This Twitter account was used for my privacy/security research and open source projects. After pushing me out of the company, they dedicated legal resources to convincing Twitter to hand over the account to them as part of covering up what happening and trying to steal my work.
Conversation
github.com/AndroidHardeni is where the currently active projects are located. I'm slowing reviving more of what I had going before. A subset of the old OS code is at github.com/AndroidHardeni and you can see those are all the original repositories with the original forks / stars.
1
1
2
I wish I could easily contact everyone from before and let them know what's happened. I posted a bit about the current ongoing issues in the past day rather than my usual posts about my work. That's why they're posting this nonsense filler as part of pretending it's all fine.
1
2
Replying to
I am truly sorry to hear what has happened to you. This sounds unreasonably unfair. To be honest, looks incredibly dull and quiet right now. I'm not really sure I want/will trust them since I think you were the main tech lead of the project.
1
They seem to haven't made major new features (security related or otherwise) and the product looks quite stalled from this end. At least, that's how I see it from their social media communication.
1
They're lying about keeping up with security updates by the way. They're slowing merging the AOSP security updates which do not provide full security updates alone. Pixels only receive full security updates via Android 9 and they've failed to migrate to keep providing them.
1
2
2
Android 9 has substantial privacy and security improvements. It's far better to be using Android 9 with those improvements and full security updates, rather than Android 8 with a subset of my past hardening work without proper maintenance and meaningful continued development.
1
1
2
Some devices have full security updates for Android 8. Pixels have moved on to Android 9 and aren't among those. Device-specific security updates covering half the issues in security bulletins are only released for Android 9 and Copperhead is NOT providing full security updates.
1
1
2
They don't have privacy or security experts working for them. It makes absolutely no sense to use a small subset of my past hardening work without the basics like full Android security updates and the current set of baseline privacy and security features provided by Android 9.
1
1
2
It wouldn't even make sense to port most past work to AOSP 9. Lots is provided by the baseline OS in some form and only needs smaller adjustments. Other portions need to be rewritten / redesigned due to changes. Many features can be done much better based on what was learned too.
1
1
1
The value of the past work is not the code that was written. The value is the knowledge and experience gained from the research and engineering work that was done. It's a changing landscape and there's not much that can or should be directly applied the way it was done before.
github.com/AndroidHardeni is far superior to my past work on allocator hardening. It builds on the lessons learned from different allocators and my own experiments. It can also take full advantage of features like a 64-bit address space and soon memory tagging which weren't around.
1
1
2
I genuinely can't judge at a tech level what you're saying but I do agree on many points you raised. If it's all true then it means they lost their valuable asset; your knowledge. And without a good replacement the company may not last.
1
Show replies