Moved to [email protected] @CiPHPerCoder
https://t.co/4n4IHTDwwL infosec.exchange/@scottarc United States Joined February 2016-
Tweets38K
-
Followers5K
-
Following473
-
Likes27K
Daily reminder, keep your PHP projects updated right in CI: > composer outdated --direct --major-only --strict
#PHP By Unanimous vote, the #PHP Core has voted for the following. (among other things) Extend release cycle to 4 years: - 2 years of bug fixes - 2 years of security fixes wiki.php.net/rfc/release_cy… #w00t!
Something I would love to see in @github Action, and all other CI systems: the ability to sign assets + metadata representing the environment used build them, USING THE CI SECRET KEY (not a key provided by users who have full control over the CI scripts).
The reason why it’s K8s is because Kubernetes has 8 letters between K and S. If you call it K8, you’re referring to a Kubernete. Thank you for coming to my TED talk
The description the NVD published CVE-2024-33851 is unfortunately misleading. See the note at the top of github.com/paragonie/phpe… for specific details.
One of my favourite "I can't believe we don't know how to prove that" questions: Is pi^pi^pi^pi an integer?
@binitamshah IMO as co-founder of CVE back in 1999, this paper appears to have significant flaws that other knowledgeable CVE consumers or producers can point out if they wish. I doubt that its findings can be scaled. /cc @attritionorg ur welcome for the nerd snipe, I don't have the energy
A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:…
I have been trying to make sense of the recent proposed quantum algorithm for Learning-With-Errors, and what it means in practice. To do so I have created a document where I put my thoughts. Some may disagree with these thoughts, some may agree.... nigelsmart.github.io/LWE.html
Open Source Cryptography Workshop 2024 videos and slides are posted: opensourcecryptowork.shop/2024/ Talks by @_franziskus_ , @durumcrustulum , @SchmiegSophie, @NinaBindel, @armfazh, @leontiad, @thibmeu, @8x5clPW2, et al.
“How to Hold KEMs” by @durumcrustulum : durumcrustulum.com/2024/02/24/how…
Avoid the sharp edges of cloud cryptography services within @awscloud with our do’s and don’ts on using CloudHSM, KMS, and others. buff.ly/49tNdgm
elfconv: AOT compiler for translating Linux/aarch64 ELF → LLVM bitcode → WASM By my colleague @ming_rrr medium.com/nttlabs/elfcon…
words.filippo.io/dispatches/see… #PasswordsCon folks may be interested in this
If you use Unfinalize to remove the final qualifier on a method so you can override it in your code, I only ask that you disclose this decision whenever you file a GitHub issue upstream to a relevant codebase.
SwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.
@[email protected].. @Ocramius
20K Followers 1K Following Consultant for @RoaveTeam, @getlaminas team. I'm a tad blunt, but I mean no harm. Making unpopular decisions, so you don't have to. Daily curse of @_nyunyu_.
Matthew Green @matthew_d_green
143K Followers 1K Following I teach cryptography at Johns Hopkins. Mastodon at [email protected] and BlueSky at https://t.co/GI4QlxYTdk.
Filippo Valsorda @fil.. @FiloSottile
49K Followers 508 Following Cryptogopher / Go crypto maintainer / @kateconger-knower / RC F'13, F2'17 / #BlackLivesMatter / he+him https://t.co/ZE4RtJ1xqD / https://t.co/qfth7zr00W / https://t.co/j1grpEm8uR
snipe ★☆☆☆☆.. @snipeyhead
39K Followers 18K Following CEO of Grokability, lead dev @snipeitapp. #FOSS #infosec #appsec. Fuck Phony Stark. 🐘: @[email protected] 🌎: https://t.co/mmLDifOkdw 🌎: https://t.co/8JU0jeMmKM
Cybergibbons 🚲🚲.. @cybergibbons
49K Followers 3K Following Head of hardware. IoT hacker. Alpha Male.
ⵙⵢⴼ ☭ 🐘 �.. @azjezz
825 Followers 471 Following senior software engineer @bumble, previously at @coopTilleuls, and @symfony. 39AC CCA4 FD30 0D04 C840 6EB3 B00E 0A46 B3F1 C157
lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3
kennyog @kennyog
8K Followers 2K Following Professor of Computer Science at ETH Zurich. Views my own. Apparently in a semi-religious crypto/privacy cult. Join us! He/him.
