Tom Ritter

@TomRittervg

Crypto, Privacy, Pseudonymity & Anonymity, @ Mozilla

ritter.vg
Joined November 2008
127 Photos and videos Photos and videos

Tweets

You blocked @TomRittervg

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @TomRittervg

  1. Retweeted
    Sep 19

    We saw this coming, and here it is. Endless trapdoors ahead: data inaccuracies, intentional gaming, constant intimate surveillance 24/7, data breaches that will be infinitely worse, &c...

    John Hancock, one of the oldest and largest North American life insurers, will stop underwriting traditional life insurance and instead sell only interactive policies that track fitness and health data through wearable devices
    66 replies 1,808 retweets 2,348 likes
    Show this thread
    Show this thread
    Undo
  2. Sep 17

    Some lessons are learned $1.99 at a time.

    4 likes
    Undo
  3. Sep 17

    Benevolent Dictator For Life is a horrible OSS practice and needs to be dropped entirely.

    1 like
    Undo
  4. Sep 15

    Does anyone have suggestions for a Desktop app that does facial recognition locally; like Picasa used to? I found FotoBounce, but it's retiring next month!

    3 replies 1 like
    Undo
  5. Retweeted
    Sep 14

    The other interesting thing: Both the Samsung Shannon baseband and the Intel ICE baseband seem to be gaining fake cell detection (IMSI catcher countermeasures). Looks like detected rogue cells might even be reported back to AAPL through AWD.

    5 replies 39 retweets 89 likes
    Undo
  6. Retweeted
    Sep 11

    Found a web server that set its Server: HTTP header to the EICAR anti-virus test string. When accessed over unencrypted HTTP, on-path IDS's trigger alerts. Had to waste half an hour dealing with the IT department. Hilarious...

    22 retweets 64 likes
    Undo
  7. Sep 11

    Mozilla needs a PM for Privacy and Security Features: That'd include Anti Tracking, and down the road probably Tor too.

    14 retweets 12 likes
    Undo
  8. Sep 7

    Arguably this is an invasion of privacy by obviously and trivially exposing 'Private' information to anyone who wants to search for for you by email. Arguably this is my fault, I should have assumed that of course a service that has Followers and a Social Network would do this.

    1 like
    Show this thread
    Show this thread
    Undo
  9. Sep 7

    Second hate: Signed up for service with no identifying info, but real email (which is labeled 'Private' in their UI). Surprise, people who give service access to their contacts can locate me by email.

    1 reply 1 retweet 2 likes
    Show this thread
    Show this thread
    Undo
  10. Sep 7

    Privacy isn't always about hiding. Privacy is about being in control: choosing who gets to see what about you. Some of the most public 'influencers', with tens or hundreds of thousands of followers sharing gross amounts of their days, have very private parts of their lives.

    3 likes
    Show this thread
    Show this thread
    Undo
  11. Sep 7

    Current hate: apps that punish you by hiding others' public data when you choose to make your data private. "Activity Status: Allow accounts ... to see when you were last active. When this is turned off, you won't be able to see the activity status of other accounts."

    1 reply
    Show this thread
    Show this thread
    Undo
  12. Retweeted
    Sep 6

    Security researchers have used a DNS spoofing attack based on IP fragmentation () to circumvent domain validation at several (yet-to-be-named) certificate authorities:

    1 reply 81 retweets 135 likes
    Undo
  13. Retweeted
    Sep 6

    2 replies 83 retweets 206 likes
    Undo
  14. Retweeted
    Sep 4

    Excellent write-up for 2018 by one of our big winners : If you want to try it out, our server is still up!

    3 replies 18 retweets 20 likes
    Undo
  15. Retweeted
    Sep 3

    Authorities say the fire lasted for six hours, causing irreparable damage. To put it bluntly: it's all gone. A meteorite, that can sustain incredibly high temperatures, was found intact. But other than that, there are apparently no other pieces left

    5 replies 301 retweets 491 likes
    Show this thread
    Show this thread
    Undo
  16. Retweeted
    Aug 30

    Russia’s requests to Interpol for Red Notices—the closest instrument to an international arrest warrant—against Kremlin opponents are being met with increasing deference by the Department of Homeland Security. |

    80 replies 1,014 retweets 694 likes
    Undo
  17. Aug 31

    The incentives were all the same generally: build it fast, drive adoption, don't directly plan for bad actors.

    1 reply 4 retweets 13 likes
    Show this thread
    Show this thread
    Undo
  18. Aug 31

    The same is true of the web. SQL Injection and XSS are layering violations. BGP hijacking, CSRF and hotlinking (which is now a security concern and has led to From-Origin/CORP) were early unauthenticated design decisions. Phishing from passwords as bearer tokens.

    The root cause of the pervasive insecurity in IT are not individual bugs. They are design decisions driven by organisationally and economically misaligned incentives. Thinking that the patching of a single bug matters misunderstands the reality.
    Show this thread
    1 reply 6 retweets 24 likes
    Show this thread
    Show this thread
    Undo
  19. Aug 30

    I'm not usually a podcast guy but I'd listen the shit out of this

    Idea: hour-long program where interviews Daniel Kahn Gillmor for 30 minutes and then vice versa
    3 likes
    Undo
  20. Retweeted
    Aug 10

    If you want to beta test opportunistic onion and are a Cloudflare customer, you can sign up for the beta at onion-beta@cloudflare.com.

    4 replies 13 retweets 17 likes
    Show this thread
    Show this thread
    Undo

@TomRittervg hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·