Buffalo shooter invited others to his private Discord ‘diary’ 30 minutes before attack

Discord has provided more insight into how the shooter who opened fire in a Buffalo, New York supermarket over the weekend used its service prior to the tragic act of violence.

The shooter, 18-year-old Payton Gendron, is charged with first degree murder in the mass shooting, which left 10 people dead and three injured. In the month leading up to the attack on the Buffalo Tops grocery store, which he researched and selected in an effort to harm as many Black people as possible, he used Discord to document his plans in extreme detail.

According to Discord, the suspected shooter created a private, invite-only server that he used as a “personal diary chat log.” The server had no other members until 30 minutes before the attack began, when a “small group of people” received an invite and joined.

“Before that, our records indicate no other people saw the diary chat log in this private server,” a Discord spokesperson told TechCrunch. TechCrunch reached out to the company for more details about the server’s activity and insight into how it handles moderation for private servers and messages.

Discord, a text and voice chat app, is best known for its large, public messaging rooms but it also allows users to create private, invite-only servers. In updates to the Discord server, which shares a username with the Twitch channel he used to livestream the shooting, the suspect documented his violent, racist views in depth. He also detailed the logistics of how he would carry out the mass shooting, including the gear he would use, his shopping trips leading up to the shooting and his day-of plans.

While it’s unknown what other Discord servers Gendron was active in, he references his activity on the app in the chat logs. “I didn’t even think until now that the people in my discord groups are probably going to get no knock raided by ATF and FBI agents,” he wrote. While Discord served as a kind of digital journal for the atrocities he would later carry out, he also compiled a nearly 200-page screen about his beliefs, weapons and plan to commit violence in Google Docs.

In early May, he expressed concerns that Google might discover his plan for violence in messages sent on the private Discord server. “Ok I’m a bit stressed that a google worker is going to see my manifesto fuck,” he wrote. “WHY did I write it on google docs I should have had some other solution.” Unfortunately, those concerns were unfounded. After the shooting, Google did remove the document for violating its terms of service.

The suspect, who livestreamed the shooting over Twitch, also spent time on 4chan’s /pol/, an infamous sub-message board rife with racism, misogyny and extremism. Unlike mainstream social networks like Discord, 4chan does not do any proactive content moderation and only removes illegal content when required to do so. In Discord chat logs. reviewed by TechCrunch the shooter notes that he “only really turned racist” after encountering white supremacist ideas on 4chan.

Five years ago, Discord was implicated in the Charlottesville Unite the Right rally, an open gathering of white supremacists and other far-right extremists that ended with one counter-protester dead. The rally’s participants and organizers came together in private Discord servers to plan the day’s events and discuss the logistics of what would take place in Charlottesville. The company responded by cracking down on a number of servers hosting extremism, though maintained that it did not read messages on private servers.

Like Reddit, most of Discord’s hands-on moderation comes from community moderators within its chat rooms. And like most social companies, Discord relies on a blend of automated content scanning and human moderators. Last year, the company acquired Sentropy, an AI software company that detects and removes online hate and harassment, to bolster those efforts.

In the years following the deadly violence in Charlottesville, Discord successfully sought to distance itself from its association with the far-right extremists and white supremacists who once called the social network home. More recently, Discord has also put some distance between its current brand and its origins as a popular chat app for gamers, reframing itself as an inviting hub for a huge spectrum of thriving online communities.

“Our deepest sympathies are with the victims and their families,” a Discord spokesperson said of the tragedy in Buffalo, adding that it is assisting law enforcement in the ongoing investigation. “Hate has no place on Discord and we are committed to combating violence and extremism.”

Aurora expands autonomous freight pilot with FedEx in Texas

Aurora Innovation, an autonomous vehicle technology company, has expanded its self-driving freight pilot with FedEx to include a new lane from Fort Worth to El Paso, Texas.

The startup has been hauling freight for FedEx between Dallas and Houston since September 2021, which has involved making the 240-mile trip every night. The new lane challenges Aurora’s trucks to a much longer journey of about 600 miles, on which they will operate on a weekly basis, according to the company.

Texas has become a battleground for autonomous freight companies looking to commercialize, with competitors Waymo Via, Kodiak Robotics and TuSimple all piloting their vehicles on many of the same highways.

