Moved to [email protected] @CiPHPerCoder
https://t.co/4n4IHTDwwL infosec.exchange/@scottarc United States Joined February 2016-
Tweets38K
-
Followers5K
-
Following473
-
Likes27K
Daily reminder, keep your PHP projects updated right in CI: > composer outdated --direct --major-only --strict
#PHP By Unanimous vote, the #PHP Core has voted for the following. (among other things) Extend release cycle to 4 years: - 2 years of bug fixes - 2 years of security fixes wiki.php.net/rfc/release_cy… #w00t!
Something I would love to see in @github Action, and all other CI systems: the ability to sign assets + metadata representing the environment used build them, USING THE CI SECRET KEY (not a key provided by users who have full control over the CI scripts).
The reason why it’s K8s is because Kubernetes has 8 letters between K and S. If you call it K8, you’re referring to a Kubernete. Thank you for coming to my TED talk
The description the NVD published CVE-2024-33851 is unfortunately misleading. See the note at the top of github.com/paragonie/phpe… for specific details.
One of my favourite "I can't believe we don't know how to prove that" questions: Is pi^pi^pi^pi an integer?
@binitamshah IMO as co-founder of CVE back in 1999, this paper appears to have significant flaws that other knowledgeable CVE consumers or producers can point out if they wish. I doubt that its findings can be scaled. /cc @attritionorg ur welcome for the nerd snipe, I don't have the energy
A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:…
I have been trying to make sense of the recent proposed quantum algorithm for Learning-With-Errors, and what it means in practice. To do so I have created a document where I put my thoughts. Some may disagree with these thoughts, some may agree.... nigelsmart.github.io/LWE.html
Open Source Cryptography Workshop 2024 videos and slides are posted: opensourcecryptowork.shop/2024/ Talks by @_franziskus_ , @durumcrustulum , @SchmiegSophie, @NinaBindel, @armfazh, @leontiad, @thibmeu, @8x5clPW2, et al.
“How to Hold KEMs” by @durumcrustulum : durumcrustulum.com/2024/02/24/how…
Avoid the sharp edges of cloud cryptography services within @awscloud with our do’s and don’ts on using CloudHSM, KMS, and others. buff.ly/49tNdgm
elfconv: AOT compiler for translating Linux/aarch64 ELF → LLVM bitcode → WASM By my colleague @ming_rrr medium.com/nttlabs/elfcon…
words.filippo.io/dispatches/see… #PasswordsCon folks may be interested in this
If you use Unfinalize to remove the final qualifier on a method so you can override it in your code, I only ask that you disclose this decision whenever you file a GitHub issue upstream to a relevant codebase.
SwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.@[email protected].. @Ocramius
20K Followers 1K Following Consultant for @RoaveTeam, @getlaminas team. I'm a tad blunt, but I mean no harm. Making unpopular decisions, so you don't have to. Daily curse of @_nyunyu_.Matthew Green @matthew_d_green
143K Followers 1K Following I teach cryptography at Johns Hopkins. Mastodon at [email protected] and BlueSky at https://t.co/GI4QlxYTdk.Filippo Valsorda @fil.. @FiloSottile
49K Followers 508 Following Cryptogopher / Go crypto maintainer / @kateconger-knower / RC F'13, F2'17 / #BlackLivesMatter / he+him https://t.co/ZE4RtJ1xqD / https://t.co/qfth7zr00W / https://t.co/j1grpEm8uRsnipe ★☆☆☆☆.. @snipeyhead
39K Followers 18K Following CEO of Grokability, lead dev @snipeitapp. #FOSS #infosec #appsec. Fuck Phony Stark. 🐘: @[email protected] 🌎: https://t.co/mmLDifOkdw 🌎: https://t.co/8JU0jeMmKMCybergibbons 🚲🚲.. @cybergibbons
49K Followers 3K Following Head of hardware. IoT hacker. Alpha Male.ⵙⵢⴼ ☭ 🐘 �.. @azjezz
825 Followers 471 Following senior software engineer @bumble, previously at @coopTilleuls, and @symfony. 39AC CCA4 FD30 0D04 C840 6EB3 B00E 0A46 B3F1 C157lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3kennyog @kennyog
