Seattle Privacy Coalition joins other “state-sponsored” attack targets to demand answers from Twitter

twitter3“Where no conspiracy existed before, the actions of an unknown government have created one.”


In December 2015, the Seattle Privacy Coalition Twitter account (@seattleprivacy) received a disturbing notice from Twitter:

As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors. We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers.

Within days, more than 50 such targets identified themselves publicly via social media. Journalists around the world covered the story. (See a partial list.)

Many or most of the attack targets were involved in privacy advocacy or information security research. As a consequence, some targets (including three board members of Seattle Privacy) were present at the Chaos Communication Congress, the great hacker convention in Hamburg, Germany, in late December. We met and discussed how to respond to the mysterious and alarming notification. Our individual efforts to learn more about the who/what/when/why behind the attacks had gone nowhere, so we decided to take collective action.

Today we unveil a collectively created website,, where we share what we’ve learned and call on Twitter (and anybody else with relevant knowledge or insight) to provide more information about what happened. This open call to Twitter currently has about 25 signers, all of them attack targets.

These are the questions we want answered:

Nature of the attacks

  • When did the attacks happen — directly prior to the first alerts in December 2015, or during a longer period previously?
  • Are the attacks continuing?
  • What were the attackers interested in? The alert email message speaks of phone numbers, IP addresses, and email. Was there anything else?
  • How were the attacks detected?
  • Were these automated brute-force attacks, or customized attacks with a human behind them, or something else?
  • Did the attackers gain administrative or other direct access to Twitter’s servers?
  • Why does Twitter suspect that the attacks came from state-sponsored actors?
  • How does Twitter define a state-sponsored actor?
  • Has Twitter identified any specific state as the source of the attacks?
  • Have the attacks come from actors with ties to the US government?
  • Are all of the attacks coming from the same actor(s)?
  • What else does Twitter know about the attacks?

Reasons for targeting

  • What is the common element, if any, among the targeted accounts?
  • Were accounts attacked because of not using Tor / because of using Tor / despite using Tor?

Twitter’s response

  • Are Twitter’s alerts sent by humans or by machines responding to irregular activity?
  • Why did Twitter start sending the alerts now?
  • Other companies have started sending out similar emails, e.g., Facebook, Google, and Yahoo. Is this a concerted effort? What is the background or the aim of the notifications?
  • Why are there different kinds of notifications (email vs. popup)?
  • What is the purpose of Twitter’s recommendation to use Tor, when many of the targeted accounts already use Tor?


  • Why isn’t Twitter telling us more?
  • Is Twitter’s silence the result of a gag order?
  • Has Twitter received warrants, subpoenas, or National Security Letters in connection with the attacks?

The new site is available in English, German, French, and Italian, with more to come, as befits reaction to a government-backed assault against a world-wide communication service and the people using it.

As privacy activists who lawfully petitioned our various governments to protect our essential human rights, we now find ourselves the object of government overreach. Many of us became acquainted for the first time through our collective harm and our search for answers. Where no conspiracy existed before, the actions of an unknown government have created one.

Let the reckoning begin.

TA3M Seattle, January 2016


Techno-Activism Third Mondays (TA3M) is an informal meetup designed to connect software creators and activists who are interested in censorship, surveillance, and open technology. Currently, TA3M are held in various cities throughout the world, with many more launching in the near future. In Seattle, thanks to a special donor, there will be free pizza!

When: Monday, January 18, 2016, 6:30 – 9:00 PM
Where: University of Washington Computer Science & Engineering building (CSE) room 403 [directions]

The State of Internet Censorship (7 PM)

By: Will Scott

The techniques to control access to the Internet, and the ability to bring transparency to those processes are both continuing to evolve. We’ll give an update on the landscape of online information controls, and our ability to measure them.

The talk will give an update on current country-level practices, the techniques in use to measure them, and an overview of major tools in use.

Over the past couple years, restrictions on Internet access have grown even more ubiquitous. Many take the form of URL or Domain blacklists implemented by western countries, along with increased levels of self censorship on social platforms with user generated content.

The measurement community continues to play a catch-up game. Through a mixture of watching legislature, an increased understanding of what we need to build to keep track of internet controls, and discoveries of side channels that let us externally measure connectivity, we’re making progress!

Will is a fourth year graduate student in the networks lab at the University of Washington. Over the last two years, Will has been teaching computer science in Pyongyang, North Korea. Will’s research centers on how to make a more resilient web, through working with in-browser peer-to-peer and caching, and applying operating systems lessons to web frameworks.

Introduction to Tor and Onion Services (8 PM)

By: Christopher Sheats

The Tor ecosystem, including Tor Browser, tor relays, and onion services are critical parts of your digital hygiene even if you’re not a journalist, lawyer, or domestic violence survivor. This talk will include an overview of how the Tor network works, how using Tor can protect you, Tor Browser best practices, how onion services (including “the dark web”) work, and examples for why you and the organization(s) that you work for should host an onion site along side your normal HTTPS website.

Christopher is an Encryption Evangelist at the ACLU of Washington, a board member of Seattle Privacy Coalition, a TA3M organizer, and a surveillance self-defense lecturer.

Privacy job openings!

Open Whispter Systems is looking for iOS developers, Android developers, and a Mobile UI / Product Designer.

Electronic Frontier Foundation is looking for a Criminal Defense Staff Attorney, an Activist, and a Technology Generalist. Various internships.

ACLU of Washington is looking for a Director of Accounting and Administration. Various internships.

Join the email list!

We’re on Twitter!

To best support the global TA3M meetup, please tweet using the #TA3M hashtag.