to buy me dinner. I figured | I could just go, chew my food and not answer questions, so | why not get a free meal out of it? We met, I started chowing | down, not answering anything, and just treating it like a | lovely dinner date. He eventually excused himself to the | bathroom, and then disappeared, leaving me with the bill. So, | I guess my plan didn't work, but I got a stupid story out of | it so I've got that going for me. | dilap wrote: | This story is fantastic. It's great because the ending is | so unexpected, but then on second thought, exactly what you | should've expected. Perfect. | Scoundreller wrote: | https://www.nytimes.com/2019/01/28/world/black-cube-nso- | citi... ? | linuxlizard wrote: | That's not just a stupid story, that's an awesome stupid | story. | abawany wrote: | You now know what the status of your payout would have been | had you chosen to violate your NDA. There is no honor among | thieves, apparently. | appleiigs wrote: | Lots of stories like this in finance. In Flash Boys book, it | discuss finance firms laying 800 miles of fiber across | mountains just for trading. Bloomberg terminal tracks oil | tankers. Hedge funds using satellite photos to see how busy | shopping malls are. To take that even further, a hedge fund | hired hundreds of people to sit in Luckin Coffee stores to | track traffic and what customers purchased... on and on. | keepquestioning wrote: | Please. How replicable do you think this situation is? | danielmarkbruce wrote: | Merger arb is a thing. Lot's of similar situations albeit | with less media coverage. | danielmarkbruce wrote: | It's a $44 billion deal. The current market cap is $32 | billion. There is $12 billion of winnings sitting there on | the table if you choose "it will close" and are right. | Maursault wrote: | > If Zatko can make a compelling case that Twitter is horribly | bad | | I don't doubt his accusations. However, the same could be said | for nearly everywhere there is a network. Twitter is high | profile, but there are a million businesses most have never | heard of that have a similar lack of information security. IOW, | Twitter's crappy security is not remotely exceptional because | nearly every business with a computer is bad. There are | businesses with decent computer, network and information | security, but even in those places tight as a drum a | disgruntled employee could reek havoc, and I'd be really | surprised if Mudge and most of HN wasn't aware of this. | | Things usually go bad for whistleblowers, it is a shame, but | most often it doesn't work out for them. They make movies about | the successful whistlebowers, but the unsuccessful are buried. | It would have been different had Mudge stepped forward prior to | termination, as he would have been able to avail himself of | Federal whistleblower protections. I don't think it matters to | his credibility, but that this is exactly what Musk wanted to | hear is a little, tiny bit suspicious to me. What could Mudge | gain from this other than saving face (which really isn't worth | much)? What Musk did to Twitter is clearly unethical, as much | as I respect him for his successes, it seems obvious his | behavior regarding Twitter is irresponsible and many innocent | lives and their wallets are being adversely affected. The SEC | should look really hard at all this before choosing not to act, | because he has manipulated markets for his personal benefit | before and got a slap on the wrist. | purpleblue wrote: | During the dotcom days, when employees had desk phones, some of | my coworkers would get unsolicited calls from analysts or other | people searching for inside information about our company. They | would engage them in conversation, try to become friends with | them over months so that they could reveal even the smallest | bit of inside information for them. | | The lengths that people will go to get some sort of information | edge to make money, even doing illegal things, is incredible. | shalmanese wrote: | Is that illegal for analysts? If an employee chooses to share | confidential info to any random person, that's a breach of | contract for the employee but does the analyst face any | culpability? | distrill wrote: | if they trade on material non public information, then yes | that's illegal. | otikik wrote: | It will greatly depend on the specifics, I suspect. | | An analyst hears something being talked about on a | different table in a restaurant by chance is legal. | | An analyst offering money to a retired nuclear weapons | defense contractor in order to sell might... suddenly | disappear. | | In between those two extremes? Ask a lawyer, not the | internet. | ramraj07 wrote: | Snippets from Zatko's Wikipedia page: | | > Mudge was responsible for early research into a type of | security vulnerability known as the buffer overflow. In 1995 he | published "How to Write Buffer Overflows", one of the first | papers on the topic. | | > He was one of the seven L0pht members who testified before a | Senate committee in 1998 about the serious vulnerabilities of the | Internet at that time. | | And they say he wasn't doing a good enough job at a company whose | only job is to pass some text back and forth lol. Didn't the | breach happen because some slack channel inside Twitter had the | password pinned to the top? | | https://en.m.wikipedia.org/wiki/Peiter_Zatko | fmajid wrote: | Er, the (in)famous Robert Tappan Morris worm of 1988 used a | buffer overflow. Zatko may be a renowned security expert but he | didn't invent the buffer overflow. | | I'm inclined to believe everything he says about Twitter from | my experience implementing Twitter APIs then constantly working | around their incessant random breakage. | stonogo wrote: | Nobody claimed he invented the buffer overflow. The claim is | that he was one of the first researchers to investigate them. | That claim is justified. | homarp wrote: | https://en.wikipedia.org/wiki/Buffer_overflow#History | confirms | | The earliest documented hostile exploitation of a buffer | overflow was in 1988. It was one of several exploits used by | the Morris worm to propagate itself over the Internet. The | program exploited was a service on Unix called finger. | (source code here https://0x00sec.org/t/examining-the-morris- | worm-source-code-... ) | | Later, in 1995, Thomas Lopatic independently rediscovered the | buffer overflow and published his findings on the Bugtraq | security mailing list. | | A year later, in 1996, Elias Levy (also known as Aleph One) | published in Phrack magazine the paper "Smashing the Stack | for Fun and Profit", a step-by-step introduction to | exploiting stack-based buffer overflow vulnerabilities. | | And here is "How to write buffer overflow" by Mudge | (10/20/95) : | https://insecure.org/stf/mudge_buffer_overflow_tutorial.html | zhxshen wrote: | Some of this digging might not be to discredit Mudge, but to | estimate how well his claims will hold up in the crossfire. That | would be useful information to some hedgie looking to make a big | play on twitter stock (or tesla stock, indirectly). | danielmarkbruce wrote: | Almost all of it will be that. The companies looking for the | information are all expert networks, where the paying customer | is almost always a hedge fund or private equity. There are | billions of dollars at stake, of course they are looking for | any insight they can get on the guy. | smm11 wrote: | Musk wants to settle Mars. Twitter is noise. | danielmarkbruce wrote: | This isn't great reporting. A much simpler explanation is that | hedge funds betting on the outcome of the twtr/musk case are | trying to understand the situation so they can make bets on the | outcome of the deal. | throwoutway wrote: | At this point, the Twitter board needs to bring in an outside | investigatory team. | | Mudge, who is well respected in the industry, is saying the | executives are lying to the board. | | Twitter's CEO publicly mocks him, refuses to testify to Congress, | and instead we hear that people are being offered money to dish | dirt on their respected colleague. | | If Twitter's board does not act, then they're willfully ignorant | to the behavior and that negligence is going to harm investors. | Lastly, if the board does not act, then the investors need to | bring this to vote at the next shareholder meeting. | anm89 wrote: | You are speaking from the alternate universe where people care | if any of this stuff is ethical. In reality only a tiny cohort | of message board nerds (I'm including myself) care and 95% of | twitter users, if they ever hear about it all will be over it | in about 5 seconds. | colechristensen wrote: | But activist shareholders could sue the board / executives | for breach of their duties and get money out of it. Whether | or not they actually care, they could pretend to care in | order to profit from it. | | Regardless if it's true, they could say they lost out on | Elons buyout because the board acted inappropriately before | and during the buyout negotiations. | nawgz wrote: | You are making the risk assessment the expected value of | legal action is higher than the expected value of market | returns or other applications of that same fund. | | I'm not sure where you gained such confidence. | spfzero wrote: | The board's behavior is a really interesting point. On one | hand, they are doing the owners (stockholders) a dis-service by | first being gullible enough to be successfully kept ignorant | about the company's security situation, and then not making | rapid management changes upon being alerted to it(by Mudge, it | seems). On the other hand, if they can successfully get Musk to | pay the offer price, they have then represented the owners | interests very effectively. | | The fact that the case is coming up soon makes me think that | the board thinks they can focus on the case for now, and fix | the company's problems later, after the case, if they win it. | If the case looses, they'll be out of a job anyway and it will | be some other board's problem. | londons_explore wrote: | > The board's behavior is a really interesting point | | The board know about the poor security. But they also see the | Equifax leak (far worse than the data twitter holds), and how | small that fine was, and they make the conscious decision not | to invest in security. | | They also know they might be given government incentive | money/contracts to increase security against foreign agents. | If they do the work now, they won't get paid that money. | | Win win! | criddell wrote: | Why did Twitter pick Agrawal for their CEO. I hadn't read | anything about him before Mudge's revelations and every single | thing I've read since has not been kind to him. He seems to be | doing a really bad job navigating this event and nobody appears | to have any respect for the guy. | | But you don't get to be CEO of a company the size of Twitter if | you are this bad