8K Followers 2K Following Professor of Computer Science at ETH Zurich. Views my own. Apparently in a semi-religious crypto/privacy cult. Join us! He/him.Lesley Carhart @hacks4pancakes
168K Followers 7K Following ICS DFIR @dragosinc, martial artist, marksman, humanist, Lvl14 Neutral Good rogue, USAF Ret. Tweet *very serious* things about infosec. Thoughts mine. They/themLars Moelleken @suckup_de
3K Followers 5K Following Developer & Sysadmin | egrep '#php|#js|#html|#css|#linux'Moose @LitMoose
39K Followers 5K Following DFIR | Violinist | Former medical/vet tech | I work for everyone and no one. Infosec retellings obfuscated. Salty and tired. Also Litmoose on BlueSkyPaul Dragoonis @dr4goonis
5K Followers 3K Following 🏴 Principal Engineer / CTO | Open Source Leader | Public Speaker | I'm part of @official_php, @phpfig, @scotlandphp, @jenkinsci, @CDeliveryFdnDangGoRo @DangGoRo123
14 Followers 184 FollowingYasin Arafat Tanim @yatanim007
7 Followers 313 Following莉姐 @liyan897
62 Followers 433 Following😎🧠🆙😈🤑�.. @nerd_cali
160 Followers 3K Following I don’t have a Juris Doctorate and #FuckMBA😆 my CB radio 📻 is FM 108.0, 🦠 any, Munich is cool 🆒 but Netherlands 🇳🇱 is better 4 ai porn crypto #DATACENTERSspence @spencercreasey
316 Followers 1K Following building something new. previously @doordash, @stripe, @lyft. speciesist. preparing for the singularity.A Giant Meteor @votegiantmeteor
2K Followers 2K Following Giant flaming meteor, extinction-level event, 2024 presidential candidate, probably your best option. Unspecified political parody.LB🔥IceFireLabs @lb_icefirelabs
336 Followers 4K Following Cloud Native|Blockchain|Security Practitioner, Web3.0 Ecological Research and Builder,Founder of @IceFireLabsRight Click Technolog.. @RightClickTech3
120 Followers 1K Following Purveyors of quality Small Business & Medical IT Solutions. FB https://t.co/QDvD1nq42eVargy @vargy__
175 Followers 1K Following Web Developper Back End - Photographer - Passionate with new technologies - Geek & Gamer.elon musk @elonmuskprivato
383 Followers 3K FollowingDaniel Watson @Dan_HypeTalent
1K Followers 4K Following Director @talent_hype | Navigating Web3's Talent Frontier since '17 | Linking Visionaries & Innovators | Uniting Tech & Non-Tech Prowess | Web3 Is The Future 🚀Knur @knurbel
107 Followers 162 Following Développeur Web autodidacte très intéressé par l'innovation #innovationJonathan Bender @postitpasswd
123 Followers 423 Following9327624430 @ien_malicdem
33 Followers 173 FollowingJosep @BadLuckXIII
39 Followers 326 Followingشرف الدين @sharofiddin___
13 Followers 193 FollowingCraig L @crlorentzen
79 Followers 191 FollowingCaconde @carloscaconde
50 Followers 217 FollowingUchenna @Uchenna1233829
38 Followers 96 Followingunnikuttan @pqckuttan
97 Followers 1K FollowingMansi Shinde @MansiSh23026519
2 Followers 10 FollowingUSER04725852 @user04725841960
0 Followers 2K FollowingWill @WillHleucka
513 Followers 1K Following 🇨🇦 Software dev | Linux aficionado | Hockey fanatic | Father of three | U of Leth alumni | CEO of htmx | 🇺🇦 Слава Україні! #LeafsForever :wqJustin Cook @jscook2345
272 Followers 309 Following HPC, Go, Python, Cloud, Linux, Automation, Testing, Empathy, Coffee Breaks, PitbullsGrayscale @_grayscale_
161 Followers 596 Following Black and white photography, bookmarking activity associated with a book and fiction blog, a little flash fiction and poetry, and snark when called for.Ankur Ranpariya @Ankur_2005_
19 Followers 146 FollowingArmando Gagliardo @ArmandoGagliar7
0 Followers 21 FollowingThe Workhouse @theworkhouse2
149 Followers 3K Following Launching July || Your new All-In-One recruitment platform. Finding employment made easy for everyone!Johnson @johnson_whois
