『Won't Fix』のカバーアート

Won't Fix

Won't Fix

著者: Rob Leathern
無料で聴く

From the founders of InfoHawk: conversations about AI-driven deception, abuse and scams, and why they’re so hard to stop. In software engineering, “won’t fix” describes a bug by acknowledging the issue but intentionally leaving it unsolved because addressing it is too costly, risky, or not worth the trade-offs. Hear from the practitioners fighting phishing, deepfakes and bots, and learn about the broken systems and misaligned incentives that keep us all vulnerable.Copyright 2026 Rob Leathern マネジメント・リーダーシップ リーダーシップ 政治・政府 経済学
エピソード
  • Won't Fix Episode 10: With Lindsay Kaye & Will Herbig of HUMAN Security
    2026/07/17

    On July 7, 2026, HUMAN’s Satori team exposed NewsJunkie, a massive, coordinated connected television (CTV) device-spoofing operation that generated up to two billion invalid bid requests per day, per seller.

    In this episode of Won’t Fix, we go inside the investigation with Lindsay Kaye (VP of Threat Intelligence) and Will Herbig (Senior Director of Media Research) from HUMAN Security to break down how this sophisticated fraud was uncovered.

    We then zoom out and the conversation to talk about the connected TV ecosystem in general and how AI and automation are changing the security threat landscape in general.

    Resources & Links:

    • HUMAN Security Website: https://www.humansecurity.com/
    • The Full NewsJunkie Report: https://www.humansecurity.com/learn/resources/human-disrupts-ctv-device-spoofing-newsjunkie/
    • Lindsay’s Book (Dissecting the Dark Web, No Starch Press): https://nostarch.com/dissecting-the-dark-web
    • Rob Leathern (https://www.linkedin.com/in/leathern/)

    Chapter Timestamps:

    00:00 Introduction

    1:13 Team Backgrounds and Roles at Human Security

    3:31 Understanding the News Junkie Operation Structure

    5:27 Key Anomalies That Exposed the Fraud

    8:32 Scale and Impact of Invalid Traffic

    10:14 Evolution and Persistence of the Operation

    14:15 Residential Proxies and Infrastructure Connections

    20:24 AI-Generated Fake Business Identities

    23:44 Disruption Strategies and Industry Response

    26:48 Systemic Gaps and Supply Chain Compliance Issues

    31:48 Device Attestation and Technical Solutions

    34:41 AI's Impact on the Security Landscape

    41:33 Investigation Methodology and Future Outlook

    続きを読む 一部表示
    48 分
  • Won't Fix Episode 9: With Juliet Shen, Cofounder & HOP at ROOST
    2026/07/07

    Juliet Shen is cofounder and Head of Product at ROOST (Robust Open Online Safety Tools), a nonprofit building open-source trust-and-safety infrastructure for platforms of every size. She has done anti-abuse product work at Google and Grindr, and was the first trust-and-safety product manager at Snap, where she helped launch early cross-platform efforts to combat child exploitation. ROOST's website is https://roost.tools.

    Across her career, Juliet kept running into the same maddening pattern: every trust-and-safety team, at every platform, quietly rebuilding the same rules engines, review queues, and reporting pipelines from scratch, behind closed doors, and at enormous cost. ROOST is a bet that online safety should be shared, open infrastructure rather than proprietary secret sauce, available free to any platform or site that needs it. We talk about that, and a lot more.

    Key Highlights:

    • Every tech company shouldn't have to build their trust and safety tools from scratch behind closed doors. It’s an expensive waste of time when open-source infrastructure could solve the exact same foundational problems for everyone.
    • PMs and engineers need to step up and lead in the trust and safety space. They are the ones who can actually bridge the gap and get policy, operations, engineering, and legal teams talking to each other.
    • AI is great for knocking out the easy, baseline moderation tasks. But when a situation is highly nuanced or something the AI hasn't seen in its training data, you still absolutely need human judgment.
    • As social media breaks apart into decentralized networks, a one-size-fits-all safety system won't work anymore. We need modular tools that let platforms look at who the user is, how they're behaving, and what they're posting as separate pieces of the puzzle.
    • Good moderation is often less about analyzing the post itself and more about knowing exactly who is behind the account or the app. Right now, our lack of solid identity verification is a massive blind spot for digital safety.

