Author: Joel Latto

www.joellatto.com

No, I still won’t accept your LinkedIn invitation.

No, I still won’t accept your LinkedIn invitation.

I made the above statement on LinkedIn once my invitation queue hit 40, and you could say it went a bit viral. That wasn’t surprising, but what was surprising was the reaction from some people who (based on their job titles) were either in tech or even in cybersecurity.

43 and counting…

LinkedIn IS used for recon. It is used for phishing. It is used for creating sockpuppets and spreading fake networks. Accounts are taken over, ransomed, or otherwise used to further malicious intent. All of this is well-known and easily verifiable with a quick search.

Yet these professionals essentially all get stuck on “if your profile is public (even partly), then not accepting invites doesn’t increase your OPSEC.”

My brother in Christ, OPSEC is not a constant state, is it the end-all-be-all. If nothing else, I don’t want to be the guy who accepted the shady invitation from an account that was later used to contact and phish our CEO.

On top of everything, since I published that original post, we’ve learned that Topline has basically scraped all LinkedIn user data (or repackaged a lot of older scraped data) and is using it to sell their service. In October, LinkedIn also sued ProAPI for scraping legitimate data through more than a million fake accounts.

So once again, I’ll remind everyone: everything you do on LinkedIn publicly will get scraped. Everything you do on LinkedIn privately will get used to train their AI LLM.

LinkedIn is brainrot, and joke’s on me for having a profile. The only winning move is not to play.

GROKINT – Using Grok AI for X OSINT

GROKINT – Using Grok AI for X OSINT

xAI’s Grok LLM has access to real-time X data, which makes it stand out from rest of the popular AI assistants, by providing up-to-date answers on any topic. As news break on X first, this capability can be extremely useful in the modern day information landscape. Beyond model training, however, xAI hasn’t shared details on the depth of X integration Grok has.

Through the open source intelligence, OSINT, lens, this kind of capability to automate social media account analysis is extremely interesting. So, armed with Grok 4 Expert model, I began investigating how far you can push the digital sleuthing capabilities of Grok. Turns out it can do quite a lot of digging!

Continue reading “GROKINT – Using Grok AI for X OSINT”

X is the Signal

X is the Signal

X is not like other platforms. It’s not even close. It’s the signal in a collapsing system of noise, and that’s exactly what people outside it don’t understand.

As a tech product, Twitter never was particularly remarkable. It could largely attribute its success to the fact that it was so early in the game. Sure, it was (and X still is) the only “direct line” to world leaders from Vatican to White House, and you could already see certain crowds like journalists and tech community to gather there.  However, signal-to-noise ratio was abysmally low from the get-go, and the legacy 140-character format (imposed by SMS protocol’s limit) didn’t help.

The company got bloated. Innovation died. It got ravaged by the parasitic ideology that swept across most of Silicon Valley in the 2010s. So called “Verification” system was based on the whims of the ideologues, where blue checkmarks were given and taken away based on reasons we can only guess, all the while the regular users got shadownbanned or worse. At least now we know (thanks to the #TwitterFiles) the latter happen at least partly by US government pressure, and to his credit, being a cog in the censorship industrial complex wasn’t something that the founder Jack Dorsey was particularly happy with.

But the platform was still worth saving. Twitter had never made any money, and everyone knew it was a bad business deal for Musk. He himself said the primary reason for the purchase was to make sure there’s at least one bastion of free speech among the popular social media platforms. As Bret Weinstein says, zero is a special number. if even one platform (or university, newsroom, science journal…) allows truth-seekers to speak freely, the establishment can’t own the entire Overton window.

Joe Rogan said it bluntly: “Elon may have very well saved humanity in some way.”

That might sound dramatic, but I bet the impacts of the $44B deal will be studied by historians. It was a fork in the timeline, for sure.

Continue reading “X is the Signal”

Zuckerberg revealed details about Meta’s countermeasures on the Joe Rogan podcast

Zuckerberg revealed details about Meta’s countermeasures on the Joe Rogan podcast

As someone who has been studying social media countermeasures and the way cybercriminals evade them for several years now, I always find it fascinating when these companies openly discuss their strategies. Of course, the technical details of these countermeasures remain closely guarded secrets—”it’s an adversarial space” as Zuckerberg aptly described—but it’s good to hear confirmation about the overarching principles behind detecting and addressing inauthentic content.

