Tom Ritter

@TomRittervg

Crypto, Privacy, Pseudonymity & Anonymity, @ Mozilla

Joined November 2008

Tweets

You blocked @TomRittervg

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @TomRittervg

  1. Retweeted
    Sep 19

    We saw this coming, and here it is. Endless trapdoors ahead: data inaccuracies, intentional gaming, constant intimate surveillance 24/7, data breaches that will be infinitely worse, &c...

    Show this thread
    Undo
  2. Sep 17

    Some lessons are learned $1.99 at a time.

    Undo
  3. Sep 17

    Benevolent Dictator For Life is a horrible OSS practice and needs to be dropped entirely.

    Undo
  4. Sep 15

    Does anyone have suggestions for a Desktop app that does facial recognition locally; like Picasa used to? I found FotoBounce, but it's retiring next month!

    Undo
  5. Retweeted
    Sep 14

    The other interesting thing: Both the Samsung Shannon baseband and the Intel ICE baseband seem to be gaining fake cell detection (IMSI catcher countermeasures). Looks like detected rogue cells might even be reported back to AAPL through AWD.

    Undo
  6. Retweeted
    Sep 11

    Found a web server that set its Server: HTTP header to the EICAR anti-virus test string. When accessed over unencrypted HTTP, on-path IDS's trigger alerts. Had to waste half an hour dealing with the IT department. Hilarious...

    Undo
  7. Sep 11

    Mozilla needs a PM for Privacy and Security Features: That'd include Anti Tracking, and down the road probably Tor too.

    Undo
  8. Sep 7

    Arguably this is an invasion of privacy by obviously and trivially exposing 'Private' information to anyone who wants to search for for you by email. Arguably this is my fault, I should have assumed that of course a service that has Followers and a Social Network would do this.

    Show this thread
    Undo
  9. Sep 7

    Second hate: Signed up for service with no identifying info, but real email (which is labeled 'Private' in their UI). Surprise, people who give service access to their contacts can locate me by email.

    Show this thread
    Undo
  10. Sep 7

    Privacy isn't always about hiding. Privacy is about being in control: choosing who gets to see what about you. Some of the most public 'influencers', with tens or hundreds of thousands of followers sharing gross amounts of their days, have very private parts of their lives.

    Show this thread
    Undo
  11. Sep 7

    Current hate: apps that punish you by hiding others' public data when you choose to make your data private. "Activity Status: Allow accounts ... to see when you were last active. When this is turned off, you won't be able to see the activity status of other accounts."

    Show this thread
    Undo
  12. Retweeted
    Sep 6

    Security researchers have used a DNS spoofing attack based on IP fragmentation () to circumvent domain validation at several (yet-to-be-named) certificate authorities:

    Undo
  13. Retweeted
    Sep 6
    Undo
  14. Retweeted
    Sep 4

    Excellent write-up for 2018 by one of our big winners : If you want to try it out, our server is still up!

    Undo
  15. Retweeted
    Sep 3

    Authorities say the fire lasted for six hours, causing irreparable damage. To put it bluntly: it's all gone. A meteorite, that can sustain incredibly high temperatures, was found intact. But other than that, there are apparently no other pieces left

    Show this thread
    Undo
  16. Retweeted
    Aug 30

    Russia’s requests to Interpol for Red Notices—the closest instrument to an international arrest warrant—against Kremlin opponents are being met with increasing deference by the Department of Homeland Security. |

    Undo
  17. Aug 31

    The incentives were all the same generally: build it fast, drive adoption, don't directly plan for bad actors.

    Show this thread
    Undo
  18. Aug 31

    The same is true of the web. SQL Injection and XSS are layering violations. BGP hijacking, CSRF and hotlinking (which is now a security concern and has led to From-Origin/CORP) were early unauthenticated design decisions. Phishing from passwords as bearer tokens.

    Show this thread
    Undo
  19. Aug 30

    I'm not usually a podcast guy but I'd listen the shit out of this

    Undo
  20. Retweeted
    Aug 10

    If you want to beta test opportunistic onion and are a Cloudflare customer, you can sign up for the beta at onion-beta@cloudflare.com.

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·