Lesley Carhart @hacks4pancakes
168K Followers 7K Following ICS DFIR @dragosinc, martial artist, marksman, humanist, Lvl14 Neutral Good rogue, USAF Ret. Tweet *very serious* things about infosec. Thoughts mine. They/them
Lars Moelleken @suckup_de
3K Followers 5K Following Developer & Sysadmin | egrep '#php|#js|#html|#css|#linux'
Moose @LitMoose
39K Followers 5K Following DFIR | Violinist | Former medical/vet tech | I work for everyone and no one. Infosec retellings obfuscated. Salty and tired. Also Litmoose on BlueSky
Paul Dragoonis @dr4goonis
5K Followers 3K Following 🏴 Principal Engineer / CTO | Open Source Leader | Public Speaker | I'm part of @official_php, @phpfig, @scotlandphp, @jenkinsci, @CDeliveryFdn
DangGoRo @DangGoRo123
14 Followers 184 Following
Yasin Arafat Tanim @yatanim007
7 Followers 313 Following
莉姐 @liyan897
62 Followers 433 Following
😎🧠🆙😈🤑�.. @nerd_cali
160 Followers 3K Following I don’t have a Juris Doctorate and #FuckMBA😆 my CB radio 📻 is FM 108.0, 🦠 any, Munich is cool 🆒 but Netherlands 🇳🇱 is better 4 ai porn crypto #DATACENTERS
spence @spencercreasey
316 Followers 1K Following building something new. previously @doordash, @stripe, @lyft. speciesist. preparing for the singularity.
A Giant Meteor @votegiantmeteor
2K Followers 2K Following Giant flaming meteor, extinction-level event, 2024 presidential candidate, probably your best option. Unspecified political parody.
LB🔥IceFireLabs @lb_icefirelabs
336 Followers 4K Following Cloud Native|Blockchain|Security Practitioner, Web3.0 Ecological Research and Builder,Founder of @IceFireLabs
Right Click Technolog.. @RightClickTech3
120 Followers 1K Following Purveyors of quality Small Business & Medical IT Solutions. FB https://t.co/QDvD1nq42e
Vargy @vargy__
175 Followers 1K Following Web Developper Back End - Photographer - Passionate with new technologies - Geek & Gamer.
elon musk @elonmuskprivato
383 Followers 3K Following
Daniel Watson @Dan_HypeTalent
1K Followers 4K Following Director @talent_hype | Navigating Web3's Talent Frontier since '17 | Linking Visionaries & Innovators | Uniting Tech & Non-Tech Prowess | Web3 Is The Future 🚀
Knur @knurbel
107 Followers 162 Following Développeur Web autodidacte très intéressé par l'innovation #innovation
Jonathan Bender @postitpasswd
123 Followers 423 Following
9327624430 @ien_malicdem
33 Followers 173 Following
Josep @BadLuckXIII
39 Followers 326 Following
شرف الدين @sharofiddin___
13 Followers 193 Following
Craig L @crlorentzen
79 Followers 191 Following
Caconde @carloscaconde
50 Followers 217 Following
Uchenna @Uchenna1233829
38 Followers 96 Following
unnikuttan @pqckuttan
97 Followers 1K Following
Mansi Shinde @MansiSh23026519
2 Followers 10 Following
USER04725852 @user04725841960
0 Followers 2K Following
Will @WillHleucka
513 Followers 1K Following 🇨🇦 Software dev | Linux aficionado | Hockey fanatic | Father of three | U of Leth alumni | CEO of htmx | 🇺🇦 Слава Україні! #LeafsForever :wq
Justin Cook @jscook2345
272 Followers 309 Following HPC, Go, Python, Cloud, Linux, Automation, Testing, Empathy, Coffee Breaks, Pitbulls
Grayscale @_grayscale_
161 Followers 596 Following Black and white photography, bookmarking activity associated with a book and fiction blog, a little flash fiction and poetry, and snark when called for.
Ankur Ranpariya @Ankur_2005_
19 Followers 146 Following
Armando Gagliardo @ArmandoGagliar7
0 Followers 21 Following
The Workhouse @theworkhouse2
149 Followers 3K Following Launching July || Your new All-In-One recruitment platform. Finding employment made easy for everyone!
