HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Ex-Twitter engineer tells...

Tue Jan 24, 2023, 02:27 PM

Ex-Twitter engineer tells FTC security violations persist after Musk

Source: Washington Post

A new Twitter whistleblower has emerged, supporting last year’s surprising testimony about the dismal state of the company’s privacy protections and saying the company continues to violate its legal obligations under new owner Elon Musk.

The former employee has told members of Congress and staff at the Federal Trade Commission that any Twitter engineer can activate an internal program until recently called “GodMode” and tweet from any account today, three months after Musk’s takeover.

The allegation was also made in a complaint filed in October by the nonprofit law firm Whistleblower Aid with the FTC, which is continuing to interview former employees. A congressional staffer shared the complaint with The Washington Post.

The company’s current head of trust and safety, Ella Irwin, did not respond to an email seeking comment on the new claims. Parag Agrawal, the chief executive for a year before Musk fired him in October, did not respond to a Twitter message seeking comment.

-snip-

Read more: https://www.washingtonpost.com/technology/2023/01/24/whistleblower-twtter-ftc-settlement/

9 replies, 1096 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 9 replies Author Time Post
Reply Ex-Twitter engineer tells FTC security violations persist after Musk (Original post)
highplainsdem Jan 24 OP
FredGarvin Jan 24 #1
crickets Jan 24 #2
rickford66 Jan 24 #3
zipplewrath Jan 24 #4
NullTuples Jan 25 #5
rickford66 Jan 25 #6
NullTuples Jan 25 #7
rickford66 Jan 25 #8
NullTuples Jan 25 #9

Response to highplainsdem (Original post)

Tue Jan 24, 2023, 02:39 PM

1. His manipulations are OK

Because he's rich

Reply to this post

Back to top Alert abuse Link here Permalink


Response to highplainsdem (Original post)

Tue Jan 24, 2023, 03:10 PM

2. No paywall link:

https://archive.ph/Yl7s8

The whistleblower has come forward because of last year's testimony by Peiter Zatko, former Twitter security head.

Former security chief claims Twitter buried ‘egregious deficiencies’
https://www.washingtonpost.com/technology/interactive/2022/twitter-whistleblower-sec-spam/
https://archive.ph/oP6Kz

Reply to this post

Back to top Alert abuse Link here Permalink


Response to highplainsdem (Original post)

Tue Jan 24, 2023, 03:12 PM

3. Most S/W has some form of God Mode

Left over from development and testing. It may be disabled at some point but some code could be left for one reason or another.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #3)

Tue Jan 24, 2023, 04:38 PM

4. Joshua? (nt)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #3)

Wed Jan 25, 2023, 01:00 AM

5. The question is, why has it not been disabled?

(the answer is likely, "the people who knew how where to do so have long since been fired"

Reply to this post

Back to top Alert abuse Link here Permalink


Response to NullTuples (Reply #5)

Wed Jan 25, 2023, 07:31 AM

6. Probably left in for debugging

With a large s/w program, having almost infinite combinations of inputs, I'm sure there are almost daily fixes needed.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #6)

Wed Jan 25, 2023, 10:23 AM

7. Or as I understand of the code base, many s/w systems, any one of which could have the debug code

in question, tucked away in some not-fully-documented corner? Just the list of languages Twitter cobbled together is impressive, even after subtracting the ones that I assume are used for infra. I sometimes wonder if this is the downfall (for corporations) of user-driven change management (think: git) vs old school centralized, which acted sort of like HR really does, to protect the company's interests.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to NullTuples (Reply #7)

Wed Jan 25, 2023, 10:41 AM

8. Also, different versions of these are probably on every server.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #8)

Wed Jan 25, 2023, 02:39 PM

9. Oh, now that's just nasty.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread