I reported on corruption at Wikipedia, so be sure to read the unbiased and accurate Violet Blue bio here.
My popular, NSFW sex blog is tinynibbles.com
I hang out on Twitter @violetblue
Member: Internet Press Guild
Advisor: Without My Consent
Today IBT journalist David Gilbert published his article, The iOS ‘Backdoor’ Confusion: Hysteria, Insults & Finally Debate (sound/video autoplay alert). Mr. Gilbert interviewed me about my experience being harassed by security researcher Jonathan Zdziarski after I wrote and published my opinion piece, The Apple backdoor that wasn’t.
I think that Mr. Zdziarski caused a whole lot of problems that could have been avoided from start to finish throughout, such as emailing outlets for corrections after his talk, as well as being calm, reasonable and rational in the light of criticisms, which he doesn’t seem to be able to do. It doesn’t look good when a security researcher has what amounts to a mental meltdown during a minor crisis, and Mr. Zdziarski definitely made things worse with his hostile, over-the-top reactions. That he deleted many of the worst of his public attacks on me and my employer, and it was noticed by so many, also provides a good footnote in this example of how not to handle a personal PR crisis. This was an episode of unnecessary drama, continued in today’s IBT article, in which Mr. Zdziarski changes his stories once again in order to avoid accountability, which appears to be one of the only things he cares about.
I thought that anyone following this bizarre saga might find my full answers to Mr. Gilbert’s questions interesting, and so with his permission, I’m publishing his interview with me in full below.
> Thanks for getting back to me. I’m writing a piece along the lines of “When is a backdoor not a backdoor - the fallout from the Apple security crisis”
Cool: You might want to also get a statement from Mark Curphey (founder of OWASP, where the infosec definition of ‘backdoor’ is primarily sourced). His PR guy is [redacted].
I’ve had major companies come after me for reporting on their security missteps (Facebook’s email snafu http://www.cnet.com/news/facebook-e-mail-mess-address-books-altered-e-mail-lost/) and had celebrities in tech try to get me fired (Jimmy Wales, when I broke the paid PR scandal http://www.cnet.com/news/corruption-in-wikiland-paid-pr-scandal-erupts-at-wikipedia/), etc. So I’m used to friction. But I really didn’t expect the virulent, ongoing personal attacks in public.
My first reaction was to ignore the insults he was tweeting and ask him for a statement to include in my op-ed. I reached out to him. He refused quite rudely, which let me know he wasn’t interested in professional dialogue, or solving his problem with me: https://twitter.com/JZdziarski/status/492783384394203137
The next day, his abuse continued on Twitter, and I politely asked him to please stop insulting me. He responded with more insults: https://twitter.com/violetblue/status/493146287873601537
He also emailed my bosses demanding a retraction, suggesting I be “investigated” and throwing around the word “libel.” He continued to insult me on Twitter (using the @ reply function so I would see it) throughout the weekend, and whenever someone would make a supportive tweet for him or a critical tweet to me, he would begin in on me again.
By Sunday night, I’d had enough, and knew I couldn’t communicate with him in a productive way, so I blocked him. He still continued on Twitter, and emailed my editors again — this time with a list of tweets he claimed supported him against me. When my editors emailed him back saying that no changes would be made to the article, he began to tweet @ reply insults to my employer, to ZDnet’s Twitter account (now deleted, one example below). Yesterday, as you saw, he published that bizarre Pastebin. He doesn’t seem to want to solve anything, and appears to get enjoyment out of insulting me.
Yep. Scroll down to my update at the bottom, and click the links — it’s how I noticed he was removing his more egregious tweets: http://www.zdnet.com/the-apple-backdoor-that-wasnt-7000031781/
One of the tweets calling ZDNet and my editors garbage (and other things) — I had sent it to my editors to let them know he was being publicly abusive about them, so I have it in an email. It was originally here: https://twitter.com/JZdziarski/status/493855170653356032
I think he has a lot of problems.
As I pointed out in my op-ed, he’s using semantics as an excuse in his backpedaling — while not actually backpedaling. I quoted his statements to The Register (http://www.theregister.co.uk/2014/07/21/ios_firmware_contains_packet_sniffer_and_host_of_secret_spying_tools/), where he said he didn’t believe Apple put the diagnostics tools in purely for diagnostics, and he suggested law enforcement use of the tool. It’s like he’s saying, “I’m not saying Apple beats its wife, but if Apple did beat its wife, this tool is well designed for it.” The worst part of Mr. Zdziarski’s confusing and off-putting display around this story really is for the consumer, who just saw a lot of “Apple has installed backdoors on millions of devices” stories, and then saw Mr. Zdziarski getting *extremely* defensive, leaving observers incredibly confused as to whether this is a big deal or not — especially from Mr. Zdziarski’s perspective. As Mr. Curphey told me in a statement, “The functionality highlighted here appears to be only ever accessible after you have connected your device physically and hit trust or you have jailbroken it (in which case all bets are off anyways).”
I hope this helps. Let me know if you need more links, etc.