Aurora has been hauling freight between its new terminals in Fort Worth and El Paso since March, the company said. Shipments carried out on its first commercial lane between Dallas and Houston have all been delivered on time 100% of the time, according to Aurora, which noted that it has provided thousands of FedEx customers with autonomously transported packages.

Aurora’s trucks, which are based on the new Peterbilt 579, are capable of operating during various weather conditions and all hours of the day and night. To date, Aurora and FedEx have completed a total of 60,000 miles with zero safety incidents, according to Aurora.

“Some time ago, I was asked why the general public should care about autonomous trucking. This is why. In six months of working with FedEx, we’ve safely, reliably, and efficiently transported packages for tens of thousands of FedEx customers,” said Sterling Anderson, Aurora co-founder and chief product officer, in a statement. “This lane expansion came ahead of schedule and we’re delighted to continue building the future of trucking with one of the country’s biggest and most important transportation companies.”

MITRE Creates Framework for Supply Chain Security

Supply chain security has been all the buzz in the wake of high-profile attacks like SolarWinds and Log4j, but to date there is no single, agreed-on way to define or measure it. To that end, MITRE has built a prototype framework for information and communications technology (ICT) that defines and quantifies risks and security concerns over suppliers, supplies, and services – including software.

MITRE’s so-called System of Trust (SoT) prototype framework is, in essence, a standard methodology for evaluating suppliers, supplies, and service providers. It can be used not just by cybersecurity teams but across an organization for assessing a supplier or product. 

“An accountant, a lawyer, an operations manager could understand this structure at the top level,” says Robert Martin, senior software and supply chain assurance principal engineer at MITRE Labs. “The System of Trust is about organizing and amalgamating existing capabilities that just don’t get connected right now” to ensure full vetting of software as well as service provider offerings, for example.

The SoT will make its official public debut next month at the RSA Conference (RSAC) in San Francisco, where Martin will present the framework as a first step in gathering security community support and insight for the project. So far, he says, the sneak-peek, initial feedback has been “very positive.”

MITRE is best known in the cybersecurity sector for heading up the Common Vulnerabilities and Exposures (CVE) system that identifies known software vulnerabilities and, most recently, for the ATT&CK framework that maps the common steps threat groups use to infiltrate networks and breach systems.

Martin says he’ll demonstrate the SoT framework and provide more details on the project during his RSAC presentation. The framework currently includes 12 top-level risk areas – everything from financial stability to cybersecurity practices – that organizations should evaluate during their acquisition process. More than 400 specific questions cover issues in detail, such as whether the supplier is properly and thoroughly tracking the software components and their integrity and security.

Each risk is scored using data measurements that are applied to a scoring algorithm. The resulting data scores identify the strengths and weaknesses of a supplier, for example, against the specific risk categories. An enterprise could then more quantitatively analyze a software supplier’s “trustworthiness.”

SBOM Symmetry
Martin says that with software supply chain security, the SoT also goes hand in hand with software bill of materials (SBOM) programs. “SBOMs can give you deeper reason into understanding why you should trust,” for example, a software component. Among several risk factors in the SoT, SBOMs can actually mitigate those risks or, at the least, provide better insight into the software and any risks. 

“If the SBOM has pedigree information, that information would allow for assessment of the tools and techniques used to build the software – whether reproducible builds were used to build the software, memory protection methods [were] invoked during the build” and other details, he notes.

So how does the SoT framework differ from risk management models? Traditional risk management employs probabilities, Martin says. With SoT, there’s a list of risks that can be evaluated and scored to determine whether there is risk in specific areas and, if so, just how bad it really is.

“We want to help provide a consistent way of doing assessments … and we would like to encourage data-driven decisions wherever we can” in supply chain evaluations, he says.

The next steps: introducing the concept of the SoT and offering the live taxonomy for public comment and scrutiny. “Then we can see what parts can be automated and where,” and ensure that it can be integrated into the acquisition process. Vendors, too, could use SoT terminology in their product materials.

“‘Supply chain’ has a lot of different meanings,” Martin explains. “We’re not talking microelectronics in the US versus overseas. We’re not trying to solve port issues. We’re trying to get a culture of organizational risk management that includes supply chain concerns as a normal part of that. We want to bring some consistencies, automation, and data-driven evidence so there’s more understanding of supply chain risks.”

Dear Sophie: Can I do anything to speed up the EAD renewal process?

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

TechCrunch+ members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.

Dear Sophie,

I’m on an L-2 visa as a dependent spouse to my husband’s L-1A.

