I'm sure it is, but the issue is more complex than that.

How much data is stored on each person? How many hoops does an individual analyst have to jump through, if any, to access that information for an individual? Is it stored in an encrypted or anonymized way so that an analyst can't access the details without approval from management? Are there jobs constantly scanning this dataset and alerting on suspicious patterns, and if so, what is the average false positive rate and does an alert give carte blanche to read all of the data collected about that individual and their connections and connections-to-connections?

I doubt Congress will ever get clear or entirely truthful answers to those questions, let alone the general public.

>Why bother with employees - just go give money to intel to do this.

Risk of refusal. Risk of intentional or unintentional leaks.

That's not what he was saying. Yes, it would of course be a good idea to try to hide the malware implants from tools like Little Snitch. It's just that the method they propose of going about it is really dumb.

What tptacek is saying is that instead of writing some hand-tailored userspace code to specifically fool Little Snitch, they should just be using a kernel module that will hide the network and process activity from all analysis tools. That's what most nation-state malware does (or tries to do).

>The status.slack.com was also overloaded during this time and it may have been inaccessible.

This is starting to become a common theme...

Eh, years in a federal jail cell seems like it's not worth even $1 billion to me. And they made a lot less than that.

I don't think it's flag-worthy because it absolutely could be true. It's not like anything here is that difficult to believe given previous insider reports from Uber. None of the claims here are that absurd.

But, yes, it could easily be an anonymous troll. It needs verification.

Their non-mobile quality seems to be pretty high as far as I can tell, but, yeah, I feel like he'd have to agree their iOS app is the definition of clowntown.

Should be pretty easy to fix. Just HMAC (or just concatenate pepper and hash, honestly) the phone number and use that as the identifier.

As far as I can tell he's basically 2nd-in-command.