Apr 292022
 
 April 29, 2022  Posted by  Breaches, Online, U.S.

Over the past week, I’ve been contacted by a number of people. Some have contacted me to say that they see what has been going on with the harassment and threats I have received and they are touching base to make sure that I am okay (I am, thank you).  Some have contacted me to speculate about why some of this is happening now (that’s actually a great question). And some are reporters who, while commiserating, are also looking to report on what’s going on (I don’t blame them and there’s a lot to unpack).

I am not the story, though. The real story is what Twitter has done, and has not done, with respect to Emergency Data Requests and protecting users from what are dangerous campaigns to either chill our speech or physically harm us. So far, Twitter has not been transparent in terms of responding to claims that a researcher who was targeted by threat actors had his information provided to them using a fake EDR.

Nor has Twitter responded to inquiries as to whether it has audited EDR requests to see what percent of them may have been fake.

Nor has Twitter responded to inquiries as to what it will doing going forward to prevent fraudulent EDRs from succeeding.

And finally (for now), nor has Twitter responded to notices when we are being threatened on their platform as part of a coordinated harm campaign across platforms and services.  Saying something doesn’t violate their rules because they are not considering context and what else is going on is short-sighted and dangerous.

Twitter must do better, and not just for researchers and journalists. As William Turton reported this week, fake EDRs are also being used to get information on minors that is then used to sexually extort them. It’s horrific.

Social media’s response to fake EDRs and coordinated harm campaigns are two important stories we need to shine our light on.

And as a recent example of Twitter’s inadequate response to threats, Catalin Cimpanu tweeted just this morning:

Do better, Twitter. You can and you must.

 

Sorry, the comment form is closed at this time.