An interesting report on Twitter's internals, based on a whistleblower report to Congress. The stuff uncovered in it is much HOTTER than anything in the "Twitter files" but it's much less politically/tribally salient so it got no attention.
![[Image: 5gHfxm2.gif]](https://i.imgur.com/5gHfxm2.gif)
According to the report:
Twitter didn't monitor employee computers at all, it was not uncommon for employees to install spyware on work devices. "Against company policy it was commonplace for people to install whatever software they wanted on their work systems."
Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to live production systems.
In 2020, Twitter had security incidents serious enough they had to be reported to the federal government on an almost weekly basis. Meanwhile, Parag Agarwal was lying about how secure Twitter was and limited access.
On Jan 6, 2021, Mudge (the whistleblower) wanted to take action to prevent potential sabotage by a rogue employee. He learned it was not possible for Twitter to secure its production environment. Mudge realized that a data center failure could potentially cause the permanent loss of all of Twitter's data. He shared this fact with senior leadership, who instructed him not to put it in writing for the Board.
A few months later, that exact nightmare nearly came true, and only herculean effort by Twitter engineers prevented "permanent, irreparable failure."
Twitter had no software development lifecycle, and misled both the FTC and its Board about this fact for a decade.
Mudge informed Agrawal that there were thousands of failed login attempts to Twitter's engineering system every day. Agrawal did nothing.
Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn't comply with regulators.
"Every new employee has access to data they do not need to have access to."
Twitter does not have licenses for the machine learning models it uses in its most basic products.
Twitter may still be vulnerable to Log4j to this day:
![[Image: w4Ydc52.jpg]](https://i.imgur.com/w4Ydc52.jpg)
Twitter knowingly allowed itself to be infiltrated by, or otherwise a tool of, many governments.
After Agrawal became CEO, he wanted to present materially misleading information to the Board, overriding Mudge's objections. Other employees raised similar objections. Ultimately it seems the material was shared anyway, and Mudge described the presentation to the Board as fraud.
Internal review after the meeting confirmed this assessment. Mudge began working on a report to correct the record with the Board. As his report neared completion, he was fired.
More in the report:
Further Redacted for Congress - PROTECTED & SENSITIVE WHISTLEBLOWER DISCLOSURE (84 page redacted PDF)
According to the report:
Twitter didn't monitor employee computers at all, it was not uncommon for employees to install spyware on work devices. "Against company policy it was commonplace for people to install whatever software they wanted on their work systems."
Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to live production systems.
In 2020, Twitter had security incidents serious enough they had to be reported to the federal government on an almost weekly basis. Meanwhile, Parag Agarwal was lying about how secure Twitter was and limited access.
On Jan 6, 2021, Mudge (the whistleblower) wanted to take action to prevent potential sabotage by a rogue employee. He learned it was not possible for Twitter to secure its production environment. Mudge realized that a data center failure could potentially cause the permanent loss of all of Twitter's data. He shared this fact with senior leadership, who instructed him not to put it in writing for the Board.
A few months later, that exact nightmare nearly came true, and only herculean effort by Twitter engineers prevented "permanent, irreparable failure."
Twitter had no software development lifecycle, and misled both the FTC and its Board about this fact for a decade.
Mudge informed Agrawal that there were thousands of failed login attempts to Twitter's engineering system every day. Agrawal did nothing.
Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn't comply with regulators.
"Every new employee has access to data they do not need to have access to."
Twitter does not have licenses for the machine learning models it uses in its most basic products.
Twitter may still be vulnerable to Log4j to this day:
Twitter knowingly allowed itself to be infiltrated by, or otherwise a tool of, many governments.
After Agrawal became CEO, he wanted to present materially misleading information to the Board, overriding Mudge's objections. Other employees raised similar objections. Ultimately it seems the material was shared anyway, and Mudge described the presentation to the Board as fraud.
Internal review after the meeting confirmed this assessment. Mudge began working on a report to correct the record with the Board. As his report neared completion, he was fired.
More in the report:
Further Redacted for Congress - PROTECTED & SENSITIVE WHISTLEBLOWER DISCLOSURE (84 page redacted PDF)
"It is hard to imagine a more stupid or more dangerous way of making decisions than by putting those decisions in the hands of people who pay no price for being wrong." – Thomas Sowell