3K Followers 5K Following SW Engineer / Apple fan / Broncos fan / BlueCrew / VoteBlue / Resister ProChoice LGBTQ BLM FBR No Lists | My opinions are my own. Go Broncos! He/Him.@techbrunchfr@infosec.. @TechBrunchFR
2K Followers 897 Following Jack of all trades, master of some. CTO / Pentester @vaadata - Mastodon: @[email protected]David Asem @128bitcoins
180 Followers 4K Following 🦧 🦍 #NERD #Ai #BTC @AGREinc @defcon #Bitcoin Maxi Fuck You Money #2ADVcoinEuan Fergusson @euanfergusson
1K Followers 3K Following Web Developer, Cyber Nat, Cyber Security MSc Stoodent, Dad, Well Fan, "SNP commie, Marxist, naughty person"Money Global01 @MoneyGlobal01
81 Followers 160 Following Hi, welcome to visit out profile here you all kind of free make money survey offer if you want kind this offer then you are on the right https://t.co/RHPHcazCQ4 stay wiClipperly @ClipperlyHQ
47 Followers 376 Following Convert, edit or optimize your files online. More than 500 different formats supported among documents, images, archives and more...Quiet @soundofquiet
2K Followers 5K Following I solve impossible problems with childlike s̶̖̥͊t̸͙̲̊u̷̘̚p̴̟̯̀i̶̤͑̋d̵̡̨́̐i̸̭͚̍̌t̵̠̳̑̏y̶̘̿. Endearingly weird, loud shit with math, envoy. 🏳️⚧️ they/themAdam Erb @erbal
369 Followers 2K Following Codes? Where we're going we don't need codes. @CashApp/@Blocks. Actually 3 LLMs in a trench coat.Chebukati @MrChebukatii
76 Followers 315 Following Tech Introvert and Innovator, also Founder & CTO @MyVoteMyKuraSwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.Ian Coldwater 📦�.. @IanColdwater
106K Followers 1K Following Kubernetes SIG Security co-chair, container escape artist, goose in the mainframe. They/them. Legacy verified. Stay punk 🏴Matthew Green @matthew_d_green
143K Followers 1K Following I teach cryptography at Johns Hopkins. Mastodon at [email protected] and BlueSky at https://t.co/GI4QlxYTdk.MalwareTech @MalwareTechBlog
295K Followers 1 Following Not here anymore. Profiles: https://t.co/sFoOuGmYK2Matthew Garrett (@mjg.. @mjg59
29K Followers 310 Following Not here. Fedi: @[email protected] Bsky: @mjg59.eicar-test-file.zip Signal: @mjg.59 Blog: https://t.co/CVivdtMBWeFilippo Valsorda @fil.. @FiloSottile
49K Followers 508 Following Cryptogopher / Go crypto maintainer / @kateconger-knower / RC F'13, F2'17 / #BlackLivesMatter / he+him https://t.co/ZE4RtJ1xqD / https://t.co/qfth7zr00W / https://t.co/j1grpEm8uRisis osiris agora lov.. @isislovecruft
26K Followers 1K Following “the bay area’s only hacker”; “peter pan coded”; former quantum cosmologist. i might be a cryptographer but i'm not your cryptographer 🏳️⚧️🏴 forest dwellersnipe ★☆☆☆☆.. @snipeyhead
39K Followers 18K Following CEO of Grokability, lead dev @snipeitapp. #FOSS #infosec #appsec. Fuck Phony Stark. 🐘: @[email protected] 🌎: https://t.co/mmLDifOkdw 🌎: https://t.co/8JU0jeMmKMthaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVuaDeirdre Connolly¹ @durumcrustulum
6K Followers 3K Following • 🜗 🝒 🝲 crypto as in 'cryptography' 🝳 🝡 🜖 • ¹ isogenist, co-host @SCWpod, @durumcrustulum.bsky.socialJordi Boggiano @seldaek
20K Followers 759 Following Co-Founder of @packagist / #ComposerPHP – Head of Engineering at @TeamupCalendar OSS Wishlist: https://t.co/CsTK7iAj1I @[email protected]asgrim 🇺🇦 @asgrim
6K Followers 405 Following Writing high quality Lambdas with AWS Infinidash. #rust #php #c #java 🐘 https://t.co/CIZAbA2Uqi 🦋 https://t.co/oUgIZRr6wuDeviant Ollam ツ @deviantollam
46K Followers 1K Following Stalwart defender of Oxford commas, two spaces after a period, and ellipses. Married to @tarah. When they ask how I died, tell them... still happy. (he/they)Cybergibbons 🚲🚲.. @cybergibbons
49K Followers 3K Following Head of hardware. IoT hacker. Alpha Male.lcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3daniel:// stenberg:// @bagder
60K Followers 572 Following I do network code and protocols. I write curl. On team @wolfSSL. I don't know anything. @[email protected]kennyog @kennyog
