Irwin Reyes

@EleonoraMazzoli @damiantambini @Robin_Mansellx @MediaLSE Congrats, doc!

A fantastic end of an important journey: today I passed my #PhD Viva, so yes you can call me Dr. Mazzoli!🤩 A special thanks to my wonderful supervisors @damiantambini @Robin_Mansellx who have supported me throughout!❤️ Big shout-out also to my fellow colleagues from @MediaLSE!

Sure looks familiar. So why would someone fall for this? Because invasive accesses are hard to grok, there are no auto-revokes or reminders about existing authorizations, and users trust the platform. With @dgbalash @wxyowen @milesdoesjump @adamaviv usenix.org/conference/use…

@v0max I suspect it’s designed to look cool at the time of sale. By the time the driver realizes touchscreen interfaces are hot garbage compared to physical controls, they’ve long driven the car off the lot.

I’m convinced that the Tesla is a car designed by people who don’t drive. Yes, having to go through six levels of menus to turn on the headlights is totally safe and reasonable! I assume self driving mode was mostly added to counteract the distraction of having to use the UI.

@ARLnowDOTcom The County needs to be much more aggressive against this. Too many drivers and gig workers use bike lanes for their own selfish convenience.

Protected bike lane in Clarendon repeatedly blocked by Starbucks customers, prompting county action arlnow.com/2023/01/20/pro…

Are we still allowed to tweet about the Purdue Fort Wayne Mastodons?

I like how the @espn app says it needs your precise location just for live streaming content. But paid premium ESPN+ films simply won't work until you relent and tell them exactly where you are. So much for "if you're not paying for it, you're the product."

sure would be a shame if everyone who knew how to change the security certificate that expires in SIX WEEKS left

Backup options in many Android #TOTP #2FA apps share personal info w/ 3rd parties, have serious crypto flaws, and/or allow app devs to access TOTP secrets 😱 A 🧵 on our @USENIXSecurity '23 📜 "Security and Privacy Failures in Popular 2FA Apps" github.com/blues-lab/totp… #infosec

Happening now, in Track 1, @USENIXSecurity #usesec2022, David Balash is presenting our work on how users understand Googles 3rd party API access to their accounts. David is also on the academic job market this year. You should hire him!

It's ON! Excel Esports: All-Star Battle on ESPN Ocho now!

Sources: the thirteen American colonies plan on leaving Great Britain over a revenue sharing dispute, citing poor leadership of Commissioner George III. Expected to enter scheduling agreement with France.

This role requires eligibility for a DoD clearance, so US citizens only. Remote possible, in-person preferred (depending on experience level).

My team is looking to hire a research engineer in the Washington DC area. We explore mobile privacy challenges and solutions for the government. If you have a background in mobile software development and an interest in privacy, DM me to learn more. twosixtech.com/job/?gh_jid=45…

Excited to be at @icwsm this week! I'll be presenting work (with @_kumarde @zakirbpd) at Session 6, June 9. We've seen misinfo sites deplatformed by mainstream providers only to resurface on alternative platforms. Which entities continue to service and support such sites? 1/6

@v0max You're right, you wouldn't be able to use the current webadb implementation as-is because that requires a browser. But you might be able to run those same exact adb commands through the Device Farm API (basically a continuous integration script). docs.aws.amazon.com/devicefarm/lat…

@irwinreyescom Though, I'm not entirely sure how we'd use Device Farm, since we need to visit the website from a computer connected to the phone via USB?

(Please retweet!) Do you have an Android phone? Please help us with a study! pages.cpsc.ucalgary.ca/~allan.lyons/w…

app: do u want me to notify u me: of what app: of me me: i know about u app: this is to remind u me: don’t need that app: ok let’s discuss again later

@v0max Got it! I'll toss in a couple points to your data set. Also, if device diversity is a priority, have you guys looked into the AWS Device Farm? I don't know what restrictions they put on adb commands, but there's a decent selection of phones there too.

@irwinreyescom Though I should add that diversity of manufacturers/models is most important, because it's the device drivers that tend to log identifiers and location data (which can then be accessed by pre-installed apps/SDKs).

@v0max Are you looking mainly at the devices themselves? Or phones that people actually use? I have a couple old Android phones sitting in a drawer if that helps.

We're trying to collect data from a diversity of Android hardware manufacturers, models, and carriers, since many different third parties have the ability to collect this data in logs (and potentially send it to their servers). So we'd appreciate it if you share the URL above!

Microsoft will no longer require users to enter a password to access their accounts. Instead, they'll have to use an app, a verification code or facial recognition. Check it out ⬇️