Daily Authority: 🎭 Twitter drama!

😳 Good morning, and sorry for the slight delay in putting the Daily Authority in your inbox. No one to blame but yours truly. Hope your day is going better!

Twitter is a security nightmare, says former Twitter security head

Even before Elon Musk got involved, Twitter’s inner workings have been a source of endless drama that often found its way to the public. Now, an explosive new whistleblower report paints a damning picture of the company’s security practices. And the whistleblower is none other than Twitter’s former security boss.

• Dual reports from CNN and The Washington Post revealed yesterday that Peiter “Mudge” Zatko, Twitter’s former head of security, alleges the company has shockingly poor security practices and that it’s misled regulators about it.
• The allegations were made in a detailed 200-page whistleblower disclosure that Zatko filed with the SEC, FTC, and the Department of Justice in the US.
• Zatko is a well-known figure in the security industry. A long-time “ethical hacker,” he occupied roles at Google, Stripe, and the Department of Defense, before joining Twitter in 2020.
• Former Twitter CEO Jack Dorsey recruited Zatko after a highly embarrassing incident that saw crypto-scammers take over the accounts of Joe Biden, Elon Musk, and other world-famous users.

The allegations

• Zatko’s main charge is that Twitter fosters a culture of lax security. More than half of the company’s 7,000-strong workforce have access to users’ personal data, as well as internal management tools for the service.
• Thousand of company-issued laptops have copies of Twitter’s full source code on them.
• The company was forced to hire at least one Indian government agent, who then had access to sensitive user information, Zatko claimed.
• Twitter executives have no incentive to accurately count the number of bots and spam accounts on the platform. Quite the opposite, bonuses are tied to the number of active users, meaning execs are financially motivated to ignore the bot problem.
• Zatko claimed Twitter deliberately misled both users and regulators about its security and privacy practices, violating an agreement with the FTC from 2011.
• The company failed to delete user data in the past, simply because it couldn’t keep track of where user data was stored and who had access to it.
• Jack Dorsey, who left Twitter in May of this year, was a “disengaged” CEO. Towards the end of his reign, he barely spoke in meetings, sometimes for days on end, Zatko said. Senior staff had concerns about his health, and even junior and mid-level employees felt the company was rudderless. In this climate, Zatko claimed he received no support for his push to improve security practices.

The fallout

• It’s still very early, but Zatko’s whistleblower disclosures have already generated waves.
• US lawmakers on both sides of the aisle are already investigating the accusations. Members of Congress have also asked the FTC to analyze whether Twitter has broken the terms of its 2011 agreement.
• Elon Musk was quick to use Zatko’s allegations to paint Twitter in a negative light, even if the report doesn’t contain evidence to support Musk’s claims that Twitter greatly undercounted the number of bots and spam accounts. The billionaire is engaged in a legal battle with Twitter, as he’s trying to walk out of a deal to acquire the company. (He’s also had some pretty interesting ideas for increasing Twitter profits).
• The security community was quick to rally behind Zatko. Meanwhile, Twitter said it fired him for “ineffective leadership and poor performance” and that the report paints a “false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.” Twitter has failed so far to address any of the specific claims Zatko made.

Roundup

💻 We called the Galaxy Book 2 Pro an “ultralight delight” in our new review. Check it out if you’re after a high-quality Windows ultrabook (Android Authority).

🤾‍♀️ There’s a surprise Fitbit launch event coming today. The Google-owned company is bringing updates to its popular trackers (Android Authority).

📴 The BlackBerry brand might be dead and buried, but the legend lives on. At least in film form. The BlackBerry movie has recently wrapped production (Engadget).

🐲 Ten million people have watched House of the Dragon on HBO — are you one of them? Check your knowledge of the Game of Thrones universe in this quiz (Android Authority).

🕹 In the “what took them so long department,” Sony announced an “ultra customizable” version of its DualSense controller for the PS5 (PlayStation Blog).

🔰 The acer Chromebook Vero 514 is a cool rugged machine made of recycled materials. It’s no slouch either (Android Authority).

🐜 My wife was confused this morning by this Facebook bug that filled her timeline with updates from Arnold Schwarzenegger and the Red Hot Chili Peppers. Millions were affected (The Verge).

💸 A $1,200 phone was the most popular Android phone in North America in Q2 2022 (Android Authority).

🍿 A new trailer is out for Rings of Power, Amazon’s upcoming blockbuster show set in the Lord of the Rings universe (Ars Technica).

⚠ If you’re a Plex user, you need to change your password right away (Android Authority).

💰 The Porsche 911 Sally Special was auctioned off for $3.6 million over the weekend. It’s a one-of-a-kind 911 GTS inspired by the Sally Carrera character in the movie Cars. All the money is going to charity! (CNET).

Wednesday Weirdness

Ever wondered how whales sleep? Apparently, sperm whales sleep vertically at about 15 meters deep, in pods of five or six animals. They just take a deep breath and enjoy naps of up to two hours.

Sperm whales are the size of a school bus, so you’d expect this to be common knowledge. Amazingly, this behavior was only first documented in 2008, and the first good pictures showing a pod of sleeping sperm whales were taken in 2017 by French photographer Stephane Granzotto. You can see more in his portfolio here.

Chill with a pod of sleeping whales — easily the most surreal experience on my bucket list.

Have a good one,

Bogdan Petrovan, Managing Editor.