Alec Muffett Profile picture
Cryptography, Systems & Network Security Engineering since ~1988; see link for biog & press resources. 'Everybody Deserves Good Security'
Oct 5, 2018 7 tweets 5 min read
Re: @timberners_lee's #Solid / @SolidMit

Hi @robertscammell!

More interesting that Facebook, I used to work on TheMine!Project*, a highly influential, much-plagiarised & ultimately unsuccessful stab at personal information stores, from 2006-2011.

* If you want to know my opinion of how @timberners_lee's #Solid will impact "tech giants", watch this video (actually, x3) from 2010; the bulletpoints are:

- facebook killers, aren't
- there's plenty of room for alternatives
- first it must grow

Sep 4, 2018 13 tweets 6 min read
Australia: "The Assistance and Access Bill 2018" - the people of Australia have SIX DAYS in which to register their feelings on encryption back doors:… #straya #endtoend A Bill for an Act to amend the law relating to telecommunications, computer access warrants and search warrants, and for other purposes #otherPurposes
Aug 5, 2018 11 tweets 4 min read
Hey! You remember that piece where I was randomly asked to respond in a 2…3 hour window, about "fixing" Facebook? Well, it's out, and I've found it! And, of course, like every other Associated Press piece, it is broadly republished in many newspapers, under mostly-the-same-headlines:
Jul 30, 2018 9 tweets 3 min read
<pops open bonnet of car>
Mark: "There you go, there's the engine. 4 cylinder petrol engine"
@CommonsCMS: "Where are the horses?"
Mark: "Horses?"
CMS: "We heard it's a 100 Horsepower engine."
Mark: "That's just a metaphor…?" .@CommonsCMS: "No, we know there are horses. That engine is a black box. You're not being transparent about where the horses are."
Mark: "But that's not how cars really work…"
CMS: "Everyone knows that cars are driven by horsepower. We want to see the horses." #algorithms
Jul 27, 2018 15 tweets 6 min read
HEREWITH: a _different_ argument about why it's easier to put a man on the moon than to have backdoorable cryptography at scale. This fine article got posted by Techdirt a couple days ago… And it has received reasonable praise, commentary, and dad-jokes from the usual crypto suspects:
Jul 9, 2018 5 tweets 2 min read
While we're on the topic of scale: every so often I have the misfortune of having to listen to some politician or former civil servant* demanding that people "NEED TO LEARN THE VALUE OF THEIR PERSONAL DATA, GODDAMNIT!".

*eg: ex-GCHQ This one can be quite quick:
- Facebook
- About 2 Billion users
- Annual revenue 2017: $40.653 Billion…
Jul 7, 2018 23 tweets 9 min read
Regards #Article13, I wrote up a little command-line false-positive emulator; it tests 10 million events with a test (for copyrighted material, abusive material, whatever) that is 99.5% accurate, with a rate of 1-in-10,000 items actually being bad. For that scenario - all of which inputs are tuneable - you can see that we'd typically be making about 50,000 people very upset, by miscategorising them as copyright thieves or perpetrators of abuse:
Jun 26, 2018 11 tweets 6 min read
1/ Okay, essential DNS-privacy-related reading of the past few weeks, combined with a crazy idea; you need to read or skim three articles; firstly this one from Mozilla about DNS over HTTPS:… 2/ Secondly Cloudflare's announcement of, a free, public, DNS server:…
Jun 1, 2018 16 tweets 11 min read
Today is a challenge - on and off for the next 12 hours, now that the GDPR dust is settling, I am going to try and Tweet about nothing but the #EUCopyrightDirective - BECAUSE, YE GODS, YOU NEED TO KNOW ABOUT THIS:…

HT @mmasnick CC @OpenRightsGroup If you want a video about how YOU should demand that the EU #DeleteArt13 of the #EUCopyrightDirective, maybe start with this one:
Apr 17, 2018 6 tweets 4 min read
Can someone please give me independent confirmation of this? Oh hell,…
Mar 5, 2018 4 tweets 2 min read
Facebook upgrading third party HTTP links, to HTTPS, across the site! Well done!… Quote: «We have recently upgraded our link security infrastructure to include HSTS preloading, which automatically upgrades HTTP links to HTTPS for eligible websites. This will improve people's security and will also often improve the speed of navigation to sites from Facebook.»
Feb 1, 2018 13 tweets 8 min read

@VICE @motherboard in Germany is spreading a lie that @facebook @messenger end-to-end encrypted "secret conversations" can be decrypted; because the author @ok_but_why does not know what an HMAC is … The piece runs thusly (via Google Translate) - and it conflates the abuse-reporting mechanism with the "Franking" mechanism that "Secret Conversations" uses, and which (a) @matthew_d_green helped design and (b) is fully documented.

I know, because I led the project. #lol
Jan 28, 2018 33 tweets 20 min read
Cross-referencing @mjranum's recent post about using Google Maps to identify CIA "Black" sites in Djibouti, with the #Strava heat-map, appears to offer corroboration… Also there are more drones on the (but older?) DigitalGlobe/Mapbox imagery (Strava) imagery of Chabelly airport, than the (more recent?) equivalent GoogleMaps:…