Click to Follow saurik

Jay Freeman (saurik)

@saurik

I developed Cydia for jailbroken iOS devices and am now (theoretically) in charge of technology for

@OrchidProtocol

; I am also a local politician in California.

EntrepreneurIsla Vista, CAsaurik.comJoined May 2007

139 Following

440.9K Followers

Jay Freeman (saurik)’s Tweets

Jay Freeman (saurik)

@saurik

Sep 2, 2022

I was surprised that using "saurik" in a prompt causes #StableDiffusion to dream a person eerily similar to me--the second slide in my talk was sampled from "black and white profile photo of saurik holding a violin"--but it seems they trained on numerous screenshots of my tweets!

read image description

ALT

read image description

ALT

While it was fun to keep my captive live audience in the dark--I had people asking "what language is that?" and second-guessing their memory of prior years--for here I may as well be clear: with only a single exception, every slide in my talk was generated using #StableDiffusion.

image synthesized by stable diffusion using the text prompt "welcome to the latent dystopia". result is a post-apocalyptic cityscape with a title: "welccmme lalttaint dastiovia" (though in two places one could interpret the letter as an N ligature). at the bottom is written "wecl thea thegoptm" in a smaller font.

read image description

ALT

image synthesized by stable diffusion using the text prompt "hawaiian speaker with stubble at conference giving an angry lecture wearing a pirate hat and outfit". result is a speaker at a podium, only... he has a long, thick beard and is wearing a hawaiian shirt with a cross between a clown and pirate hat down over his eyes. the speaker does look sufficiently angry.

read image description

ALT

The event's organizer--

@jwilker

, now a science fiction author--always put me on the schedule with a placeholder title such as "Jay says things", allowing me to present highly-topical and audience-driven content, using callbacks to other talks and nigh unto bait-and-switch twists.

a screenshot of the schedule from 360idev.com, showing the slot 3:15-4:00pm in the colorado ballroom as merely "jay says things" by jay freeman, showing a photo of jay but no abstract.

read image description

ALT

This week, I gave a talk at the (very sadly) *last ever* @360iDev--my favorite conference <3--called "Welcome to the Latent Dystopia", wherein I took a (shallow) look at moral/legal questions raised by AI synthesis tools, such as DALL-E and GitHub Copilot.

youtube.com

Welcome to the Latent Dystopia @ 360|iDev 2022

211

As an interesting contrast,

@optimismPBC

released their official postmortem of the bug this morning, along with their understanding of the cause (which I will note is very different from the engineering methodology and process issue I focus on in my talk).

github.com

optimism/technical-documents/postmortems/2022-02-02-inflation-vuln.md at master · ethereum-optimi...

Optimism is Ethereum, scaled. Contribute to ethereum-optimism/optimism development by creating an account on GitHub.

Note: the audience for that recording was the final day of an Intro to CS class, and so it is somewhat a culmination of our earlier discussion; in particular, I view my talk on Unbridled Optimism as an update to this other lecture I often give on security.

youtube.com

Bag of Hacks @ UCSB CCS W2022

I had tech issues at #ETHDenver2022 that affected my talk on Unbridled Optimism (the Ethereum L2 bug I reported last month); but, last night, I gave a much more complete version at a UCSB course I co-facilitate! ...though (sorry) the audio quality is poor.

youtube.com

Attacking an Ethereum L2 with Unbridled Optimism @ UCSB CCS W2022

166

As an interesting contrast,

@optimismPBC

github.com

optimism/technical-documents/postmortems/2022-02-02-inflation-vuln.md at master · ethereum-optimi...

Optimism is Ethereum, scaled. Contribute to ethereum-optimism/optimism development by creating an account on GitHub.

Bag of Hacks @ UCSB CCS W2022

Attacking an Ethereum L2 with Unbridled Optimism @ UCSB CCS W2022

I'd missed the confirmation of this on Thursday, but

@bobanetwork

had decided to additionally extend to me their (maximum) $100k bug bounty payout, making the total reward for my Ethereum L2 bug--"Unbridled Optimism"--$2,100,042! (...I think this might actually set a new record?)

Quote Tweet

Boba Network

@bobanetwork

Feb 11, 2022

Hey #Bobarians! In appreciation for @saurik’s deep detective work on this critical vulnerability, we have offered him the maximum amount in our bug bounty program #WAGMI $BOBA #L222 twitter.com/bobanetwork/st…

255

I will be giving a talk about the bug at

@EthereumDenver

, Friday, February 18th: 9:40am MST on the Infinity Stage. My talk will be live-streamed, presumably to the #ETHDenver YouTube channel: youtube.com/c/ETHDenver Look out for "Attacking an Ethereum L2 with Unbridled Optimism"!

youtube.com

ETHDenver

ETHDenver is the world’s largest annual web3 #BUIDLathon and Innovation Festival. ETHDenver 2023 took place in-person Feb 24 - March 5 in Denver, Colorado, USA. We welcomed 48,000 in-personblockcha...