    Chapter Timestamps:

    00:00 Introduction

    1:34 Career Journey and the Problem of Redundant Tool Building

    5:30 The Role of Product Managers in Trust and Safety Teams

    7:34 Impact of LLMs on Trust and Safety Operations

    11:27 Focus Areas and Child Safety Priority

    12:55 The ABC Framework and Actor Trust Challenges

    16:54 Community Building and TrustCon Participation

    19:13 Signal Sharing vs Tool Sharing Philosophy

    22:43 Open Source Approach and Scaling Challenges

    23:59 Future Roadmap and Research Partnerships

    28:52 Reviewer Well-being and Mental Health Considerations

    32:00 Centralized vs Decentralized Moderation Models

    37:15 Government Role and Open Source Support

    39:52 Success Metrics and Measurement Challenges

    42:50 Standards, Testing, and Future Directions

    Resources & Links:

    Rob Leathern (https://www.linkedin.com/in/leathern/)

    Juliet Shen (https://www.linkedin.com/in/julietshen/)

    ROOST (https://roost.tools)

    続きを読む 一部表示
    46 分
  • Won't Fix Episode 8: With Dave Kleidermacher of Google
    2026/06/30

    Dave Kleidermacher is a vice president of engineering at Google, leading engineering for Android security and privacy. His scope encompasses Android and the Made-by-Google world — Pixel, Nest, Fitbit, and the Play Store.

    We talked about Android's answer to scams: smarter defenses that use AI as a shield (on-device detection that catches scams as they unfold), and a deeper structural pivot to "Actor Trust" — establishing provable, cryptographic confidence in who or what a source is rather than forever trying to detect bad things.

    Dave has been steeped in these topics for a long time so we get into a bunch of great territory, and I think you’ll really enjoy the conversation.

    Key Highlights:

    • Consumer platforms must pivot from traditional vulnerability exploitation defenses to fighting scams and fraud, which make up 99% of actual practical threats facing users today.
    • The future of mobile authentication lies in reversing security asymmetry through "actor trust" cryptographically verifying the source device rather than relying on human intuition.
    • Big Tech players like Apple and Google need to publish a transparent, accountability driven joint priority roadmap to accelerate cross-platform security for critical defenses like caller verification.
    • Mobile network operators remain a critical structural weak point in consumer safety due to privacy-invasive habits like silent third party app installations and outdated location-tracking protocols.

    Chapter Timestamps:

    00:00 Introduction and Background

    3:01 The Shift from Vulnerability Threats to Scam Prevention ‎

    6:01 Real-time Voice Spoofing Capabilities and Demonstrations ‎

    8:19 Platform Defense Strategies and the Whack-a-Mole Problem ‎

    11:00 Actor Trust and Cryptographic Verification Approach ‎

    15:37 Google's Security Key Success and Developer Ecosystem Verification ‎

    17:35 RCS Standards and Industry Collaboration Challenges ‎

    27:19 Business Caller Verification and Stir Shaken Limitations ‎

    31:59 Privacy-Security Balance and Binary Transparency ‎

    41:30 Consumer Role and Stakeholder Responsibilities ‎

    43:27 Future AI Landscape and Industry Recommendations ‎

    49:47 Advertising Technology and Platform Accountability ‎

    Resources & Links:

    Rob Leathern (https://www.linkedin.com/in/leathern/)

    Dave Kleidermacher (https://www.linkedin.com/in/davekleidermacher/)

    続きを読む 一部表示
    54 分
adbl_web_anon_alc_button_suppression_t1
まだレビューはありません