Jamweba

Measurement, validation, and mitigation at the system level.
Focused on how machines interpret knowledge and reshape society.
Rarely posts. Speaks through work.
Same alias on Medium.

Measuring what we know. Anticipating what technology will make of us.
Built systems at Cisco and Yahoo.
Background: engineering, sociology, measurement theory.
Exploring knowledge definition, machine interpretation, and societal shifts after automation.

Jamwebajamweba
2025-05-20

I call this what it is:
⚠️ Surveillance by distribution
⚠️ Security by illusion
⚠️ A national security risk in plain sight

Jamwebajamweba
2025-05-20

When the system is this easy to abuse, and this hard to audit, we don’t have security.
We have a permission model designed to shift liability, not protect users.

Jamwebajamweba
2025-05-20

And it’s not just apps.

From tl;dr sec #279:
Chinese solar inverters shipped with undocumented radios.
In November, some were shut down from China — disabling power infrastructure abroad.

Jamwebajamweba
2025-05-20

This isn’t just a problem for "Joe or Jane Average."
These apps are on the phones of:

🛡️ Military families
🏛️ Officials
🗣️ Politicians and their spouses
📱 Staffers and aides

Jamwebajamweba
2025-05-20

Google and Apple love to market lockdown as security.
No sideloading. No third-party inspection.
But these apps are approved through the front door.

They pass review.
They get installed.
And then they silently surveil.

Jamwebajamweba
2025-05-20

This wasn’t hidden.
It was right there in the permissions panel — which almost no one reads.
And even if they did, most wouldn’t know what it means.

This is not “informed consent.” It’s informed consent theater.

Jamwebajamweba
2025-05-20

I’m a security researcher.
When my wife asked for a bird feeder with a smart camera, I checked the companion app first.
It requested:
• Call status access
• Phone numbers
• Permission to route calls through the system

Jamwebajamweba
2025-05-20

My new article, just published in Level Up Coding, explains how widely distributed consumer apps quietly request invasive permissions — and why Apple & Google’s locked ecosystems enable this at scale.

levelup.gitconnected.com/the-s

Jamwebajamweba
2025-05-20

đź§µ A bird camera app asked to reroute my phone calls.
A set of Christmas lights wanted a GPS lock on my house.
Solar inverters were shut down from overseas.
This is not paranoia. It's design.

@jamweba

Jamwebajamweba
2025-05-13

@11011110

I completely understand and appreciate your reply.

If you're aware of anyone who might be open to endorsing work in this area (and isn’t constrained by moderation duties), I’d be grateful for any suggestions.

Thanks again for your time.

Jamwebajamweba
2025-05-12

@11011110

Hi Professor Eppstein — sorry to bother you here, but I sent a couple of emails last week about a cs.DS arXiv endorsement request for a paper titled Hamming Graph Metrics: Quantifying Structural Redundancy in Complex Networks. Subject line was “Request for arXiv Endorsement.” Just following up in case it was missed. Thanks again for your time.

Jamwebajamweba
2025-05-05

Apple is still feeding unverified media files directly into decoders.
Why hasn’t this been fixed systemically?
Here’s a 2-layer isolation model that would eliminate entire zero-click classes — no decoder rewrites needed:

jam2we5b3a.medium.com/this-is-

Jamwebajamweba
2025-04-25

@dangoodin

Clarification: this is a systems-level proposal, not a PoC. The article focuses on feasibility, architecture, and risk elimination — not on code implementation (yet).

Jamwebajamweba
2025-04-25

@dangoodin I've written up a validator-first media pipeline Apple could implement to prevent zero-click media exploits — intercepting and validating files (e.g., MP4, MOV, PNG) structurally before any decoder is touched.

No decoder rewrites. No format breakage. Fully backwards compatible.

Details here:
medium.com/@jamweba/this-is-th

Curious what you think.

Jamwebajamweba
2025-04-25

@agreenberg I’ve published a validator-based model to structurally intercept and verify media files *before* decoding — eliminating an entire class of zero-click exploits on Apple platforms.

Compatible with legacy formats. No decoder changes needed.

Full writeup:
medium.com/@jamweba/this-is-th

Would be interested in your thoughts.

Jamwebajamweba
2025-04-25

@lhn I’ve written a validator-based architecture that could prevent zero-click media exploits by structurally parsing and validating media containers (MP4, MOV, PNG, etc.) *before* decoding.

No changes to decoders. Apple could ship this today.

Full writeup:
medium.com/@jamweba/this-is-th

Would welcome your take.

Jamwebajamweba
2025-04-25

Apple is still letting unverified media files reach decoders — keeping an entire exploit surface alive.

This 2-layer validator model blocks malformed media before decoding ever begins. No decoder rewrites required. Apple could ship it today.

medium.com/@jamweba/this-is-th

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst