Especially if you worry about the code delivery mechanism. I would really like binary transparency to ameliorate this.
04.03.2026 20:43
๐ 0
๐ 0
๐ฌ 0
๐ 0
Especially if you worry about the code delivery mechanism. I would really like binary transparency to ameliorate this.
Not thoughtfully considering abuse in your system designs is how you piss your users and regulators off and then you don't get to have a system any more. Reading that as me being pro-surveillance-system is baffling me.
Yep, and I'm baffled as to the connection. I literally have a PhD in cryptography and have spent a lot of years designing and building end to end encrypted systems of various sorts. I've *also* spent a lot of time dealing with how people abuse a lot of systems.
Just checking: did you read the rest of what I posted?
What an interesting reading of what I said!
(For the avoidance of doubt: I've personally designed (with other people) multiple E2EE systems, at least one of which you might well have used. I use E2EE messengers heavily. I've also dealt with a lot of people abusing systems I was responsible for.)
When you're building a system where people interact with each other the tradeoffs are complex and planning for abuse requires careful consideration. But yes, you *must* consider types of abuse that aren't reported. Maybe the answer is looking at metadata or something else, but E2EE isn't a panacea.
I'm not speaking to this specific situation, but there are two types of abuse: the kind people tell you about (e.g spam, most types of harassment) and the kind people don't tell you about (e.g. CSAM, planning a genocide and I wish that wasn't real-life example).
You need to consider both.
In the Magic Quadrant!
I, too, like to complain about recurring security problems on the interwebs! They seem fun, maybe I'll run into them at a thing someday
Are you selling a security product? Can you please do us both a favor and just tell me what it is? Just explain literally what it does and how.
Risky Business was kind enough to start a catalogue with useful descriptions for their advertisers, but can we please normalize this?
risky.biz/catalog/
... Or if you're thinking about getting into a better world without some group of people, then there's a word for that and you should absolutely rethink this plan and go back to "dehumanization is bad".
People are people. Even if you disagree with them, even if they're confusing to you, even if they hurt you. If you watch people doing this, you can see them ripping out part of their soul.
We aren't getting into a better world without *all* of us getting there.
My child has learned that when they yell "are you awake?" late at night the answer is "yes".
As an electric car driver: holy crow that sounds like a terrible electric car. That also doesn't sound normal. At all. That battery is trashed.
Thank you for solving a mystery for me
I also appreciate the "please tell me what doctor said that because it's so stupid and dangerous I'm going to go fight them".
(One from a few years ago was the allergist who both refused epi pens and told me to eat what I reacted to. The second allergist said I just "needed more confidence".)
I too, have open questions for Lea.
Would certainly hope not! I got more context once I scrolled back further (it was split across multiple posts and Bluesky orders in reverse chronological).
Being willing to look stupid is a superpower
Dashboards are a curation of sharing information, not the choice on collecting it, which may be made differently.
(And in the case of information about people is way more complicated)
bsky.app/profile/leak...
I swear I have something I want people to do when they read the post! I want people to think through that question when they share information.
Honestly, good dashboards have helped me get so much done, especially wrangling an entire company at once.
This is my biggest pet peeve about dashboards: what is someone going to *do* when they get this information? If it's "be informed" that's the same as saying "nothing" and why did you even bother?
Screenshot of a text message: Phone rings. Answer. "And if she asks for more wipes, I don't know what to say. Oh. Hello. Hi, I'm looking for the Chief Information Officer of Lacework?" Me: "I honestly don't know what to say. This is the wrong number for that."
I have no idea what this person wanted when they called my spouse, but if they ask me for more wipes I also do not know what to say.
Not trying to shame the vendor so I left out more identifying statistics.
Purple gradient paper with yellow box, blue caution sign, and text "Breach Reduce likelihood of beach to 5% With automated IAM"
A security vendor sent me a pile of paper with many statistics where [citation needed]. For instance.... Why does automating IAM reduce the likelihood of a breach to 5%? From what? And how is that independent from, say, use of passkeys or auto-escaping templates?
The other masechot and the Yerushelami are on the overflow table ๐
I can't find the original artist anymore, but looks like this
www.amazon.com/dp/B09XGS7DV...
The pink-ish background watercolor is a golem named Emmett (which is a pun) who has a security blanket. Also a pun.
There's a very cool piece of Twitter artwork.
The turtle is a gift from a coworker in the Bangalore office.