665

Last week, I discovered (and reported) a critical bug (which has been fully patched) in

@optimismPBC

(a "layer 2 scaling solution" for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty.

saurik.com

Attacking an Ethereum L2 with Unbridled Optimism

227

1,185

5,891

Amazingly, the bugs continue: after I gave up and went to sleep, the two transfers I then had "PENDING" were both "CANCELLED" at the same time with the reason "The transaction fee has expired."... but these failed transfers are still counting against my daily withdrawal limit :/.

(Before I decided to tweet, one of my transactions ended up failing after *10 hours*, with an extremely low-level looking e-mail that had the error message "Pro/Prime send money failed!". google.com/search?q=%22pr Attempting to retry the transaction put it in the same state again.)

FWIW, this apparently has happened to many other users on the

@coinbase

subreddit and most of them report the same SNAFU of your customer support providing incorrect responses in a loop, so this seems to be a systemic issue. google.com/search?q=site% Maybe a postmortem is in order?

Does anyone else find it strange that both Apple and Google not only allow but in fact require privacy policies for apps to be hosted on external websites, meaning that to view an app's privacy policy you must connect to their server and already subject yourself to their logging?

165

949

Jay Freeman (saurik)

@saurik

Mar 3, 2021

In 2016, I ran for 3rd District County Supervisor in Santa Barbara (and lost). I've been told (after) that, had I run for California State Assembly District 37, I might've had institutional support! Some days, I dream about the bills I could've floated ;P.

theverge.com

Arizona advances bill forcing Apple and Google to allow Fortnite-style alternative payment options

Arizona is taking on the App Store.

677

Jay Freeman (saurik)

@saurik

Dec 10, 2020

For more detail, I'll highly recommend reading our complaint: "This lawsuit seeks to open the markets for iOS app distribution and iOS app payment processing to those who wish to compete fairly with Apple, and to recover the enormous damages Apple caused." cache.saurik.com/lawsuit/compla

145

820

Cydia just joined the legal battle against Apple: "A new lawsuit brought by one of Apple's oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant's power."

washingtonpost.com

The ‘app store’ before there was an App Store wants to liberate your iPhone … again

Cydia allowed iPhone owners to install apps before there was ever an App Store. Apple successfully pushed Cydia into oblivion, but the company's founder, Jay Freeman, is fighting back in a new...

105

762

2,899

Regardless, in early September of 2020, I was able to get Facebook to reinstate the Cydia app... though they made it sound tenuous enough that I waited until now--when I'm finally feeling confident-ish--to reactivate the button, in case anyone still has reason to log in to Cydia.

931

In June of 2019, Facebook suspended my Cydia app, removing its access to Facebook login and locking users out of their Cydia accounts, which required a slow (on both sides: Facebook and I each were taking months to respond to the other ;P) back and forth of interrogations to fix.

109

1,047

So yeah: I don't know if anyone else will agree with me that security events should not allow companies using USC Section 1201--or similar laws around the world: the US got this included in a WIPO treaty--to speak at their events, but if so: poke a conference organizer for me? ;P

291

Companies which wish to speak at security events should be required to sign a non-action pledge on USC Section 1201--which isn't even about infringement: it is a potentially-unconstitutional law about "circumventing" controls and "trafficking" in tools--in order to submit a talk.

228

All the while, Apple and its employees show up at conferences like

@BlackHatEvents

and are welcomed with a speaking platform... even as they out-spend companies like Corellium on lawsuits to push judgements that limit the ability to *do* security research.

9to5mac.com

Apple security engineering chief to talk iOS and macOS at Black Hat 2019

Apple security engineering chief to talk iOS and macOS at Black Hat 2019. Here are the topcs that will be covered at this year's event.

211

The reality is that Apple has been so hostile to independent security research that they've lost their edge: exploits for Android now cost more than exploits for iOS, a reversal experts generally credit to Google correctly allowing researchers open access.

wired.com

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Brokers of so-called zero day exploits are paying out more for Android than iOS—which would have been unthinkable until recently.

262

Apple has gone so far in their attempts to downplay security issues that, in a public argument with Google's Project Zero, they attempted to spin an exploit actively being used as part of the oppression of Uyghur Muslims in China as somehow not important?!

arstechnica.com

Apple takes flak for disputing iOS security bombshell dropped by Google

Apple statement alienates the security community when the company needs it most.

206

When

built a tool to detect malware installed on iOS devices, his application was pulled from the App Store; in a post, he noted Apple's notice "basically says: we do not want our users to have the impression iOS could have security holes. go away".

fortune.com

Apple Squashes App That Tells You If Your iPhone Was Hacked

And its developer isn't pleased.

302

Apple claims to "recognize the critical role that members of the security research community play in Apple’s efforts to ensure its devices contain the most secure software and systems available", and yet they routinely ignore advice and downplay issues :(.

threatpost.com

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

Project Zero researcher highlights stubborn iOS bugs as an example of why Apple and the rest of the industry needs to take a fresh approach to securing systems.

172

What Apple does is cultivate a "chilling effect" on certain kinds of research: when

@0xcharlie

showed how easy it was to slip exploit code through iOS App Store review, he was banned from the Apple Developer program, so others would be too scared to probe.

forbes.com

Apple Exiles A Security Researcher From Its Developer Program For Proof-of-Concept Exploit App

Apple just sent a clear message to malicious hackers and security researchers alike: Keep your hands off the App Store. Just hours after security researcher Charlie Miller told me about a new,...

296

Apple continues to insist they have "never pursued legal action against a security researcher"... but they *have* used the DMCA to take down research and even mere discussion of their platforms; the EFF once had to *file a lawsuit* to get them to back off!

eff.org

Apple Backs Down On Bluwiki Threats

Apple has retracted its legal threats against public wiki hosting site Bluwiki, and, in response, EFF is dismissing its lawsuit against Apple over those threats.The skirmish involved a set of

190

(This is a place where I take particular issue: I know many people who believe in "responsible disclosure" and I work with many *more* people who believe in "full/simultaneous disclosure"; but I don't actually know any security researchers who consider Apple's model to be moral.)

168

It is ridiculous that Apple insists "good-faith security research" "requires" "responsible disclosure"--a specific model that involves release deadlines--when Apple actually disallows security researchers in their program from using responsible disclosure!

Quote Tweet

Ben Hawkes

@benhawkes

Jul 22, 2020

It looks like we won't be able to use the Apple "Security Research Device" due to the vulnerability disclosure restrictions, which seem specifically designed to exclude Project Zero and other researchers who use a 90 day policy.

Show this thread

237

In its most recent complaint, Apple continues to insist that

@Pwn20wnd

's usage of Corellium's product to help test and more rapidly develop the Unc0ver jailbreak for iOS 12 was an "unlawful end", entirely ignoring the USC Section 1201(f) interop exemption.

Quote Tweet

@Pwn20wnd

Apr 1, 2019

Shoutout to @CorelliumHQ for giving me access to their amazing platform. This means that I will now be able to test unc0ver on any device running any firmware with extended debugging capabilities!

469

This lawsuit is frankly egregious: after discussions to purchase Corellium broke down, suddenly Apple decided to sue them instead; then, as part of the case, Apple has thrown subpoenas far and wide, including at the parent companies of Corellium customers.

forbes.com

Apple Just Demanded Santander And A $50 Billion US Intelligence Contractor Reveal How They Use...

Despite Santander not being a Corellium customer, Apple demands documents from the bank about its use of the iPhone-tinkering tech. It’s also calling on one of the biggest government contractors in...

188

Which should remind all of us of another lawsuit currently ongoing with Apple: their attempt to crush

@CorelliumHQ

, the company which launched an iPhone virtualization service to enable security research without jailbreaks and automate testing of iOS apps.

arstechnica.com

Apple targets jailbreaking in lawsuit against iOS virtualization company

Corellium responds, says Apple is "demonizing" jailbreaking with new DMCA claim.

112

598

What makes Epic Games--and its founder,

@TimSweeneyEpic

--as "our champion" vs. Apple so exciting is they have the cash and the will to see this through; fighting Apple is almost impossible for most of us, as you need money for lawyers and expert witnesses.

wsj.com

Epic Games’ Founder Tim Sweeney Is Fighting Apple, Google. He’s Been Preparing for Years.

The removal of “Fortnite” from the App Store and Google Play has become a flashpoint in a long battle between app developers and the tech giants.

244

(Meanwhile, Apple's insistence on getting "their cut" of all sales made on their hardware is fundamentally incompatible with a future of decentralized applications and anonymous money: the supposedly "pro-privacy" Apple has gone to war with these efforts.) twitter.com/brian_armstron

This Tweet is unavailable.

191

(Oh, and before anyone tries to claim you can sideload applications using Apple's "free development" profiles, they have consistently worked to limit and cripple these mechanisms; in particular, you can't use this to sideload "network extensions", so Apple can entirely ban VPNs.)

214

(By setting themselves up as the centralized curation point of applications on all of their hardware, Apple has enabled countries like China to trivially ban the existence of any software they want, whether it be VPNs or applications to organize protests.)

theverge.com

Apple removes Quartz news app from the Chinese App Store over Hong Kong coverage

Quartz says its website has also been banned in mainland China

203

Show this thread