[onionisafruit]

Whether twitter was negligent or not the bigger lesson here is that you should assume every big tech company is compromised by every state that cares to do so. Don’t trust any company with compromising information. The bigger the company, the higher the chance that they employ a spy for your adversary.

[1cvmask]

Or assume that these censorship platforms are complicit and in-bed with national security apparatuses of their home countries and the close allies of their home countries.

“The suit also alleges that Al-Ahmed's Arabic-language Twitter account was suspended in 2018 and has not been reinstated despite multiple attempts at appeal, and accuses the company of keeping Al-Ahmed's account offline because of its interest in maintaining users in Saudi Arabia. "While Twitter may wish to play the victim of state-sponsored espionage, Twitter's conduct in punishing the victims of this intrigue, including Mr. Al-Ahmed, tells a far different story: one of ratification, complicity, and/or adoption tailored to appease a neigh beneficial owner and preserve access to a key market, the KSA," Randy Kleinman, the attorney for Al-Ahmed, wrote in the complaint.“

[imajoredinecon]

I'm sure this is true to a certain extent, but it'd be interesting to see how it varies in degree. For instance

* do some companies have good enough insider risk controls to make it expensive or risky to access particular kinds of sensitive data?

* not all nation state actors are equally well-resourced (and not all of them have equally large populations of computer science grads from which to recruit potential spies): is there a difference between what (say) KSA or Iran could get, vs US/UK/China/Russia?

[_8j50]

Insider risk can be reduced, not eliminated. Let's say a company has more stringent checks than TS//SCI and pays employees that handle sensitive info well. People can always be turned, if not direct then indirect extortion through loved ones and family. You don't need that much money to develop an asset (it can be a lot but even the poorest nation would find it trivial).

If you can't get to data handlers then you can go after developers and the software supply chain. You have to understand, people can cooperate with threat actors without implicating themselves by getting paid or coerced to allow an intrustion (fall for a phish link or email, install seemingly legit software, insert a USB drivr they found in the parking lot,etc..). Worst case they get fired.

[sneak]

More importantly: stop giving your phone number and GPS position to services.

Your phone number is the same as your home address, because it is linked to same in a million databases.

[9387367]

How much do you trust Strava or Garmin with your data?

[Ekaros]

I don't need to. The GPS device from Garmin I have has no mobile connectivity. So it doesn't send data.

[bpodgursky]

It's also pretty much impossible for a big tech company to filter against this during hiring without risking catastrophic discrimination suits.

[CheezeIt]

That’s the big problem. It’s absolutely insane that tech companies can’t keep foreign nationals and people with foreign ties from sensitive positions.

[yardstick]

I know what you are trying to say, but for many people outside the US, Facebook is a foreign tech company. What makes US nationals any better in safeguarding sensitive data/access about the companies customers than people from UK or Canada or Germany or Norway or Australia or New Zealand etc?

Should a tech company silo its data and operations so each country has its own independent unit? No, too infeasible and defeats the purpose for a lot of their services.

[CheezeIt]

Well, the U.S. Government isn’t likely to steal IP from American companies. For things like customer data or encryption secrets, it’s also perfectly reasonable to avoid hiring former spooks.

[sneak]

The problem isn't just foreign nationals. There's plenty of CIA inside FAAMG.

It is always a mistake to use nationality as a proxy for trustworthiness.

Being a US person, personally I'm much more concerned with the negative impacts of US spies spying in the US than foreign spies spying in the US.

Foreign governments don't regularly go around mass murdering and torturing Americans the way the US government does.

Americans have a lot more to lose from CIA spying than they do from Saudi intelligence agency spying.

[vagrantJin]

Please elaborate on what the insanity is.

[tester34]

You're kinda right, but on the other hand how I'll get visa and steal some faamg jobs if they'll not accept foreigners? /s

ok, just kidding, now serious take:

US population: 330kk

Rest of the World: 8kkk

Delta (8kkk-330kk)

Even if we assume that distribution of highly skilled people is not uniform (lack of decent higher edu places, harder access to computers/internet)

then you still lose shitton of outliers

edit.

ops I misread.

[throwawaylinux]

Are you using kkk as a unit prefix for billion? I've never seen that before. I can't say I would recommend the practice.

[tester34]

>Are you using kkk as a unit prefix for billion? I've never seen that before.

afaik it's pretty common within gaming communities

e.g

1k - 1 000 (of gold)

1kk - 1 000 000 (of gold)

1kkk - 1 000 000 000 (of gold)

>I can't say I would recommend the practice.

Oh, I just realized that somebody may think about other kkk...

damn, but with number in front of it it's just like yet another unit - I guess?

[yardstick]

Not in any of the games I’ve played.

Why not use use m for million and b for billion? That’s the standard that everyone understands.

[throwawaylinux]

> afaik it's pretty common within gaming communities

Ah okay.

> Oh, I just realized that somebody may think about other kkk...

Well more just because (I thought) it is unusual it'd be hard to understand in a context where you hadn't made it obvious. Maybe I'm just out of touch!

[eternalban]

Please elaborate on this impossibility and eluded catastrophes. Unless a candidate has a deep pocket and backers it is “impossible” to field a discrimination lawsuit based on a boilerplate rejection letter. If corporations were actually this scared of lawsuits, there would be no age ceiling in software hiring.

Twitter’s CEO is on the record being cozy with deep pocketed Saudi investors in Twitter. It was certainly not the fear of discrimination lawsuits that permitted Saudi agents gaining access to Twitter’s systems.

[_8j50]

Discrimination is for protected classes.