Here’s a transcript of Mark Zuckerberg’s latest appearance on the Joe Rogan Experience podcast, episode #2255, January 10, 2025:

Continue reading “Zuckerberg revealed details about Meta’s countermeasures on the Joe Rogan podcast”

Where’s our upgrade offer for Oura Ring 4?

Where’s our upgrade offer for Oura Ring 4?

After the lackluster communication during the Oura Ring Gen 3 launch, you’d think things would be different this time around. Unfortunately, it looks like both long-time customers and fans are once again left in the dark—especially regarding the most important question:

Is there an upgrade offer for Gen 3 customers?

Judging by the deafening silence from the Oura team, the answer seems to be a resounding “no.”

Continue reading “Where’s our upgrade offer for Oura Ring 4?”

Digital natives are not cybersecurity natives

Digital natives are not cybersecurity natives

At TurkuSec meetup in April, I had the opportunity to share my insights on a pressing issue we’ve been researching lately at F-Secure: the cybersecurity challenges faced by digital natives. These are individuals who have grown up with fast internet and personal screens, making them uniquely vulnerable to online threats. Our research highlights some concerning trends among young adults aged 18-24:

  • 45% of 18-24-year-olds have fallen victim of cybercrime in the past 12 months
  • 45% of 18-24-year-olds have encountered scams at least weekly in the past 12 months

Understanding the risks

The online world presents numerous risks for digital natives, including:

  • Social media scams: phishing attacks and fraudulent profiles that trick users into divulging personal information or sending money.
  • Gaming platform vulnerabilities: in-game scams, account hacks, and data breaches that expose personal and financial information.
  • Educational system vulnerabilities: compromised online learning platforms that can lead to data theft and privacy violations.

In my talk, I emphasized the necessity of cybersecurity education tailored specifically for digital natives. This education should focus not only on the dangers but also on empowering young people to navigate the digital world securely and confidently.

For those who missed the talk or want to explore the topic further, I’ve uploaded the full presentation, including slides, on X (adblockers might hide the embedded video, but you can see it by opening the X post in a new tab). Timestamps below 👇

After 10 years of biohacking, this is what I’ve learned

After 10 years of biohacking, this is what I’ve learned

First off, let me be honest. It’s difficult, if not impossible, to say when anyone “starts biohacking” – especially if the term biohacking wasn’t widely used around that time! What I can say for a fact is that I started intermittent fasting (or time restricted eating, as it should be called) in May 2013. I believe the IF boom gave rise to popularization of biohacking as well. I started subscribing to Biohakkerin käsikirja (Biohacker’s handbook) newsletter in May 2015 and got the pre-ordered book roughly a year later, I believe. The second-generation Oura ring was unveiled in Slush, October 2017, which I also pre-ordered.

Google Trends of worldwide search interest for "biohacking".

So, I’d say I wasn’t in the first wave of biohackers – which of course was preceded years if not decades earlier by the “quantified self” movement – but I don’t think it’s a stretch to say I was interested in this space before it became as mainstream as it is today. Next, let’s take a look at what exactly I’ve been doing, and most importantly, what I’ve learned.

Continue reading “After 10 years of biohacking, this is what I’ve learned”

Master Your Passwords

Master Your Passwords

Originally written for F-Secured – Your complete guide to online security in 2023.
Republished here with permission.

On a weekly basis you’re likely using around 10 different accounts, but did you know that on average each of us already has close to 100 online accounts? Most of us can’t even name all the sites we’ve been creating accounts for – think about all the webstores you’ve made a single purchase from, or perhaps those mobile apps that force an account creation in order to function. Now, if we don’t even remember all the services we’ve signed up for, how could we remember all the required passwords?

Continue reading “Master Your Passwords”

Uncovering a long-lasting porn spam campaign on YouTube (NSFW, maybe)

Uncovering a long-lasting porn spam campaign on YouTube (NSFW, maybe)

In December 2022 I stumbled upon an interesting YouTube comment-based campaign, which promoted a shady camgirl / porn website through a clever use of YouTube features. I screengrabbed some video evidence and took a quick look at the campaign, but didn’t have time to dig any deeper.

I had forgotten the whole thing until in late April 2023 I saw the same campaign still going strong, still using exactly the same vectors in YouTube, still promoting the same site.

And this time I took a closer look, going through the rabbit hole of sus af adult website promotion. For science!

Continue reading “Uncovering a long-lasting porn spam campaign on YouTube (NSFW, maybe)”