Who is Taylor Lorenz and why should we care?

She's a technology columnist for the Washington Post, suspended this evening from Twitter apparently for asking Musk to comment on a story involving Musk. Musk is demonstrating that he can extort censorship from the media with the ban hammer. Taylor was targeted to be an example. Other journalists are put on notice it's not them...this time, and reminded to toe the line. This is about press freedom. That's why we all should care.

#twittermigration

Everyone, 2008-2021: Man, it seems like the people who run this company don't even use the product. I wish Twitter was run by someone who was at least a regular user of it

2022:

For some odd reason, flight tracking has been in the news. Perfect time for the first post here, with an infosec/flight tracking crossover that couldn't be more topical.

Usual caveat: None of this should be construed as some sort of value statement, it's just me providing the facts from a security researcher's point of view.

First there's a new article published at the 10th OpenSky Symposium (and online today at https://www.mdpi.com/2673-4591/28/1/7). It discusses how some owners of private jets have been trying to subvert public and crowdsourced data.

Great example provided below, an anonymous user trying to pass off Bernard Arnault's jet (of @laviondebernard fame) with transponder ID 395580 as a non-existing generic Air France aircraft. There were many more cases of astroturfing that we found. Full talk available now here: https://www.youtube.com/watch?v=KIz6M1YAI_g&list=PLNft4qtPGeqN0MtUc_k-R-H3wvxUN0WVq&index=4

But with everyone nowadays apparently an expert on flight tracking and blocking (taking over from epidemiology and military strategy it seems), it's some more science communication time: I want to submit two more articles for your reading pleasure.

1. Tracking aircraft is a fact of life in an era of cheap software defined radios. The ability to do so was a design decision for compatibility and safety done 30 years ago. It affects all stakeholders, unless you're the military and can switch all your comms off. Long analysis here in our 2018 paper: https://www.cs.ox.ac.uk/files/9919/eurosnp.pdf

It will also explain why all existing methods to prevent tracking are, sometimes hilariously, inept from a computer security perspective. This includes, but is not limited to web tracker blocking programmes (BARR, ASDI, LADD or whatever the flavour du jour is) and also the Privacy ICAO address (PIA) programme. They all are security through obscurity *at best*.

2. When the PIA was announced in 2019 it was clear it wouldn't do a single thing to make anybody more private. Sadly, it seems that FAA and NBAA never asked anyone familiar with computer security when designing this (we offered, no dice). So we started collecting data right when it went online in 2020 (before covid) to show it's useless.

You can read our analysis here, and it's been proven correct plenty of times in practice by now: https://cs.ox.ac.uk/files/13229/flying-in-private-mode.pdf
In short: It's like being the only one on a university campus on the TOR mixnet and using it to make a bomb threat in order to stop an exam. You'll stick out like a sore thumb and the police will have no trouble identifying you. [1]

Bernard Arnault realized correctly that the only privacy solution is to charter/fractional ownership. https://edition.cnn.com/2022/10/19/business/bernard-arnault-sells-private-jet-over-twitter-tracking/index.html

Again, this is not a value statement, it's just how the world is right now and it won't change anytime soon. Not with 100k cheap crowdsourced trackers globally and more by the day.

Tl;dr: Been droning on about aircraft privacy for over half a decade (NB: I was certainly not the only one!). Nobody cared. In 2022, shit hit the fan.

[1] https://www.forbes.com/sites/runasandvik/2013/12/18/harvard-student-receives-f-for-tor-failure-while-sending-anonymous-bomb-threat/

IMPORTANT: @[email protected]'s new policy preventing linking to competitors is in DIRECT VIOLATION of European Union rules.

Penalty can be a fine of up to 20% of Twitter's annual revenue

https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-markets-act-ensuring-fair-and-open-digital-markets_en#what-will-be-the-consequences-of-non-compliance

Public Service Warning

Mastodon has a very big surge of new users right now. There's no way to tell if it will be sustained, but at this early point it looks similar to Nov 18 when Musk pulled the employee purge.

It is very challenging for system administration to accommodate so many new users. If your server starts to struggle, it is not broken and will get sorted out.

We're all in this together. It's our social network. Be patient. What we are building is amazing.

#twittermigration