ShadowSocks: Doubi of SSr Nabbed Under Twitter Questions
grarpamp
grarpamp at gmail.com
Tue Dec 10 16:43:31 PST 2019
https://mobile.twitter.com/robert_spalding/status/1134797195771863041
Is Twitter leaking user phone numbers to the Chinese police, or
have they been hacked? People are being called in for questioning
about their Twitter activity. 5:21 AM - 1 Jun 2019
https://amp.ft.com/content/afd44222-5c34-11e9-9dde-7aedca0a081a
Chinese authorities step up crackdown on Twitter users
Police warn people for liking posts that insult leaders or even
opening an account.
"
Here is a story what has happened to Doubi (SSr developer.) He was
a very well aware of anonymity risks, and he evaded police for years
on end. China literally tried to do geolocate him by turning off
the internet in entire cities, but to no result. He caught on to
that, and started randomising his release timing, and avoiding
releasing "hotfixes". So, the entire Chinese police and MSS been
looking him for 4-5 years.
What has happened? A few month before his arrest, he registered a
Twitter handle with a throwaway SIM card. Those are being usually
sold by "grannies" in Chinese 2nd tier cities who peddle things
like fake tax receipts, anonymous train tickets and such.
China either hacked Twitter, or had somebody bribed there, and they
got the number. They then tracked down the granny who sold him the
SIM card, and went on and checking every person door to door in
that small town. Then, they found him.
He got 5 years prison, and 4 years of laogai (gulag)
Basically Twitter got pwned big time, and now denies it because
GDPR will ruin them if breach is proven.
Here is what Doubi's online followers figured:
State security got all phone numbers used for Twitter phone
verification up to May 2019 and possibly till July.
Twitter haphazardly closed the breach in complete secrecy.
API hole explanation is excluded as people with 100% private accs
got police visits.
People with foreign SIM cards also got into trouble. So the explanation
that China compromised Twitter's SMS providers is also excluded,
as its improbable that they did it in 4+ countries.
2016 breach is also out of question.
The only explanation is that they got hold on a big piece of their
user DB, or, worse, they have an active infiltrator in Twitter, or
Twitter voluntarily cooperated.
"
More information about the cypherpunks
mailing list