This week, President Donald Trump threatened to declassify swaths of information related to the ongoing Russian interference investigation, with seemingly little regard for the potential fallout. Well, it'd be bad[1].
But otherwise, this week had surprisingly good news in the world of security! Cloudflare is embracing Google's "Roughtime" protocol[2] to help keep the internet's clocks ticking in sync, and the Mirai botnet architects have been helping the FBI[3] take down cybercriminals as part of a plea agreement. Facebook's bug bounty now includes third-party apps[4] behaving badly. HTC explained how it'll secure its Exodus blockchain phone[5]. And former defense secretary Ash Carter encouraged government and tech[6] to work together.
And yes, OK, there was less rosy news as well. DIY gun advocate Cody Wilson was arrested[7] for alleged sexual assault of a minor. And the California Farm Bureau gave up the right of farmers to repair equipment they own[8].
Twitter Sent User DMs to Developers by Mistake[9]
Direct messages are wonderful in that unlike the rest of the Twitter experience, you don't have to broadcast your thoughts to the known universe. They're private! Just for you and the recipients. Unless, as Twitter revealed Friday, you're one of the 1 percent of users who had those direct messages sent to unauthorized third-party developers instead. (Remember, Twitter has over well 300 million users, so that's a lot of errantly sent DMs.) The bug was also in effect since May 2017, and only patched recently. A fun cocktail party debate: Which was worse, this or the time Twitter stored passwords in plaintext[10]?
Ghostery's New Browser Has Even More Privacy Cred[11]
Ghostery already had a