My EAD (work permit) is expiring in May — we filed for the extension of both my visa and EAD a few months ago. How long is the current process?

Might there be anything I can do so my employment isn’t affected?

— Career Centered

Dear Centered,

I’ve got fantastic news for you and other L-1 spouses — and your employers! As long as your visa remains valid, you are no longer at risk of having your employment interrupted due to delays in getting your Employment Authorization Document (EAD).

Thanks to a policy change by U.S. Citizenship and Immigration Services (USCIS), getting work authorization is now easier for L-2 spouses of L-1 visa holders as well as a few other categories. As Elon Musk said this week, for anybody who wants to work hard in the U.S., immigration should be a “no-brainer.”

Soaring processing times

During the past two years, processing times for EADs soared due to a combination of backlogs prompted by the pandemic, funding issues and paper-based USCIS processing procedures.

Depending on which USCIS service center processed the EAD renewal application (Form I-765), timing ranged from about 90 days to more than a year. Interesting to note, it can take anywhere from 7.5 to 14.5 months to process EADs at the California Service Center. At the Texas Service Center, it can take two to 13 months.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

Lawsuit prompts big policy changes

Last September, a group of spouse-dependent visa holders filed a class-action lawsuit against the Secretary of Homeland Security, who oversees USCIS. The suit was filed on behalf of dependent spouses of H-1B and L-1 visa holders, many of whom had been forced to stop working when USCIS failed to approve and send out new EADs before the current ones expired due to substantial processing delays.

The situation was compounded by the fact that EAD renewals can’t be filed more than six months in advance of their expiration date.

What’s more stable than Bitcoin or UST? AriZona Iced Tea.

ICYMI, stablecoins are in deep shit right now, and the chaos that unfolded this week has thrown the entire crypto ecosystem into turmoil with over $400 billion in losses from just one coin alone. In these times of uncertainty, all we can rely on is that we can purchase a can of AriZona Iced Tea for 99 cents, the same price that the refreshing beverage sold for in 1996. Mossy, a collective of three techy artists, thinks that an (unofficially) AriZona-backed stablecoin can save the crypto economy.

A stablecoin, as the name implies, is supposed to be stable because it tracks the value of another asset – similar to how gold bars once backed the U.S. dollar during gold-standard times. 

In the case of TerraUSD (UST), formerly one of the largest stablecoins that fell from grace this week, each UST coin was supposed to stay consistently equivalent in value to one U.S. dollar. But there were no physical reserves – instead, the group behind UST used algorithms and reserves of other cryptocurrencies to manage its price. That system went haywire, leading some holders of UST to withdraw their money, and before investors knew what had hit them, the panic and fear compounded and UST was trading as low as 9 cents on the dollar. UST’s sudden collapse has led to over $400 billion in losses for investors over the past week or so, leaving people to question the, well, stability of stablecoins as a whole.

Mossy’s solution for the calamitous sector, a stablecoin called USDTea, is backed by what they claim is America’s most stable asset: cans of AriZona Iced Tea. For over 30 years, AriZona founder Don Vultaggio has been working tirelessly against inflation to keep the cost of each can at exactly 99 cents, playing hardball with suppliers to keep input costs low and sacrificing his own profit for the sake of consistency.

As for Mossy, you may have seen their work before. The group launched the “Non-fungible Olive Gardens” project that got them in some hot water over copyright laws as well as the “Blockedchain” NFTs that only Twitter users who have been blocked by famed (and pugnacious) venture capitalist Marc Andreessen can mint. 

Mossy quietly announced the USDTea stablecoin project on Twitter one and a half hours before selling out all 1,000 tokens they initially supplied. We sat down with Brian Moore, one of the three members of the artists’ collective – another member is Mike Lacher, who recently went viral for his AI that harshly judges your music taste, while the third member chooses to remain anonymous. Moore regaled us with his (mostly) straight-faced, highly serious explanation of Mossy’s ambitions to bring stability to an unstable world – one can of iced tea at a time. 

TC: So, who are you? What is this collective that tries to save crypto through AriZona Iced Tea?

BM: We’re a little group called Mossy, and the last three things we’ve made have all been web3 projects. We created non-fungible Olive Gardens, and then we did Blockedchain, which was an NFT series that you can only mint if you’re blocked by specific people on Twitter, like Marc Andreesen. And now the latest is USDTea, which is a stablecoin that’s linked to the most stable asset we know on planet Earth, which is AriZona Iced Tea. 

TC: Can you literally connect your wallet to this and get a token? 

BM: Well, first of all, I just got word that we are fully out of the 1,000 that we started with [after about an hour and a half post-launch]. That’s the weirdness of this world. It was the same thing with non-fungible Olive Gardens, we quietly released it, and then it was gone within I think 10 hours. 

TC: AriZona Iced Tea might be $0.99, but what about gas fees?

BM: The way the flow works is the fees aren’t super high. It’s an ERC 20 token. I bought some and I think it was, you know, negligible, like $4 or something in gas fees. And then, just like any other stablecoins that are pegged to currency, you can always switch back. In this case, you can burn your USDTea and we will ship you cans of AriZona Iced Tea, because it wouldn’t be backed by it if we didn’t actually do that. So we have our strategic reserves of AriZona Iced Tea to use if people want to convert it back at any given time. 

TC: Do you actually have 1,000 cans of tea? 

BM: It’s 1,000 cans where we’re starting. That might expand in the future. And if we do that, I think we’d probably be open to external auditing depending on the situation, but currently, we’ve got 1,000 cans basically, and we will distribute them as necessary. Right now we do have reserves split around different locations around the U.S. 

TC: Do you make these satirical web3 projects as your full time job?

BM: The more we do this, the more it becomes something that is more full-time, but I’d say we’re mostly artists.

TC: How many people are you?

BM: We’re three people. So we’re pretty… I guess the word would be nimble. It allows us to make things very quickly. In the case of the destabilization of currency-pegged cryptocurrencies, you know, when did that whole snafu go down? We’re trying to bolster the crypto economy as quickly as possible, and we can only do that with a small team. 

TC: Did you conceive of this idea last week when Terra was collapsing?

BM: Exactly. There’s something to be said about the stability of stable coins, right? That’s half the word, stable. And then you think, what’s the most stable thing you can imagine? AriZona Iced Tea, you really can’t beat it. 

TC: How do you make money off of this, or is making money not the goal? 

BM: It’s not necessarily the goal, really, but I think we want to support ourselves at some point. We’re in the interest of making interesting work on the internet, and that is the ultimate goal. If it makes us money, great, and if it doesn’t, then that’s fine too. Ultimately, we’re just making interesting things – making people think, making people laugh, or, you know, stabilize their assets in canned iced teas.

TC: How would you make money?

BM: These are fungible assets, so it’s meant to be more of a currency replacement than, say, an individual art piece. One USDTea is equal to one USDTea. There’s no one of them that’s better than the other or rarer than the other. They’re all equal to one can of AriZona’s Iced Tea. 

TC: But to redeem your can of tea, you have to pay a $20 flat processing fee. What is that fee?

BM: That’s just literally the logistics of shipping. That’s not a money-making scheme to make profit off of the transaction, it’s to get you your personalized tea assets that you can store in your own location. 

TC: On your website, you have the question “what happens when ETH crashes?”, and you say that you update the ETH/USDTea to match ETH/USD from time to time. What does that entail?

BM: It just means that as Ethereum might change in price, we want to match that so the rate ends up being around 99 cents. 

TC: How often will you do that? I imagine you don’t have an algorithm.

BM: No, there’s no algorithm yet. That might come in the future – it all depends on how wide we expand this. We’re taking it one step at a time. This has been about ninety minutes worth of launch time, so once we stabilize our own situation, we’ll figure out what we need to do. 

TC: Obviously, Terra was the inspiration for this project. Do you have any opinions or takes about what happened, and how Terra’s handling that? 

BM: I think our company speaks through the work itself. We’re here to try to stabilize an unstable world, so I think that backing our assets in a new, innovative, and most importantly stable asset… I think that sort of says all that we need to say about that situation.

An anteater is pictured

An anteater Image Credits: MICHAL CIZEK/AFP via Getty Images

TC: Would you say you’re bullish or bearish on crypto? 

BM: Are we bullish? Are we bearish? I don’t know. I think we’re exploring it. We love it as a medium through which to make interesting art pieces. I don’t think we necessarily have an answer or have an animal to assign to it. You can just say anteater, or something like that.

CISA to Federal Agencies: Patch VMWare Products Now or Take Them Offline

The Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive requiring federal civilian executive branch agencies to update their VMWare products impacted by a pair of new vulnerabilities or remove them from their networks.