Johnson @johnson_whois
3K Followers 5K Following SW Engineer / Apple fan / Broncos fan / BlueCrew / VoteBlue / Resister ProChoice LGBTQ BLM FBR No Lists | My opinions are my own. Go Broncos! He/Him.
@techbrunchfr@infosec.. @TechBrunchFR
2K Followers 897 Following Jack of all trades, master of some. CTO / Pentester @vaadata - Mastodon: @[email protected]
David Asem @128bitcoins
180 Followers 4K Following 🦧 🦍 #NERD #Ai #BTC @AGREinc @defcon #Bitcoin Maxi Fuck You Money #2ADVcoin
Euan Fergusson @euanfergusson
1K Followers 3K Following Web Developer, Cyber Nat, Cyber Security MSc Stoodent, Dad, Well Fan, "SNP commie, Marxist, naughty person"
Money Global01 @MoneyGlobal01
81 Followers 160 Following Hi, welcome to visit out profile here you all kind of free make money survey offer if you want kind this offer then you are on the right https://t.co/RHPHcazCQ4 stay wi
Clipperly @ClipperlyHQ
47 Followers 376 Following Convert, edit or optimize your files online. More than 500 different formats supported among documents, images, archives and more...
Quiet @soundofquiet
2K Followers 5K Following I solve impossible problems with childlike s̶̖̥͊t̸͙̲̊u̷̘̚p̴̟̯̀i̶̤͑̋d̵̡̨́̐i̸̭͚̍̌t̵̠̳̑̏y̶̘̿. Endearingly weird, loud shit with math, envoy. 🏳️⚧️ they/them
Adam Erb @erbal
369 Followers 2K Following Codes? Where we're going we don't need codes. @CashApp/@Blocks. Actually 3 LLMs in a trench coat.
Chebukati @MrChebukatii
76 Followers 315 Following Tech Introvert and Innovator, also Founder & CTO @MyVoteMyKura
SwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.
Ian Coldwater 📦�.. @IanColdwater
106K Followers 1K Following Kubernetes SIG Security co-chair, container escape artist, goose in the mainframe. They/them. Legacy verified. Stay punk 🏴
Matthew Green @matthew_d_green
143K Followers 1K Following I teach cryptography at Johns Hopkins. Mastodon at [email protected] and BlueSky at https://t.co/GI4QlxYTdk.
MalwareTech @MalwareTechBlog
295K Followers 1 Following Not here anymore. Profiles: https://t.co/sFoOuGmYK2
Matthew Garrett (@mjg.. @mjg59
29K Followers 310 Following Not here. Fedi: @[email protected] Bsky: @mjg59.eicar-test-file.zip Signal: @mjg.59 Blog: https://t.co/CVivdtMBWe
Filippo Valsorda @fil.. @FiloSottile
49K Followers 508 Following Cryptogopher / Go crypto maintainer / @kateconger-knower / RC F'13, F2'17 / #BlackLivesMatter / he+him https://t.co/ZE4RtJ1xqD / https://t.co/qfth7zr00W / https://t.co/j1grpEm8uR
isis osiris agora lov.. @isislovecruft
26K Followers 1K Following “the bay area’s only hacker”; “peter pan coded”; former quantum cosmologist. i might be a cryptographer but i'm not your cryptographer 🏳️⚧️🏴 forest dweller
snipe ★☆☆☆☆.. @snipeyhead
39K Followers 18K Following CEO of Grokability, lead dev @snipeitapp. #FOSS #infosec #appsec. Fuck Phony Stark. 🐘: @[email protected] 🌎: https://t.co/mmLDifOkdw 🌎: https://t.co/8JU0jeMmKM
thaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVua
Deirdre Connolly¹ @durumcrustulum
6K Followers 3K Following • 🜗 🝒 🝲 crypto as in 'cryptography' 🝳 🝡 🜖 • ¹ isogenist, co-host @SCWpod, @durumcrustulum.bsky.social
Jordi Boggiano @seldaek
20K Followers 759 Following Co-Founder of @packagist / #ComposerPHP – Head of Engineering at @TeamupCalendar OSS Wishlist: https://t.co/CsTK7iAj1I @[email protected]
asgrim 🇺🇦 @asgrim
6K Followers 405 Following Writing high quality Lambdas with AWS Infinidash. #rust #php #c #java 🐘 https://t.co/CIZAbA2Uqi 🦋 https://t.co/oUgIZRr6wu
Deviant Ollam ツ @deviantollam
46K Followers 1K Following Stalwart defender of Oxford commas, two spaces after a period, and ellipses. Married to @tarah. When they ask how I died, tell them... still happy. (he/they)
Cybergibbons 🚲🚲.. @cybergibbons
49K Followers 3K Following Head of hardware. IoT hacker. Alpha Male.
lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3
daniel:// stenberg:// @bagder
60K Followers 572 Following I do network code and protocols. I write curl. On team @wolfSSL. I don't know anything. @[email protected]
kennyog @kennyog
8K Followers 2K Following Professor of Computer Science at ETH Zurich. Views my own. Apparently in a semi-religious crypto/privacy cult. Join us! He/him.
Alex Stamos @alexstamos
98K Followers 2K Following You can find me at: https://t.co/Enct5hx8bS https://t.co/CuE5u72rhW
Barry Dorrans @blowdart
26K Followers 1K Following language & fx security person at msft. Not speaking on behalf of Microsoft. Not here much at all because, well, everything
Phillip Hallam-Baker .. @hallam
2K Followers 398 Following Web security practitioner since 1992. Named the HTTP Referer field. Expert witness. Architect of the Mathematical Mesh: https://t.co/sE8m8KOtHk. @[email protected].
vixentael 🛡🇺�.. @vixentael
27K Followers 2K Following I do software security, security engineering and applied cryptography | problem-solver @cossacklabs | she | part of @wwcodekyiv | Ukraine
Edge Security @EdgeSecurity
3K Followers 123 Following Tweets from @zx2c4. Security Research & Consulting. Support WireGuard development via https://t.co/x6Y8S0VFRw https://t.co/dodHzVeb15 . Or hire us.
🇺🇦 Patrick Alla.. @AllaertPatrick
1K Followers 339 Following #PHP 8.1 Release Manager Developer of @blackfireio PHP ext. Emerging #Gentoo #Linux #Salsa/#Bachata/#Forró teacher 🕺 Previous account: @patrick_allaert locked
Nihilist Lenovo @nihilist_lenovo
745 Followers 0 Following officially, i have nothing to do with lenovo. what does it even matter
Security Cryptography.. @SCWpod
2K Followers 3 Following @durumcrustulum, @tqbf, @davidcadrian. “Freewheelin’ dynamic”.
Grumplestilskin @Grumplestilski5
20 Followers 95 Following
Thomas Kerin @thomaskerin
919 Followers 2K Following
AngieAlaniz @AngieAlaniz
972 Followers 1K Following Angie Alaniz lives where the stars are big and bright! TEXAS
Sedona SoL ♥️ | t.. @SedonaSol
4K Followers 5K Following #BetterTogether #SolanaNFT 🌿 (!Puff) SolanaDarkAngel 😇
Chris Evans @scarybeasts
26K Followers 199 Following CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.
Nikita Popov @nikita_ppv
21K Followers 76 Following LLVM toolchain engineer at @RedHat. Open source contributor, mainly PHP / LLVM / Rust. Studied computer science and physics at TU Berlin.
Psalm @psalmphp
4K Followers 7 Following Psalm is a type-checking static analysis tool for PHP that finds bugs humans can miss, and improves code quality. Try it at https://t.co/eBajkMPMkn
Sophie, indistinguish.. @SchmiegSophie
8K Followers 627 Following Leading Cryptography (ISE) at Google. Algebraic Geometer. All opinions are my own. Schatzführerin des Oxfordkommakomitees. @[email protected]
Doomalorian @doomalorian
28 Followers 83 Following Amateur streamer and blogger. Got found by Mandalorians, instead of getting stranded on Argent D'Nur. I stream every day Mon-Fri https://t.co/b8rZsZoNHN
David Kleidermacher @DaveKSecure
1K Followers 400 Following @Google Security/Privacy - @Android, @GooglePlay, @madebygoogle, team ASAP and team DSAP | Opinions my own | linkedin davekleidermacher, @[email protected]
Remi Collet (@remi@ph.. @RemiCollet
1K Followers 157 Following 🇺🇦 #StandWithUkraine Package monkey...
