F-ika | Search

Search

Items tagged with: inputValidation

Dhole Moments

4 years ago

Dhole Moments
4 years ago

Update (2020-04-29): Twitter has fixed their oversight.

{ "errors": [{ "code": 356, "message": "preferences.gender_preferences.gender_override: Must provide a non-empty custom value 30 characters or less in length." }]}

Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text.

The original article follows after the separator.

I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve never specified your gender before, they guessed what it was (which is a really shitty thing to do, especially towards trans folks!).

https://twitter.com/leemandelo/status/1254179716451438592

Slightly annoyed, I went to go see what Twitter thinks my gender is.
457288
Curses! They know I’m a guy. This won’t do at all.

Update (2020-04-29): Twitter has fixed their oversight.

{ "errors": [{ "code": 356, "message": "preferences.gender_preferences.gender_override: Must provide a non-empty custom value 30 characters or less in length." }]}

Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text.

The original article follows after the separator.

https://twitter.com/leemandelo/status/1254179716451438592

Slightly annoyed, I went to go see what Twitter thinks my gender is.
457288
Curses! They know I’m a guy. This won’t do at all.

Soatok angrily grasping computer monitor

But what’s this? An “Add your gender” option?
457290
That’s at least, something, I guess? Defaulting to [whatever the algorithm guesses] is sucky, but at least nonbinary folks can still self-identify however they want.

But 30 characters isn’t a lot. What if I want to drop in, say, 68 characters? Do I need to do some crazy Unicode fuckery to pull that off?
457292
Nope, Inspect Element + set maxlength="255" and now Twitter thinks my gender is the EICAR test file. Wonderful!

Which means: If someone downloads my Twitter data without my consent onto a workstation running antivirus software, the file will delete itself and all will be right in the marketing world.

https://twitter.com/SoatokDhole/status/1254635753319079937

(Okay but seriously, a lot of downstream systemic failures would have to exist for any damage to occur from me deciding to self-identify to marketers this way.)

Lessons to Learn

Twitter enforced a maxlength of 30 in the HTML element of the “Add your gender” text input, but they didn’t enforce this requirement server-side. The takeaway here is pretty obvious.

Also, don’t try to automatically[b] guess people’s gender at scale[/b]. It’s insulting when you get it wrong, and it’s creepy when you get it right.

457294 (This sticker is tongue-in-cheek.)

What’s the Upper Limit for the Field?

I don’t know, but this indicates it has a larger upper bound than a tweet.

https://twitter.com/txlon5/status/1254648412261228545

If anyone has success dropping an entire thesis on gender identity and culture in the Gender field, let me know.

Update: The Best Genders

Everyone is having a lot of fun with the Gender field. Here’s some of the best tweets I’ve seen since publishing this stupid bug.

https://twitter.com/TecraFox/status/1254653500887310337

https://twitter.com/everlasting1der/status/1254652388713082880

https://twitter.com/hedgehog_emoji/status/1254650551473594368

https://twitter.com/Neybulot/status/1254659048886210563

A fox in Furry Technologists suggested building genderfs, which is a lot like redditfs but hoists the entire filesystem into the Gender field.

While I have your attention, trans rights are human rights and biology disagrees with the simple notion of “two sexes”. Thank you and good night.

https://soatok.blog/2020/04/27/why-server-side-input-validation-matters/

#furry #infosec #inputValidation #LGBTQIA_ #security #softwareDevelopment #Twitter

Dhole Moments

2020-04-27 05:22:30

Update (2020-04-29): Twitter has fixed their oversight.
{ "errors": [{ "code": 356, "message": "preferences.gender_preferences.gender_override: Must provide a non-empty custom value 30 characters or less in length." }]}
Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text.
The original article follows after the separator.
I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve never specified your gender before, they guessed what it was (which is a really shitty thing to do, especially towards trans folks!).
https://twitter.com/leemandelo/status/1254179716451438592
Slightly annoyed, I went to go see what Twitter thinks my gender is.

Curses! They know I’m a guy. This won’t do at all.
But what’s this? An “Add your gender” option?

That’s at least, something, I guess? Defaulting to [whatever the algorithm guesses] is sucky, but at least nonbinary folks can still self-identify however they want.
But 30 characters isn’t a lot. What if I want to drop in, say, 68 characters? Do I need to do some crazy Unicode fuckery to pull that off?

Nope, Inspect Element + set maxlength="255" and now Twitter thinks my gender is the EICAR test file. Wonderful!
Which means: If someone downloads my Twitter data without my consent onto a workstation running antivirus software, the file will delete itself and all will be right in the marketing world.
https://twitter.com/SoatokDhole/status/1254635753319079937
(Okay but seriously, a lot of downstream systemic failures would have to exist for any damage to occur from me deciding to self-identify to marketers this way.)
Lessons to Learn

Twitter enforced a maxlength of 30 in the HTML element of the “Add your gender” text input, but they didn’t enforce this requirement server-side. The takeaway here is pretty obvious.
Also, don’t try to automatically[b] guess people’s gender at scale[/b]. It’s insulting when you get it wrong, and it’s creepy when you get it right.
(This sticker is tongue-in-cheek.)
What’s the Upper Limit for the Field?

I don’t know, but this indicates it has a larger upper bound than a tweet.
https://twitter.com/txlon5/status/1254648412261228545
If anyone has success dropping an entire thesis on gender identity and culture in the Gender field, let me know.
Update: The Best Genders

Everyone is having a lot of fun with the Gender field. Here’s some of the best tweets I’ve seen since publishing this stupid bug.
https://twitter.com/TecraFox/status/1254653500887310337
https://twitter.com/everlasting1der/status/1254652388713082880
https://twitter.com/hedgehog_emoji/status/1254650551473594368
https://twitter.com/Neybulot/status/1254659048886210563
A fox in Furry Technologists suggested building genderfs, which is a lot like redditfs but hoists the entire filesystem into the Gender field.
While I have your attention, trans rights are human rights and biology disagrees with the simple notion of “two sexes”. Thank you and good night.
https://soatok.blog/2020/04/27/why-server-side-input-validation-matters/
#furry #infosec #inputValidation #LGBTQIA_ #security #softwareDevelopment #Twitter

#twitter #security #infosec #Furry #softwaredevelopment #LGBTQIA_ #inputValidation

Please wait

View in context

⇧

Search

Items tagged with: inputValidation

Dhole Moments 4 years ago

Dhole Moments 4 years ago

Lessons to Learn

What’s the Upper Limit for the Field?

Update: The Best Genders

Lessons to Learn

What’s the Upper Limit for the Field?

Update: The Best Genders

Dhole Moments

4 years ago

Dhole Moments
4 years ago