Sure looks familiar. So why would someone fall for this? Because invasive accesses are hard to grok, there are no auto-revokes or reminders about existing authorizations, and users trust the platform.
With @dgbalash @wxyowen@milesdoesjump@adamaviv
https://t.co/nOGcCi12sV
@v0max I suspect it’s designed to look cool at the time of sale. By the time the driver realizes touchscreen interfaces are hot garbage compared to physical controls, they’ve long driven the car off the lot.
@ARLnowDOTcom The County needs to be much more aggressive against this. Too many drivers and gig workers use bike lanes for their own selfish convenience.
I like how the @espn app says it needs your precise location just for live streaming content. But paid premium ESPN+ films simply won't work until you relent and tell them exactly where you are. So much for "if you're not paying for it, you're the product."
Backup options in many Android #TOTP#2FA apps share personal info w/ 3rd parties, have serious crypto flaws, and/or allow app devs to access TOTP secrets 😱
A 🧵 on our @USENIXSecurity '23 📜 "Security and Privacy Failures in Popular 2FA Apps"
https://t.co/KehOVknjut
#infosec
Happening now, in Track 1, @USENIXSecurity#usesec2022, David Balash is presenting our work on how users understand Googles 3rd party API access to their accounts.
David is also on the academic job market this year. You should hire him!
Sources: the thirteen American colonies plan on leaving Great Britain over a revenue sharing dispute, citing poor leadership of Commissioner George III. Expected to enter scheduling agreement with France.
My team is looking to hire a research engineer in the Washington DC area. We explore mobile privacy challenges and solutions for the government. If you have a background in mobile software development and an interest in privacy, DM me to learn more. https://t.co/o0aG5XLP2r
Excited to be at @icwsm this week! I'll be presenting work (with @_kumarde@zakirbpd) at Session 6, June 9. We've seen misinfo sites deplatformed by mainstream providers only to resurface on alternative platforms. Which entities continue to service and support such sites? 1/6
@v0max You're right, you wouldn't be able to use the current webadb implementation as-is because that requires a browser. But you might be able to run those same exact adb commands through the Device Farm API (basically a continuous integration script). https://t.co/lJPh5S23Rb
@v0max Got it! I'll toss in a couple points to your data set. Also, if device diversity is a priority, have you guys looked into the AWS Device Farm? I don't know what restrictions they put on adb commands, but there's a decent selection of phones there too.
@v0max Are you looking mainly at the devices themselves? Or phones that people actually use? I have a couple old Android phones sitting in a drawer if that helps.
Microsoft will no longer require users to enter a password to access their accounts. Instead, they'll have to use an app, a verification code or facial recognition. Check it out ⬇️