ElonMusk’s recently announced takeover of Twitter raises a whole slew of questions and concerns for the future of the social media platform. One such question comes from the potential shift of the social media’s algorithm to open source. While there are risks involved with this approach, there are also benefits. That being said, questions around the implications of open-source code on user privacy as well as Musk’s plans to “authenticate all humans” might arise amid this transition.
We spoke with Alex Livshiz, Research and AppSec Group Leader, Checkmarx to discuss what this shift to open source could mean.
Could taking the platform open source - as Musk has said he plans to do - make Twitter more susceptible to hackers?
There's a common bad practice in cyber security - "security by obscurity." This is when a developer writes non-secure code, in the hopes that no one will find out. For example, a developer could store a password in plain text, in the hopes that no one will know or be able to read that specific file. We in the security space this doesn't hold in the long run, and many of those gaps end up being detected by attackers.
Moreover, making code open source makes it more secure - as more eyes look at the same code, it increases the chance of someone detecting a bug or potential vulnerability which then can be fixed.
However, releasing all of Twitter code as open source can be risky in the short term, as the community will not have sufficient time to go over it and detect the problems. Since open source is largely a pro bono community, it might be slower to react than attackers whose sole purpose is to attack Twitter. That's why I suggest a slow gradual release of Twitter's code as open source, and I think it will make Twitter safer in the long term.
What implications could an open-source approach to Twitter have on user privacy?
Elon Musk's open-source approach shouldn't have a direct effect on user privacy, at least according to his agenda. According to Musk, his goal is to open source the ranking algorithm of tweets to make Twitter's logic more transparent to the world and that shouldn't affect user privacy. I would be very surprised if they open source critical code around user privacy, authentication etc.
What could Musk's "authenticate all humans" point refer to? If he's planning to implement a real-name policy, what privacy/security implications could this have?
Elon's "authenticate all humans" point refers to Twitter's battle against spam bots and disinformation. In his view, Twitter can and should be the "town square" for all humans to exchange thoughts and ideas. When conversations get polluted with crypto ads and Discord links, it harms the communication between humans. There are various ways to "authenticate humans". Although Elon didn't go into detail on how it will be implemented, it can be a combination of approaches such as real-name policy, periodic CAPTCHA verifications etc.