Fuck Elon Musk (Part 1)

If I was an advertiser, I’d be thinking that none of the numbers from Twitter are worth tuppence now.

“… you can’t sue us because there is always new software after the time you file any lawsuit”

If twitter blue is to mean anything, one must believe that the remainder of the accounts are unverified, unsecure, and controlled by bad actors. This might strengthen that impression.

Except that they are only charging for SMS Two-Factor. Using an authentication app for Two-Factor is still free.

SMS is much less secure, being vulnerable to SIM swapping. It even happened to Jack a few years ago. This does nothing to make Blue more secure. It just means that now only people with Blue can have a false sense of security. Normal accounts can easily be more secure than SMS Two-Factor provides.

Of course from a security standpoint none of this actually matters practically, since the stats show that only 2.6% of Twitter users have two-factor enabled and of those, 74% use SMS Two-Factor

And it looks like they’re already fucking it up.

https://martinfowler.com/articles/202302-twitter-auth.html

WTF is “Fake 2FA SMS messages”? Are you sending them or not? If not, then you might have a criminal case. If so, it’s ain’t the phone company scamming you.

It’s so weird because SMS is way less secure but it’s easier to understand and set up for non-tech savvy people than an authenticator app or built-in OS functionality. So people will be more likely to just turn off 2FA entirely and make their accounts less secure. I can see this being backpedaled once Elon’s favorite white supremacists and fascists start getting hacked as a result.

So much for his “free speech absolutism”.

What I like is that apparently right now hardly anyone on Twitter has any two-factor turned on. And yet he is paying a fortune in SMS messages. If people are paying for Twitter blue and have been told that one of the features of Twitter Blue is two-factor authentication via SMS isn’t this going to greatly increase the number of SMS messages he has to pay for probably without greatly increasing the number of people signed up for blue?

I am assuming that what he means by fake SMS two-factor messages is that he doesn’t like that he has to pay to send a message every time anyone tries to hack into one of his customers accounts. But because he’s dumb he blames the phone company for it

Elon has already blamed “bots” when he ordered SMS to be blocked from specific companies (largely in Asia, but also Ukraine). The engineers removed many of those blocks claiming it was a bad update, but not all as I understand it.

There was also this instance of someone who couldn’t validate except through SMS after getting locked. Keeping in mind that Elon’s Twitter wants phone numbers to sell, and has already floated the idea of getting rid of large populations of unmonetizeable users, I’ll speculate that they could try to squeeze people into subscribing through lies and account locks.

Can you just imagine how great everything is going to be when he tries to turn Twitter into his everything app? This is the guy I want to put my digital life in the hands of!

When I was responsile for my company’s primary IDP, the first thing I did was ban SMS based 2nd factor, it’s so freaking easy to SIM port, as the people who are gatekeeping the porting are the last I’d trust to ensure things are above board (because the company is hiring people at minum wage to answer phones, not actual secuity professionals) no culpability to them, they literally are not paid enough to care.

I kind of like this “adding to his gravestone” thing though. Once it’s full, he has to shut up until he dies, right?

Well…I mean…if nothing else can go on the gravestone…what’s the point of even hanging around?