I read the full whistle-blower complaint, and the whole story from his perspective (and the crazy statement from Agrawal) looks like it's not B. Instead, it looks like it was a culture clash with his manager.
He seems to have tried to escalate things to people above Agrawal nearly constantly. He was hired by Jack Dorsey, and felt accountable to him and to the board, but he reported to Agrawal, who believed that Mudge had a responsibility to follow the chain of command very rigidly.
I have previously had managers who want you to rigidly follow the chain of command, and if you are a "hacker" type, they are a shock (and you are a shock to them). They are often very interested in controlling information that goes upward and how mandates flow downward through them (both to control their reputation and make sure everyone gets information in "proper context"), to the point that they see it as an attack on their position to even speak with their manager. A "hacker" would rather put the information in front of the people who need it, instead of filtering it through the hierarchy.
At the first opportunity Agrawal had to clean house, he cleaned out Mudge because he didn't want to work with him. House cleaning is normal for a new CEO. From Agrawal's perspective, Mudge did a terrible job, since he wanted to circumvent Agrawal.
I wouldn't paint with too broad of a brush in this instance, however. Yes, mudge is the ur-hacker, but also: he worked at BBN and DARPA (where he was extremely effective) and elsewhere. He probably has the most experience of any technical/hacker on the planet of working with executives in large organizations.
Agrawal's memo, in contrast, reeks of insecurity. The combination of how he's treated mudge and Rishi Sunak and the potential consequences of this complaint (particularly if FTC investigates and finds Twitter has not been following the consent decree) boxes him into a corner -- he won't be able to recruit the talent to solve these security problems and will be seen as an impediment to compliance/mitigation. I could easily see the FTC et al insisting on his resignation as part of a settlement. It's an own-goal.
I have spoken to a few DARPA program managers before, and they are usually amazingly smart people who are great at corporate politics. This doesn't sound like someone who is bad at corporate politics, just someone who underestimated the humility with which his manager would approach his job. No disrespect at all to Mudge, I think he did the right thing. Unfortunately, he didn't "manage up" very well in this instance.
> He was hired by Jack Dorsey, and felt accountable to him and to the board, but he reported to Agrawal, who believed that Mudge had a responsibility to follow the chain of command very rigidly.
With $10mm cash bonuses on the table it’s extremely obvious why Agrawal would insist on being MITM
The content of the complaint is all that matters, and it should be judged on its own merits. It never matters who said what, and attempting to make it matter is ad hominem fallacy; it is what is said that matters.
That said, I can't quite fathom why Twitter's cybersecurity matters any more than the cybersecurity of any of the myriad of online forums, HN included: the "data" simply isn't all that important; it is all public, it is all talk, and talk, as we know, is cheap. Say Twitter is completely overrun by foreign state actors who delete everything. The outrage is going to be minimal. "Dang, I really enjoyed mouthing off on Twitter. Oh, well."
The algorythms are not public, and as the public square of present, Twitter essentially drives public discourse... especially when a large portion of the legacy media has been reduced to sourcing their stories and directly quoting from Twitter.
Secondly, private messages between people are not public either. Opening that data up or allowing it to be read or manipulated by other entities will drive a lot of outrage and the data contained within is important!
+1. Additionally IP addresses, email and phone numbers can be extremely sensitive if leaked, so security is absolutely paramount. Case in point: imagine the risk to activists or journalists in heavily censored countries.
Sure, when popular social media influencers have their IP leaked they get DDoS'ed and are not able to earn a living until they get a new IP. For some ISPs this requires them to lodge a support ticket.
When gaming services leak IPs, they too can get DDoS'ed. E.g. during tournaments or when someone is losing their match.
Seriously, so what? Twitter's IP does not affect national security.
>and as the public square of present, Twitter essentially drives public discourse...
This is being awfully kind to a platform that 77% of Americans have absolutely nothing to do with.
>especially when a large portion of the legacy media has been reduced to sourcing their stories and directly quoting from Twitter.
Ah, legacy media, conservative politispeak for CBS, NBC, ABC, CNN, etc. Can't get away from Twitter on the major networks anymore, it's Twitter all the time? Just what in the heck are you talking about? Turn the news on sometime. The only reason for Twitter to be in the news is Elon Musk (previously, Trump). Or, you know, give one example of a major news outlet using Twitter as source for a story. Real journalists do not do that. They use legitimate sources.
> Secondly, private messages between people are not public either. Opening that data up or allowing it to be read or manipulated by other entities will drive a lot of outrage and the data contained within is important!
Absurd. No one cares what you say in private to a complete stranger you'll never meet.
Governments and their respective departments (at all levels: federal, state, local, etc.) communicate with their constituents via social media, Twitter in particular as well as via the media outlets that will report on said statements from Twitter.
Change the algorythm such that those messages no longer reach people and you can bet the respective countries will pass legislation and puninitive measures against Twitter.
>This is being awfully kind to a platform that 77% of Americans have absolutely nothing to do with
Except I outlined some of the other ways people interact with Twitter, even without accounts. You seem to be incredulous that other forms of media rely on Twitter... You should look a bit closer next time you turn the TV on.
I just did and there was a segment about Russia playing titled "'Slower burn' of Russia's economy has begun". Guess where almost all of the footage they aired came from? Twitter. Guess how the reporters are finding people on the ground to interview? Twitter. Guess how analysts are keeping abreast of military developments (e.g. troop movement, statements released by governments, etc.)? Twitter.
>Absurd. No one cares what you say in private to a complete stranger you'll never meet.
Many service providers conduct customer service via DMs these days. My ISP's preffered lines of contact are Twitter and WhatsApp. Even if we take a step back, do you truly believe that there are no people sharing sensitive information between each other via private messages?
> Say Twitter is completely overrun by foreign state actors who delete everything.
That's not what's dangerous.
Instead, dangerous things include manipulating the algorithms so that "news" of ones choice get lots of visibility. Then a foreign state can influence the elections
> Then a foreign state can influence the elections
I think this is bollocks. 23% of Americans say they use Twitter. 61% of Americans voted in the last Presidential election. So with my bad math, say a foreign state somehow gets every possible Twitter users vote going their way, at best it's going bamboozle 14% of weak-minded Americans. That's at best, the perfect and unbeatable score. The reality is that most Twitter users are not obsessed with the platform, and most Americans are not on the fence with their votes. This concern is not really supportable.
I was kind of curious about this as well, though I suppose if a politician’s account was compromised it could cause some pretty major embarrassment or maybe even conflict. Are DMs a thing on Twitter? Having those compromised might be pretty serious too.
Actually, this already happened,[1] and we were doomed because of it. Fetishes are fine, but those people need to look away from Twitter sometimes and get a grip.
He seems to have tried to escalate things to people above Agrawal nearly constantly. He was hired by Jack Dorsey, and felt accountable to him and to the board, but he reported to Agrawal, who believed that Mudge had a responsibility to follow the chain of command very rigidly.
I have previously had managers who want you to rigidly follow the chain of command, and if you are a "hacker" type, they are a shock (and you are a shock to them). They are often very interested in controlling information that goes upward and how mandates flow downward through them (both to control their reputation and make sure everyone gets information in "proper context"), to the point that they see it as an attack on their position to even speak with their manager. A "hacker" would rather put the information in front of the people who need it, instead of filtering it through the hierarchy.
At the first opportunity Agrawal had to clean house, he cleaned out Mudge because he didn't want to work with him. House cleaning is normal for a new CEO. From Agrawal's perspective, Mudge did a terrible job, since he wanted to circumvent Agrawal.