I teach cryptography at Johns Hopkins. Screeching voice of the minority.

Baltimore, MD
Joined January 2010
Matthew Green retweeted
Worldcoin claims to use an iris scanner (the creepy orb), to upload a digest of your iris to its blockchain, check for duplicates, and give you an anonymous certificate to claim the currency. If it really uses a cryptographic hash, many of the privacy issues go away. But does it?
4
19
3
53
Show this thread
Haugen just made encryption advocates' job a lot harder, esp. with congressmembers who adulated her during her recent hearing. The US govt has long tried to tell the public that FB is bad and so FB's E2EE plans must also be bad. I didn't think anyone would actually fall for it.
1
5
0
37
Show this thread
Matthew Green retweeted
I’m sure most Google engineers were unaware of the more dubious plans in the antitrust complaint, but when you have a product (Chrome) that brings in zero income directly, it’s easy for senior management to prioritise development such that it moves in a sinister direction.
Replying to @matthew_d_green
I’m very torn about this because Chrome engineers I trust have insisted that this feature was genuinely well-intentioned even if it seems fishy as hell, and would appear to benefit Google quite a bit.
Show this thread
3
14
0
57
Show this thread
Matthew Green retweeted
Replying to @matthew_d_green
Its also you had to show metrics that show more logged in users to the promo committee.
0
2
0
15
I don’t know what to make of the accusations re: Chrome logins in the revised antitrust complaint against Google, but I’m now really looking forward to learning more.
Replying to @fasterthanlime
Re: forced Chrome logins Don't need cookies if you own the browser!
Show this thread
7
54
2
191
A few years back, Google activated a feature that would automatically log you into the Chrome browser anytime you logged into a Google site. This made it basically impossible to be logged out of Chrome if you used Google accounts.
2
16
1
87
The Chrome engineers said that they had to do this because users with multiple accounts were getting confused — apparently the idea that some people might not want Chrome to be logged in was not contemplated.
12
10
2
87
After a huge amount of blowback from the tech community (including this ranty Slate article I wrote), Google held firm. Their only concession was an optional switch in Settings to turn auto-login off. (Is that switch still there? Some say it’s gone now.) slate.com/technology/2018/10…
5
11
1
72
I’m very torn about this because Chrome engineers I trust have insisted that this feature was genuinely well-intentioned even if it seems fishy as hell, and would appear to benefit Google quite a bit.
13
6
3
65
So now this specific feature is being called out in an antitrust complaint. Which either means there really was more to it, or the plaintiffs have no idea and are using this allegation to make Google look bad (which, gosh, it sure does.)
8
4
0
63
Matthew Green retweeted
It starts on page 94:
1
19
4
39
Matthew Green retweeted
🔒"- Google had a plan called "Project NERA" to turn the web into a walled garden they called "Not Owned But Operated". A core component of this was the forced logins to the chrome browser you've probably experienced (surprise!)"
13
755
103
3,588
Show this thread
Matthew Green retweeted
At about the same time, a group called Groove put up a post in Russian urging fellow hackers to strip competing and unite to destroy the state sector of the US to show “who is the boss” of the internet.
12
281
15
1,561
Show this thread
Matthew Green retweeted
They say journalists operate in the “Twitter brothel” - which, you know, is fair. But they also say the Americans who attacked REvil are “vampires drunken and intoxicated by impunity and blood.”
22
188
24
1,724
Show this thread
Matthew Green retweeted
🚨ONGOING: we are investigating systems infected with a malicious version of the npm package UAParser.js (7 million weekly downloads). The hijacked package delivers a malware loader and a cryptominer. IOCs below:
15
569
55
1,344
Show this thread
Matthew Green retweeted
PSA: Big Tech employers circumvent the CA law prohibiting asking candidates about current/prior salary. How? They just grab it from Equifax's huge wage database. theworknumber.com/
Replying to @jmtrivedi
7) For CA: there are two fantastic labor laws that benefit you (circa 2018). 1. Employers are legally prohibited from asking about your current or previous pay. 2. If asked, employers must provide a (rough) comp band for the role and level. (They can go higher, though.)
Show this thread
9
139
33
262
Show this thread
Just read an article by Vitalik (from May) touting coercion-free voting protocols for political elections and… well, I guess I don’t share his enthusiasm. vitalik.ca/general/2021/05/2…
Replying to @matthew_d_green
Your new protocol involves issuing smartcards to voters, who must now submit Elgamal ciphertexts and engage in an anti-coercion protocol. You are now living in a bunker, surrounded by angry mobs.
Show this thread
3
3
0
27
Matthew Green retweeted
66
439
63
3,614
Show this thread