Jamie Angell @jamieelisea
289 Followers 255 Following Director, Software Development she/her✊🏿✊🏾✊🏽🏳️🌈 All opinions are my own
ragona @ryanragona
167 Followers 238 Following
LIGO @LIGO
111K Followers 315 Following Official Twitter of the LIGO Scientific Collaboration. We detect gravitational waves! Email: [email protected]
Science Diagrams that.. @scienceshitpost
695K Followers 2 Following
🏴 Nat Turner 🏴 .. @MysteryHacker1
665 Followers 5K Following Ban me? Try it. You might start a riot... What the radio won't play The underground will supply it they/he
✨ saleem ✨ @saleemrash1d
16K Followers 93 Following my job is just beach (and computer security) ✨ he/him
Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]
BLAKE3-team @Blake3Team
496 Followers 0 Following The BLAKE3 cryptographic hash function By @oconnor663 @sevenps @veorq @zooko
Gary Hockin @GeeH
5K Followers 763 Following Software Developer and Conference speaker extraordinaire. Improves profitable software at @RoaveTeam; ex-Twilio.
Modernizing PHP @ModernizingPHP
3K Followers 15 Following Ridding the world of spaghetti PHP code one application at a time. Find me at https://t.co/oHzEdDhdXv
PHP Internals News @PHPIntNews
2K Followers 3 Following PHP Internals News is a weekly(-ish) podcast about the development of PHP, discussing new features and RFCs — run by @derickr
(((Eadwacer))) @SalusaSecondus
205 Followers 702 Following A Paranoid, Programming, Storytelling, Photographer. He/Him https://t.co/Vs6tB23Fhr (All opinions are my own and not necessarily those of my employer.)
Katriel @katrielalex
423 Followers 361 Following data privacy infra: access, deletion, retention / ex-e2ee / black lives matter / he+him
PierreJoye @PierreJoye
4K Followers 1K Following music&nature lover. developer&portability fan. cto at times. passion for engineering and products. opensource dev, SEA lover, and speaker. Open(.*) fellow
David Strauss @DavidStrauss
4K Followers 3K Following Co-founder at @GetPantheon, #systemd, @ASGConf. Lots of @Drupal and @DrupalSecurity. DMs open. he/him but also 🏳️🌈. Respect pedestrians and cyclists, please.
hestenet @TimLehnen
1K Followers 315 Following Chief Technology Officer @DrupalAssoc. This is my professional twitter. My author twitter is: @thlehnen. My personal twitter is: @hestenet
Lucas Hedding @lucashedding
376 Followers 316 Following Christian, husband, father, technology savvy
php[world] @_phpworld
771 Followers 686 Following Keep current on the latest web programming technology and connect with fellow developers | October 22-25 | #PHP #Drupal #WordPress #Laravel #ZF2 #Magento![Since 2002, php[architect] publishes a monthly magazine & books, organizes conferences, and provides training dedicated exclusively to the world of PHP.](https://pbs.twimg.com/profile_images/1615544283951697922/c1mB9HdI.jpg)
php[architect] @phparch
33K Followers 718 Following Since 2002, php[architect] publishes a monthly magazine & books, organizes conferences, and provides training dedicated exclusively to the world of PHP.
@[email protected].. @str4d
3K Followers 494 Following Zcash, Rust, cryptography & privacy. He/him. https://t.co/H3HuRnxc3h atproto: 🦋https://t.co/BSw2zoJbif age18f63qx4gk8x7p4lfuwwglqcan7snvp406q5vmk26g9fmpe9c799qqzzr3w
Katie🌻Moussouris (.. @k8em0
115K Followers 10K Following @LutaSecurity CEO @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, hacker @k8em0.bsky.social Legacy blue check
DJ Ir0ngruve is waiti.. @dj_ir0ngruve
1K Followers 4K Following DJ, Photog, Coder. My views do not reflect that of my Employers. Certified Computer Booper. @[email protected] Mastodon
Maksim Shudrak @MShudrak
840 Followers 114 Following Offsec, Exploit/Malware Dev, Vuln Research, Tools Dev, RE Opinions expressed are solely my own and do not express the views or opinions of my employer.
