our Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
就在本月欧盟对X开出巨额罚单之际,Elon Musk突然宣布平台整个推荐算法将完全开源。表面上看,这是为了增加透明度、平息监管压力,向外界展示社交媒体巨头如何排列用户时间线。
通常IT从业者听到“开源”二字只会微微一笑,然后继续忙自己的事。但上周我在X平台上刷到一个极具爆炸性的线程,作者详细解释了这次开源如何通过“行为指纹”直接暴露匿名小号的真实身份……无论你觉得这是好事还是坏事。
An OSINT aficionado under the handle @Harrris0n on X recently posted about his findings while digging through the platform’s now-open-source recommendation code. What he found is a bit terrifying if you care about privacy or if you operate an entire network of bot accounts.
Buried in X’s repo was something called the “User Action Sequence.”
This isn’t a mere log either. It’s a transformer context that encodes your entire behavioral history on the platform. It tracks the specific milliseconds you pause to scroll, the type of accounts that trigger a block, the specific flavor of content you’re into, and the exact moment you interact with it. It represents thousands of individual data points collected by the time you see your first cat post.
Now, here’s where it gets fascinating. X uses this sequence to predict engagement (basically serving the most relevant content to keep you on the platform), while simultaneously creating a high-fidelity behavioral fingerprint.
Harrison found that if you run this encoding on a known account and then compare it against thousands of anonymous accounts using something the repo calls “Candidate Isolation,” you get matches. Abnormally high matches. He even laid out the specific recipe needed to build this de-anonymization tool, and the barrier to entry here is very low.
According to his thread, all someone needs is the action sequence encoder (which the X repo just handed over), an embedding similarity search, and a little bit of luck (lol). The only missing piece for most people is the training data of confirmed alt accounts, but Harrison notes he already has that from years of threat actor tracking.
Theoretically, you can map that same behavioral fingerprint from a public X user to an anonymous one, or potentially even cross-platform to accounts on Reddit and Discord. It goes to show that you can easily change your username, but it’s much harder to change your habits.
So, is a burner account truly anonymous? I’ll let you decide.
I wanted to share this thread here on Security Bite because it’s a sobering reminder that these algorithms often know you better than you know yourself. And that digital version of you is still vulnerable.
- Apple Podcasts
- Spotify
- Overcast (coming soon)
- Pocket Casts (coming soon)