The VMWare bugs – CVE-2022-22972 and CVE-2022-22973 – expose several VMWare products to remote code-execution (RCE) attacks. 

CISA said that last month, within just 48 hours of VMware patching its VMWare Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, advanced persistent threat (APT) actors were able to reverse-engineer the updates to launch attacks. 

“These vulnerabilities pose an unacceptable risk to federal network security,” said CISA director Jen Easterly in a statement. “CISA has issued this emergency directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Apple releases iTunes 12.12.4 for Windows with security fixes

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple has released a new version of iTunes for Windows with patches that mitigate several security vulnerabilities, including issues in WebKit and Mobile Device Service.

The iTunes 12.12.4, released on Wednesday, contains at least five fixes for security flaws in Apple’s underlying software. Users can download the update from the Windows Store or Apple’s website.

iTunes 12.12.4 specifically fixes issues in AppleGraphicsControl that could lead to arbitrary code execution, an issue in ImageIO that could cause unexpected application termination, and an iTunes vulnerability that could allow an attacker to elevate their privileges.

An issue with Mobile Device Service could have allowed attackers to delete files without the necessary permissions, and a WebKit flaw could allow arbitrary code execution through maliciously crafted web content. Both of those flaws have also been fixed.

Other information about the fixed vulnerabilities can be found on Apple’s website.

None of the flaws appear to have been exploited in the wild, but an update is still recommended.

Zoox reveals close-up of its autonomous robotaxi

Zoox shared a close-up of its commercial electric robotaxi at the TechCrunch Mobility 2022 conference in San Mateo, California, on Wednesday.

The Amazon subsidiary’s four-passenger, fully autonomous vehicle features a white, cubelike body with large black sliding doors, floor-to-ceiling windows, beam-forming speakers to direct audio alerts to distracted pedestrians and a 60-watt USB-C port with enough power to charge a 15-inch MacBook.

The sleek, square silhouette lacks a front and rear end. Instead, the bidirectional robotaxi is symmetrical, with the same sloped face featuring cameras, lights, speakers and a large window on either side. “Internally, we call it a north side and a south side,” Zoox co-founder and CTO Jesse Levinson said during an interview onstage.

Zoox autonomous driving vehicle

Image Credits: Darrell Etherington

The design features a sensor pod atop each corner of the robotaxi, which allows the vehicle to see in all directions. The corner architecture helps “see basically everything, including things behind things.”

“The shape of the vehicle is perfect for autonomous driving because each of those sensor pods has a 270-degree field of view,” Levinson said. “Because there’s one on each corner, not only can we see everything 360 degrees but we have an overlapping, redundant field of view that helps us see around things.”

The company revealed the robotaxi in December 2020 on a closed course in San Francisco and has been working toward making it safe and legal on public roads. Levinson declined to give a time frame, but said the company is “really close.” Zoox is already testing the vehicle on closed roads in Seattle, Las Vegas and Foster City, California, as well.

The sliding doors create a wide aperture that opens to a low floor that makes it easy for passengers to enter and exit. Each side displays a strip of speakers above the headlights. The beam-forming speakers can shoot sound in any direction with a targeted focus, alerting specific distracted pedestrians with a ping that’s more polite than a honk, Levinson said.

“They’ll hear it and everybody else won’t.”

Each of the four seats features a seven-inch screen, comparable in size to an iPhone. The simple interface allows passengers to operate the vehicle’s four-zone climate control, check the route and change music.

The simplicity is designed to reduce visual stimuli. “It’s not about super-fancy 3D gaming,” Levinson said. “We’re not bombarding you with like screens and advertisements everywhere.”

The passenger experience “actually is quite boring after 30 seconds,” Levinson said, “but that’s a good thing because people just want to get on with their lives, have a conversation, read a book, play with their iPhone or whatever they want to do.”

Each seat also comes with a wireless charging pad and a 60-watt USB-C port.

The ceiling features a pinpoint light display Zoox calls a “celestial headliner,” modeled after Rolls-Royce’s five-figure starry headliner option.

“It’s a little bit of our prestige feature,” Levinson said. “If we ever have to build a lower-cost version, that’s probably the first thing to go.”

