Another document in the ongoing Twitter saga dropped yesterday. From the Washington Post:

Twitter executives deceived federal regulators and the company’s own board of directors about “extreme, egregious deficiencies” in its defenses against hackers, as well as its meager efforts to fight spam, according to an explosive whistleblower complaint from its former security chief.

The complaint from former head of security Peiter Zatko, a widely admired hacker known as “Mudge,” depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures.

There is an 84-page PDF associated with the complaint, that has (in redacted form) been obtained by the Washington Post.

Most of it appears to be about a political struggle between Zatko and Agrawal, and various accusations of Agrawal engaging in fraud. There is some commentary on the Musk situation as well. And a bunch of horror stories1 about Twitter’s internal security.

On mDAU

Zatko misses the point on mDAU. mDAU is the company’s representation of the number of physical humans who it considers its customers. It strives to provide an accurate representation of that number to its shareholders2 so they can analyze the performance and market-share of the business.

The various complaints by Zatko (in points 21-26) and Mr. Musk can be summarized as “can you publicly show which accounts are mDAU”? I believe the answer to that question is likely to contain Twitter confidential information3, and decline to speculate further.

Whether the accounts that Twitter does not feel correspond to individual customers consist of “bots” or something else4 is immaterial to the business.

On bots

Perhaps this Elon Musk drama is Mr. Musk’s attempt to increase fear about Artificial Intelligence and slow AI progress.

Astral Codex Ten

Why Not Slow AI Progress?

Read more

2 years ago · 163 likes · 664 comments · Scott Alexander

We constantly hear about “bots” and Twitter, and are told it is bad. But why? And what do we mean by bots?

First, there are scripts that auto-post nonsense replies to Mr. Musk’s accounts. The infamous “get cryptocurrency” tweets, etc. Everybody agrees these are bad. I have suggested that “slow reply” is the solution here. Verified and paying users should be able to have their replies to Mr. Musk posted immediately, other accounts should have to wait several minutes befor their replies are visible.

There are also nicer automated accounts. Consider https://twitter.com/apastoraldream - is this a bot account? Is it a mDAU? Is it bad? I don’t know the first two answers, but I do know it isn’t particularly bad to have such an account on Twitter.

On due diligence

Both in Zatko’s complaint as well as Mr. Musk’s counter-suit, many of the complaints seem to be that they don’t like how Twitter is running its business.

For Mr. Musk, this is pure chutzpah. If he wants his opinions for how Twitter should be run to matter, he needs to follow through with his purchase. The ability to say how Twitter is run is (one of) the things he would be buying.

And … I am not a member of the bar of any state, but you can’t “waive due diligence” and then claim fraud if you find something later on that should have been found in due diligence.

Extra extra: more on Birdwatch

A Washington Post piece on the rollout of Birdwatch confirms it will not be publicly launched before November5. They note the “authority splice” issue we discussed in last Tisatsar’s News: