John Wilander 🥥🌴🇺🇦
@johnwilander
Followers
9,660
Following
874
Media
1,043
Statuses
36,953
Hacker fiction novelist + WebKitten doing privacy and security
SF Bay Area, USA
Joined July 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Putin
• 537701 Tweets
Rich Homie Quan
• 338596 Tweets
Venezuela
• 320860 Tweets
Cristiano Ronaldo
• 188518 Tweets
San Marino
• 93567 Tweets
Hunter Biden
• 91977 Tweets
Chiefs
• 91912 Tweets
#السعوديه_اندونيسيا
• 80667 Tweets
900 Goals
• 68070 Tweets
Thug
• 66817 Tweets
Lifestyle
• 64104 Tweets
#TimnasDay
• 63758 Tweets
World Cup
• 57512 Tweets
Ravens
• 57139 Tweets
ESMAD
• 57031 Tweets
كاس العالم
• 39173 Tweets
Liechtenstein
• 37591 Tweets
El Alto
• 34354 Tweets
Russian
• 30100 Tweets
سالم
• 28225 Tweets
Alex Morgan
• 27532 Tweets
مانشيني
• 27313 Tweets
FA DIES IS OUT
• 26975 Tweets
Bolivia
• 26416 Tweets
المنتخب السعودي
• 18892 Tweets
#GHEstreno
• 18645 Tweets
Type of Way
• 16533 Tweets
#الكويت_الاردن
• 16498 Tweets
كريستيانو رونالدو
• 15673 Tweets
علي المنتخب
• 14199 Tweets
woody
• 13889 Tweets
Milk Marie
• 11067 Tweets
Alhamdulillah 1
• 10206 Tweets
اليابان
• 10066 Tweets
Pinned Tweet
My hacker thriller ”Identified” is now available as audiobook! 🤩🎧 Narrated by the awesome Kristin Price.
Some links:
• Audible
• Apple Books
• Google
• Storytel, Sweden
0
0
4
When you finish a PhD in computer science, they take to a special room and explain that you must never use recursion in real life. Its only purpose is to make programming hard for undergrads.
35
163
1K
“Facebook reads accelerometer data all the time. If you don't allow Facebook access to your location, the app can still infer your exact location only by grouping you with users matching the same vibration pattern that your phone accelerometer records.”
24
363
679
State of cross-site tracking 2020, default settings:
• Safari, algorithmic prevention
• Firefox, list-based prevention
• Edge, list-based prevention
• Brave, list-based block
• Chrome
10
143
482
My opinion: The Google AMP cache is the cross-site tracking stunt of the decade. How did they get away with serving others' content under google·com for all these years, with full access to people's Google login cookies, while making the actual content providers into 3rd-parties?
19
88
450
Hiring experiment: Blind job auditions made women selected for interviews go from 5% to 54% I’ve said this for years
15
530
423
As I said, the Google AMP cache is the cross-site tracking stunt of the decade. How did they get away with serving others' content under google·com for all these years, with full access to people's Google login cookies, while making the actual content providers into 3rd-parties?
8
149
434
Work update: Since last month, I’m the manager of WebKit Security & Privacy at Apple. Huge responsibility in this day and age, but it's the kind of challenge I like. Here’s a thread about this Silicon Valley team and jobs you can apply to today!
36
47
412
OH: “Installing a WannaCry screenshot as a coworker’s screensaver.” Very evil. Very evil indeed.
12
206
335
“The new tracking-free ad server was performing so well that NPO decided to abandon cookies entirely beginning in 2020. As of January, visitors aren’t even asked to opt in or out; the site simply doesn’t track anyone. The results have been striking.“
8
180
333
DuckDuckGo just released their own tracker list, ready to be used by privacy tools such as content blockers. They even open sourced the code that generates it, bringing transparency to how domains end up on their list:
3
143
317
Ten years at Apple today. 🎉❤️ What a journey. I’m so happy I took the chance and that my family took the leap of faith in moving to the US. Apple is a place where you can change the world for the better, and that’s what I’m focused on. Here’s to another amazing ten!
11
4
277
The long wait is over and the latest update to Safari's Intelligent Tracking Prevention is here: Full third-party cookie blocking and more Safari users, welcome to the future and a safer web!
23
134
269
“[Google is] continuing to argue that third-party cookies are actually fine, and companies like Apple and Mozilla who would restrict trackers’ access to user data will end up harming user privacy. This argument is absurd.”
5
175
257
Huge: WebKit on GitHub!
3
55
258
Please welcome the new W3C Privacy Community Group, chaired by people from Apple, Mozilla, and Microsoft. The web has a bright future!
5
62
236
”WordPress announced today that they plan on treating Google's new FLoC tracking technology as a security concern and plans to block it by default on WordPress sites.”
9
64
220
”EU interior ministers want to exempt professional accounts of staff of intelligence agencies, police and military from the envisaged scanning of chats and messages. The regulation should also not apply to ‘confidential information’”
1
65
209
"Two years ago, Apple launched an aggressive battle against ads that track users across the web. Today executives in the online publishing and advertising industries say that effort has been stunningly effective"
3
64
202
Potential class-action lawsuit: "Google violated federal wiretap laws when it continued to collect information about what users were doing on the internet without their permission even though they were browsing in so-called private browsing mode"
4
91
188
The Swedish word for six is sex. Here, a kids book on counting.
The Swedish word for goat is 'get' and the Swedish for kid is 'killing', resulting in this creepy instruction in a children’s educational book
96
4K
17K
3
34
188
”I deleted everything from Google I could find, restarted the computer, and it was like night-and-day. Everything was instantly and noticeably faster, and WindowServer CPU was well under 10% again.”
12
57
188
Company 1: “Don’t worry, we will never sell your information.”
Company 2 buys Company 1.
5
91
171
Estimated breakage rate by the end of the 2nd year of ownership, for laptop computers. Hardware is hard.
16
90
170
Safari has partitioned its HTTP cache since 2013. *Seven years* before Chrome. I hope they fix the article.
2
36
178
Pro tip: When you revise history and say “When other browsers started blocking third-party cookies by default, we were excited about the direction,” you first need to pay off the people who were in the W3C meeting 2017 where you shared your “excitement.”
4
32
175
#GodIsNotGreat
pulled from trends because christians protest. But
#ReasonsToBeatYourGirlfriend
was allowed. Stay classy,
@Twitter
.
45
3K
150
A day to celebrate – new installs of Firefox get cross-site tracking protection turned on by default! 🎉🎈🎂
Now two of the major browsers – Safari in 2017 and Firefox in 2019 — have decided that tracking should be opt in, not opt out:
2
61
154
It’s time to switch browser, if you’re not already on one with modern privacy protections turned on by default:
8
72
147
3.5 years after I had to endure an ITP hate storm at W3C, including a TAG representative calling me stupid in public, Google has now said tracking prevention *is* key to the future of the web. The WebKit team’s love for the web is solid. We stood up to the bullies.
“Keeping the internet open and accessible for everyone requires all of us to do more to protect privacy — and that means an end to not only third-party cookies, but also any technology used for tracking individual people as they browse the web.”
3
2
18
8
24
134
Facebook is up again, so here goes …
They were too BGP to fail.
6
17
131
Privacy protections, just like security protections, should be on by default.
Let me say that again.
Privacy protections, just like security protections, should be on by default.
5
40
120
I’ve spent my whole professional career making sure people are safe on the web. All kinds of people, not just specialists. I dream of not having to tell friends to stay vigilant when they browse.
Some interpret that as not wanting the web to succeed.
So let me say it: I ❤️ web
4
11
122
Zero mentioning of the fact that the Google AMP cache makes Google the (faux) first party of all those news links. First party as in unpartitioned cookie access.
9
27
121
Web privacy is not about transparency and additional controls.
Web privacy is about prevention and limitations, on by default.
4
24
109
Given today's news, I can only say this: We have to save the web, folks. If we don't, we may never get it back.
9
15
111
I’m half Indian, half Swedish => more melanin. This created an issue for me throughout my upbringing in small town Sweden. I was called things including the N word and they made up stories about what we ate and that our townhouse had dirt floors.
All because of skin color.
4
4
112
Opera sync system breached. Encrypted, synchronized passwords and hashed+salted auth tokens compromised.
4
217
110
Thanks everyone who attended my talk on web privacy at
#usesec19
. My demos worked – yay!
By the way, we *just* announced the WebKit Tracking Prevention Policy:
4
28
110
Brave on FLoC: 'In general, the idea that privacy is, and is only, the absence of cross-site tracking, is wrong. Any useful concept of privacy should include some concept of “don’t tell others things you know about me, without my permission.”'
3
34
107
Private Browsing 2.0 – the details on Safari’s latest, industry-leading privacy protections:
6
36
112
Safari 10.1. Now with Fetch, IndexedDB 2.0, Custom Elements, EcmaScript 2016/2017, CSS Deep Colors, Grid Layout etc:
3
104
108
A 3% surcharge to “offset” having to pay your staff. How about you just show me the price of the food including salaries?
10
4
106
Happy CCPA Day!
Californians now have the right to:
• Know what personal information (PI) is collected, used, shared, or sold
• Delete PI held by businesses & service providers
• Opt-out of sale of PI
• Non-discrimination in price & service when exercising CCPA privacy rights
5
44
104
Lastpass stores 2FA secret seed in a URL that can be derived from your password which beats the purpose of 2FA:
3
94
107
Prediction: We will start talking about Privacy Herd Immunity.
Enough people need to opt out of data collection and profiling to make sure that models of human behavior cannot be created and applied to the rest of the population.
11
20
105
Introducing a privacy-first technology and another important step for a healthier web – Privacy Preserving Ad Click Attribution:
9
47
102
Vox: “How ads follow you around the internet”
0
36
99
WebAuthn with a platform authenticator, i.e. private keys protected and managed by hardware security on-device? Yes.
Anonymous attestation so that WebAuthn doesn't become a cross-site tracking vector? Yes.
Face ID and Touch ID for the web? Yes.
5
30
104
“Google uses its dominance in schools to ‘spy’ on millions of future customers, tracking the digital lives of kids as early as kindergarten, a lawsuit filed by New Mexico's attorney general alleges.”
4
75
97
Privacy by default.
Not privacy by flipping switches.
4
13
97
ITP 2.2 – Addressing the problem with cross-site tracking via link decoration:
5
54
96
Happy New Year!
My decade in review:
• Had two kids 👧🏻👧🏼
• Got married 👰🏼
• Defended my PhD 🎩
• Released an EP and two singles 🎤
• Relocated 🇸🇪–>🇺🇸
• Joined
• Organized an OWASP AppSec 🤹🏻♀️
• Deleted the most tracker cookies in the world 🍪🌎
2020 will be awesome!
2
0
94
”Google continued collecting location data even when users turned off various location-sharing settings, made popular privacy settings harder to find, and even pressured LG and other phone makers into hiding settings precisely because users liked them”
1
64
92
Here are my thoughts on yesterday's privacy announcement from the Chrome team (). [Thread]
2
69
91
Safari’s Intelligent Tracking Prevention 2.0 – all the details:
6
73
87
"Safari 14 Beta Release Notes … Safari no longer supports Flash."
3
13
87
The latest update to Safari's Intelligent Tracking Prevention is here: "CNAME Cloaking and Bounce Tracking Defense" CNAME cloaking defense is another Safari first.
7
34
84
ITP is enabled by default in all WKWebView apps for the newly announced releases. Apps can't disable it on their own but users can, just like in Safari. Check it out in the session "Discover WKWebView enhancements": . The segment on privacy starts at 23:55.
6
35
85
"With iOS 14, iPadOS 14, and tvOS 14, you will need to receive the user’s permission through the AppTrackingTransparency framework to track them or access their device’s advertising identifier."
9
31
81
Joke making the rounds among Swedes:
It used to be you faked a cough to cover up a fart. Nowadays you fart to cover up a cough.
0
16
77
"When embedding a video using youtube·com, Google uses DoubleClick to track your users (…) When using youtube-nocookie·com, Google no longer uses DoubleClick to track your users."
2
30
81
Exciting news! Today's iOS/iPadOS betas have Private Click Measurement (PCM) enabled and it works for both web-to-web and app-to-web. PCM is a new, privacy-preserving way to measure click-through ad campaigns that navigate the user to a website.
7
31
81
Guess what just arrived at our house? I have to say the book looks gorgeous. The sales page goes live to subscribers tomorrow … together with my hacker review of The Matrix! –>
12
0
80
"Interestingly, none of the Chrome devs that I follow are saying anything about FLoC. They’re usually quite chatty about proposals for potential standards, but I suspect that this one might be embarrassing for them. It was a similar situation with AMP."
3
30
80
Amazing. It’s apparently called the EXOPULSE Mollii Suit. Description and FAQ here:
A Swedish engineer has created a suit that helps people with Parkinson's disease and stroke get rid of tremors using electrical stimulation.
1K
19K
80K
0
25
78
In case you didn't know, you can chat with WebKit folks on our open Slack:
6
17
77
I don't get why people are celebrating the death of IE to such an extent. Its marketshare is long gone. I doubt the people posting have bothered with IE the last few years.
The fact that Microsoft gave up their independent web engine continues to be sad and bad for the web.
13
12
78
“Fitbit says data of its 28 million users will not be sold or used for Google ads” Below, changes to Google’s privacy policy 1999-2019.
6
57
72
"We have removed all non-essential cookies from GitHub, and visiting our website does not send any information to third-party analytics services."
2
12
75
Mozilla flips the switch! “For today’s release, Enhanced Tracking Protection will automatically be turned on by default for all users worldwide as part of the ‘Standard’ setting in the Firefox browser and will block known ‘third-party tracking cookies’”
5
19
73
I wrote for hours today on the new MacBook Air M1. Browsed the web for research as I typically do. Plus some social media and some video clips. When I wrapped up, battery was at 93%. I didn’t even put it on the charger for tomorrow. 😮
8
5
73
“Forbes asked readers to turn off ad blockers then immediately served them pop-under malware.”
2
137
71
We now have an explainer up for the proposed IsLoggedIn web API:
Please use the template for IsLoggedIn when filing issues, i.e. tap/click “New issue” and then "Raise an issue on the IsLoggedIn explainer.”
5
21
70
1
1
73
Tonight I for the first time realized that we might not be able to stay here. What’s left if democracy is overridden and the will of the people set aside?
I’m scared.
We’re lucky to have another democracy to relocate to and also the whole of EU open to us.
6
1
72
Privacy has to wait another year. 😔 At least for Chrome users.
“We now intend to begin phasing out third-party cookies in Chrome in the second half of 2024.”
Users deserve much better than full cross-site tracking by default. A sad day for the web.
4
26
70
@MSEdgeDev
Chrome 62? Firefox 58? Safari 11? Regardless of who's responsible for updating this, that's not a meaningful comparison. At least put the years instead of version numbers there so that people understand you're comparing a 2020 browser with other browsers from 2017-2018.
3
10
69
WhatsApp blog, June 2012: "Why we don't sell ads (…) Remember, when advertising is involved you the user are the product."
2
23
70
The Edge team is landing the Storage Access API in Chromium which means we’ll get it in Edge and Brave. Hopefully also Chrome. 🎉
This is a critical piece of functionality for the modern web since it allows for authenticated embeds without requiring general 3rd-party cookies.
The beginnings of the Storage Access API landed in upstream Canary builds today! Plumbing needs to be run and strings will be tweaked, but we're excited for this to land in Chromium! Huge thanks to
@johnwilander
,
@mikewest
, and
@ehsanakhgari
for support + guidance!!
0
11
45
1
27
69
"Companies are starting to combine FLoC IDs with existing identifiable profile information, linking unique insights about people’s digital travels to what they already know about them, even before third-party cookie tracking could have revealed it."
3
44
66
Privacy for Chrome users will have to wait another two years. “Google has delayed a major privacy change to its Chrome browser, pushing back a plan to block third-party cookies until late 2023” I’m sad for people and for the web.
6
27
68
I used to stress out over people who are much smarter than me. I enjoyed their company but I felt powerless faced with their brain capacity.
Now, as years of actual work have passed, I know other traits are immensely powerful too. Creativity, ambition, and being nice are huge.
2
10
67
@nekrtemplar
@romulof
@xeenon
It should never be referred to as a standard if it got proposed, got negative feedback from other vendors, and shipped anyway. It’s a single-browser feature. If you make it look like a standard and talk about as a standard anyway, you’re “standards washing.”
5
11
67
Biometric authentication for the web is here. Here's how you can create great user experiences with it: "Meet Face ID and Touch ID for the Web"
2
24
68
This is bogus news. It makes me sad that people would even believe we would move to the worst engine for privacy after 16 years of fighting for web privacy with our own engine. You want perf, great battery life, great privacy, and a people-friendly vision? You want WebKit.
2
18
67
Tuesday at 4 pm is my
#WWDC18
session on Securing Web Content: It’ll cover how to defend against XSS, CSRF, a compromised CDN, Spectre, and window control attacks. And at our labs we can discuss how it all fits with your specific setup and needs.
1
22
67
Encryption is not privacy. Remember where you heard it first, folks.
6
8
66
“The Danish Data Protection Agency has looked into the tool Google Analytics (…) On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully.”
5
28
64
“In the Mail app, Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. The new feature helps users prevent senders from knowing when they open an email, and masks their IP address”
1
13
65
Intelligent Tracking Prevention – Safari’s new default cookie policy on iOS and macOS:
5
62
60
How we broke HSTS super cookies:
2
35
62