8K Followers 2K Following Professor of Computer Science at ETH Zurich. Views my own. Apparently in a semi-religious crypto/privacy cult. Join us! He/him.Alex Stamos @alexstamos
98K Followers 2K Following You can find me at: https://t.co/Enct5hx8bS https://t.co/CuE5u72rhWBarry Dorrans @blowdart
26K Followers 1K Following language & fx security person at msft. Not speaking on behalf of Microsoft. Not here much at all because, well, everythingPhillip Hallam-Baker .. @hallam
2K Followers 398 Following Web security practitioner since 1992. Named the HTTP Referer field. Expert witness. Architect of the Mathematical Mesh: https://t.co/sE8m8KOtHk. @[email protected].vixentael 🛡🇺�.. @vixentael
27K Followers 2K Following I do software security, security engineering and applied cryptography | problem-solver @cossacklabs | she | part of @wwcodekyiv | UkraineEdge Security @EdgeSecurity
3K Followers 123 Following Tweets from @zx2c4. Security Research & Consulting. Support WireGuard development via https://t.co/x6Y8S0VFRw https://t.co/dodHzVeb15 . Or hire us.🇺🇦 Patrick Alla.. @AllaertPatrick
1K Followers 339 Following #PHP 8.1 Release Manager Developer of @blackfireio PHP ext. Emerging #Gentoo #Linux #Salsa/#Bachata/#Forró teacher 🕺 Previous account: @patrick_allaert lockedNihilist Lenovo @nihilist_lenovo
745 Followers 0 Following officially, i have nothing to do with lenovo. what does it even matterSecurity Cryptography.. @SCWpod
2K Followers 3 Following @durumcrustulum, @tqbf, @davidcadrian. “Freewheelin’ dynamic”.Grumplestilskin @Grumplestilski5
20 Followers 95 FollowingThomas Kerin @thomaskerin
919 Followers 2K FollowingAngieAlaniz @AngieAlaniz
972 Followers 1K Following Angie Alaniz lives where the stars are big and bright! TEXASSedona SoL ♥️ | t.. @SedonaSol
4K Followers 5K Following #BetterTogether #SolanaNFT 🌿 (!Puff) SolanaDarkAngel 😇Chris Evans @scarybeasts
26K Followers 199 Following CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.Nikita Popov @nikita_ppv
21K Followers 76 Following LLVM toolchain engineer at @RedHat. Open source contributor, mainly PHP / LLVM / Rust. Studied computer science and physics at TU Berlin.Psalm @psalmphp
4K Followers 7 Following Psalm is a type-checking static analysis tool for PHP that finds bugs humans can miss, and improves code quality. Try it at https://t.co/eBajkMPMknSophie, indistinguish.. @SchmiegSophie
8K Followers 627 Following Leading Cryptography (ISE) at Google. Algebraic Geometer. All opinions are my own. Schatzführerin des Oxfordkommakomitees. @[email protected]Doomalorian @doomalorian
28 Followers 83 Following Amateur streamer and blogger. Got found by Mandalorians, instead of getting stranded on Argent D'Nur. I stream every day Mon-Fri https://t.co/b8rZsZoNHNDavid Kleidermacher @DaveKSecure
1K Followers 400 Following @Google Security/Privacy - @Android, @GooglePlay, @madebygoogle, team ASAP and team DSAP | Opinions my own | linkedin davekleidermacher, @[email protected]Remi Collet (@remi@ph.. @RemiCollet
1K Followers 157 Following 🇺🇦 #StandWithUkraine Package monkey...Jamie Angell @jamieelisea
289 Followers 255 Following Director, Software Development she/her✊🏿✊🏾✊🏽🏳️🌈 All opinions are my ownragona @ryanragona
167 Followers 238 FollowingLIGO @LIGO
111K Followers 315 Following Official Twitter of the LIGO Scientific Collaboration. We detect gravitational waves! Email: [email protected]Science Diagrams that.. @scienceshitpost
695K Followers 2 Following🏴 Nat Turner 🏴 .. @MysteryHacker1
665 Followers 5K Following Ban me? Try it. You might start a riot... What the radio won't play The underground will supply it they/he✨ saleem ✨ @saleemrash1d
16K Followers 93 Following my job is just beach (and computer security) ✨ he/himWill Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]BLAKE3-team @Blake3Team
496 Followers 0 Following The BLAKE3 cryptographic hash function By @oconnor663 @sevenps @veorq @zookoGary Hockin @GeeH
5K Followers 763 Following Software Developer and Conference speaker extraordinaire. Improves profitable software at @RoaveTeam; ex-Twilio.Modernizing PHP @ModernizingPHP
3K Followers 15 Following Ridding the world of spaghetti PHP code one application at a time. Find me at https://t.co/oHzEdDhdXvPHP Internals News @PHPIntNews
2K Followers 3 Following PHP Internals News is a weekly(-ish) podcast about the development of PHP, discussing new features and RFCs — run by @derickr(((Eadwacer))) @SalusaSecondus
205 Followers 702 Following A Paranoid, Programming, Storytelling, Photographer. He/Him https://t.co/Vs6tB23Fhr (All opinions are my own and not necessarily those of my employer.)Katriel @katrielalex
423 Followers 361 Following data privacy infra: access, deletion, retention / ex-e2ee / black lives matter / he+himPierreJoye @PierreJoye
4K Followers 1K Following music&nature lover. developer&portability fan. cto at times. passion for engineering and products. opensource dev, SEA lover, and speaker. Open(.*) fellowDavid Strauss @DavidStrauss
4K Followers 3K Following Co-founder at @GetPantheon, #systemd, @ASGConf. Lots of @Drupal and @DrupalSecurity. DMs open. he/him but also 🏳️🌈. Respect pedestrians and cyclists, please.hestenet @TimLehnen
1K Followers 315 Following Chief Technology Officer @DrupalAssoc. This is my professional twitter. My author twitter is: @thlehnen. My personal twitter is: @hestenetLucas Hedding @lucashedding
376 Followers 316 Following Christian, husband, father, technology savvyphp[world] @_phpworld
771 Followers 686 Following Keep current on the latest web programming technology and connect with fellow developers | October 22-25 | #PHP #Drupal #WordPress #Laravel #ZF2 #Magentophp[architect] @phparch
33K Followers 718 Following Since 2002, php[architect] publishes a monthly magazine & books, organizes conferences, and provides training dedicated exclusively to the world of PHP.@[email protected].. @str4d
3K Followers 494 Following Zcash, Rust, cryptography & privacy. He/him. https://t.co/H3HuRnxc3h atproto: 🦋https://t.co/BSw2zoJbif age18f63qx4gk8x7p4lfuwwglqcan7snvp406q5vmk26g9fmpe9c799qqzzr3wKatie🌻Moussouris (.. @k8em0
115K Followers 10K Following @LutaSecurity CEO @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, hacker @k8em0.bsky.social Legacy blue checkDJ Ir0ngruve is waiti.. @dj_ir0ngruve
1K Followers 4K Following DJ, Photog, Coder. My views do not reflect that of my Employers. Certified Computer Booper. @[email protected] MastodonMaksim Shudrak @MShudrak
840 Followers 114 Following Offsec, Exploit/Malware Dev, Vuln Research, Tools Dev, RE Opinions expressed are solely my own and do not express the views or opinions of my employer.AppSec Village @AppSec_Village
10K Followers 4K Following AppSec Village @DEFCON & @RSAConference A volunteer-run, non-profit focused on education, awareness, and community. Founded by @erezyalon and @tzionit411.Raphael Robert @raphaelrobert
638 Followers 162 Following Secure messaging at @phoenix_r_d. #MessagingLayerSecurity co-author. @_berlin_crypto_ co-organiser. 🦀. He/him. Over there: @[email protected]Weld Pond | Chris Wys.. @WeldPond
57K Followers 1K Following Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @[email protected]Daily reminder, keep your PHP projects updated right in CI: > composer outdated --direct --major-only --strict
Good advice #PHP
Daily reminder, keep your PHP projects updated right in CI: > composer outdated --direct --major-only --strict
Something I would love to see in @github Action, and all other CI systems: the ability to sign assets + metadata representing the environment used build them, USING THE CI SECRET KEY (not a key provided by users who have full control over the CI scripts).
