I would, yes. In fact, the Trump White House did just that, it’s right there in the thread. Without knowing what the tweets they had removed were, I don’t see evidence of wrongdoing. There are legitimate reasons to have tweets taken down: malicious impersonation, revenge porn (which apparently some of these were), death threats, etc.
Is that a defence or further proof of malfeasance?
The Biden campaign, which became the government, perhaps in part due to the assistance provided, requested and received assistance. If the campaign wasn't the government and didn't have the power to compel assistance, why did Twitter help?
Because at least some of the content reported by them was unequivocally bad? Like someone's nudes that were published without consent. Or are you saying that if NYPost decides to run some candidate's children's nudes all of a sudden it's journalism instead of revenge porn?
This is utterly terrifying. What are some common steps to prevent this kind of "invisible" injection of images. If you're on private WiFi are you good to go? Any common tips to stay secure?
This would disable all images, but that's what you want, because you can never tell if a site you're going to has been compromised and what content they're going to serve up until you've already downloaded it.
This doesn't completely solve the problem though, you'd also need to make sure you don't have Flash or Java, and disable SVG and CSS now that I think about it... plus an encoded text of an illegal image is still probably illegal, even if it's text-encoded, so, uhh... I don't know, it depends how paranoid you want to be.
If someone wanted to force you to have illegal data on your machine, there's almost certainly a way to make it happen if you're connected to the internet in any way. Hell, even gmail shows embedded images by default... and even if you didn't open the email containing the illegal content, you still have it in your inbox, so there's that...
This advice tends to be akin to the advise to disable JavaScript. Basically at this point why are you even on the Internet? Also, as you mentioned Flash, Java, and especially SVG. The only real mitigation here is full drive encryption with a long passphrase which you'll never give up. Of course in the eyes of the courts and public that's a serious double-edged sword because you are assumed guilty at that point.
This is a good argument for Full disk encryption with a vpn and dns leak protection. You're right about people using encryption too. They have a whole playbook dedicated to targeting encryption(physical access is page one).
Don't use insecure WiFi networks, or if you do, use a VPN. That prevents you from getting these images injected by people sitting near you on the same network.
And don't visit web sites controlled by people who would do this, or linking to ad networks controlled by people who would do this. That's a little more out of your hands...
One, I don't know anyone who doesn't use non-secure WiFi networks & even if they don't, they typically still do without knowing, ergo., the 'attwifi' situation. Two, I've reviewed a number of VPN solutions over the years and they are far from perfect. Amongst some of my more notable findings:
1) Banner / update text delivered via HTTP to the client in a fully renderable state within the VPN client. Yeah, that was a fairly common issue many years ago and could be used to hijack the application UX to ask the user for things like their password.
2) Split tunneling. Some VPN providers will send HTTP traffic through the VPN while sending HTTPS traffic out the hostile leg of the VPN. This is cool and all until you use an application which doesn't properly validate the server public and then boom, a bad guy can get in the middle. Over the last half decade I've reported said flaw (failure to properly validate the server public) to over three dozen financial institutions, a couple anti-virus companies, and a major automotive manufacturer. It's real, it happens. Not to mention the Superfish and related situations.
Three, femtocells. Even if a bad actor can't get to someone's mobile computer (phone) via WiFi, they sure can by forcing it to negotiate a vulnerable cellular protocol and simply inject from there.
Mitigation? Effectively none for end-users. You can always monitor your connection and if you go down to 2G, run. But no one does that. You can also test each and every app on your phone to ensure:
a) It's using HTTPS for every request / response which is rendered in the app &
b) It's validating the server public. This one's easier said than done and well beyond the capabilities of most pen-testers. They might think they have it covered but rarely test for all man in the middle conditions.
I've not looked at it in detail, but someone I know tried out Network Signal Info on Android claiming it could help detect a femtocell attack:
However, they didn't really know what the app was telling them and kept accusing me of running a femtocell so I wasn't impressed. As far as I'm concerned it's an interesting app to use in attempting to get a confession out of someone you are pretty sure is running a femtocell but likely if that person is running a femtocell they wouldn't "fall for it."
Boot from read only media, or mark your partitions read only. If you boot from CD you can copy-on-read to RAM to keep things snappy. Or PXE booting a Unix / Plan9 workstation.
I set my networks up so that I never rely on a terminal machine for storage. If I lose my laptop all I lose is my laptop.
If I want a file to be stored permanently, I have to action it - Nautilis will mount remote file systems over ssh, I use that feature when creating & editing documents. I don't create them on the laptop.
Other stuff gets mounted/linked in /dev/shm if needed
I can flip ro/rw on partitions for doing updates or anything I really need to write to HD.
I don't do it for privacy reasons, just data loss protection.
One on on interviews don't scale. I feel like it's the biggest problem in any admissions process; the best metrics are one's that don't scale, so you're forced to rely on less optimal ones.
It's not a problem of scale, it is a problem of fairness. I went to one of the two and I can tell you people lose their minds over everything being anonymous and fair even when it is as anonymous as it gets.
When human assessors are involved, it becomes more subjective. Imagine having your assessment with the instructor of your strongest subject vs your weakest subject.
