TWEETSTORM is an occasional feature on decentralize.today where we share threads , mostly from Twitter, that we think deserve a wider audience, some are informative, some educational, some amusing and others yet are controversial...we dig these out for you so you don't have to!

Avid Halaby@AvidHalaby

The stuff uncovered in the Twitter whistleblower report is much crazier than anything in the "Twitter files" but it's much less politically/tribally salient so it got no attention.

Going to do a thread on some of the craziest things, in no particular order.

Avid Halaby@AvidHalaby

Twitter didn't monitor employee computers at all, it was not uncommon for employees to install spyware on work devices

Image

Avid Halaby@AvidHalaby

Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to production systems.

Image
Image

Avid Halaby@AvidHalaby

In 2020, Twitter had security incidents serious enough they had to be reported to the federal government on an almost weekly basis. Meanwhile, Parag Agarwal was lying about how secure Twitter was.

Image

Avid Halaby@AvidHalaby

On 1/6, Mudge (the whistleblower) wanted to take action to prevent potential sabotage by a rogue employee. He learned it was not possible for Twitter to secure its production environment.

Image

Avid Halaby@AvidHalaby

Mudge realized that a data center failure could potentially cause the permanent loss of all of Twitter's data. He shared this fact with senior leadership, who instructed him not to put it in writing for the Board.

Image
Image
Image

Avid Halaby@AvidHalaby

A few months later, that exact eventuality almost came true, and only herculean effort by Twitter engineers prevented "permanent, irreparable failure."

Image
Image

Avid Halaby@AvidHalaby

Twitter had no software development lifecycle, and misled both the FTC and its Board about this fact for a decade.

Image

Avid Halaby@AvidHalaby

Mudge informed Agrawal that there were thousands of failed login attempts to Twitter's engineering system every day. Agrawal did nothing.

Image

Avid Halaby@AvidHalaby

Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn't comply with regulators.

Image

Avid Halaby@AvidHalaby

"Every new employee has access to data they do not need to have access to."

Image

Avid Halaby@AvidHalaby

Twitter is probably still vulnerable to Log4j to this day, lol.

Image

Avid Halaby@AvidHalaby

Twitter does not have licenses for the machine learning models it uses in its most basic products.

Image

Avid Halaby@AvidHalaby

Twitter knowingly allowed itself to be infiltrated by, or otherwise a tool of, many governments.

Image
Image

Avid Halaby@AvidHalaby

After Agrawal became CEO, he wanted to present materially misleading information to the Board, overriding Mudge's objections. Other employees raised similar objections. Ultimately it seems the material was shared anyway, and Mudge described the presentation to the Board as fraud.

Image
Image
Image

Avid Halaby@AvidHalaby

xInternal review after the meeting confirmed this assessment. Mudge began working on a report to correct the record with the Board. As his report neared completion, he was fired.

Image
Image
Image

Avid Halaby@AvidHalaby

That's all I have the energy for tonight, I highly recommend reading the full report.

PDF here: https://s3.documentcloud.org/documents/2218

Link to original tweet

https://nitter.net/avidhalaby/status/1602127460677844993?s=12&t=_mmjdsN4sbxk67n9PJnh6w


💡
We publish daily doses of decentralization to over 3900 regular visitors, and boost out on Mastodon, Twitter, Telegram, Tribel and Element (Matrix) to over 4400 daily followers and growing! Please like & share our output. We rely on you for content, so please write for us. We welcome sponsorship and donations to help us continue our work - all major cryptos accepted or maybe buy us a coffee. Contact us at blog@decentralize.today - many thanks for all donations received, much appreciated.
Share this post