at managing. So, what's going on? | googlryas wrote: | I've wondered the same thing. He had one of the most epic | upward trajectories of anyone ever going from rank and file | to CEO of a multibillion dollar company. Did he even have any | other job on his resume? | | I assume he has some connections that let him shoot up | through the ranks. I think his wife is a general partner at | a16z, maybe that has something to do with it? But a lot of | people fit that bill who might want to get their bestie | listed as CEO | programmarchy wrote: | Maybe Jack saw a shitstorm on the horizon, and Agrawal was | naive or willing enough to become the patsy? | spywaregorilla wrote: | The board and the shareholders are massively incentivized not | to show that the execs are lying though, even if they know for | certain that they are lying. | vmoore wrote: | > Mudge, who is well respected in the industry | | Keep in mind, although he's classed as an 'ethical' hacker, | many whitehats come from blackhat backgrounds, and turned | whitehat because of fear of getting caught up in draconian | CFAA[0] trials. Every hacker in their youth done some stupid | stuff that could haunt them later. If you didn't do stupid | stuff in your youth, you never really grew or learned from it. | | [0] https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act | gnu8 wrote: | This is a no-true-Scotsman argument where none was asked for, | but thank you for linking to Wikipedia properly. | | "Ethical" hacker is also a nonsense term. Ethics means the | study of moral philosophy, it is not a synonym for "good" and | to use it as such belies a superficial understanding of both | morality and hacking. | nekoashide wrote: | That's why you don't request your personal file from the FBI, | either they have a file on you from your youth or you have | given them reason to suspect you did something at some point. | I'm curious, but not that curious. | woodruffw wrote: | Tens of thousands of people FOIA their DOJ files each year. | Unless you're already pinged for something, I doubt the FBI | is going to expend any additional effort solely because | you've asked for some personal files. | jjulius wrote: | >If you didn't do stupid stuff in your youth, you never | really grew or learned from it. | | So, he's... just like most people? Do you have any specific | incident(s) to point to, re: Mudge, or is this just | speculation that can be applied to nearly everyone? | bitexploder wrote: | I got into infosec consulting perfectly cleanly, as did most | of my peers. Sure some of them were involved in shenanigans | in the distant past, but that is a very broad brush to paint | with and seems out of place here given zero specific | knowledge about Mudge and what he may or may not have done | just because he is in an industry where some people | occasionally did some questionable things in the past. | marshray wrote: | Mudge held a significant position within the Department of | Defense. | | That doesn't happen without having any skeletons in your | closet identified and investigated. | woodruffw wrote: | Mudge was a DARPA PM; that's a significant position in the | sense that he led DARPA-funded research programs, but I | don't think it's one that actually requires a clearance. | | Source: currently do DARPA-funded research. No PM has ever | mentioned having a clearance to me, and the work itself is | entirely uncleared. | snowwrestler wrote: | To be fair, marshray did not mention clearance, just that | some skeletons would be looked for. Getting cleared is | not the only time or the only way the federal government | does that sort of thing. | woodruffw wrote: | Sure. I actually wouldn't doubt that Mudge was already a | known entity to USG. I just wanted to dispel some of the | clearance voodoo that comes along with "significant | position within the Department of Defense." | coldsauce wrote: | In his most recent testimony, Mudge mentioned that he was | in the leaked OPM database with his details and clearance | level leaked which implies he had clearance. | xenophonf wrote: | That doesn't necessarily mean Mudge had a Secret | clearance or something. For all we know, he could have | had a Public Trust position, which meant he handled | sensitive but unclassified information. Anybody in IT or | infosec would have that kind of clearance. | | https://en.wikipedia.org/wiki/Sensitive_but_unclassified | | https://news.clearancejobs.com/2020/09/01/what-is-a- | public-t... | woodruffw wrote: | Did he mention a clearance level, or just being in the | OPM breach? My understanding is that the OPM breach | included plenty of uncleared employeesas well. | | (I'm not trying to be stubborn! If he really did hold a | clearance as a DARPA PM, then I'm wrong in his case.) | RajT88 wrote: | You could have been in the OPM database being a janitor | at the VA. | | Although that wording about "Clearance level" does seem | to suggest more than just the baseline government | employee background check. | woodruffw wrote: | Yeah, that's the part I'm curious about: there are plenty | of "public trust" or SBU roles that I'd expect to have | been leaked with the OPM breach that are "cleared" in the | pop sense of the word, but are not actual clearances in | the US Government's sense. | MacsHeadroom wrote: | > but I don't think it's one that actually requires a | clearance. | | In general, it doesn't. For some project areas it | sometimes does. It really depends. | woodruffw