Measurement, validation, and mitigation at the system level.
Focused on how machines interpret knowledge and reshape society.
Rarely posts. Speaks through work.
Same alias on Medium.
Measuring what we know. Anticipating what technology will make of us.
Built systems at Cisco and Yahoo.
Background: engineering, sociology, measurement theory.
Exploring knowledge definition, machine interpretation, and societal shifts after automation.
Read the full story:
đź“„ https://levelup.gitconnected.com/the-security-illusion-how-apple-google-and-global-vendors-built-a-system-thats-easy-to-abuse-92210d4887c8#19b6
Boosts appreciated if this resonated
#infosec #privacy #cybersecurity #DigitalSovereignty #AppSec #mastosec
I call this what it is:
⚠️ Surveillance by distribution
⚠️ Security by illusion
⚠️ A national security risk in plain sight
When the system is this easy to abuse, and this hard to audit, we don’t have security.
We have a permission model designed to shift liability, not protect users.
And it’s not just apps.
From tl;dr sec #279:
Chinese solar inverters shipped with undocumented radios.
In November, some were shut down from China — disabling power infrastructure abroad.
This isn’t just a problem for "Joe or Jane Average."
These apps are on the phones of:
🛡️ Military families
🏛️ Officials
🗣️ Politicians and their spouses
📱 Staffers and aides
Google and Apple love to market lockdown as security.
No sideloading. No third-party inspection.
But these apps are approved through the front door.
They pass review.
They get installed.
And then they silently surveil.
This wasn’t hidden.
It was right there in the permissions panel — which almost no one reads.
And even if they did, most wouldn’t know what it means.
This is not “informed consent.” It’s informed consent theater.
I’m a security researcher.
When my wife asked for a bird feeder with a smart camera, I checked the companion app first.
It requested:
• Call status access
• Phone numbers
• Permission to route calls through the system
My new article, just published in Level Up Coding, explains how widely distributed consumer apps quietly request invasive permissions — and why Apple & Google’s locked ecosystems enable this at scale.
🧵 A bird camera app asked to reroute my phone calls.
A set of Christmas lights wanted a GPS lock on my house.
Solar inverters were shut down from overseas.
This is not paranoia. It's design.
I completely understand and appreciate your reply.
If you're aware of anyone who might be open to endorsing work in this area (and isn’t constrained by moderation duties), I’d be grateful for any suggestions.
Thanks again for your time.
Hi Professor Eppstein — sorry to bother you here, but I sent a couple of emails last week about a cs.DS arXiv endorsement request for a paper titled Hamming Graph Metrics: Quantifying Structural Redundancy in Complex Networks. Subject line was “Request for arXiv Endorsement.” Just following up in case it was missed. Thanks again for your time.
Apple is still feeding unverified media files directly into decoders.
Why hasn’t this been fixed systemically?
Here’s a 2-layer isolation model that would eliminate entire zero-click classes — no decoder rewrites needed:
https://jam2we5b3a.medium.com/this-is-the-future-apple-should-already-be-shipping-054c69d78e50
#infosec #zeroclick #sandboxing #cybersecurity #apple #failsecure
Clarification: this is a systems-level proposal, not a PoC. The article focuses on feasibility, architecture, and risk elimination — not on code implementation (yet).
@dangoodin I've written up a validator-first media pipeline Apple could implement to prevent zero-click media exploits — intercepting and validating files (e.g., MP4, MOV, PNG) structurally before any decoder is touched.
No decoder rewrites. No format breakage. Fully backwards compatible.
Details here:
https://medium.com/@jamweba/this-is-the-future-apple-should-already-be-shipping-054c69d78e50
Curious what you think.
@agreenberg I’ve published a validator-based model to structurally intercept and verify media files *before* decoding — eliminating an entire class of zero-click exploits on Apple platforms.
Compatible with legacy formats. No decoder changes needed.
Full writeup:
https://medium.com/@jamweba/this-is-the-future-apple-should-already-be-shipping-054c69d78e50
Would be interested in your thoughts.
@lhn I’ve written a validator-based architecture that could prevent zero-click media exploits by structurally parsing and validating media containers (MP4, MOV, PNG, etc.) *before* decoding.
No changes to decoders. Apple could ship this today.
Full writeup:
https://medium.com/@jamweba/this-is-the-future-apple-should-already-be-shipping-054c69d78e50
Would welcome your take.
Apple is still letting unverified media files reach decoders — keeping an entire exploit surface alive.
This 2-layer validator model blocks malformed media before decoding ever begins. No decoder rewrites required. Apple could ship it today.
https://medium.com/@jamweba/this-is-the-future-apple-should-already-be-shipping-054c69d78e50
#infosec #Apple #sandboxing #RustLang #cybersecurity #zeroclick