By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: August 24, 2022

Wednesday, 24 August 2022

Kara Swisher to Host On-Stage Interview With Laurene Powell Jobs, Jony Ive, and Tim Cook ★

Kara Swisher:

This will be my last session of Code after 20 years. I thought it critical to gauge the impact of the tech icon who was the very first interview: Steve Jobs. So, I am bringing together the trio who knew him best to discuss his lasting impact: @tim_cook, @laurenepowell and Jony Ive.

An on-stage interview looking back at Steve Jobs with any one of those three would be quite a get. To land all three, remarkable.

This year’s Code is running from September 6–8. With Apple’s “Far Out” event on the 7th, I presume this panel will be on the 6th.

The Washington Post on Peiter ‘Mudge’ Zatko’s Whistleblower Report on Twitter Security ★

Joseph Menn, Elizabeth Dwoskin and Cat Zakrzewski, reporting for The Washington Post, which received the same redacted copy of Zatko’s whistleblower report that CNN did. The Post has published copies of the original redacted documents as webpage-embedded PDFs, too. From their story:

Overall, Zatko wrote in a February analysis for the company attached as an exhibit to the SEC complaint, “Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko’s complaint says strong security should have been much more important to Twitter, which holds vast amounts of sensitive personal data about users. Twitter has the email addresses and phone numbers of many public figures, as well as dissidents who communicate over the service at great personal risk.

Remember too that Twitter DMs are not end-to-end encrypted. They are stored on Twitter’s servers in a form that Twitter can read. The phone numbers and email addresses of anonymous dissidents are very sensitive, but I’d argue that the contents of DMs are the most sensitive information Twitter holds.

You should never put anything in a Twitter DM that you wouldn’t print on a postcard sent in the mail. But we all do it, to some extent. But without question, many Twitter users put incredibly sensitive information into DMs. (I welcome DMs on Twitter, but if the contents are truly sensitive, I encourage readers to contact me via Signal.)

This month, an ex-Twitter employee was convicted of using his position at the company to spy on Saudi dissidents and government critics, passing their information to a close aide of Crown Prince Mohammed bin Salman in exchange for cash and gifts.

Zatko’s complaint says he believed the Indian government had forced Twitter to put one of its agents on the payroll, with access to user data at a time of intense protests in the country. The complaint said supporting information for that claim has gone to the National Security Division of the Justice Department and the Senate Select Committee on Intelligence. Another person familiar with the matter agreed that the employee was probably an agent.

I don’t think there’s any way to overstate how damning Zatko’s allegations are. He describes a criminally corrupt company and board.

‘Far Out’ – Apple Announced September 7 Event ★

Juli Clover, MacRumors:

For the September 7 event, which is titled “Far Out,” Apple has designed a space-themed Apple logo and a black hole-style experience. Initiating the AR experience puts a black hole in the center of the room, which then shows stars in the shape of an Apple logo as you approach.

The stars continue to coalesce in and out of an Apple logo shape, and you can use pinch gestures to adjust the size of the black hole.

To view the AR experience, open up the Events website on an iPhone or iPad and tap on the Apple logo.

One possible reading of the “Far Out” theme is that they’ll be previewing a product — the AR/VR headset — that isn’t coming until next year, like when they pre-announced Apple Watch in September 2014. Or perhaps, as often seems to be the case, the “Far Out” name is just a name and signifies nothing.

Update: Also worth noting: the event is scheduled to be held in the Steve Jobs Theater. (To be pedantic, the invitation says at the Steve Jobs Theater, not in, but if they were holding the media event outside, like the WWDC keynote, I’m pretty sure they’d say the event was at Apple Park, not Steve Jobs Theater. WWDC media invitations made no mention of Steve Jobs Theater, even though the hands-on area was held in the theater’s upstairs atrium.) Attendees must provide proof of a negative COVID-19 test, but otherwise, it sounds like Apple’s events are going back to normal. Or perhaps we’re beginning the new “normal” — I wouldn’t be surprised if more of the event is prerecorded than performed live on stage.

Ex-Twitter Security Chief Peiter ‘Mudge’ Zatko Files Blockbuster Whistleblower Report Over the Platform’s Security ★

Donie O’Sullivan, Clare Duffy and Brian Fung, reporting for CNN Business yesterday:

The disclosure, sent last month to Congress and federal agencies, paints a picture of a chaotic and reckless environment at a mismanaged company that allows too many of its staff access to the platform’s central controls and most sensitive information without adequate oversight. It also alleges that some of the company’s senior-most executives have been trying to cover up Twitter’s serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.

The whistleblower, who has agreed to be publicly identified, is Peiter “Mudge” Zatko, who was previously the company’s head of security, reporting directly to the CEO. Zatko further alleges that Twitter’s leadership has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns. The whistleblower also alleges Twitter does not reliably delete users’ data after they cancel their accounts, in some cases because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to. Bots have recently become central to Elon Musk’s attempts to back out of a $44 billion deal to buy the company (although Twitter denies Musk’s claims). [...]

John Tye, founder of Whistleblower Aid and Zatko’s lawyer, told CNN that Zatko has not been in contact with Musk, and said Zatko began the whistleblower process before there was any indication of Musk’s involvement with Twitter.

Zatko was fired from Twitter in January this year “for ineffective leadership and poor performance”, in the words of a Twitter spokesperson. CNN’s report is very long, and worth reading in full. If even partially true, what Zatko is alleging is extremely alarming.

One point seems clear: even if Zatko has not been in contact with Elon Musk — and I don’t see any reason to doubt Zatko’s lawyer’s clear statement that he has not — that doesn’t mean Musk hasn’t been made aware of Zatko’s whistleblower report. Anyone inside Twitter aware of Zatko’s concerns could have leaked them to Musk. Jack Dorsey, for example, personally hired Zatko and was CEO until just a few weeks before Zatko’s firing. Musk’s allegations about Twitter misreporting bot activity might be fully legitimate, not an empty pretext for backing out of his acquisition.