AppSec Village @AppSec_Village
10K Followers 4K Following AppSec Village @DEFCON & @RSAConference A volunteer-run, non-profit focused on education, awareness, and community. Founded by @erezyalon and @tzionit411.
Raphael Robert @raphaelrobert
638 Followers 162 Following Secure messaging at @phoenix_r_d. #MessagingLayerSecurity co-author. @_berlin_crypto_ co-organiser. 🦀. He/him. Over there: @[email protected]
Weld Pond | Chris Wys.. @WeldPond
57K Followers 1K Following Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @[email protected]Daily reminder, keep your PHP projects updated right in CI: > composer outdated --direct --major-only --strict
Good advice #PHP
Daily reminder, keep your PHP projects updated right in CI: > composer outdated --direct --major-only --strict
Something I would love to see in @github Action, and all other CI systems: the ability to sign assets + metadata representing the environment used build them, USING THE CI SECRET KEY (not a key provided by users who have full control over the CI scripts).
The reason why it’s K8s is because Kubernetes has 8 letters between K and S. If you call it K8, you’re referring to a Kubernete. Thank you for coming to my TED talk
One of my favourite "I can't believe we don't know how to prove that" questions: Is pi^pi^pi^pi an integer?
The software industry is rapidly converging on just three languages: Go, Rust, and JS. It would be smart to learn one of those really well, and have at least a working acquaintance with the other two.
I have been trying to make sense of the recent proposed quantum algorithm for Learning-With-Errors, and what it means in practice. To do so I have created a document where I put my thoughts. Some may disagree with these thoughts, some may agree.... nigelsmart.github.io/LWE.html
In which you learn that passkeys are protected by... passwords. support.apple.com/en-us/102195
Great read on DynamoDB Client Side Encryption SDK by the always brilliant @CiPHPerCoder scottarc.blog/2023/08/18/inn…
@CiPHPerCoder @ncphi @t4t5 @ClaudioDekker @taylorotwell It's more than that. Our code has semantics, meaning. When we change our code, we change its meaning, sometimes fundamentally. Mutation Testing gives us confidence that we will catch changes in meaning, whether accidental or deliberate.
@SOSIntel @SwiftOnSecurity Long ago, while working on a project to add virus scanning for uploaded files in a CMS at a financial company, I checked a text file with the EICAR string into source control. Holy hell did everything explode.
How is it possible to work in web development since 2006 and not be remotely aware of XSS, CSRF, iDOR, SQLi or how to safeguard against it?! Forget undermining crypto.... most firms still haven't mastered the basics. Truly frightening in 2023.
It's actually a really good thought exercise if you have not tried it: how do you unit test cryptography?
There's nothing like changing your crypto and rng libraries to challenge your assumptions about determinism and reproducibility 😬 Messing with crypto in general, anyway
Another thing which you may or may not worry about is that when using the web, the server gives the user code every time and that could potentially do nefarious things. Longer-term there may be ways to fix that, but not today.
4. Web. For this one I'm going to lean on @maxtaco 's experience trying to have safe and effective key storage when deploying E2EE on web. It was vehement. If someone's solved this, I would love to know. (Don't point me at Google Duo, they're making a new key every time.)
I'm not even going to try to step into the full depth of what makes fighting abuse in an E2EE product incredibly hard and the extremely difficult tradeoffs therein. It is an open problem which must be approached with care, time, and a lot of data analysis.
Note that just looking at WhatsApp or Signal doesn't give you nearly enough understanding about what abuse will be like on a non-phone-number-based network. They have a *much* easier time and it's still not solved. Again, enterprise gives you more options and it's easier.
3. Abuse. People are going to people, which means some of them are going to be jerks. How are people going to report abuse? How do you know the abuse reports aren't faked? (This is called "message franking" you and need it.)
2. People have their keys stolen. Malware is a thing, as well as abusive partners, etc. This mixes particularly poorly with the "trust a bunch of your friends" form of key recovery. Attackers are smart enough to roll through a social network. Anyway, recovering from this is hard
Trends for United States
You might like
