Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @matthew_d_green
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @matthew_d_green
-
Pinned Tweet
List of non-US contact points for crypto/security PhD applicants (by
@kennyog)https://docs.google.com/document/d/17r18cKaMSeZF4fI7UZYV0QwCvdbEb3vy3BMNZfgbgzI/edit …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Matthew Green Retweeted
A number of people have asked why the NSA didn't notice they lost their backdoor. I don't know the answer, but I wrote up some possibilities. https://checkoway.net/musings/dualec/index.html … I'd love to hear others' thoughts on it.https://twitter.com/matthew_d_green/status/1433470109742518273 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Matthew Green Retweeted
I don’t want to let the ANSI or NIST folks off the hook, having read this 2004 email exchange.pic.twitter.com/9FTqSzbaLn
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Matthew Green Retweeted
Earlier this year the French government snuck an anti-porn clause within a 'domestic abuse' law. Anti-porn groups said 'don't worry, our victory was only symbolic.' Well, they just sued all the major French internet service providers demanding they block the main porn sites:https://twitter.com/XBIZ/status/1433928057631346688 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Matthew Green Retweeted
Small thread: Now that a confirmed backdoor using the Dual_EC DRBG is in the news, it's worth revisiting two simple techniques that cryptographic protocols and software can do to make themselves more defensive: 1. public/secret separation, and 2. DRBG mixing.https://twitter.com/matthew_d_green/status/1433451378391883782 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Matthew Green Retweeted
Well, when I saw it, it was obviously kleptography applied! It fits nicely w/SSL "random bits in the clear" so motivation was clear. Then, if one wants to practically use it "exclusively," software security should make sure it only employs the designated trapdoor! --> failure!
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Addendum: the White House Press Secretary was asked about this story, and their answer is “please stop asking about this story.” h/t
@jonathanmayerhttps://www.youtube.com/watch?v=Hfa6bih_gVc&t=1739s …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
More good reporting on Apple’s CSAM scanning delay.https://www.wired.com/story/apple-icloud-photo-scan-csam-pause-backlash/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
The march towards end-to-end backups continues.https://www.techonshow.com/whatsapp-to-encrypt-the-data-on-cloud-storage/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Matthew Green Retweeted
With Apple's announcement that it's going to delay implementation of child safety features until it, you know, actually talks to people and gets feedback, and this news that WhatsApp is going to start encrypting back ups, privacy advocates have a moment to feel good about things.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
And I’m also very grateful to Apple for taking some time to pause their rollout and think hard about it. Because the way these things go, Apple’s rollout would have justified a deluge of further expansion. 6/6 fin
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
In a limited sense I’m grateful to Apple for making such a big splash this summer with their scanning proposal, and for making it so broad and expansive (and unpopular.) It takes a company like Apple to actually bring these ideas out into the public sphere. 5/
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
But at every point of the process when someone objects to expanding the scope of scanning, someone will say “it’s already deployed in this slightly less expansive way” so how can you possibly object? 4/
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
At no point in the rollout of these systems does anyone say “is this objectively the right thing to do?” Nor do they consult with users. (In fact many of these scanning systems *require* companies to sign NDAs prior to deployment.) 3/
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The way these debates proceed is that someone deploys a limited scanning system for unencrypted files being mailed around. Then people say “look, it’s best practice” and push the same scanning for other providers. Then they expand to private backups and client-side scanning. 2/
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I’m so, so tired of talking about Apple photo scanning but I just want to say one more thing about their (thankfully now paused!) proposal: One of the leading indicators of whether a scanning proposal is “ok” is “is anyone else doing it.” 1/
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
NCMEC deciding to get involved on the advocacy side of this issue sure didn’t help them.https://twitter.com/alexstamos/status/1424054561958891521 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I’ve seen two people post PhotoDNA implementations in the last two weeks. One is on the front page of HN. These are algorithms that were secret and under NDA for years before Apple’s announcement. (And Apple doesn’t even use PhotoDNA.)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The degree to which Apple has screwed NCMEC and content scanning in general cannot be overstated.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
This is the one I can’t entirely blame on poor executive decisions. The technical folks at Apple had to know how broken it would be the second the design became public.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
And (5) if you’re going to make your system design public, make *all* of it public. Withholding NeuralHash and then having it REed, broken: that was a catastrophe. Keep it secret and succeed, or don’t!pic.twitter.com/VWnLHljywK
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.