LWN is hiring

LWN does its best to provide comprehensive coverage of the free-software development community, but there is far more going on than our small staff can handle. When expressed that way, this problem suggests an obvious solution: make the staff bigger. Thus, LWN is looking to hire a writer/editor.

The job description is appended below, but LWN readers will already know what we are looking for: writers who can create our type of clearly written, technical coverage of what the community is up to. Our writers must understand how free software is made and distributed, and they must be prepared to write for an audience that knows more than they do. It is challenging, but also a lot of fun.

While we hope to find somebody who can cover a broad spectrum of free-software development, we also wish to find somebody who can complement and deepen our coverage in one or more of the following areas:

  • Distribution development and project governance
  • The development of the Rust language
  • Language, toolchain, and low-level library development in general
  • Linux kernel development
  • Embedded systems and Android
  • System-administration tools and containers

The above list is not exhaustive; we would certainly be interested in talking with authors whose passion takes them into a different area.

LWN will complete 25 years of publication next January. It has been a spectacular ride and we have no intention of stopping, but there will come a time where, if this show is to go on, a new generation will need to take over. We would like to get that generation in place and up to speed well before the situation becomes urgent. Today’s new writers, we hope, will become tomorrow’s senior editors.

If this appeals to you, please contact us at editorjob@lwn.net. If you know somebody else who might make a good candidate, please encourage them to talk to us. The free-software community shows no signs of slowing down anytime soon; with your help, LWN will be able to keep up with it for the next quarter-century — and beyond.

The job description

LWN.net is seeking a full-time technical journalist to provide high-quality coverage of the Linux and free-software communities for our readers. This is an opportunity to be a part of a community that has changed the world and is far from finished. LWN has been covering this community from within since 1998.

Responsibilities will include finding and researching topics, writing articles on a regular schedule, reviewing articles written by others, interacting with readers, and traveling to and reporting from community events. Additionally, we all take part in the tasks of running the business and making important decisions about where we are trying to go.

Requirements include:

  • A university degree in technical writing, engineering, or the sciences — or equivalent experience.
  • Top-level English writing and editing skills.
  • The willingness and ability to work remotely full-time.
  • An understanding of free software and the communities that create it.
  • A willingness to take on a wide range of challenges in a small-company environment.

We would also like to see:

  • A demonstrated history of writing for a highly technical audience.
  • Software development experience, especially in the form of contribution to one or more free-software projects.
  • Experience with web technologies and web-site design.
  • Python development experience.

LWN is located in Colorado, but we are willing to consider applicants from anywhere in the US who can legally work here. Compensation includes participation in our health and 401(k) retirement plans. Applicants from the rest of the world who can work as consultants can also be considered.

Apple privacy exec Jane Horvath talks data regulations, career advice & more

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple chief privacy officer Jane Horvath has given a wide-ranging interview covering everything from her first job at Baskin-Robbins to current and security data best practices.

Horvath leads Apple’s Privacy, Policy, and Regulatory team. In that role, she has advocated for strong privacy rights like the 2015 dustup with the FBI over iPhone backdoors, counseled on new product features, and oversaw legal issues at the tech giant.

In an new interview with ELLE, Horvath gave a range of career, privacy and security, and other advice.

“I feel very lucky. I’ve been at these important moments in privacy; each day I wake up and never know what I’m going to face,” she said. “But I always feel like I’ve got the best of both worlds: I get to do civil liberties and work somewhere that really looks at privacy as a fundamental human right.”

Horvath described herself as the “Forrest Gump of privacy.” Although Apple was her dream job, she did not immediately begin working for the iPhone maker after graduating law school. Instead, she got her start at AOL, went on to work for the Department of Justice, and eventually ended up at Google.

As a privacy executive with Apple, Horvath has worked on high-profile issues like the San Bernardino case. On that, she said Apple would have been happy to aid law enforcement if it were possible to protect its other customers, too.

“We would have opened that phone if we could have opened it and not impacted every other phone, but we couldn’t, and so we decided that we wanted to protect all of our customers and resist the government’s ask to build an operating system that would’ve basically made every other phone vulnerable,” she said.

As far as what normal users can do to protect themselves, Horvath say it’s important to “read carefully” and “pay attention” to choices online. That includes websites, apps, and other privacy settings.

“That, and always think before you post. Data gets out there, and it’s very hard to bring it back,” she said.

The Apple privacy chief covered other topics in the interview, including the best career advice she has ever received and how she manages her online identity. The full interview is available here.