wrote: | Right. The context in question is I2O, since that's the | office that Mudge was a PM in. I'd expect other offices | to have different expectations around clearances, | particularly the ones that do ballistic or aerospace | research. | tptacek wrote: | What kind of clearance do you actually need to be a DARPA | PI? | woodruffw wrote: | None that I'm aware of (or can find on DARPA's site). | DARPA might help a PM maintain their clearance if they | already have one, but I don't think they require one for | new PMs (unless the project directly requires classified | information, which of course some do). | throwawaylol_ wrote: | marshray wrote: | In talks, Mudge has referenced participation in various | Pentagon projects that would definitely require a | nontrivial clearance. | tptacek wrote: | I'm not doubting so much as asking curiously: I've | participated in what I'd guess are fairly sensitive | Pentagon projects (commercially, over about a year and a | half+) and I've never been cleared for anything. | | + _None of it involved vulnerability research; this was | back in my anti-DDOS days_. | ChrisMarshallNY wrote: | _> That doesn 't happen without having any skeletons in | your closet identified and investigated._ | | Yup. They would have gone in with a proctoscope, and would | not have tossed him an ID card, unless he could completely | convince them that he's good for it. | | If they are looking for dirt, they won't get it. I assume | they are intelligent people, and know that, so maybe they | are actually doing what has been suggested; looking for as | much _accurate_ information as possible -either way. | | NPD is a multibillion-dollar company, because they sell | _accurate_ information; not information that people _want_ | to hear (how they get that information, well, that 's | another matter). | cma wrote: | > They would have gone in with a proctoscope, and would | not have tossed him an ID card, unless he could | completely convince them that he's good for it. | | Astronauts undergo detailed psyche exams, personality | evaluations, and usually have some level of security | clearance. And yet.. | | https://www.wikipedia.org/wiki/Lisa_Nowak | mc32 wrote: | Not only that, but we know fabrications happen and take | years to dispel. If a powerful entity wants to ruin your | reputation, they can and do not need truth behind them. | | It's courageous for him to speak the truth (at least his | observations) when they were unwilling to and actively | try to undermine it. | woodruffw wrote: | > Yup. They would have gone in with a proctoscope, and | would not have tossed him an ID card, unless he could | completely convince them that he's good for it. | | This is a mild overstatement. DARPA doesn't necessarily | require clearances for PMs; even if a particular project | does, it's not necessarily one that requires the "full- | scope" process (meaning polygraph and the rest of the | works). | | I wound't be surprised if Mudge had to fill out an SF-86, | but that's not that invasive as far as background | investigations go. It's nearly identical to the process | used for Global Entry. | phpisthebest wrote: | >>being offered money to dish dirt on their respected | colleague. | | that dirt also better be security related, not digging up ex's | or that he told an offensive joke one time at a conference | years ago which seems to be the SOP for "dirt" these days | munificent wrote: | _> that negligence is going to harm investors._ | | Only if the truth comes out. If you can control the narrative | long enough, it becomes indistinguishable from reality, at | least as far as the markets are concerned. | tpmx wrote: | [deleted] | icpmacdo wrote: | https://archive.ph/IOy3u | encryptluks2 wrote: | If we used Congress hearings and feelings of Republicans as a | testament of honesty, then at this point Mudge shares as much | credibility as the election being rigged. We have literal | breaches of credit reporting agencies storing all your data but | this is what Congress wants to focus on. | | Heck, I saw worse than what Mudge is reporting in actual GovCloud | environments involving PHI. | | Wake me up when people are not so easily manipulated by the news | cycle and their self-interests. | TotoHorner wrote: | programmarchy wrote: | I watched the committee hearing, and there didn't seem to be | much partisan politicking going on. The primary focus was | protecting the privacy of users, which impressed me. However, | at one point Lindsey Graham mentioned he and Elizabeth Warren | were in agreement enough to start fleshing out some kind of | social media operator licensing regime, which sounds terrible. | unconed wrote: | What bothered me the most is that they vaguely referred to | Europe's data protection having more teeth, even though the | GDPR has all but been neutered via Legitimate Interest. | | Most GDPR popups now classify "building a personal profile", | "serving personalized ads" and "linking multiple devices" as | legitimate interest, and they still default it to on, without | a clear and equally-visible "No" button next to the "Agree". | This is so obviously against the intended spirit of the | legislation but it's everywhere. | | So yeah, large targets like Twitter might need to watch out, | but third parties are still harvesting data left and right, | so what's the point? | [deleted] ___________________________________________________________________ (page generated 2022-09-13 23:00 UTC)