Daily Authority: 🎭 Twitter drama!

😳 Good morning, and sorry for the slight delay in putting the Daily Authority in your inbox. No one to blame but yours truly. Hope your day is going better!

Even before Elon Musk got involved, Twitter’s inner workings have been a source of endless drama that often found its way to the public. Now, an explosive new whistleblower report paints a damning picture of the company’s security practices. And the whistleblower is none other than Twitter’s former security boss.

• Dual reports from CNN and The Washington Post revealed yesterday that Peiter “Mudge” Zatko, Twitter’s former head of security, alleges the company has shockingly poor security practices and that it’s misled regulators about it.
• The allegations were made in a detailed 200-page whistleblower disclosure that Zatko filed with the SEC, FTC, and the Department of Justice in the US.
• Zatko is a well-known figure in the security industry. A long-time “ethical hacker,” he occupied roles at Google, Stripe, and the Department of Defense, before joining Twitter in 2020.
• Former Twitter CEO Jack Dorsey recruited Zatko after a highly embarrassing incident that saw crypto-scammers take over the accounts of Joe Biden, Elon Musk, and other world-famous users.

The allegations

• Zatko’s main charge is that Twitter fosters a culture of lax security. More than half of the company’s 7,000-strong workforce have access to users’ personal data, as well as internal management tools for the service.
• Thousand of company-issued laptops have copies of Twitter’s full source code on them.
• The company was forced to hire at least one Indian government agent, who then had access to sensitive user information, Zatko claimed.
• Twitter executives have no incentive to accurately count the number of bots and spam accounts on the platform. Quite the opposite, bonuses are tied to the number of active users, meaning execs are financially motivated to ignore the bot problem.
• Zatko claimed Twitter deliberately misled both users and regulators about its security and privacy practices, violating an agreement with the FTC from 2011.
• The company failed to delete user data in the past, simply because it couldn’t keep track of where user data was stored and who had access to it.
• Jack Dorsey, who left Twitter in May of this year, was a “disengaged” CEO. Towards the end of his reign, he barely spoke in meetings, sometimes for days on end, Zatko said. Senior staff had concerns about his health, and even junior and mid-level employees felt the company was rudderless. In this climate, Zatko claimed he received no support for his push to improve security practices.

The fallout

• It’s still very early, but Zatko’s whistleblower disclosures have already generated waves.
• US lawmakers on both sides of the aisle are already investigating the accusations. Members of Congress have also asked the FTC to analyze whether Twitter has broken the terms of its 2011 agreement.
• Elon Musk was quick to use Zatko’s allegations to paint Twitter in a negative light, even if the report doesn’t contain evidence to support Musk’s claims that Twitter greatly undercounted the number of bots and spam accounts. The billionaire is engaged in a legal battle with Twitter, as he’s trying to walk out of a deal to acquire the company. (He’s also had some pretty interesting ideas for increasing Twitter profits).
• The security community was quick to rally behind Zatko. Meanwhile, Twitter said it fired him for “ineffective leadership and poor performance” and that the report paints a “false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.” Twitter has failed so far to address any of the specific claims Zatko made.

🔰 The acer Chromebook Vero 514 is a cool rugged machine made of recycled materials. It’s no slouch either (Android Authority).

🐜 My wife was confused this morning by this Facebook bug that filled her timeline with updates from Arnold Schwarzenegger and the Red Hot Chili Peppers. Millions were affected (The Verge).

🍿 A new trailer is out for Rings of Power, Amazon’s upcoming blockbuster show set in the Lord of the Rings universe (Ars Technica).

Ever wondered how whales sleep? Apparently, sperm whales sleep vertically at about 15 meters deep, in pods of five or six animals. They just take a deep breath and enjoy naps of up to two hours.

Sperm whales are the size of a school bus, so you’d expect this to be common knowledge. Amazingly, this behavior was only first documented in 2008, and the first good pictures showing a pod of sleeping sperm whales were taken in 2017 by French photographer Stephane Granzotto. You can see more in his portfolio here.

Chill with a pod of sleeping whales — easily the most surreal experience on my bucket list.

Bogdan Petrovan, Managing Editor.