The reason why it’s K8s is because Kubernetes has 8 letters between K and S. If you call it K8, you’re referring to a Kubernete. Thank you for coming to my TED talk
One of my favourite "I can't believe we don't know how to prove that" questions: Is pi^pi^pi^pi an integer?
The software industry is rapidly converging on just three languages: Go, Rust, and JS. It would be smart to learn one of those really well, and have at least a working acquaintance with the other two.
I have been trying to make sense of the recent proposed quantum algorithm for Learning-With-Errors, and what it means in practice. To do so I have created a document where I put my thoughts. Some may disagree with these thoughts, some may agree.... nigelsmart.github.io/LWE.html
In which you learn that passkeys are protected by... passwords. support.apple.com/en-us/102195
Great read on DynamoDB Client Side Encryption SDK by the always brilliant @CiPHPerCoder scottarc.blog/2023/08/18/inn…
@CiPHPerCoder @ncphi @t4t5 @ClaudioDekker @taylorotwell It's more than that. Our code has semantics, meaning. When we change our code, we change its meaning, sometimes fundamentally. Mutation Testing gives us confidence that we will catch changes in meaning, whether accidental or deliberate.
@SOSIntel @SwiftOnSecurity Long ago, while working on a project to add virus scanning for uploaded files in a CMS at a financial company, I checked a text file with the EICAR string into source control. Holy hell did everything explode.
How is it possible to work in web development since 2006 and not be remotely aware of XSS, CSRF, iDOR, SQLi or how to safeguard against it?! Forget undermining crypto.... most firms still haven't mastered the basics. Truly frightening in 2023.
It's actually a really good thought exercise if you have not tried it: how do you unit test cryptography?
There's nothing like changing your crypto and rng libraries to challenge your assumptions about determinism and reproducibility 😬 Messing with crypto in general, anyway
Another thing which you may or may not worry about is that when using the web, the server gives the user code every time and that could potentially do nefarious things. Longer-term there may be ways to fix that, but not today.
4. Web. For this one I'm going to lean on @maxtaco 's experience trying to have safe and effective key storage when deploying E2EE on web. It was vehement. If someone's solved this, I would love to know. (Don't point me at Google Duo, they're making a new key every time.)
I'm not even going to try to step into the full depth of what makes fighting abuse in an E2EE product incredibly hard and the extremely difficult tradeoffs therein. It is an open problem which must be approached with care, time, and a lot of data analysis.
Note that just looking at WhatsApp or Signal doesn't give you nearly enough understanding about what abuse will be like on a non-phone-number-based network. They have a *much* easier time and it's still not solved. Again, enterprise gives you more options and it's easier.
3. Abuse. People are going to people, which means some of them are going to be jerks. How are people going to report abuse? How do you know the abuse reports aren't faked? (This is called "message franking" you and need it.)
2. People have their keys stolen. Malware is a thing, as well as abusive partners, etc. This mixes particularly poorly with the "trust a bunch of your friends" form of key recovery. Attackers are smart enough to roll through a social network. Anyway, recovering from this is hard