My Senate testimony on improving #COPPA is online here:

The regulation also says that these keys cant be removed without the authorization of the issuing member state‼️ This means that checks from the community like this awesome work by @v0max and Joel Reardon would be useless if states want to keep their keys:

#weis2024 is on an accelerated timeline this year. The Submission deadline is 30 November 2023 Details: https://t.co/kiLtaCipnC

If anyone wants an invite to the other site, I gots ‘em!

In my various travels, I hear Max Schrems' name invoked as much as the FTC's. Schrems will someday be recognized as one of the most consequential people in privacy. Even if you disagree with him, Schrems shows how a young, entrepreneurial lawyer can change the world

It's still incredible to me that Uber set up what were obviously illegal taxi operations, called it something else and eventually got virtually every city in North America to roll over, say "okay!" and either tear down taxi regulations or set up two parallel regulatory regimes.

Great presentation by @Allan__Lyons right now @USENIXSecurity on our recent work about logging of sensitive information in Android. #usesec23 Paper + slides (and soon the talk) here: https://t.co/SlKRdUACSC /cc @v0max @narseo @jgamba_

Pro tip: in CA they’re required to allow you to cancel online (Cal. Bus. & Prof. Code § 17602). Comcast violates this, and so when it happened to me, I documented it and then disputed the credit card charge. They immediately canceled when Amex notified them of the dispute.

🚨 "We may manually review DMs..." 🚨 This window randomly popped up for me stating that employees will read our DMs for various reasons, including if a government requests access. I already assumed this was the case, but it's nice to know for sure that we have no privacy here.

I’m no marketing wizard, but it seems to me that you might want to make your email pitches a bit more distinguishable from recall notices…

Wait, did they REALLY go with \mathbb{X} as their logo? They cannot possibly be THAT lazy?

Lol

Police used the Meta Pixel tracker to share interactions with a form for witnesses and victims with Facebook. Also told Meta when someone clicked a link to "securely and confidentially report rape or sexual assault". It is utterly bonkers that this is so unsurprising. Just WHY

No, it was not a joke. "Our paying customers need X, when will you fix it?" may not be the best way to introduce yourself to an open source project. #TodayInOpenSource

Thanks @v0max for a distinction about the audiences of privacy policies. Ostensibly they’re for end users, but the actual audience is different: regulators, lawyers, and researchers. #pets23

Dam.

Getting the luggage to the chalet was another matter (it slightly overshot, and I had to use the AirTag to find it about 10m past).

Not a bad view from my balcony!

Our Chicago and Atlanta @FTC offices are hiring new attorneys. These are among of our most dynamic shops. I urge you to consider applying:

Are you implementing 2FA for your mobile or web app? You need to understand the privacy and security risks associated with various 2FA apps. Today's comic is inspired by a recent paper written by @conorgil, Fuzail Shakir, @Noura_7N, and @v0max. 🧵[1/8] #privacy #cybersecurity

👇This. If you’re doing something interesting that requires deep expertise, you don’t need to worry *too* much about randos with money outcompeting you.